11 |
Security Analysis of OPC UA in Automation Systems for IIoT / Säkerhetsanalys av OPC UA inom automationssystem för IIoT.Varadarajan, Vaishnavi January 2022 (has links)
Establishing secured communication among the different entities in an industrial environment is a major concern. Especially with the introduction of the Industrial Internet of Things (IIoT), industries have been susceptible to cyber threats, which makes security a critical requirement for the industries. Prevailing industrial communication standards were proven to meet the security needs to some extent, but the major issue which was yet to be addressed was interoperability. To achieve interoperability, Open Platform Communication Unified Architecture (OPC UA) was introduced as a communication protocol. OPC UA helped bridge the gap between Information Technology (IT) and Operational Technology (OT) security needs, but this also gives rise to new attack opportunities for the intruder. In this thesis, we have analysed the security challenges in OPC UA and the impact of two different cyberattacks on the OPC UA. First, we have implemented an OPC UA Network with the help of Raspberry Pis and open62541, an open-source implementation of the OPC UA client and server. Following this, to evaluate the performance of the network, we performed three cybersecurity attacks, Packet Sniffing, Man in the Middle Attack (MITM) and Denial of Service attack. We assessed the impact these attacks have on the OPC UA network. We have also discussed the detection mechanism for the same attacks. This analysis has helped us recognize the threats faced by OPC UA in an IIoT environment with respect to message flooding, packet sniffing and man in the middle attack and the countermeasures to this attack have been discussed / Att etablera en säker kommunikation mellan de olika enheterna i en industriell miljö är en stor utmaning. Speciellt efter introduktionen av Industrial Internet of Things (IIoT) har industrier varit mottagliga för cyberhot vilket gör cybersäkerhet en prioritet. Rådande industriella kommunikationsstandarder har visats att till viss del uppfylla säkerhets- behoven, men en av de största problemen var bristen på interoperabilitet. För att uppnå interoperabiliteten skapades Open Platform Communication Unified Architecture (OPC UA) som kommun- ikationsprotokoll. OPC UA hjälper till att överbrygga gapet mellan säkerhetsbehoven av information- steknologi (IT) och Operational Technology (OT), men detta ger också upphov till nya attackmöjligheter för inkräktare. I detta examensarbete har vi analyserat säkerhetsutmaningarna i OPC UA och effekten av två olika cyberattacker på OPC UA. Först har vi implementerat ett OPC UA Network med hjälp av Raspberry Pis och open62541 som är en öppen källkodsimplementering av OPC UA klient och server. Efter detta utförde vi tre cybersäkerhetsattacker för att utvärdera nätverkets prestanda, packet sniffing, Man in the Middle Attack (MITM) och Denial of Service attack. Vi bedömde vilken effekt dessa attacker har på OPC UA-nätverket. Vi har också diskuterat detektionsmekanismen för samma attacker. Denna analys har hjälpt oss att känna igen de hot som OPC UA står inför i en IIoT-miljö med avseende på dataflöde, packet sniffing och Man in the Middle attack och även försvar mot dessa attacker har diskuterats.
|
12 |
Security Analysis of OPC UA in Automation Systems for IIoT / Säkerhetsanalys av OPC UA inom automationssystem för IIoT.Varadarajan, Vaishnavi January 2022 (has links)
Establishing secured communication among the different entities in an industrial environment is a major concern. Especially with the introduction of the Industrial Internet of Things (IIoT), industries have been susceptible to cyber threats, which makes security a critical requirement for the industries. Prevailing industrial communication standards were proven to meet the security needs to some extent, but the major issue which was yet to be addressed was interoperability. To achieve interoperability, Open Platform Communication Unified Architecture (OPC UA) was introduced as a communication protocol. OPC UA helped bridge the gap between Information Technology (IT) and Operational Technology (OT) security needs, but this also gives rise to new attack opportunities for the intruder. In this thesis, we have analysed the security challenges in OPC UA and the impact of two different cyberattacks on the OPCUA. First, we have implemented an OPC UA Network with the help of Raspberry Pis and open62541, an open-source implementation of the OPC UA client and server. Following this, to evaluate the performance of the network, we performed three cybersecurity attacks, Packet Sniffing, Man in the Middle Attack (MITM) and Denial of Service attack. We assessed the impact these attacks have on the OPC UA network. We have also discussed the detection mechanism for the same attacks. This analysis has helped us recognize the threats faced by OPC UA in an IIoT environment with respect to message flooding, packet sniffing and man in the middle attack and the countermeasures to this attack have been discussed. / Att etablera en säker kommunikation mellan de olika enheterna i en industriell miljö är en stor utmaning. Speciellt efter introduktionen av Industrial Internet of Things (IIoT) har industrier varit mottagliga för cyberhot vilket gör cybersäkerhet en prioritet. Rådande industriella kommunikationsstandarder har visats att till viss del uppfylla säkerhets- behoven, men en av de största problemen var bristen på interoperabilitet. För att uppnå interoperabiliteten skapades Open Platform Communication Unified Architecture (OPC UA) som kommun- ikationsprotokoll. OPC UA hjälper till att överbrygga gapet mellan säkerhetsbehoven av information- steknologi (IT) och Operational Technology (OT), men detta ger också upphov till nya attackmöjligheter för inkräktare. I detta examensarbete har vi analyserat säkerhetsutmaningarna i OPC UA och effekten av två olika cyberattacker på OPC UA. Först har vi implementerat ett OPC UA Network med hjälp av Raspberry Pis och open62541 som är en öppen källkodsimplementering av OPC UA klient och server. Efter detta utförde vi tre cybersäkerhetsattacker för att utvärdera nätverkets prestanda, packet sniffing, Man in the Middle Attack (MITM) och Denial of Service attack. Vi bedömde vilken effekt dessa attacker har på OPC UA-nätverket. Vi har också diskuterat detektionsmekanismen för samma attacker. Denna analys har hjälpt oss att känna igen de hot som OPC UA står inför i en IIoT-miljö med avseende på dataflöde, packet sniffing och Man in the Middle attack och även försvar mot dessa attacker har diskuterats.
|
13 |
Vulnerabilities in SNMPv3Lawrence, Nigel Rhea 10 July 2012 (has links)
Network monitoring is a necessity for both reducing downtime and ensuring
rapid response in the case of software or hardware failure. Unfortunately, one of the
most widely used protocols for monitoring networks, the Simple Network Management
Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity
for these services. In this paper, we demonstrate two attacks against the most current
and secure version of the protocol with authentication and encryption enabled. In
particular, we demonstrate that under reasonable conditions, we can read encrypted
requests and forge messages between the network monitor and the hosts it observes.
Such attacks are made possible by an insecure discovery mechanism, which allows
an adversary capable of compromising a single network host to set the keys used by
the security functions. Our attacks show that SNMPv3 places too much trust on the
underlying network, and that this misplaced trust introduces vulnerabilities that can
be exploited.
|
14 |
The Security LayerO'Neill, Mark Thomas 01 January 2019 (has links)
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online.
In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS.
|
15 |
thesis.pdfJianliang Wu (15926933) 30 May 2023 (has links)
<p>Bluetooth is the de facto standard for short-range wireless communications. Besides Bluetooth Classic (BC), Bluetooth also consists of Bluetooth Low Energy (BLE) and Bluetooth Mesh (Mesh), two relatively new protocols, paving the way for its domination in the era of IoT and 5G. Meanwhile, attacks against Bluetooth, such as BlueBorne, BleedingBit, KNOB, BIAS, and BThack, have been booming in the past few years, impacting the security and privacy of billions of devices. These attacks exploit both design issues in the Bluetooth specification and vulnerabilities of its implementations, allowing for privilege escalation, remote code execution, breaking cryptography, spoofing, device tracking, etc.</p>
<p><br></p>
<p>To secure Bluetooth, researchers have proposed different approaches for both Bluetooth specification (e.g., formal analysis) and implementation (e.g., fuzzing). However, existing analyses of the Bluetooth specification and implementations are either done manually, or the automatic approaches only cover a small part of the targets. As a consequence, current research is far from complete in securing Bluetooth.</p>
<p><br></p>
<p>Therefore, in this dissertation, we propose the following research to provide missing pieces in prior research toward completing Bluetooth security research in terms of both Bluetooth specification and implementations. (i) For Bluetooth security at the specification level, we start from one protocol in Bluetooth, BLE, and focus on the previously unexplored reconnection procedure of two paired BLE devices. We conduct a formal analysis of this procedure defined in the BLE specification to provide security guarantees and identify new vulnerabilities that allow spoofing attacks. (ii) Besides BLE, we then formally verify other security-critical protocols in all Bluetooth protocols (BC, BLE, and Mesh). We provide a comprehensive formal analysis by covering the aspects that prior research fails to include (i.e., all possible combinations of protocols and protocol configurations) and considering a more realistic attacker model (i.e., semi-compromised device). With this model, we are able to rediscover five known vulnerabilities and reveal two new issues that affect BC/BLE dual-stack devices and Mesh devices, respectively. (iii) In addition to the formal analysis of specification security, we propose and build a comprehensive formal model to analyze Bluetooth privacy (i.e., device untraceability) at the specification level. In this model, we convert device untraceability into a reachability problem so that it can be verified using existing tools without introducing false results. We discover four new issues allowed in the specification that can lead to eight device tracking attacks. We also evaluate these attacks on 13 Bluetooth implementations and find that all of them are affected by at least two issues. (iv) At the implementation level, we improve Bluetooth security by debloating (i.e., removing code) Bluetooth stack implementations, which differs from prior automatic approaches, such as fuzzing. We keep only the code of needed functionality by a user and minimize their Bluetooth attack surface by removing unneeded Bluetooth features in both the host stack code and the firmware. Through debloating, we can remove 20 known CVEs and prevent a wide range of attacks again Bluetooth. With the research presented in this thesis, we improve Bluetooth security and privacy at both the specification and implementation levels.</p>
|
16 |
E-crimes and e-authentication - a legal perspectiveNjotini, Mzukisi Niven 27 October 2016 (has links)
E-crimes continue to generate grave challenges to the ICT regulatory agenda. Because e-crimes involve a wrongful appropriation of information online, it is enquired whether information is property which is capable of being stolen. This then requires an investigation to be made of the law of property. The basis for this scrutiny is to establish if information is property for purposes of the law. Following a study of the Roman-Dutch law approach to property, it is argued that the emergence of an information society makes real rights in information possible. This is the position because information is one of the indispensable assets of an information society. Given the fact that information can be the object of property, its position in the law of theft is investigated. This study is followed by an examination of the conventional risks that ICTs generate. For example, a risk exists that ICTs may be used as the object of e-crimes. Furthermore, there is a risk that ICTs may become a tool in order to appropriate information unlawfully. Accordingly, the scale and impact of e-crimes is more than those of the offline crimes, for example theft or fraud.
The severe challenges that ICTs pose to an information society are likely to continue if clarity is not sought regarding: whether ICTs can be regulated or not, if ICTs can be regulated, how should an ICT regulatory framework be structured? A study of the law and regulation for regulatory purposes reveals that ICTs are spheres where regulations apply or should apply. However, better regulations are appropriate in dealing with the dynamics of these technologies. Smart-regulations, meta-regulations or reflexive regulations, self-regulations and co-regulations are concepts that support better regulations. Better regulations enjoin the regulatory industries, for example the state, businesses and computer users to be involved in establishing ICT regulations. These ICT regulations should specifically be in keeping with the existing e-authentication measures. Furthermore, the codes-based theory, the Danger or Artificial Immune Systems (the AIS) theory, the Systems theory and the Good Regulator Theorem ought to inform ICT regulations.
The basis for all this should be to establish a holistic approach to e-authentication. This approach must conform to the Precautionary Approach to E-Authentication or PAEA. PAEA accepts the importance of legal rules in the ICT regulatory agenda. However, it argues that flexible regulations could provide a suitable framework within which ICTs and the ICT risks are controlled. In addition, PAEA submit that a state should not be the single role-player in ICT regulations. Social norms, the market and nature or architecture of the technology to be regulated are also fundamental to the ICT regulatory agenda. / Jurisprudence / LL. D.
|
17 |
Reverse engineering secure systems using physical attacks / Rétro-conception de systèmes sécurisés par attaques physiquesHeckmann, Thibaut 18 June 2018 (has links)
Avec l’arrivée des dernières générations de téléphones chiffrés (BlackBerry PGP, iPhone), l’extraction des données par les experts est une tâche de plus en plus complexe et devient un véritable défi notamment après une catastrophe aérienne ou une attaque terroriste. Dans cette thèse, nous avons développé des attaques physiques sur systèmes cryptographiques à des fins d’expertises judiciaires. Une nouvelle technique de re-brasage à basse température des composants électroniques endommagés, utilisant un mélange eutectique 42Sn/58Bi, a été développée. Nous avons exploité les propriétés physico-chimiques de colles polymères et les avons utilisées dans l’extraction de données chiffrées. Une nouvelle technique a été développée pour faciliter l’injection et la modification à haute-fréquence des données. Le prototype permet des analyses en temps réel des échanges processeur-mémoire en attaque par le milieu. Ces deux techniques sont maintenant utilisées dans des dispositifs d’attaques plus complexes de systèmes cryptographiques. Nos travaux nous ont mené à sensibiliser les colles polymères aux attaques laser par pigmentation. Ce processus permet des réparations complexes avec une précision laser de l’ordre de 15 micromètres. Cette technique est utilisable en réparations judiciaires avancées des crypto-processeurs et des mémoires. Ainsi, les techniques développées, mises bout à bout et couplées avec des dispositifs physiques (tomographie 3D aux rayons X, MEB, laser, acide fumant) ont permis de réussir des transplantations judiciaires de systèmes chiffrés en conditions dégradées et appliquées pour la première fois avec succès sur les téléphones BlackBerry chiffrés à l’aide de PGP. / When considering the latest generation of encrypted mobile devices (BlackBerry’s PGP, Apple’s iPhone), data extraction by experts is an increasingly complex task. Forensic analyses even become a real challenge following an air crash or a terrorist attack. In this thesis, we have developed physical attacks on encrypted systems for the purpose of forensic analysis. A new low-temperature re-soldering technique of damaged electronic components, using a 42Sn/58Bi eutectic mixture, has been developed. Then we have exploited the physico-chemical properties of polymer adhesives and have used them for the extraction of encrypted data. A new technique has been developed to facilitate injection and high-frequency data modification. By a man-in-the-middle attack, the prototype allows analysing, in real-time, the data exchanges between the processor and the memory. Both techniques are now used in more complex attacks of cryptographic systems. Our research has led us to successfully sensitise polymer adhesives to laser attacks by pigmentation. This process allowed complex repairs with a laser with 15 micrometres precision and has been used in advanced forensic repair of crypto-processors and memory chips. Finally, the techniques developed in this thesis, put end-to-end and coupled with physical devices (X-ray 3D tomography, laser, SEM, fuming acids), have made it possible to have successful forensic transplants of encrypted systems in degraded conditions. We have successfully applied them, for the first time, on PGP-encrypted BlackBerry mobile phone.
|
18 |
Anonymní pohyb v síti internet / Anonymous communication on the internetHořejš, Jan January 2014 (has links)
The objective of this master’s thesis was to describe current capabilities of anonymous browsing over the Internet. The theoretical part focuses on three main methods of anonymization with main focus on Tor network. The master‘s thesis describes advantages and disadvantages of different solutions and possible attacks on them. In the next part is demonstrated Tor network, implementation of Hidden service and secured access to the server for clients and possible attacks against this proposal. The work also includes the results of measurements of all three anonymizers and the effects on their speed.
|
19 |
Eavesdropping Attacks on Modern-Day Connected Vehicles and Their Ramifications / Avlyssningsattacker på moderna uppkopplade bilar och deras följderBakhshiyeva, Afruz, Berefelt, Gabriel January 2022 (has links)
Vehicles today are becoming increasingly more connected. Most cars are equipped with Bluetooth, Wi-Fi and Wi-Fi hotspot capabilities and the ability to connect to the internet via a cellular modem. This increase in connectivity opens up new attack surfaces for hackers to exploit. This paper aims to study the security of three different cars, a Tesla Model 3 (2020), an MG Marvel R (2021) and a Volvo V90 (2017), in regards to three different eavesdropping attacks. The performed attacks were a port scan of the vehicles, a relay attack of the key fobs and a MITM attack. The study discovered some security risks and discrepancies between the vehicles, especially regarding the open ports and the relay attack. This hopefully promotes further discussion on the importance of cybersecurity in connected vehicles. / Bilar idag har blivit alltmer uppkopplade. Idag har de inte bara bluetooth och Wi-Fi funktionalitet utan vissa bilar har förmågan att kopplas till internet via ett mobilt bredband. Denna trend har visats ge bilar nya attackytor som hackare kan utnyttja. Målet med denna studie är att testa säkerheten hos tre olika bilar, Tesla Model 3 (2020), MG Marvel R (2021) och Volvo V90 (2017) med åtanke på tre olika avlyssningsattacker. De attackerna som studien valde var port-skanning på bilen, relä-attack på bilnycklarna och mannen-i-mitten attack. Studien hittar vissa säkerhetsrisker och skillnader mellan de olika bilarna särskilt vid reläattacken och port-skanningen som förhoppningsvis främjar en fortsatt diskussion om cybersäkerhetens vikt för säkrare uppkopplade bilar.
|
Page generated in 0.0307 seconds