Web-based prototype for protecting controllers from existing cyber-attacks in an industrial control system / Webbaserad prototyp för att skydda styrsystem från förekommande cyberattacker i ett industriellt kontrollsystem

Sanyang, Pa

January 2020

Industrial control system or ICS is a critical part of the infrastructure in society. An example of ICS is the rail networks or energy plants like the nuclear plant. SCADA is an ICS system following a hierarchical structure. Due to the fact that a control system can be very large, monitoring remote through networks is an effective way to do so. But because of digitalization ICS or SCADA systems are vulnerable to cyber attacks that can hijack or intercept network traffic or deny legitimate user services. SCADA protocols (e.g. Modbus, DNP3) that are prone to get attacks due to not being a secure protocol make a SCADA system even more vulnerable to attacks. The paper focuses on how to best protect the network traffic between an HMI as the client and a different controller as the server from attacks. The proposed solution, the prototype, is based on the reverse proxy server setup to protect controllers from the external network traffic. Only the reverse proxy server, or gateway server, can forward a client request to the intended controller. The gateway server, a web-based solution, will be the additional security layer that encrypts the payload in the application layer using TLS version 1.2 by using HTTPS protocol, thereby protect from usual security threats. The prototype went through a penetration testing of MITM (Based on ARP-poisoning), SYN flooding, slow HTTP POST attacks. And the result indicated that the prototype was vulnerable to SYN flooding and the network traffic was intercepted by the MITM. But from the Confidentiality-Integrity-Availability (C.I.A) criteria, the prototype did uphold the integrity and confidentiality due to the TLS security and successful mitigation of certain attacks. The results and suggestions on how to improve the gateway server security were discussed, including that the testing was not comprehensive but that the result is still valuable. In conclusion, more testing in the future would most likely showcase different results, but that will only mean to better the security of the gateway server, the network that the client and gateway server runs in and the physical security of the location where the client and gateway server is located. / Industrial Control System (ICS, sve. Industriella Kontrollsystem) är en kritisk del av infrastrukturen i samhället. Ett exempel på ICS är järnvägsnät eller energianläggningar som kärnkraftverket. SCADA är ett ICS-system som följer en hierarkisk struktur. Eftersom ett kontrollsystem kan täcka stora ytor är fjärrövervakning och fjärrstyrning via nätverk ett effektivt sätt att göra det på. Men på grund av digitalisering är ICS- eller SCADA-system sårbara för cyberattacker som kan kapa nätverkstrafik eller förneka legitima användare från att nå vissa tjänster. SCADA-protokoll (t.ex. Modbus, DNP3) som är benägna att få attacker på grund av att de inte är ett säkert protokoll gör SCADA-system ännu mer sårbart för attacker. Uppsatsen fokuserar huvudsakligen på hur man bäst skyddar nätverkstrafiken mellan en HMI som klient och en annan controller som servern från attacker. Den föreslagna lösningen, prototypen, är baserad på hur en reverse proxy server är uppsatt för att skydda styrenheter från den externa nätverkstrafiken. Endast reverse proxy servern eller gateway-servern kan vidarebefordra en begäran från en klient till den avsedda styrenheten. Gateway-servern, en webbaserad lösning, kommer att vara det extra säkerhetslagret som krypterar nyttolasten (eng. payload) i applikationslagret med TLS version 1.2 med hjä lp av protokollet HTTPS, och därmed skyddar mot de mest förekommande säkerhetshot som vill se och påverka skyddad information. Prototypen genomgick en penetrationstestning av MITM (Baserat på ARP-poisoning), SYN-flooding, slow HTTP POST-attacker. Och resultatet indikerade att prototypen var sårbar för SYN-flooding och nätverkstrafiken avlyssnades genom MITM. Men baserad på kriterierna för C.I.A (sve. Konfidentialitet, Integritet och Tillgänglighet) upprätthöllprototypen integriteten och konfidentialiteten på grund av säkerhetsprotokollen TLSv1.2 och framgångsrika minskningar av vissa attacker. Resultaten och förslag på hur man kan förbättra prototypen diskuterades, inklusive att testningen inte var omfattande men att resultatet fortfarande är värdefullt. Sammanfattningsvis skulle fler tester i framtiden sannolikt visa ett helt annat resultat, men det kommer bara att innebära att förbättra säkerheten för gateway-servern, nätverket som klienten och gateway-servern kör i och den fysiska säkerheten för platsen där klienten och gateway-servern befinner sig inom.

ICS

SCADA

Modbus

Honeypot

Conpot

Cyber attacks

MITM

DoS

Flooding

Reverse proxy server

AWS

ICS

SCADA

Modbus

Honeypot

Conpot

Cyber attacks

MITM

DoS

Flooding

Reverse proxy server

AWS

Computer and Information Sciences

Data- och informationsvetenskap

Modellering av en cyberattack på ett industriellt säkerhetssystem

Eriksson, Alma, Lindh, Oskar

January 2020

Stuxnet, Havex, BlackEnergy, Crashoverride, and now Triton/Trisis are all examples of cyber security incidents where industrial systems were targeted. The incident Triton/Trisis is new in it’s kind, as the attacker got all the way into the safety industrial system of an oil and gas refinery. Even if the final goal of the attack is still unknown the attacker had the power to put human life directly at risk. Details of the attack are still unknown and research and reverse engineering is still going on of the attack. The purpose of this study is to create an attack graph of the case. By collecting and combining information from publicly available material and grade all the sources by its trustworthiness the study resulted in a two-layered attack graph. Each node and vector in the graph have specified trustworthiness and the nodes contain related sources, tools, and network segments. The study shows that it is possible to construct an attack graph of the case even if details are still missing. Furthermore, it shows that the specific malicious code was tailor-made, but the steps needed to reach the safety industrial system itself were largely possible with the help of publicly available tools. As a result, the whole industrial industry needs to prepare for an escalation of cyber security incidents. / Stuxnet, Havex, BlackEnergy, Crashoverride och Triton/Trisis är alla exempel på cybersäkerhetsincidenter där industrisystem blivit angripna. Händelsen Triton/Trisis är ny i sitt slag, eftersom angriparen kom hela vägen in i det industriella säkerhetssystemet i ett olje- och gasraffinaderi. Ä ven om det slutliga målet för attacken fortfarande är okänt, hade angriparen möjlighet att sätta människor i fara. Detaljer av attacken är fortfarande okända och forskning samt rekonstruktion av attacken pågår. Syftet med denna studie är att skapa en attackgraf över incidenten. Genom att samla in och kombinera information från allmänt tillgängligt material och betygsätta alla källor genom dess tillförlitlighet resulterade studien i en attackgraf med två lager. Varje nod och vektor i grafen har givits en tillförlitlighet och noderna innehåller relaterade källor, verktyg och nätverkssegment. Studien visar att det är möjligt att konstruera en attackgraf av incidenten även om det saknas detaljer. Dessutom visar den att den specifika skadliga koden var skräddarsydd, men stegen som behövdes för att nå det industriella säkerhetssystemet var till stor del möjliga med hjälp av offentligt tillgängliga verktyg. Som ett resultat behöver hela den industriella industrin förbereda sig för en upptrappning av cybersäkerhetsincidenter. / Kandidatexjobb i elektroteknik 2020, KTH, Stockholm

Triton/Trisis

Trisis malware

Cyber security

IT-s ̈akerhet

Cyber attack

Industrial control systems

Cyber ware-fare

ICS malware

ICS attack

Elektroteknik och elektronik

Electronic State Excitations in the Water Molecule by Collisions with Low Energy Electrons

Thorn, Penny Anne, penny.thorn@flinders.edu.au

January 2008

The present study was largely concerned with measuring accurate absolute values for the electronic state excitation cross sections in H2O, in the incident electron energy range 15eV to 50eV. It is hoped that these data will eventually help to improve the current state of electron - molecule scattering theory, as well as being useful in various fields of modelling. As an illustration of this latter point, the cross sections determined here were used to calculate quantities of importance in atmospheric modelling, namely, electron energy transfer rates and rates for the excitation of water molecules by auroral secondary electrons.

EELS

cross sections

H2O

water

ICS

DCS

electron scattering

electron energy transfer rates

excitation rates

Meinel bands

Transatlantické obchodní a investiční partnerství (TTIP) / Transatlantic Trade and Investment Partnership (TTIP)

Rott, Michael

January 2017

(English) In the field of international law, the negotiated agreement between the EU and the US - TTIP - is a major source of law. In addition, its intended scope should encompass the provisions on investment protection. However, during the course of the bilateral negotiations, there was a leak of information which revealed that the agreement should include provisions of the dispute settlement mechanism that do not differ in its substantial aspects from those which are and have been incorporated into bilateral investment agreements between States. Therefore, in the process of investment disputes initiated under the TTIP agreement, the major influence would have had the provisions of international conventions which set out the rules for the functioning of the International Investment Tribunals - the Convention of the International Centre for the Settlement of Investment Disputes and the Arbitration Rules of the United Nations Commission on International Trade Law. However, given that both the general public and professional circles have long expressed concerns that question the very legitimacy of the international investment arbitration, this fact have been accepted with great disrespect. This was particularly, because of the previous practice of decision-making in the investment disputes, which...

Kybernetické prostředí pro systémy typu ICS/SCADA / Cyber-environment for systems of ICS/SCADA type

Váňa, Martin

January 2019

The thesis explores the problematics of cyber environment for the ICS/SCADA systems. First, shorter section is mainly focused on general introduction into the ICS/SCADA systems and their inner workings. Communication model of a general SCADA system and its foundational elements are explained. It is mainly theoretical passage and it serves as an introduction. It is necessary for understanding the second part which is mainly practical. The appropriate system is chosen as a first thing in the practical part of the thesis for the implementation of the whole project. There are defined criteria on which the system itself is implemented. Following that the system itself is implemented under a framework called openMUC and it is tested with help of the simulators according to the objective of the thesis.

Development and characterization of a tunable ultrafast X-ray source via Inverse-Compton-Scattering

Jochmann, Axel

24 September 2014

Ultrashort, nearly monochromatic hard X-ray pulses enrich the understanding of the dynamics and function of matter, e.g., the motion of atomic structures associated with ultrafast phase transitions, structural dynamics and (bio)chemical reactions. Inverse Compton backscattering of intense laser pulses from relativistic electrons not only allows for the generation of bright X-ray pulses which can be used in a pump-probe experiment, but also for the investigation of the electron beam dynamics at the interaction point. The focus of this PhD work lies on the detailed understanding of the kinematics during the interaction of the relativistic electron bunch and the laser pulse in order to quantify the influence of various experiment parameters on the emitted X-ray radiation. The experiment was conducted at the ELBE center for high power radiation sources using the ELBE superconducting linear accelerator and the DRACO Ti:sapphire laser system. The combination of both these state-of-the-art apparatuses guaranteed the control and stability of the interacting beam parameters throughout the measurement. The emitted X-ray spectra were detected with a pixelated detector of 1024 by 256 elements (each 26μm by 26μm) to achieve an unprecedented spatial and energy resolution for a full characterization of the emitted spectrum to reveal parameter influences and correlations of both interacting beams. In this work the influence of the electron beam energy, electron beam emittance, the laser bandwidth and the energy-angle-correlation on the spectra of the backscattered X-rays is quantified. A rigorous statistical analysis comparing experimental data to ab-initio 3D simulations enabled, e.g., the extraction of the angular distribution of electrons with 1.5% accuracy and, in total, provides predictive capability for the future high brightness hard X-ray source PHOENIX (Photon electron collider for Narrow bandwidth Intense X-rays) and potential all optical gamma-ray sources. The results will serve as a milestone and starting point for the scaling of the X-ray flux based on available interaction parameters of an ultrashort bright X-ray source at the ELBE center for high power radiation sources. The knowledge of the spatial and spectral distribution of photons from an inverse Compton scattering source is essential in designing future experiments as well as for tailoring the X-ray spectral properties to an experimental need. / Ultrakurze, quasi-monochromatische harte Röntgenpulse erweitern das Verständnis für die dynamischen Prozesse und funktionalen Zusammenhänge in Materie, beispielsweise die Dynamik in atomaren Strukturen bei ultraschnellen Phasenübergängen, Gitterbewegungen und (bio)chemischen Reaktionen. Compton-Rückstreuung erlaubt die Erzeugung der für ein pump-probe-Experiment benötigten intensiven Röntgenpulse und ermöglicht gleichzeitig einen Einblick in die komplexen kinematischen Prozesse während der Wechselwirkung von Elektronen und Photonen. Ziel dieser Arbeit ist, ein quantitatives Verständnis der verschiedenen experimentellen Einflüsse auf die emittierte Röntgenstrahlung bei der Streuung von Laserphotonen an relativistischen Elektronen zu entwickeln. Die Experimente wurden am ELBE - Zentrum für Hochleistungs-Strahlenquellen des Helmholtz-Zentrums Dresden - Rossendorf durchgeführt. Der verwendete supraleitende Linearbschleuniger ELBE und der auf Titan-Saphir basierende Hochleistungslaser DRACO garantieren ein Höchstmaß an Kontrolle und Stabilität der experimentellen Bedingungen. Zur Messung der emittierten Röntgenstrahlung wurde ein Siliziumdetektor mit 1024x256 Pixeln (Pixelgröße 26μm × 26μm) verwendet, welcher für eine bisher nicht erreichte spektrale und räumliche Auflösung sorgt. Die so erfolgte vollständige Charakterisierung der Energie-Winkel-Beziehung erlaubt Rückschlüsse auf Parametereinflüsse und Korrelationen von Elektronen- und Laserstrahl. Eine umfassende statistische Analyse, bei der ab-initio 3D Simulationen mit den experimentellen Daten verglichen und ausgewertet wurden, ermöglichte u.a. die Bestimmung der Elektronenstrahldivergenz mit einer Genauigkeit von 1.5% und erlaubt Vorhersagen zur zu erwartenden Strahlung der zukünftigen brillianten Röntgenquelle PHOENIX (Photon electron collider for Narrow bandwidth Intense X-rays) und potentiellen lasergetriebenen Gammastrahlungsquellen. Die Ergebnisse dienen als Fixpunkt für die Skalierung des erwarteten Photonenflusses der Röntgenquelle für die verfügbaren Ausgangsgrößen am Helmholtz-Zentrum Dresden - Rossendorf. Das Wissen um die räumliche und spektrale Verteilung der Röntgenstrahlung ist entscheidend für die Planung zukünftiger Experimente sowie zur Anpassung der Quelle an experimentelle Bedürfnisse.

info:eu-repo/classification/ddc/530

ddc:530

Development and Characterization of a tunable ultrafast X-ray source via Inverse Compton Scattering

Jochmann, Axel

11 March 2015

Ultrashort, nearly monochromatic hard X-ray pulses enrich the understanding of the dynamics and function of matter, e.g., the motion of atomic structures associated with ultrafast phase transitions, structural dynamics and (bio)chemical reactions. Inverse Compton backscattering of intense laser pulses from relativistic electrons not only allows for the generation of bright X-ray pulses which can be used in a pumpprobe experiment, but also for the investigation of the electron beam dynamics at the interaction point. The focus of this PhD work lies on the detailed understanding of the kinematics during the interaction of the relativistic electron bunch and the laser pulse in order to quantify the influence of various experiment parameters on the emitted X-ray radiation. The experiment was conducted at the ELBE center for high power radiation sources using the ELBE superconducting linear accelerator and the DRACO Ti:sapphire laser system. The combination of both these state-of-the-art apparatuses guaranteed the control and stability of the interacting beam parameters throughout the measurement. The emitted X-ray spectra were detected with a pixelated detector of 1024 by 256 elements (each 26μm by 26μm) to achieve an unprecedented spatial and energy resolution for a full characterization of the emitted spectrum to reveal parameter influences and correlations of both interacting beams. In this work the influence of the electron beam energy, electron beam emittance, the laser bandwidth and the energy-anglecorrelation on the spectra of the backscattered X-rays is quantified. A rigorous statistical analysis comparing experimental data to ab-initio 3D simulations enabled, e.g., the extraction of the angular distribution of electrons with 1.5% accuracy and, in total, provides predictive capability for the future high brightness hard X-ray source PHOENIX (Photon electron collider for Narrow bandwidth Intense X-rays) and potential all optical gamma-ray sources. The results will serve as a milestone and starting point for the scaling of the Xray flux based on available interaction parameters of an ultrashort bright X-ray source at the ELBE center for high power radiation sources. The knowledge of the spatial and spectral distribution of photons from an inverse Compton scattering source is essential in designing future experiments as well as for tailoring the X-ray spectral properties to an experimental need. / Ultrakurze, quasi-monochromatische harte Röntgenpulse erweitern das Verständnis für die dynamischen Prozesse und funktionalen Zusammenhänge in Materie, beispielsweise die Dynamik in atomaren Strukturen bei ultraschnellen Phasenübergängen, Gitterbewegungen und (bio)chemischen Reaktionen. Compton-Rückstreuung erlaubt die Erzeugung der für ein pump-probe-Experiment benötigten intensiven Röntgenpulse und ermöglicht gleichzeitig einen Einblick in die komplexen kinematischen Prozesse während der Wechselwirkung von Elektronen und Photonen. Ziel dieser Arbeit ist, ein quantitatives Verständnis der verschiedenen experimentellen Einflüsse auf die emittierte Röntgenstrahlung bei der Streuung von Laserphotonen an relativistischen Elektronen zu entwickeln. Die Experimente wurden am ELBE - Zentrum für Hochleistungs-Strahlenquellen des Helmholtz-Zentrums Dresden - Rossendorf durchgeführt. Der verwendete supraleitende Linearbschleuniger ELBE und der auf Titan-Saphir basierende Hochleistungslaser DRACO garantieren ein Höchstmaß an Kontrolle und Stabilität der experimentellen Bedingungen. Zur Messung der emittierten Röntgenstrahlung wurde ein Siliziumdetektor mit 1024x256 Pixeln (Pixelgröße 26μm × 26μm) verwendet, welcher für eine bisher nicht erreichte spektrale und räumliche Auflösung sorgt. Die so erfolgte vollständige Charakterisierung der Energie-Winkel-Beziehung erlaubt Rückschlüsse auf Parametereinflüsse und Korrelationen von Elektronen- und Laserstrahl. Eine umfassende statistische Analyse, bei der ab-initio 3D Simulationen mit den experimentellen Daten verglichen und ausgewertet wurden, ermöglichte u.a. die Bestimmung der Elektronenstrahldivergenz mit einer Genauigkeit von 1.5% und erlaubt Vorhersagen zur zu erwartenden Strahlung der zukünftigen brillianten Röntgenquelle PHOENIX (Photon electron collider for Narrow bandwidth Intense X-rays) und potentiellen lasergetriebenen Gammastrahlungsquellen. Die Ergebnisse dienen als Fixpunkt für die Skalierung des erwarteten Photonenflusses der Röntgenquelle für die verfügbaren Ausgangsgrößen am Helmholtz-Zentrum Dresden - Rossendorf. Das Wissen um die räumliche und spektrale Verteilung der Röntgenstrahlung ist entscheidend für die Planung zukünftiger Experimente sowie zur Anpassung der Quelle an experimentelle Bedürfnisse.

info:eu-repo/classification/ddc/530

ddc:530

Honeypot study of threats targeting critical infrastructure / Honeypot studie av cyberhot riktade mot kritisk infrastruktur

Alberto Scola, Carlo

January 2023

Honeypots are systems with the intent of gathering information about potential threats and, at the same time, shifting part of the attention away from the real targets. In industrial control system environments, honeypots play a significant role and can lead to further threat study while distracting potential attackers away from critical physical systems. Low-interaction honeypots are emulated systems that try to recreate a real environment by simulating applications and protocols. These types of honeypots still need improvements to be efficient, and during this thesis work the focus has been on the Conpot open-source ICS honeypot. Due to their nature, low-interaction honeypots are less appealing to potential attackers than high-interaction honeypots since they do not provide the same level of realism and can be easier discovered. Earlier works showed ways to increase the ability to attract more visitors and an improved setup of Conpot has been evaluated. Its results have been analyzed and compared with the default installation. Several advancements have been implemented as well as custom features and working functionalities, such as a customized industrial system design, improved logging, and a web API proxy. The goal of this work is to answer the investigated hypothesis which consists in finding out if an improved version of the low-interaction honeypot can yield more significant results. By evaluating the network traffic received, the outcome has been insightful and showcased a distinguished improvement over the original version of the honeypot. The ICS protocols displayed a more considerable number of interactions along with an increased amount of attacks. In conclusion, further development for the Conpot honeypot is desirable which would largely improve its performance and practicality in real-world deployments. / Honeypots är ett system med avsikten att samla information om potentiella hot och samtidigt avleda uppmärksamheten från de verkliga målen. I industriella kontrollsystemsmiljöer spelar honungskrukor en viktig roll och kan leda till ytterligare hotstudier samtidigt som potentiella angripare distraheras från viktiga fysiska system. Honeypots med låg interaktion är emulerade system som försöker återskapa verkliga miljöer genom att simulera applikationer och protokoll. Dessa typer av honeypots behöver fortfarande förbättringar för att vara effektiva, och under detta examensarbete har fokus legat på Conpot open source ICS honeypots. På grund av designbegränsningar är honeypots med låg interaktion mindre tilltalande för potentiella angripare än honeypots med hög interaktion. Tidigare arbeten har visat sätt att öka möjligheten att locka fler besökare och en förbättrad installation av Conpot har utvärderats och dess resultat har analyserats och jämförts med standardinstallationen. Flera framsteg har implementerats samt anpassade funktioner och fungerande funktioner, såsom en anpassad industriell systemdesign, förbättrad loggning och en webb-API-proxy. Målet med detta arbete är att svara på den undersökta hypotesen som går ut på att ta reda på om en förbättrad version av honungskrukan med låg interaktion kan ge mer signifikanta resultat. Genom att utvärdera den mottagna nätverkstrafiken har resultatet varit insiktsfullt och visat upp en stor förbättring jämfört med den ursprungliga versionen av honeypot. ICS-protokollen visade ett större antal interaktioner tillsammans med en ökad mängd attacker. Sammanfattningsvis är det önskvärt med en vidareutveckling av Conpot honeypot som avsevärt skulle förbättra dess prestanda och praktiska användning i den verkliga världen.

ICS

Honeypots

Modbus

SCADA

Enip

Conpot

Bacnet

FTP

IPMI

Network security

Cyber attacks

Computer and Information Sciences

Data- och informationsvetenskap

Design methodologies and tools for vertically integrated circuits

Kalargaris, Charalampos

January 2017

Vertical integration technologies, such as three-dimensional integration and interposers, are technologies that support high integration densities while offering shorter interconnect lengths as compared to planar integration and other packaging technologies. To exploit these advantages, however, several challenges lay across the designing, manufacturing and testing stages of integrated systems. Considering the high complexity of modern microelectronic devices and the diverse features of vertical integration technologies, this thesis sheds light on the circuit design process. New methodologies and tools are offered in order to assess and improve traditional objectives in circuit design, such as performance, power, and area for vertically integrated circuits. Interconnects on different interposer materials are investigated, demonstrating the several trade-offs between power, performance, area, and crosstalk. A backend design flow is proposed to capture the performance and power gains from the introduction of the third dimension. Emphasis is also placed on the power consumption of modern circuits due to the immense growth of battery-operated devices in the last fifteen years. Therefore, the effect of scaling the operating voltage in three-dimensional circuits is investigated as it is one of the most efficient techniques for reducing power while considering the performance of the circuit. Furthermore, a solution to eliminate timing penalties from the usage of voltage scaling technique at finer circuits granularities is also presented in this thesis.

004

Use of the Intelligibility in Context Scale (ICS) as a measure of functional intelligibility in French speaking children with cleft lip and palate in Mauritius

Gopal, R., Louw, Brenda

05 May 2013

No description available.

intelligibility context scale

ICS

functional intelligibility

French

language

children

cleft lip

cleft palate

Mauritius

Audiology and Speech-Language Pathology

Musculoskeletal Diseases

Speech Pathology and Audiology