MiniCPS: A toolkit for security research on CPS Networks

In recent years, tremendous effort has been spent to modernizing communication infrastructure in Cyber-Physical Systems (CPS) such as Industrial Control Systems (ICS) and related Supervisory Control and Data Acquisition (SCADA) systems. While a great amount of research has been conducted on network security of office and home networks, recently the security of CPS and related systems has gained a lot of attention. Unfortunately, real-world CPS are often not open to security researchers, and as a result very few reference systems and topologies are available. In this work, we present MiniCPS, a CPS simulation toolbox intended to alleviate this problem. The goal of MiniCPS is to create an extensible, reproducible research environment targeted to communications and physical-layer interactions in CPS. MiniCPS builds on Mininet to provide lightweight real-time network emulation, and extends Mininet with tools to simulate typical CPS components such as programmable logic controllers, which use industrial protocols (Ethernet/IP, Modbus/TCP). In addition, MiniCPS defines a simple API to enable physical-layer interaction simulation. In this work, we demonstrate applications of MiniCPS in two example scenarios, and show how MiniCPS can be used to develop attacks and defenses that are directly applicable to real systems.Comment: 8 pages, 6 figures, 1 code listin

MagicPairing: Apple's Take on Securing Bluetooth Peripherals

Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing

Nearby Threats: Reversing, Analyzing, and Attacking Google’s 'Nearby Connections' on Android

Google’s Nearby Connections API enables any An-droid (and Android Things) application to provide proximity-based services to its users, regardless of their network connectivity.The API uses Bluetooth BR/EDR, Bluetooth LE and Wi-Fi to let“nearby” clients (discoverers) and servers (advertisers) connectand exchange different types of payloads. The implementation ofthe API is proprietary, closed-source and obfuscated. The updatesof the API are automatically installed by Google across differentversions of Android, without user interaction. Little is knownpublicly about the security guarantees offered by the API, eventhough it presents a significant attack surface.In this work we present the first security analysis of theGoogle’s Nearby Connections API, based on reverse-engineeringof its Android implementation. We discover and implement sev-eral attacks grouped into two families: connection manipulation(CMA) and range extension attacks (REA). CMA-attacks allow anattacker to insert himself as a man-in-the-middle and manipulateconnections (even unrelated to nearby), and to tamper withthe victim’s interface and network configuration. REA-attacksallow an attacker to tunnel any nearby connection to remotelocations, even between two honest devices. Our attacks areenabled by REArby, a toolkit we developed while reversingthe API implementation. REArby includes a dynamic binaryinstrumenter, a packet dissector, and the implementations ofcustom Nearby Connections client and server. We plan to open-source REArby after a responsible disclosure period

Blurtooth: Exploiting cross-transport key derivation in Bluetooth classic and Bluetooth low energy

Bluetooth is a pervasive wireless technology specified in an open standard. The standard defines Bluetooth Classic (BT) for high- throughput wireless services and Bluetooth Low Energy (BLE) very low-power ones. The standard also specifies security mechanisms, such as pairing, session establishment, and cross-transport key derivation (CTKD). CTKD enables devices to establish BT and BLE security keys by pairing just once. CTKD was introduced in 2014 with Bluetooth 4.2 to improve usability. However, the security im- plications of CTKD were not studied carefully. This work demonstrates that CTKD is a valuable and novel Blue- tooth attack surface. It enables, among others, to exploit BT and BLE just by targeting one of the two (i.e., Bluetooth cross-transport ex- ploitation). We present the design of the first cross-transport attacks on Bluetooth. Our attacks exploit issues that we identified in the specification of CTKD. For example, we find that CTKD enables an adversary to overwrite pairing keys across transports. We leverage these vulnerabilities to impersonate, machine-in-the-middle, and establish unintended sessions with any Bluetooth device support- ing CTKD. Since the presented attacks blur the security boundary between BT and BLE, we name them BLUR attacks. We provide a low-cost implementation of the attacks and test it on a broad set of devices. In particular, we successfully attack 16 devices with 14 unique Bluetooth chips from popular vendors (e.g., Cypress, Intel, Qualcomm, CSR, Google, and Samsung), with Bluetooth standard versions of up to 5.2. We discuss why the countermeasures in the Bluetooth are not effective against our attacks, and we develop and evaluate practical and effective alternatives

High Levels of β-Amyloid, Tau, and Phospho-Tau in Red Blood Cells as Biomarkers of Neuropathology in Senescence-Accelerated Mouse

Alzheimer’s Disease (AD) is the most common Neurodegenerative Disease (ND), primarily characterised by neuroinflammation, neuronal plaques of β-amyloid (Aβ), and neurofibrillary tangles of hyperphosphorylated tau. α-Synuclein (α-syn) and its heteroaggregates with Aβ and tau have been recently included among the neuropathological elements of NDs. These pathological traits are not restricted to the brain, but they reach peripheral fluids as well. In this sense, Red Blood Cells (RBCs) are emerging as a good model to investigate the biochemical alterations of aging and NDs. Herein, the levels of homo- and heteroaggregates of ND-related proteins were analysed at different stages of disease progression. In particular, a validated animal model of AD, the SAMP8 (Senescence-Accelerated Mouse-Prone) and its control strain SAMR1 (Senescence-Accelerated Mouse-Resistant) were used in parallel experiments. The levels of the aforementioned proteins and of the inflammatory marker interleukin-1β (IL-1β) were examined in both brain and RBCs of SAMP8 and SAMR1 at 6 and 8 months. Brain Aβ, tau, and phospho-tau (p-tau) were higher in SAMP8 mice than in control mice and increased with AD progression. Similar accumulation kinetics were found in RBCs, even if slower. By contrast, α-syn and its heterocomplexes (α-syn-Aβ and α-syn-tau) displayed different accumulation kinetics between brain tissue and RBCs. Both brain and peripheral IL-1β levels were higher in SAMP8 mice, but increased sooner in RBCs, suggesting that inflammation might initiate at a peripheral level before affecting the brain. In conclusion, these results confirm RBCs as a valuable model for monitoring neurodegeneration, suggesting peripheral Aβ, tau, and p-tau as potential early biomarkers of AD

Palmitoylethanolamide Counteracts Enteric Inflammation and Bowel Motor Dysfunctions in a Mouse Model of Alzheimer’s Disease

Palmitoylethanolamide (PEA), an endogenous lipid mediator, is emerging as a promising pharmacological agent in multiple neurodegenerative disorders for its anti-inflammatory and neuroprotective properties. However, its effects on enteric inflammation and colonic dysmotility associated with Alzheimer’s disease (AD) are lacking. This study was designed to investigate the beneficial effect of PEA administration in counteracting the enteric inflammation and relieving the bowel motor dysfunctions in an AD mouse model, SAMP8 mice. In addition, the ability of PEA in modulating the activation of enteric glial cells (EGCs), pivotally involved in the pathophysiology of bowel dysfunctions associated with inflammatory conditions, has also been examined. SAMP8 mice at 4 months of age were treated orally with PEA (5 mg/kg/day) for 2 months. SAMR1 animals were employed as controls. At the end of treatment, parameters dealing with colonic motility, inflammation, barrier integrity and AD protein accumulation were evaluated. The effect of PEA on EGCs was tested in cultured cells treated with lipopolysaccharide (LPS) plus β-amyloid 1–42 (Aβ). SAMP8 treated with PEA displayed: 1) an improvement of in vitro colonic motor activity, citrate synthase activity and intestinal epithelial barrier integrity and 2) a decrease in colonic Aβ and α-synuclein (α-syn) accumulation, S100-β expression as well as enteric IL-1β and circulating LPS levels, as compared with untreated SAMP8 mice. In EGCs, treatment with PEA counteracted the increment of S100-β, TLR-4, NF-κB p65 and IL-1β release induced by LPS and Aβ. These results suggest that PEA, under a condition of cognitive decline, prevents the enteric glial hyperactivation, reduces AD protein accumulation and counteracts the onset and progression of colonic inflammatory condition, as well as relieves intestinal motor dysfunctions and improves the intestinal epithelial barrier integrity. Therefore, PEA represents a viable approach for the management of the enteric inflammation and motor contractile abnormalities associated with AD

Comparison of the diagnostic performance of 64-slice computed tomography coronary angiography in diabetic and non-diabetic patients with suspected coronary artery disease

<p>Abstract</p> <p>Background</p> <p>Diabetics have high prevalence of subclinical coronary artery disease (CAD) with typical characteristics (diffuse disease, large calcifications). Although 64-slice multidetector computed tomography (MDCT) coronary angiography has high diagnostic accuracy to detect CAD, its diagnostic performance in diabetics with suspected CAD is unknown. To compare the diagnostic performance of 64-slice MDCT between diabetics and non-diabetics with suspected CAD scheduled for invasive coronary angiography (ICA).</p> <p>Methods</p> <p>We enrolled one hundred and five diabetic patients (92 men, age 65 +/- 9 years, Group 1) and 105 non-diabetic patients (63 men, age 63+/-5 years, Group 2) with indication to ICA for suspected CAD undergoing coronary 64-slice MDCT before ICA.</p> <p>Results</p> <p>In Group 1, the overall feasibility of coronary artery visualization was 93.8%. The most frequent artifact was blooming due to large coronary calcifications (54 artifacts, 67%). In Group 2, the overall feasibility was significantly higher vs. Group 1 (97%, p < 0.0001). In Group 1, the segment-based analysis showed a MDCT sensibility, specificity, positive predictive value, negative predictive value and accuracy for the detection of ≥50% luminal narrowing of 77%, 90%, 70%, 93% and 87%, respectively. In Group 2, all these parameters were significantly higher vs. Group 1. In the patient-based analysis, specificity, negative predictive value and accuracy were significantly lower in Group 1 vs. Group 2.</p> <p>Conclusions</p> <p>Although MDCT has high sensitivity for early identification of significant CAD in diabetics, its diagnostic performance is significantly reduced in these patients as compared to non-diabetics with similar clinical characteristics.</p

Understanding farm generational renewal and its influencing factors in Europe

Understanding the complex process of generational renewal (GR) in agriculture is essential for supporting the continuation of farming. This paper demonstrates how multiple factors, simultaneously and through their mutual interactions, influence GR and related individual decision-making processes. Results originated from 155 in-depth interviews performed on 85 farms in eleven European regions, and were triangulated with the literature. Our analysis, combining inductive and deductive approaches, revealed three conceptual phases (successor identity formation, farm succession process, and farm development) and fourteen factors important to understand GR. We elaborate how these factors interact, hence exert their impact on (one of) the phases in a complex and variable way. Implications highlight potential pitfalls and opportunities for attracting people into agriculture. Although policy-makers should be aware of their limited ability to affect GR by targeting the first phase, we propose some ideas that would complement current existing measures acting on the third phase