Smart homes under siege: Assessing the robustness of physical security against wireless network attacks

© 2024 The Authors. Published by Elsevier Ltd. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/Nowadays domestic smart security devices, such as smart locks, smart doorbells, and security cameras, are becoming increasingly popular with users, due to their ease of use, convenience, and declining prices. Unlike conventional non-smart security devices, such as alarms and locks, performance standards for smart security devices, such as the British TS 621, are not easily understandable by end users due to the technical language employed. Users also have very few sources of unbiased information regarding product performance in real world conditions and protection against attacks from cyber attacker-burglars and, as a result, tend to take manufacturer claims at face value. This means that, as this work proves, users may be exposed to threats, such as theft, impersonation (should an attacker steal their credentials), and even physical injury, if the device fails and is used to prevent access to hazardous environments. As such, this paper deploys several attacks using popular wireless attack vectors (i.e., 433MHz radio, Bluetooth, and RFID) against domestic smart security devices to assess the protection offered against a cyber attacker-burglar. Our results suggest that users are open to considerable cyber physical attacks, irrespective if they use lesser known (i.e., no name) or branded smart security devices, due to the poor security offered by these devices.Peer reviewe

Cyber-Attacks Evaluation Using Simple Additive Weighting Method on the Basis of Schmitt\u27s Analysis

A systematic modelling methodology is presented in this paper, so as to evaluate the effects of cyber-attacks on states’ Critical Information Infrastructure, in order to answer the question of whether these attacks have risen to the level of a ‘use of force’ under the principles of international law. By using the qualitative criteria for recognizing the impact of cyber-attacks as proposed by the International Group of Experts in the Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual) and by applying the Simple Additive Weighting method, the widely used Multiple Attribute Decision Making method, cyber-operations evaluation results are presented. For the analysis a case study of kinetic and cyber-attacks on Supervisory Control and Data Acquisition system is employed. Taking into account the qualitative and quantitative aspects of such attacks and adding for the first time the ‘military character’ attribute as defined by the Tallinn Manual in the calculation procedure, a more complete evaluation of such attacks is achieved

A Fair Solution to DNS Amplification Attacks

Abstrac

INFORMATION SYSTEMS SECURITY IN HIGH VULNERABILITY ENVIRONMENTS

ΤΑ ΠΛΗΡΟΦΟΡΙΑΚΑ ΣΥΣΤΗΜΑΤΑ ΥΨΗΛΗΣ ΕΥΠΑΘΕΙΑΣ ΟΡΙΖΟΝΤΑΙ ΜΕΣΩ ΤΩΝ ΑΚΡΑΙΩΝ ΤΙΜΩΝ ΕΥΠΑΘΕΙΑΣ ΤΡΙΩΝ ΠΑΡΑΜΕΤΡΩΝ: ΤΩΝ ΔΕΔΟΜΕΝΩΝ, ΤΩΝ ΔΙΑΔΙΚΑΣΙΩΝ ΔΙΑΧΕΙΡΙΣΗΣ ΕΝΟΣ ΥΠΟΛΟΓΙΣΤΙΚΟΥ ΠΕΡΙΒΑΛΛΟΝΤΟΣ (ΩΣ ΣΥΝΘΕΣΗ ΤΩΝ ΔΙΑΔΙΚΑΣΙΩΝ ΕΛΕΓΧΟΥ ΠΡΟΣΠΕΛΑΣΗΣ ΚΑΙ ΤΩΝ ΙΟΜΟΡΦΙΚΩΝ ΠΡΟΣΒΟΛΩΝ) ΚΑΙ ΤΗΣ ΔΙΑΣΥΝΔΕΣΙΜΟΤΗΤΑΣ ΤΟΥ ΥΠΟΛΟΓΙΣΤΙΚΟΥ ΠΕΡΙΒΑΛΛΟΝΤΟΣ. ΣΤΗΝ ΕΡΓΑΣΙΑ ΑΥΤΗ, ΑΦΟΥ ΟΡΙΣΘΟΥΝ ΟΙ ΕΝΝΟΙΕΣ ΤΗΣ ΕΜΠΙΣΤΕΥΤΙΚΟΤΗΤΑΣ, ΑΚΕΡΑΙΟΤΗΤΑΣ ΚΑΙ ΔΙΑΘΕΣΙΜΟΤΗΤΑΣ ΜΕ ΧΡΗΣΗ ΣΗΜΕΙΩΤΙΚΗΣ Ζ ΚΑΙ ΘΕΩΡΙΑΣ ΑΣΑΦΩΝ ΣΥΝΟΛΩΝ ΠΡΟΤΕΙΝΟΝΤΑΙ: ΜΙΑ ΟΛΙΣΤΙΚΗ ΜΕΘΟΔΟΛΟΓΙΑ ΓΙΑ ΤΗΝ ΑΝΑΠΤΥΞΗ ΙΑΤΡΙΚΩΝ ΠΛΗΡΟΦΟΡΙΑΚΩΝ ΣΥΣΤΗΜΑΤΩΝ, ΕΝΑ ΑΓΝΩΣΤΙΚΟΠΙΘΑΝΟΤΙΚΟ ΠΡΩΤΟΚΟΛΛΟ ΓΙΑ ΤΟΝ ΕΛΕΓΧΟ ΠΡΟΣΠΕΛΑΣΗΣ Σ'ΕΝΑ ΣΥΣΤΗΜΑ, ΜΙΑ ΜΕΘΟΔΟΣ ΑΝΤΙΜΕΤΩΠΙΣΗΣ ΙΟΜΟΡΦΙΚΩΝ ΛΟΓΙΣΜΙΚΩΝ, ΕΝΑ ΣΤΡΑΤΗΓΙΚΟ ΠΛΑΙΣΙΟΠΡΟΣΤΑΣΙΑΣ ΕΝΟΣ ΑΠΟΚΕΝΤΡΩΜΕΝΟΥ-ΔΙΚΤΥΩΜΕΝΟΥ ΣΥΣΤΗΜΑΤΟΣ. ΤΟ ΣΥΝΟΛΟ ΤΩΝ ΤΕΧΝΙΚΩΝΚΑΙ ΜΕΘΟΔΩΝ ΑΥΤΩΝ ΑΠΑΡΤΙΖΕΙ ΜΙΑ ΣΥΝΟΛΙΚΗ ΤΑΚΤΙΚΗ ΓΙΑ ΤΗΝ ΠΡΟΣΤΑΣΙΑ ΠΛΗΡΟΦΟΡΙΑΚΩΝ ΣΥΣΤΗΜΑΤΩΝ ΥΨΗΛΗΣ ΕΥΠΑΘΕΙΑΣ.HIGH VULNERABILITY INFORMATION SYSTEMS ARE DEFINED THROUGH THE EXTREME VALUES OF THREE PARAMETERS: DATA, PROCEDURES (PRIMARILY ACCESS CONTROL PROCEDURES AND PROTECTION AGAINST VIRAL SETS PROCEDURES) AND THE DEGREE OF CONNECTIVITY AMONG THE DIFFERENT PARTS OF THE SYSTEM. IN THIS DISSERTATION, THE TERMS CONFIDENTIALITY, INTEGRITY AND AVAILABILITY ARE DEFINED FIRST, WITH THE USE OF Z NOTATION AND FUZZY SETS THEORY. IN THE SEQUENCE, A HOLISTIC APPROACH FOR THE DEVELOPMENT OF HEALTH CARE INFORMATION SYSTEMS IS PROPOSED, FOLLOWED BY A PROBABILISTIC-ZERO KNOWLEDGE PROTOCOL TO CONTROL THE ACCESS TO A SYSTEM, AS WELL AS TO A METHODOLOGY FOR INTRUSION PREVENTION AND DETECTION. FINALLY, A STRATEGY TO PROTECT A NETWORK OF COMPUTERS AGAINST VIRAL ATTACK IS INTRODUCED AND TESTED EXPERIMENTALLY, UTILIZING SIMULATION TECHNIQUES

Cumulative notarization for long-term preservation of digital signatures

The long-term preservation of digitally signed documents may be approached and analyzed from various perspectives, i.e. future data readability, signature validity, storage media longevity, etc. The paper focuses on technology and trust issues related to the long-term validation of a digital signature. We exploit the notarization paradigm and propose a mechanism for cumulative data notarization that results in a successive trust transition towards new entities, modern technologies, and refreshed data. A future relying party will have to trust only the information provided by the last notary, in order to verify the validity of the initial signature, thus eliminating any dependency on ceased entities, obsolete data, and weak old technologies. The proposed framework uses recursive XML elements so that a notarization token structure encapsulates an identical data structure containing a previous notarization token