18 research outputs found
A haystack full of needles: scalable detection of IoT devices in the wild
Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks, with notable recent large scale coordinated global attacks disrupting large service providers. Thus, an important first step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled flow statistics. In particular, it is challenging for an ISP to efficiently and effectively track and trace activity from IoT devices deployed by its millions of subscribers --all with sampled network data. In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our findings indicate that millions of IoT devices are detectable and identifiable within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network flow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is effective for providing network analytics, it also highlights significant privacy consequences
Revealing Utilization at Internet Interconnection Points
Recent Internet interconnection disputes have sparked an in- creased interest
in developing methods for gathering and collecting data about utilization at
interconnection points. One mechanism, developed by DeepField Networks, allows
Internet service providers (ISPs) to gather and aggregate utilization
information using network flow statistics, standardized in the Internet
Engineering Task Force as IPFIX. This report (1) provides an overview of the
method that DeepField Networks is using to measure the utilization of various
interconnection links between content providers and ISPs or links over which
traffic between content and ISPs flow; and (2) surveys the findings from five
months of Internet utilization data provided by seven participating
ISPs---Bright House Networks, Comcast, Cox, Mediacom, Midco, Suddenlink, and
Time Warner Cable---whose access networks represent about 50% of all U.S.
broadband subscribers. The dataset includes about 97% of the paid peering,
settlement-free peering, and ISP-paid transit links of each of the
participating ISPs. Initial analysis of the data---which comprises more than
1,000 link groups, representing the diverse and substitutable available
routes---suggests that many interconnects have significant spare capacity, that
this spare capacity exists both across ISPs in each region and in aggregate for
any individual ISP, and that the aggregate utilization across interconnects
interconnects is roughly 50% during peak periods
Zvýšenà viditelnosti komunikace IEC ve smart gridu
Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the passing communication to the operator. The proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.EnergetickĂ© systĂ©my, jako jsou napĹ™Ăklad chytrĂ© energetickĂ© sĂtÄ› Smart Grid, tvořà kritickou infrastrukturu a jejich pĹ™erušenĂ ÄŤi vĂ˝padek mohou mĂt fatálnĂ dĹŻsledky na produkci a pĹ™enos energie, pĹ™ĂpadnÄ› i životy lidĂ. K zabezpeÄŤenĂ komunikace prĹŻmyslovĂ˝ch Ĺ™ĂdĂcĂch systĂ©mĹŻ ICS a k detekci kybernetickĂ˝ch ĂştokĹŻ na tyto systĂ©my potĹ™ebujeme zvýšit viditelnost komunikace ICS tak, aby operátor mohl sledovat pĹ™edávanĂ© zprávy. BezpeÄŤnostnĂ monitorovánĂ ICS pĹ™enosĹŻ zahrnuje extrakci informacĂ z ICS paketĹŻ, zpracovánĂ a analĂ˝zu extrahovanĂ˝ch dat a vizualizaci probĂhajĂcĂ komunikace operátorovi. Tento ÄŤlánek ukazuje koncept monitorovánĂ tokĹŻ ICS rozšĂĹ™enĂm Netflow/IPFIX systĂ©mu. ICS toky pak reprezentujĂ komunikaci v ICS systĂ©mu, která mĹŻĹľe bĂ˝t znázornÄ›na na Ĺ™ĂdĂcĂm panelu operátora. NarozdĂl od tradiÄŤnĂho monitorovánĂ, kterĂ© sleduje pouze sĂĹĄovou a transportnĂ vrstvu, jsme rozšĂĹ™ili sbÄ›r dat i na protokoly ICS. NavrhovanĂ˝ postup je demonstrován na komunikaci IEC 60870-5-104
Silent cerebral infarcts after cardiac catheterization: a randomized comparison of radial and femoral approaches
Single center studies using serial cerebral diffusion-weighted magnetic resonance imaging in patients having cardiac catheterization have suggested that cerebral microembolism might be responsible for silent cerebral infarct (SCI) as high as 15% to 22%. We evaluated in a multicenter trial the incidence of SCIs after cardiac catheterization and whether or not the choice of the arterial access site might impact this phenomenon