Design Technique for Secure Embedded Devices: Application for Creation of Integrated Cyber-Physical Security System

Abstract As elements of complex information systems, embedded devices define informational and physical connections between the level of software control of the system on the one hand, and its technical environment and users on the other. Operating in a potentially volatile and untrusted cyber-physical environment, using insufficiently secure communication channels and sensors as well as various external influences cause such devices are subject to specific attacking actions. As a result the design of such systems is a challenging task often requiring expert based solutions. The main contribution of the paper is a design technique for secure embedded devices on the basis of combinations of security components, optimization approach and developed software tools for decision making support. The correctness of the technique is confirmed by its use in the development of the integrated cyberphysical security system

Enhancing technology of producing secure IoT devices on the base of remote attestation

The goal of the work is to enhance the technological process for the production of components of integrated secure systems of the Internet of Things for solving problems of operational control and reaction in emergency situations. The most important requirement for such systems is the need to ensure the properties of reliability and security of software and hardware elements of the end devices, taking into account the specificity of such systems. To achieve the goal in the paper the mechanisms for protection of Android applications from the threats of integrity violation of the software and of critical data on the base of remote attestation principles are modeled. Analytical and experimental evaluations of the implemented protection components and the protocol of their interaction taking into account limitations on the computing and communication resources of the target device are performed

Enhancing technology of producing secure IoT devices on the base of remote attestation

The goal of the work is to enhance the technological process for the production of components of integrated secure systems of the Internet of Things for solving problems of operational control and reaction in emergency situations. The most important requirement for such systems is the need to ensure the properties of reliability and security of software and hardware elements of the end devices, taking into account the specificity of such systems. To achieve the goal in the paper the mechanisms for protection of Android applications from the threats of integrity violation of the software and of critical data on the base of remote attestation principles are modeled. Analytical and experimental evaluations of the implemented protection components and the protocol of their interaction taking into account limitations on the computing and communication resources of the target device are performed

Evaluation of Resource Exhaustion Attacks against Wireless Mobile Devices

Currently, energy resource exhaustion attacks targeted on modern autonomously working mobile devices are becoming more and more important. The underdevelopment of specialized defenses against energy exhaustion attacks as well as their often hidden nature for the owner of the target device determine a necessity of an integrated approach to modeling and evaluation of this class of attacks and various types of intruders. The paper analyzes conditions of applicability of energy resource exhaustion attacks performed by various classes of intruders, models them on physical implementations of devices for two application areas, and calculates their performance indicators. Application areas are a TCP/IP network of end-user mobile devices and a self-organizing mesh network designed for operational management and emergency response

Approach to Anomaly Detection in Self-Organized Decentralized Wireless Sensor Network for Air Pollution Monitoring

The paper reveals the essence and features of the proposed approach to detecting anomalies in a self-organizing decentralized wireless sensor network (WSN). As a basis for detecting anomalies, the used WSN is intended to monitor atmospheric air pollution near industrial facilities and human life objects. The distinctive features of such a network are the decentralized nature of its structure and services, the autonomy and mobility of the network nodes, as well as the possibility of non-deterministic physical movement of nodes in space. The spontaneous nature of the dynamic formation of the network topology as well as the assignment of roles and private monitoring functions between the available network nodes determines such networks are subject to attacks that exploit the properties of network decentralization and its self-organization. The proposed approach to detecting anomalies is based on the collection and analysis of data from sensors and is designed to increase the security of self-organizing decentralized WSN by identifying anomalies that are critical in the context of the monitoring purposes

Automation of Asset Inventory for Cyber Security: Investigation of Event Correlation-Based Technique

Asset inventory is one of the essential steps in cyber security analysis and management. It is required for security risk identification. Current information systems are large-scale, heterogeneous, and dynamic. This complicates manual inventory of the assets as it requires a lot of time and human resources. At the same time, an asset inventory should be continuously repeated because continuous modifications of system objects and topology lead to changes in the cyber security situation. Thus, a technique for automated identification of system assets and connections between them is required. The paper proposes a technique for automated inventory of assets and connections between them in different organizations. The developed technique is constructed based on event correlation methods, namely linking the system events to each other. The essence of the technique consists of the investigation of event characteristics and identifying the characteristics that arise solely together. This allows determining system assets via assigning event characteristics to specific asset types. The security risks depend on the criticality of the assets; thus, a discussion of automated calculation of the outlined assets’ criticality is provided. Outlined system objects and topology can be further used for restoring possible attack paths and security assessment. The applicability of the developed technique to reveal object properties and types is demonstrated in the experiments

Graph Visualization: Alternative Models Inspired by Bioinformatics

Currently, the methods and means of human–machine interaction and visualization as its integral part are being increasingly developed. In various fields of scientific knowledge and technology, there is a need to find and select the most effective visualization models for various types of data, as well as to develop automation tools for the process of choosing the best visualization model for a specific case. There are many data visualization tools in various application fields, but at the same time, the main difficulty lies in presenting data of an interconnected (node-link) structure, i.e., networks. Typically, a lot of software means use graphs as the most straightforward and versatile models. To facilitate visual analysis, researchers are developing ways to arrange graph elements to make comparing, searching, and navigating data easier. However, in addition to graphs, there are many other visualization models that are less versatile but have the potential to expand the capabilities of the analyst and provide alternative solutions. In this work, we collected a variety of visualization models, which we call alternative models, to demonstrate how different concepts of information representation can be realized. We believe that adapting these models to improve the means of human–machine interaction will help analysts make significant progress in solving the problems researchers face when working with graphs

Automation of Asset Inventory for Cyber Security: Investigation of Event Correlation-Based Technique

Asset inventory is one of the essential steps in cyber security analysis and management. It is required for security risk identification. Current information systems are large-scale, heterogeneous, and dynamic. This complicates manual inventory of the assets as it requires a lot of time and human resources. At the same time, an asset inventory should be continuously repeated because continuous modifications of system objects and topology lead to changes in the cyber security situation. Thus, a technique for automated identification of system assets and connections between them is required. The paper proposes a technique for automated inventory of assets and connections between them in different organizations. The developed technique is constructed based on event correlation methods, namely linking the system events to each other. The essence of the technique consists of the investigation of event characteristics and identifying the characteristics that arise solely together. This allows determining system assets via assigning event characteristics to specific asset types. The security risks depend on the criticality of the assets; thus, a discussion of automated calculation of the outlined assets’ criticality is provided. Outlined system objects and topology can be further used for restoring possible attack paths and security assessment. The applicability of the developed technique to reveal object properties and types is demonstrated in the experiments

Visualization Assisted Approach to Anomaly and Attack Detection in Water Treatment Systems

The specificity of the water treatment field, associated with water transmission, distribution and accounting, as well as the need to use automation and intelligent tools for various information solutions and security tools, have resulted in the development of integrated approaches and practical solutions regarding various aspects of the functioning of such systems. The research problem lies in the insecurity of water treatment systems and their susceptibility to malicious influences from the side of potential intruders trying to compromise the functioning. To obtain initial data needed for assessing the states of a water treatment system, the authors have developed a case study presenting a combination of a physical model and a software simulator. The methodology proposed in the article includes combining methods of machine learning and visual data analysis to improve the detection of attacks and anomalies in water treatment systems. The selection of the methods and tuning of their modes and parameters made it possible to build a mechanism for efficient detection of attacks in data from sensors with accuracy values above 0.95 for each class of attack and mixed data. In addition, Change_Measure metric parameters were selected to ensure the detection of attacks and anomalies by using visual data analysis. The combined method allows identifying points when the functioning of the system changes, which could be used as a trigger to start resource-intensive procedures of manual and/or machine-assisted checking of the system state on the basis of the available machine learning models that involve processing big data arrays