The DNS Bake Sale: Advertising DNS Cookie Support for DDoS Protection

Davis, Jacob

02 April 2021

The Domain Name System (DNS) has been frequently abused for Distributed Denial of Service (DDoS) attacks and cache poisoning because it relies on the User Datagram Protocol (UDP). Since UDP is connection-less, it is trivial for an attacker to spoof the source of a DNS query or response. DNS Cookies, a protocol standardized in 2016, add pseudo-random values to DNS packets to provide identity management and prevent spoofing attacks. This work finds that 30% of popular authoritative servers and open recursive resolvers fully support cookies and that 10% of recursive clients send cookies. Despite this, DNS cookie use is rarely enforced as it is non-trivial to ascertain whether a given client intends to fully support cookies. We also show that 80% of clients and 99% of servers do not change their behavior when encountering a missing or illegitimate cookie. This paper presents a new protocol to allow cookie enforcement: DNS Protocol Advertisement Records (DPAR). Advertisement records allow DNS clients intending to use cookies to post a public record in the reverse DNS zone stating their intent. DNS servers may then lookup this record and require a client to use cookies as directed, in turn preventing an attacker from sending spoofed messages without a cookie. In this paper, we define the specification for DNS Protocol Advertisement Records, considerations that were made, and comparisons to alternative approaches. We additionally estimate the effectiveness of advertisements in preventing DDoS attacks and the expected burden to DNS servers. Advertisement records are designed as the next step to strengthen the existing support of DNS Cookies by enabling strict enforcement of client cookies.

Domain Name System

DNS Cookies

Internet Measurement

Cybersecurity

Internet Protocols

Physical Sciences and Mathematics

INTRUSION DETECTION SYSTEM FOR CONTROLLER AREA NETWORK

Vinayak Jayant Tanksale (13118805)

19 July 2022

<p>The rapid expansion of intra-vehicle networks has increased the number of threats to such networks. Most modern vehicles implement various physical and data-link layer technologies. Vehicles are becoming increasingly autonomous and connected. Controller Area Network (CAN) is a serial bus system that is used to connect sensors and controllers (Electronic Control Units – ECUs) within a vehicle. ECUs vary widely in processing power, storage, memory, and connectivity. The goal of this research is to design, implement, and test an efficient and effective intrusion detection system for intra-vehicle CANs. Such a system must be capable of detecting intrusions in almost real-time with minimal resources. The research proposes a specific type of recursive neural network called Long Short-Term Memory (LSTM) to detect anomalies. It also proposes a decision engine that will use LSTM-classified anomalies to detect intrusions by using multiple contextual parameters. We have conducted multiple experiments on the optimal choice of various LSTM hyperparameters. We have tested our classification algorithm and our decision engine using data from real automobiles. We will present the results of our experiments and analyze our findings. After detailed evaluation of our intrusion detection system, we believe that we have designed a vehicle security solution that meets all the outlined requirements and goals.</p>

System and network security

Controller Area Network

Intrusion detection

LSTM networks

RNN

Deep Learning Applications

Cybersecurity

Risk Analysis and Cybersecurity Implementation for UTM : Implemented in UTM50 / Riskanalys och implementering av cybersäkerhet för UTM : Implementerat i UTM50

Hannson, Inge, Nääs, Fredrik

January 2023

With the increasing usage of Unmanned Aerial Vehicle (UAV)s and the prediction of becoming applicable to more industries within the next decade there is a need for a controlling authority in the lower airspace. An Unmanned Aircraft System Traffic Man- agement (UTM) provides multiple solutions to how such a system should operate and what services it should provide. This makes a UTM a key infrastructure that will need to withstand potential cyberattacks and ensure safe communication channels with sensitive information. This thesis will provide an analysis of what key areas need protection and show an example of how to implement it in UTM50.  Possible vulnerabilities were identified by performing a risk analysis based on the Con- trolled Object-Oriented Risk Assessment (CORAS) model, and a comparison was made between similar communication systems to compare what challenges they face. To handle the vulnerabilities, countermeasures were implemented in UTM50 using coding libraries such as ZeroMQ and CurveZMQ. The implementation was tested to ensure its effective- ness against possible cyber attacks, and the traffic was monitored using Wireshark.  Finally, this thesis presents a few areas that require further research to ensure full safety and security across all communication channels.

UTM

U-space

UTM50

Drone

Drones

Cybersecurity

ZeroMQ

CurveZMQ

Computer and Information Sciences

Data- och informationsvetenskap

Dopad COVID-19 na bezpečnostní politiku států v oblasti kybernetické bezpečnosti / Impact of COVID-19 on Security Policies of States in the Area of Cyber Security

Rieger, Anastasiya

January 2022

CHARLES UNIVERSITY FACULTY OF SOCIAL SCIENCES Master of International Security Systems Anastasiya Neskoromna/Rieger Impact of COVID 19 on Security Policies of States in the Area of Cyber Security Abstract Prague 2022 Author: Ms. Anastasiya Neskoromna/Rieger Supervisor: prof. David Erkomashvile, Ph.D. Academic Year: 2021/2022 Abstract The SARS-Cov-19 or in different wording the global Covid pandemic outburst have created an unprecedented scenario for various organizations, agencies and structures. The COVID-19 pandemic in 2020 has become an extraordinary and shocking event for the world community and the global economy. On the part of the authorities, the COVID-19 pandemic is accompanied by sometimes harsh and ambiguous decisions, the consequences of which are felt by people in many countries of the world: movement between countries was stopped, businesses and enterprises were closed, the restriction was created, those who were sick or at risk of infection were isolated. There was also no possible assumption regarding how long such a mode of life will last. Many factors as a consequential chain of reactions from the pandemic in the aggregate have created a pleasant environment for altering and modifying the cybercrime landscape. This work aims to analyze the factorial presence of modification in the sphere...

Whose Responsibility is Cybersecurity? : A Comparative Qualitative Content Analysis of Discourses in the EU’s Cybersecurity Strategies 2013-2020

Siltanen, Ella

January 2021

Cybersecurity is an increasingly important topic to all actors from the private individuals to international institutions. The borderless nature of the internet has however made it more difficult for nation states to take care of their own security and institutions like the EU are also coping with the difficulties of defending themselves from attacks that can affect practically any part of the system and cause wide-spread damage. The EU has tried to address these issues by publishing strategies to improve the cybersecurity of the Union and its Member States. This thesis studies the discourse that is used by the Union in its strategies from 2013 and 2020. This is done to determine how the EU portrays each level, the national, institutional, or private and how responsible they are for the cybersecurity in the Union and to see how this discourse has changed in the previous few years. The theoretical framework of the thesis consists of neofunctionalism and historical institutionalism which are used to explain the direction of the development of the EU’s discourse. The study is conducted using critical discourse analysis and qualitative content analysis. The findings of the analysis suggest that there is noticeable shift to the EU taking more responsibility and actions to ensure its cybersecurity. Similarly it seems remarkable how the importance of the private sector seems to have diminished in the newer discourse.

European Union

EU

cybersecurity

institutionalism

neofunctionalism

critical discourse analysis

qualitative content analysis

Political Science

Statsvetenskap

Understanding the behaviour of  IOCs during their lifecycle

Godavarti, Navya sree, Modali, Sivani

January 2022

An indicator of compromise is a digital artefact that detects data compromise. They sense the compromise happening, trace the intrusion and collect data. This data includes breached data and the address. All indicators have a limited period of a lifetime, in which these work the best time in their peak. Once the indicator starts decaying, then its performance of it deteriorates. Meaning there is an increase in false alarms of compromise. The most influential parameters in the performance of an IOC are related pulse, alerts, file score and IDS. These parameters influence both the working and decay of an indicator. But the relation between these is unknown; therefore, this thesis investigates the nature of the correlation between these parameters. Evaluating an IOC and its performance or decay is essential as these determine the quality of an indicator known as confidence in cybersecurity. In cybersecurity management, confidence (quality) is crucial in preventing or detecting threats. By understanding IOC's performance and decay, we can determine its confidence level. There has been a model generated to find confidence levels, and this thesis aims to improve those models. Here, the thesis proposes a case study to find the relation between parameters and use the findings in making an improved model finding confidence level.

Indicator of compromise (IOC)

Cybersecurity

Confidence level of IOC.

Elektroteknik och elektronik

Innovative Simulation and Tree Models and Reinforcement Learning Methods with Applications in Cybersecurity

Liu, Enhao

January 2021

No description available.

Industrial Engineering

Optimal Trees

Discrete Event Simulation

Cybersecurity

Utilizing games as a tool to increase cybersecurity awareness in organizations : A systematic literature review / Spel som ett verktyg för att öka medvetenhet om cybersäkerhet inom organisationer : En systematisk litteraturstudie

Karlberg, Anton

January 2022

Cybersecurity is an important aspect within organizations as threats are many and often not fully understood, which requires individuals employed within organizations to be educated. Training implementations to increase cybersecurity knowledge and awareness are varied in their methodology of teaching. This study has employed a qualitative systematic literature review of academic articles from five databases to investigate how games are utilized as a training tool to increase cybersecurity awareness in organizations. A thematic analysis was applied to the collected bibliography to extract the design mediums of the games and the subject areas that were trained, the target audience, and reported results were also analyzed. The analysis found that the games followed a collection of similar design themes, which were collected and categorized into three distinct categories consisting of card &amp; board games, challenge games, and simulation games. By cross-analysis of the distinct categories and cybersecurity subjects trained, gathered results indicate that through different game design mediums different cybersecurity topics are favored, conclusions were then drawn on how games are applied in cybersecurity training within organizational environments. / Cybersäkerhet är en viktig aspekt inom organisationer och hoten som existerar är många och ofta inte helt förstådda. Vilket skapar behovet att utbilda individer inom organisationer om cybersäkerhet. Utbildningsimplementationer kommer i många former och varierar i sin metodik i att lära ut. Denna studie har brukat en kvalitativ systematisk litteraturstudie av akademiska artiklar inom fem databaser för att undersöka hur spel används som träningsverktyg för att utöka cybersäkerhetskompetens inom organisationer. En tematisk analys applicerades på den samlade bibliografin för att extrahera spelens designstrategier och vilka områden av cybersäkerhet som blir utlärda samt målgrupp och resultat. Analysen visade att spel följde en samling av liknande teman av design som kategoriserades i tre distinkta kategorier bestående utav kort &amp; brädspel, utmaningsspel och simulationsspel. Genomkorsanalys av de distinkta kategorierna och område av cybersäkerhet som tränades indikerade samlade resultat att skilda designstrategier föredrar utlärning av olika cybersäkerhetsområden. Slutsatser formulerades av dessa resultat som ger väg till hur spel appliceras för cybersäkerhetsträning inom organisatoriska miljöer.

Cybersecurity

training

serious games

organizations

Cybersäkerhet

träning

seriösa spel

organisationer

Information Systems

Security Analysis of Smart Buildings

Friman, Nelly

January 2020

In recent years, buildings have been starting to become more automated to match the demand forenergy efficient and sustainable housing. Subsystems, or so-called Building Management Systems(BMS), such as heating, electricity or access control, are gradually becoming more automated. Thenext step is to integrate all BMS in a building within one system, which is then called a smartbuilding. However, while buildings are becoming more and more automated, the concerns ofcybersecurity grow larger. While integrating a wide range of Internet of Things (IoT) devices withthe system, the attack surfaces is larger, and this, together with the automation of criticalsubsystems in the building leads to that attacks in worse case can harm the occupants of thebuilding.In this paper, the threats and risks are analyzed by using a security threat model. The goal isto identify and analyze potential threats and risks to smart buildings, with the purpose to giveinsight in how to develop secure systems for them. The process of the model includes five phases ofwhich this study focuses on phase one and three, identifying losses after a successful attack, anddetermine goals and intentions of the attackers for specific attacks, respectively.As a result of the security analysis potential threats were defined, in which the ones withhighest threat event frequency included data leaks and disabling the heating system. Somevulnerabilities and recommendations to improv the system is also discussed, which is of importanceso that occupants can continue to live and work in sustainable, reliable and secure facilities. / På senare år har fastigheter utvecklats till att bli mer automatiserade för att matcha efterfrågan påenergieffektiva och hållbara bostäder. Fastighetslösningarna (Building Management Systems,BMS), såsom värme- eller passersystem, blir gradvis mer automatiserade. Nästa steg är att integreraalla BMS i en byggnad till ett gemensamt system, som då kallas för en smart fastighet. Medanbyggnader blir alltmer automatiserade, växer oron kring cybersäkerhet eftersom man delsintegrerar ett stort antal Internet of Things (IoT)-enheter med systemet och samtidigt automatiserarmånga kritiska fastighetslösningar. I värsta fall skulle därför en utomstående attack kunna leda tillfysisk skada på fastigheter eller personer som befinner sig där.I denna studie utförs en säkerhetsanalys där dessa hot och risker analyseras med hjälp av enhotmodellering. Målet är att identifiera och analysera potentiella hot och risker för smartafastigheter, med syftet att ge insikt i hur man bör säkra dessa system. Modelleringen innehåller femfaser, av vilka denna studie fokuserar på fas ett och tre. I första fasen identifieras vilka förluster somfinns för företag och boende efter en framgångsrik attack och i fas tre identifieras angriparnas måloch avsikter för specifika attacker.Ett resultat av säkerhetsanalysen är att av de potentiella hot som definierats, är de medhögsta antalet försök till attack per år (Threat Event Frecquency, TEF) dataläckage och attinaktivera värmesystemet. Några sårbarheter med smarta fastigheter och rekommendationer för attförbättra systemet diskuteras också. Att utveckla säkra system till smarta fastigheter är av störstavikt för att personer kan fortsätta bo och arbeta i hållbara, pålitliga och säkra byggnader.

Smart Buildings

Cybersecurity

Threat

Risk

Smarta fastigheter

Cybersäkerhet

Hot

Risk

Computer and Information Sciences

Data- och informationsvetenskap

An Ontology and Guidelines for Cybersecurity Risk Assessment in the Automotive Domain

Khalil, Karim

January 2023

This study aims to propose a knowledge base ontology for the ISO/SAE 21434 cybersecurity risk assessment activities in the automotive domain. The focus of the paper is to model how the standard views the tasks of Threat Analysis and Risk Assessment (TARA) and cybersecurity concept. The model is supported by practical knowledge gained from a design science activity at a major organization for supplying automotive solutions and components. The scope is limited to matters of methodology in systems security assessment. The meta-model shows concepts, relationships, and axioms describing the different activities, stakeholders, and inter-dependencies. Based on the model knowledge, an integrated approach of TARA guideline is created, describing the steps of each of the activities in which it has been adapted by the organization participating in an applied study. Additionally, to increase the efficiency of the human resources involved in the creation of the security artifacts, a proposal to utilize the model relationships and the guideline to automate recurring TARA tasks. Lessons learned from the applied study are presented. The study has adapted an evaluation strategy based on technical evaluation and user evaluation. The guideline was evaluated through gathering expert’s opinions in a qualitative approach. The ontology meta-model has been qualified for consistency through technical evaluation.

ISO/SAE 21434

Threat Analysis and Risk Assessment

Ontology

Cybersecurity Concept

Information Systems