Lecture Notes in Computer Science

QTL is an ultra-lightweight block cipher designed for extremely constrained devices. The cipher has two versions, QLT-64 and QTL-128 supporting key lengths of 64 and 128 bits, respectively. In this paper, we present the first third party cryptanalysis of QTL. We first introduce related key distinguishers for full versions of the cipher. We propose attacks on full QTL in single key model by using the related key distinguishers. With these attacks we are able to reduce the security of QTL-64 and QTL-128 by 16 bits. We also enumerate 2(48) weak keys and propose a practical key recovery attack on full QTL-64 for these keys. This attack requires 2(16) data and recovers the key in a time complexity of 2(32) encryptions. We also give some observations disprove designers' claims about number of active S-boxes and actual value of differential branch number

SoK:Investigation of security and functional safety in industrial IoT

There has been an increasing popularity of industrial usage of Internet of Things (IoT) technologies in parallel to advancements in connectivity and automation. Security vulnerabilities in industrial systems, which are considered less likely to be exploited in conventional closed settings, have now started to be a major concern with Industrial IoT. One of the critical components of any industrial control system turning into a target for attackers is functional safety. This vital function is not originally designed to provide protection against malicious intentional parties but only accidents and errors. In this paper, we explore a generic IoT-based smart manufacturing use-case from a combined perspective of security and functional safety, which are indeed tightly correlated. Our main contribution is the presentation of a taxonomy of threats targeting directly the critical safety function in industrial IoT applications. Besides, based on this taxonomy, we identified particular attack scenarios that might have severe impact on physical assets like manufacturing equipment, even human life and cyber-assets like availability of Industrial IoT application. Finally, we recommend some solutions to mitigate such attacks based mainly on industry standards and advanced security features of mobile communication technologies

A network-based positioning method to locate false base stations

In recent years False Base Stations (FBSs) have received increased attention. A False Base Station can perform active or passive attacks against mobile devices or user equipment (UE) to steal private information, such as International Mobile Subscriber Identifier (IMSI), to trace users locations, or to prevent users from getting service from operators. Most of the existing solutions related to FBS have focused on the detection aspects of the false station rather than locating its position. However, once an FBS is detected in a network, discovering its exact location precisely and remotely becomes highly crucial to initiate preventive actions. In this work, we propose a network-based localization method for estimating the exact geographical position of an FBS whose existence is already detected in a cellular network. Our method relies on a comparative pairwise analysis of the Reference Signals Received Power (RSRP) values reported as a standard procedure by the UEs in the vicinity of FBS through their measurement reports. Specifically, for each pair of related measurement reports, we identify a half-plane indicating the probable location of the FBS and then predict the exact location based on the intersection of all obtained half-planes. We have implemented and experimentally evaluated our proposed method in the Network Simulator 3 (ns-3) and showed that it accurately estimates FBS location with meter-level precision under different scenarios in a cellular network