{"title":"Formal Security Analysis of Vehicle Diagnostic Protocols","authors":"Timm Lauser, C. Krauß","doi":"10.1145/3600160.3600184","DOIUrl":"https://doi.org/10.1145/3600160.3600184","url":null,"abstract":"Diagnostic protocols for vehicles are important for maintenance, updates, etc. However, if they are not secure, an attacker can use them as an entry point to the vehicle or even directly access critical functionality. In this paper, we discuss the security of the vehicle diagnostics protocols Diagnostics over IP (DoIP) and Unified Diagnostic Services (UDS). For UDS, we provide a formal analysis of the included security protocols SecurityAccess service and the different variants of the new Authentication service introduced in the year 2020. We present two new vulnerabilities, we identified in our analyses, describe how they can be mitigated and formally verify our mitigations. Furthermore, we give recommendations on how to securely implement UDS and how future standards can be improved.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132737676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. C. Asimopoulos, Panagiotis I. Radoglou-Grammatikis, Ioannis Makris, V. Mladenov, Konstantinos E. Psannis, S. Goudos, P. Sarigiannidis
{"title":"Breaching the Defense: Investigating FGSM and CTGAN Adversarial Attacks on IEC 60870-5-104 AI-enabled Intrusion Detection Systems","authors":"D. C. Asimopoulos, Panagiotis I. Radoglou-Grammatikis, Ioannis Makris, V. Mladenov, Konstantinos E. Psannis, S. Goudos, P. Sarigiannidis","doi":"10.1145/3600160.3605163","DOIUrl":"https://doi.org/10.1145/3600160.3605163","url":null,"abstract":"In the digital age of the hyper-connected Critical Infrastructures (CIs), the role of the smart electrical grid is crucial, providing several benefits, such as improved grid resilience, efficient energy distribution and smart load and response management. However, despite the several advantages, the rapid evolution of the heterogeneous technologies involved in the smart electrical grid increases the attack surface. In this paper, we focus first our attention on how Artificial Intelligence (AI) can be used to protect the smart electrical grid in terms of detecting efficiently potential cyberattacks and anomalies. Secondly, we investigate how AI can be used to trick AI-enabled detection services, thus resulting in false alarms. In particular, we emphasise on cyberattacks against IEC 60870-5-104, an industrial communication protocol which is widely used in the energy domain. Therefore, a relevant AI-powered Intrusion Detection System (IDS) is provided, utilising strong Machine Learning (ML)/Deep Learning (DL) methods, such as Decision Tree, Random Forest, XGBOOST and deep MultiLayer Perceptron (MLP). On the other hand, we investigate how adversarial attacks can affect the detection performance of the previous IDS. For this purpose, the Fast Gradient Signed Method (FGSM) is examined, and a Conditional Tabular Generative Adversarial Network (CTGAN) adversarial attack generator is implemented. The evaluation results demonstrate the efficiency of the proposed IDS and the aforementioned adversarial attacks.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133778259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Experiences with Secure Pipelines in Highly Regulated Environments","authors":"J. Morales, Hasan Yasar","doi":"10.1145/3600160.3605466","DOIUrl":"https://doi.org/10.1145/3600160.3605466","url":null,"abstract":"In this experiential paper, we present observations from our collaborative efforts with multiple entities operating in highly regulated environments that enabled or disrupted the construction, use, and sustainment of secure CI/CD pipelines as part of a larger DevSecOps strategy. From these observations, we provide insights and recommendations to support enablers and avoid or minimize disruptions. Our insights reveal that along with noted established progress in the area of secure pipelines, there still exists a need to amend multiple cultural and technical barriers to fully realize secure pipelines in a highly regulated environment. Areas of improvement include streamlining security approvals, revising and updating polices to relevance with current technology, increasing automation in multiple pipeline relevant tasking, improving inquiries to better understand pipeline requirements at commencement, and ensuring appropriate sustained training of technical staff. Recommendations presented here address observed gap areas with the purpose of assisting further advancement of achieving formal and refined pipeline incorporation in a highly regulated environment.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114405399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Effect of Group Based Synchronization on User Anonymity in Mix Networks","authors":"Alperen Aksoy, Dogan Kesdogan","doi":"10.1145/3600160.3604998","DOIUrl":"https://doi.org/10.1145/3600160.3604998","url":null,"abstract":"In so-called closed environments, the MIX network can theoretically provide perfect security, i.e. if perfect protection is envisaged, all senders and receivers should be perfectly synchronized and participate equally in each communication round of the MIX technique. In the context of open environments (e.g., the Internet), there is no synchronization between the participants and here the technique is vulnerable to known analyses such as (statistical) disclosure attacks. In short, the Mix technology is highly dependent on its application context in which it involves the participants. In this work, we study the effect of context in terms of synchronization rate, present two different synchronization approaches and evaluate their protection against disclosure attacks.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123954416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"ICSvertase: A Framework for Purpose-based Design and Classification of ICS Honeypots","authors":"Stash Kempinski, Shuaib Ichaarine, Savio Sciancalepore","doi":"10.1145/3600160.3605020","DOIUrl":"https://doi.org/10.1145/3600160.3605020","url":null,"abstract":"As attacks on Industrial Control Systems (ICS) are increasing, the design and deployment of ICS honeypots is gaining momentum as a way to prevent, detect, and research them. However, ICS honeypot creators hardly explicitly consider what adversary behavior they want to capture, potentially creating honeypots that may not completely fulfill their intended purpose. At the same time, ICS honeypots are classified using the traditional interaction level scheme which is unsuitable for ICS due to its unique properties. In turn, these issues make it hard for potential users to systematically determine the suitability of an ICS honeypot for their use case. To tackle these problems, in this paper we introduce ICSvertase, a novel framework allowing for structural reasoning about ICS honeypots. ICSvertase integrates several existing components from the ATT&CK for ICS and Engage frameworks provided by MITRE and extends them with novel elements. ICSvertase provides a novel approach to helping companies and users in several real-world use cases, such as choosing the most suitable existing ICS honeypot, designing new ICS honeypots, and classifying existing ones in a more fine-grained way. To show ICSvertase’s benefits, we provide examples for these real-world use cases and compare them to their traditional counterparts.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123956575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An Improved Honeypot Model for Attack Detection and Analysis","authors":"Marwan Abbas-Escribano, Hervé Debar","doi":"10.1145/3600160.3604993","DOIUrl":"https://doi.org/10.1145/3600160.3604993","url":null,"abstract":"This paper presents a new model and design for honeypots, and the results obtained the implementation and exposure on the internet of an high interaction honeypot. We show that our model can allow higher interaction with attackers while preserving integrity and attractiveness. In our work, we use threat analysis based on the MITRE ATT&CK taxonomy to describe the design and supervision constraints of our honeypot with it’s situation in our implemented architecture. We exposed our infrastructure during seventeen days and collected information about several actors and attack methods, from which we extracted previously undocumented Indicators of Compromise.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129775781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Coppolino, Roberto Nardone, Alfredo Petruolo, L. Romano, A. Souvent
{"title":"Exploiting Digital Twin technology for Cybersecurity Monitoring in Smart Grids","authors":"L. Coppolino, Roberto Nardone, Alfredo Petruolo, L. Romano, A. Souvent","doi":"10.1145/3600160.3605043","DOIUrl":"https://doi.org/10.1145/3600160.3605043","url":null,"abstract":"The adoption of Digital Twin technology has witnessed significant growth in various domains, enabling continuous monitoring and testing in diverse applications. In the context of safeguarding critical infrastructures, particularly smart grids, Digital Twin has emerged as a viable solution to meet the requirements outlined in the NIS2 directive issued by the European Commission. Additionally, the increasing trend in Europe towards establishing shared dataspaces, and fostering collaborative environments through data sharing, necessitates a heightened focus on cybersecurity risks. This study focuses on enhancing cybersecurity measures in critical infrastructure, with a specific emphasis on the energy sector and smart grids. To achieve this objective, a robust architecture is proposed for the cybersecurity monitoring of a smart power and distribution grid. The proposed approach involves the transformation of a system model, conforming to the Common Information Model standard for the power system domain, into a digital twin model powered by FIWARE, an open-source platform. The architecture incorporates a SIEM (Security Information and Event Management) solution built on open-source technologies. A comprehensive validation is conducted through a real-world case study, providing empirical evidence of the effectiveness of the proposed approach.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128506715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Dynamic Intrusion Detection Framework for UAVCAN Protocol Using AI","authors":"Fadhila Tlili, S. Ayed, Lamia CHAARI FOURATI","doi":"10.1145/3600160.3605071","DOIUrl":"https://doi.org/10.1145/3600160.3605071","url":null,"abstract":"Industry 4.0 is going through a transitional period via the radically automotive transformations. In particular, unmanned aerial vehicles have significantly contributed to the development of intelligent and connected transportation systems. Thus, the continuous development using diverse technologies to achieve a variety of high-performance services raised the security concerns regarding communicating entities. Thus, being managed by networked controllers, UAVs uses controller area networks (CAN) protocol to broadcast information in a bus. However, this protocol is used as a de facto standard which does not have sufficient security features that raise the security risks. This issue caught the attention of the automotive industry researchers and several studies have attempted to improve the security of the CAN protocol attack detection. However, the proposed studies established general perspective solution and did not pay attention to UAVCAN attack detection. To alleviate these concerns, this paper proposed a dynamic intrusion detection frameworks (DIDF) for UAVCAN. The proposed UAVCAN DIDF scheme adopts an artificial intelligence (AI) based model to achieve high detection performance. We performed experiments using public UAVCAN dataset to evaluate our detection system. The experimental results demonstrate that UAVCAN DIDF has significantly reached a high detection rate with a high true positive and a low false negative rate. The simulation results are encouraging and demonstrate the effectiveness of UAVCAN DIDF.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127374301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dr Sarwar Sayeed, N. Pitropakis, W. Buchanan, E. Markakis, Dimitra Papatsaroucha, Ilias Politis
{"title":"TRUSTEE: Towards the creation of secure, trustworthy and privacy-preserving framework","authors":"Dr Sarwar Sayeed, N. Pitropakis, W. Buchanan, E. Markakis, Dimitra Papatsaroucha, Ilias Politis","doi":"10.1145/3600160.3604997","DOIUrl":"https://doi.org/10.1145/3600160.3604997","url":null,"abstract":"Digital transformation is a method where new technologies replace the old to meet essential organisational requirements and enhance the end-user experience. Technological transformation often improvises the manner in which a facility or resources are delivered to the recipient. Data is one of the key assets of every organisation which influences significantly reaching the long-term objective. Thus, the entities, as well as technologies involved in the data management process, have a significant role to play to secure different data types. However, the traditional data governance process often follows a centralised approach and thus resulting in various cyber attacks, whereas the distributed approaches are mostly research prototypes and often comprise various security challenges. Security incidents such as data theft fabricate the integrity of confidential data and thus the consequences are often disastrous. To address the challenges, we introduce TRUSTEE, a data-driven platform which aims to provide a secure and privacy-by-design framework to empower companies, organisations, and individuals to access different data domains, use and re-use the data and metadata to extract knowledge with trust and confidentiality. In this paper, we assess the effectiveness of the platform by reviewing the potential challenges and threats associated with the incorporated technologies. Our research emphasises the efficacy of distributed technologies to indicate their significance in data integrity and security.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127547700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Network Covert Channels in Routing Protocols","authors":"Michael Schneider, Daniel Spiekermann, J. Keller","doi":"10.1145/3600160.3605021","DOIUrl":"https://doi.org/10.1145/3600160.3605021","url":null,"abstract":"Computer networks play a key role in everyday lives. To guarantee fail-safe operation, routing protocols are used that enable dynamic routing via redundant paths. Because of this, routing protocols like RIP or OSPF play an important role in modern network infrastructures. The widespread use together with the mostly missing traffic monitoring of these protocols provide a possible base to exploit these protocols for network steganographic channels. In this paper, we present a novel storage covert channel based on the OSPF routing protocol. We analyzed the protocol in detail with the help of hiding patterns to identify protocol fields that might be suitable for covert communication. We provide a proof-of-concept implementation of our covert channel inside a simulated network, which demonstrates the possibility of covert communication in a routing protocol. Our evaluation covers detectability and countermeasures, steganographic bandwidth and robustness. Furthermore, we sketch an application scenario where such a covert channel can be deployed.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128923850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}