Attacking and Securing Beacon-Enabled 802.15.4 Networks

JUNG, SANG SHIN

04 May 2011

The IEEE 802.15.4 has attracted time-critical applications in wireless sensor networks (WSNs) because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS scheme’s security still leave the 802.15.4 MAC vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 either focus on non beacon-enabled 802.15.4 or cannot defend against insider attacks for beacon-enabled 802.15.4. In this thesis, we illustrate this by demonstrating attacks on the availability and integrity of the beacon-enabled 802.15.4. To proof the attacks, we implement the attacks using Tmote Sky motes for a malicious node along with regular nodes. We show that the malicious node can freely exploit the beacon frames to compromise the integrity and availability of the network. For the defense, we present beacon-enabled MiniSec (BCN-MiniSec) and analyze its cost.

Insider attacks

Beacon-enabled 802.15.4

Wireless sensor networks

MAC misbehavior

Méthodes formelles pour l'extraction d'attaques internes des Systèmes d'Information / Formal methods for extracting insider attacks from Information Systems

Radhouani, Amira

23 June 2017

La sécurité des Systèmes d’Information (SI) constitue un défi majeur car elle conditionne amplement la future exploitation d’un SI. C’est pourquoi l’étude des vulnérabilités d’un SI dès les phases conceptuelles est cruciale. Il s’agit d’étudier la validation de politiques de sécurité, souvent exprimées par des règles de contrôle d’accès, et d’effectuer des vérifications automatisées sur des modèles afin de garantir une certaine confiance dans le SI avant son opérationnalisation. Notre intérêt porte plus particulièrement sur la détection des vulnérabilités pouvant être exploitées par des utilisateurs internes afin de commettre des attaques, appelées attaques internes, en profitant de leur accès légitime au système. Pour ce faire, nous exploitons des spécifications formelles B générées, par la plateforme B4MSecure, à partir de modèles fonctionnels UML et d’une description Secure UML des règles de contrôle d’accès basées sur les rôles. Ces vulnérabilités étant dues à l’évolution dynamique de l’état fonctionnel du système, nous proposons d’étudier l’atteignabilité des états, dits indésirables, donnant lieu à des attaques potentielles, à partir d’un état normal du système. Les techniques proposées constituent une alternative aux techniques de model-checking. En effet, elles mettent en œuvre une recherche symbolique vers l’arrière fondée sur des approches complémentaires : la preuve et la résolution de contraintes. Ce processus de recherche est entièrement automatisé grâce à notre outil GenISIS qui a montré, sur la base d’études de cas disponibles dans la littérature, sa capacité à retrouver des attaques déjà publiées mais aussi des attaques nouvelles. / The early detection of potential threats during the modelling phase of a Secure Information System (IS) is required because it favours the design of a robust access control policy and the prevention of malicious behaviours during the system execution. This involves studying the validation of access control rules and performing vulnerabilities automated checks before the IS operationalization. We are particularly interested in detecting vulnerabilities that can be exploited by internal trusted users to commit attacks, called insider attacks, by taking advantage of their legitimate access to the system. To do so, we use formal B specifications which are generated by the B4MSecure platform from UML functional models and a SecureUML modelling of role-based access control rules. Since these vulnerabilities are due to the dynamic evolution of the functional state, we propose to study the reachability of someundesirable states starting from a normal state of the system. The proposed techniques are an alternative to model-checking techniques. Indeed, they implement symbolic backward search algorithm based on complementary approaches: proof and constraint solving. This rich technical background allowed the development of the GenISIS tool which automates our approach and which was successfully experimented on several case studies available in the literature. These experiments showed its capability to extract already published attacks but also new attacks.

Attaques internes

B

Preuve

Résolution de contraintes

Model-Checking

Atteignabilité

Insider attacks

B-Method

Proof

Constraint solving

Model-Checking

Reachability

004

An Edge-Based Blockchain-Enabled Framework for Preventing Insider Attacks in Internet of Things (IoT)

Tukur, Yusuf M.

January 2021

The IoT offers enormous potentials thanks to its Widespread adoption by many industries, individuals, and governments, leading explosive growth and remarkable breakthroughs that have made it a technology with seemingly boundless applications. However, the far-reaching IoT applications cum its characteristic heterogeneity and ubiquity come with a huge price for more security vulnerabilities, making the deployed IoT systems increasingly susceptible to, and prime targets of many different physical and cyber-attacks including insider attacks, thereby growing the overall security risks to the systems. This research, which focuses on addressing insider attacks on IoT, studies the likelihood of malicious insiders' activities compromising some of the security triad of Confidentiality, Integrity and Availability (CIA) of a supposedly secure IoT system with implemented security mechanisms. To further establish the vulnerability of the IoT systems to the insider attack being investigated in our research, we first produced a research output that emphasized the need for multi-layer security of the overall system and proposed the implementation of security mechanisms on components at all layers of the IoT system to safeguard the system and ensure its CIA. Those conventional measures however do not safeguard against insider attacks, as found by our experimental investigation of a working IoT system prototype. The outcome of the investigation therefore necessitates our proposed solution to the problem, which leverages the integration of distributed edge computing with decentralized Ethereum blockchain technology to provide countermeasures that preserve the Integrity of the IoT system data and improve effectiveness of the system. We employed the power of Ethereum smart contracts to perform integrity checks on the system data logically and take risk management decisions. We considered the industry use case of Downstream Petroleum sector for application of our solution. The solution was evaluated using datasets from different experimental settings and showed up to 86% accuracy rate. / Government of the Federal Republic of Nigeria through the Petroleum Technology Development Fund (PTDF) Overseas Scholarship Scheme (OSS)

Internet of Things (IoT)

LORaWAN

Threat model

Insider attacks

IoT security

Edge computing

Blockchain

Ethereum

Smart contracts

Petroleum downstream