Global ETD Search

31	Beware of IPs in Sheep's Clothing: Measurement and Disclosure of IP Spoofing Vulnerabilities Hilton, Alden Douglas 25 October 2021 (has links) Networks not employing destination-side source address validation (DSAV) expose themselves to a class of pernicious attacks which could be prevented by filtering inbound traffic purporting to originate from within the network. In this work, we survey the pervasiveness of networks vulnerable to infiltration using spoofed addresses internal to the network. We issue recursive Domain Name System (DNS) queries to a large set of known DNS servers world-wide using various spoofed-source addresses. In late 2019, we found that 49% of the autonomous systems we tested lacked DSAV. After a large-scale notification campaign run in late 2020, we repeated our measurements in early 2021 and found that 44% of ASes lacked DSAV--though importantly, as this is an observational study, we cannot conclude causality. As case studies illustrating the dangers of a lack of DSAV, we measure susceptibility of DNS resolvers to cache poisoning attacks and the NXNS attack, two attacks whose attack surface is significantly reduced when DSAV in place. We discover 309K resolvers vulnerable to the NXNS attack and 4K resolvers vulnerable to cache poisoning attacks, 70% and 59% of which would have been protected had DSAV been in place. IP Spoofing DNS Security Large-scale Vulnerability Disclosure Network Measurement Computer Sciences Physical Sciences and Mathematics
32	Cybersecurity of Maritime Communication Systems : Spoofing attacks against AIS and DSC Forsberg, Joakim January 2022 (has links) For a long time, ships have relied on navigators that could figure out their course andlocation based on seeing objects around them. However, this approach is limited to thenavigators’ ability, and with the increasing number of ships, this job becomes harder andharder. With these aspects in mind, the new system, the Automatic identification system(AIS), was created as a tool to help navigators to navigate and increase safety on the sea.AIS is an automatic identification system and is designed to send out information aboutthe vessel and its location. This thesis looks at the state of the art of Automatic identifica-tion systems and Digital selective calling systems to evaluate the security aspects of thesesystems. The thesis aims to investigate if these two systems are susceptible to spoofingattacks and what resources are required for creating successful attacks. Two experimentswere used to achieve this aim and answer the research questions. The first one was to eval-uate the Automatic identification system and test different spoofing attacks on that system.The second experiment was to test different spoofing attacks on the Digital selective callingsystem. Both of these experiments used two software-defined radios for the experiments.The experiment results show that some of the attacks tested on the systems were success-ful, and the attacks tested were successfully executed against the created system. Theseattacks were created and performed using two software-defined radios to send and receivemessages. To conclude, the two systems are susceptible to spoofing attacks. However, anattacker can gain the necessary information to create spoofing attacks on the systems, withvarying consequences and some limitations. Cybersecurity AIS DSC Spoofing Software Defined Radios Computer Sciences Datavetenskap (datalogi)
33	Securing SDN Data Plane:Investigating the effects of IP SpoofingAttacks on SDN Switches and its Mitigation : Simulation of IP spoofing using Mininet JABBU, SHIVAKUMAR YADAV, MADIRAJU, ANIRUDH SAI January 2023 (has links) Background:Software-Defined Networking (SDN) represents a network architecture that offers a separate control and data layer, facilitating its rapid deployment and utilization for diverse purposes. However, despite its ease of implementation, SDN is susceptible to numerous security attacks, primarily stemming from its centralized nature. Among these threats, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks pose the most substantial risks. In the event of a successful attack on the SDNcontroller, the entire network may suffer significant disruption. Hence, safe guarding the controller becomes crucial to ensure the integrity and availability of the SDN network. Objectives:This thesis focuses on examining the IP spoofing attack and its impact on the Data Plane, particularly concerning the metrics of an SDN switch. The investigation centers around attacks that manipulate flow-rules to amplify the number of rules and deplete the resources of a switch within the Data Plane of an SDN network. To conduct the study, a software-defined network architecture was constructed using Mininet, with a Ryu controller employed for managing network operations. Various experiments were carried out to observe the response of the SDN system when subjected to an IP spoofing attack, aiming to identify potential mitigation strategies against such threats. Method and Results: To simulate the resource exhaustion scenario on the SDN network’s Data Plane,we deliberately triggered an escalation in the number of flow-rules installed in the switch. This was achieved by sending packets with spoofed IP addresses, there by exploiting the switch’s limited resources. Specifically, we focused on monitoring the impact on CPU utilization, storage memory, latency, and throughput within the switch. Detailed findings were presented in the form of tables, accompanied by graphical representations to visually illustrate the effects of increasing flow rules on the switches. Furthermore, we explored potential mitigation measures by developing an application that actively monitors the flow rules on the Ryu controller, aiming to detect and counteract such resource-exhausting effects. Software Defined Networking IP Spoofing Flooding DDoS Attacks Data Plane Mininet Telecommunications Telekommunikation
34	A Prevention Technique for DDoS Attacks in SDN using Ryu Controller Application Adabala, Yashwanth Venkata Sai Kumar, Devanaboina, Lakshmi Venkata Raghava Sudheer January 2024 (has links) Software Defined Networking (SDN) modernizes network control, offering streamlined management. However, its centralized structure makes it more vulnerable to distributed Denial of Service (DDoS) attacks, posing serious threats to network stability. This thesis explores the development of a DDoS attack prevention technique in SDN environments using the Ryu controller application. The research aims to address the vulnerabilities in SDN, particularly focusing on flooding and Internet Protocol (IP) spoofing attacks, which are a significant threat to network security. The study employs an experimental approach, utilizing tools like Mininet-VM (VirtualMachine), Oracle VM VirtualBox, and hping3 to simulate a virtual SDN environment and conduct DDoS attack scenarios. Key methodologies include packet sniffing and rule-based detection by integrating Snort IDS (Intrusion Detection System), which is critical for identifying and mitigating such attacks. The experiments demonstrate the effectiveness of the proposed prevention technique, highlighting the importance of proper configuration and integration of network security tools in SDN. This work contributes to enhancing the resilience of SDN architectures against DDoS attacks, offering insights into future developments in network security. Software Defined Networking SDN IP Spoofing Flooding DDoS Attacks Mininet Snort IDS Network Security Telecommunications Telekommunikation
35	Threat and Application of Frequency-Agile Radio Systems Zeng, Kexiong 16 November 2018 (has links) As traditional wireless systems that only operate on fixed frequency bands are reaching their capacity limits, advanced frequency-agile radio systems are developed for more efficient spectrum utilization. For example, white space radios dynamically leverage locally unused TV channels to provide high-speed long-distance connectivity. They have already been deployed to connect the unconnected in rural areas and developing countries. However, such application scenarios are still limited due to low commercial demand. Hence, exploring better applications for white space radios needs more effort. With the benefits come the threats. As frequency-agile radio systems (e.g., software-defined radios) are flexible and become extremely low-cost and small-sized, it is very convenient for attackers to build attacking tools and launch wireless attacks using these radios. For example, civilian GPS signals can be easily spoofed by low-cost portable spoofers built with frequency-agile radio systems. In this dissertation, we study both the threat and application of frequency-agile radio systems. Specifically, our work focuses on the spoofing threat of frequency-agile radio towards GPS-based systems and the application of TV white space radio for ocean communications. Firstly, we explore the feasibility of using frequency-agile radio to stealthily manipulate GPS-based road navigation systems without alerting human drivers. A novel attacking algorithm is proposed, where the frequency-agile radio transmits fake GPS signals to lead the victim to drive on a wrong path that looks very similar with the navigation route on the screen. The attack's feasibility is demonstrated with real-world taxi traces in Manhattan and Boston. We implement a low-cost portable GPS spoofer using an off-the-shelf frequency-agile radio platform to perform physical measurements and real-world driving tests, which shows the low level of difficulty of launching the attack in real road environment. In order to study human-in-the-loop factor, a deceptive user study is conducted and the results show that 95% of the users do not recognize the stealthy attack. Possible countermeasures are summarized and sensor fusion defense is explored with preliminary tests. Secondly, we study similar GPS spoofing attack in database-driven cognitive radio networks. In such a network, a secondary user queries the database for available spectrum based on its GPS location. By manipulating GPS locations of surrounding secondary users with a frequency-agile radio, an attacker can potentially cause serious primary user interference and denial-of-service to secondary users. The serious impact of such attacks is examined in simulations based on the WhiteSpaceFinder spectrum database. Inspired by the characteristics of the centralized system and the receiving capability of cognitive radios, a combination of three defense mechanisms are proposed to mitigate the location spoofing threat. Thirdly, we explore the feasibility of building TV white space radio based on frequency-agile radio platform to provide connectivity on the ocean. We design and implement a low-cost low-power white space router ($523, 12 watts) customized for maritime applications. Its communication capability is confirmed by field link measurements and ocean-surface wave propagation simulations. We propose to combine this radio with an energy harvesting buoy so that the radio can operate independently on the ocean and form a wireless mesh network with other similar radios. / PHD / As traditional wireless systems, such as mobile phones and WiFi access points, only operate on some fixed frequency bands, it becomes increasingly crowded for those popular bands. Hence, for more efficient frequency resource utilization, frequency-agile radio systems that can dynamically operate on different frequency bands are developed. With these new technologies come new threats and applications, which are the focus of our work. On the one hand, as frequency-agile radio systems become low-cost and portable, attackers can easily launch wireless attacks with them. For example, we explored the feasibility, impact, and countermeasures for GPS spoofing attacks using frequency-agile radio systems in different scenarios. In a GPS spoofing attack, an attacker transmits false GPS signals to manipulate users’ GPS receivers. This kind of attack can be very dangerous and even life-threatening if it is launched against critical GPS-based applications. For example, once GPS-based navigation systems in self-driving cars are stealthily manipulated by remote attackers, attackers can divert self-driving cars to pre-defined destinations or dangerous situations like wrong-way driving on highway. On the other hand, since there is rich under-utilized spectrum resource in remote areas with no broadband connection yet, frequency-agile radio systems can be used to provide broadband internet connectivity there. For example, based on frequency-agile radio platform, we developed a low-cost low-power wireless router that can dynamically operate on TV broadcasting band. It is able to provide high-speed wireless connection to a large area on the ocean. This technology has the potential to bring low-cost high-speed connection to people and industry on the ocean, which will facilitate various maritime applications. GPS Spoofing Road Navigation Cognitive radio networks White Space Radio Maritime Mesh Network Energy harvesting
36	Characterizing and Detecting Online Deception via Data-Driven Methods Hu, Hang 27 May 2020 (has links) In recent years, online deception has become a major threat to information security. Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. In this thesis, we aim at measuring the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a powerful tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also analyze credential sharing on phishing websites, and measure what happens after victims share their credentials. Finally, we discuss potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant. In the first part of this thesis (Chapter 3), we focus on measuring how email providers detect and handle forged emails. We also try to understand how forged emails can reach user inboxes by deliberately composing emails. Finally, we check how email providers warn users about forged emails. In the second part (Chapter 4), we measure the adoption of anti-spoofing protocols and seek to understand the reasons behind the low adoption rates. In the third part of this thesis (Chapter 5), we observe that a lot of phishing emails use email tracking techniques to track targets. We collect a large dataset of email messages using disposable email services and measure the landscape of email tracking. In the fourth part of this thesis (Chapter 6), we move on to phishing websites. We implement a powerful tool to detect squatting domains and train a machine learning model to classify phishing websites. In the fifth part (Chapter 7), we focus on the credential leaks. More specifically, we measure what happens after the targets' credentials are leaked. We monitor and measure the potential post-phishing exploiting activities. Finally, with new voice platforms such as Alexa becoming more and more popular, we wonder if new phishing and privacy concerns emerge with new platforms. In this part (Chapter 8), we systematically assess the attack surfaces by measuring sensitive applications on voice assistant systems. My thesis measures important parts of the complete process of online deception. With deeper understandings of phishing attacks, more complete and effective defense mechanisms can be developed to mitigate attacks in various dimensions. / Doctor of Philosophy / In recent years, online deception becomes a major threat to information security. The most common form of online deception starts with a phishing email, then redirects targets to a phishing website where the attacker tricks targets sharing their credentials. General phishing emails are relatively easy to recognize from both the target's and the defender's perspective. They are usually from strange addresses, the content is usually very general and they come in a large volume. However, Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. Sometimes, attackers use domain impersonation techniques to make the phishing website even more convincing. In this thesis, we measure the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also studied credential sharing on phishing websites. We measure what happens after targets share their credentials. Finally, we analyze potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant. Spear-Phishing Email Spoofing Email Tracking Domain Squatting Password Reuse Voice Personal Assistant
37	Protection and Cybersecurity of Inverter-Based Resources Alexander, Brady Steven 14 May 2024 (has links) Traditionally, power system protection describes detecting, clearing, and locating faults in the power system. Traditional methods for detecting and locating faults may not be sufficient for inverter-based resources (IBR) as the fault response of an IBR differs from the response of a synchronous generator. As the composition of the power grid continues to evolve to integrate more IBRs that employ communication-based control algorithms; the power system is also exposed to cyberattacks. Undetected cyberattacks can disrupt normal system operation causing local outages. Therefore, power system protection must evolve with the changes in the grid to not only detect, locate, and clear faults with IBR generation but also detect and mitigate cyberattacks on IBR controllers. This thesis proposes methods for protecting an IBR-based transmission system from: (i) GPS spoofing cyberattacks on a power sharing controller; (ii) open-circuit faults. The GPS spoofing detection algorithm is a decision tree that enables either the proposed state observer--based mitigation technique or the proposed long short-term memory (LSTM)-based mitigation algorithm. The proposed logic for detecting open-circuit faults addresses each subcategory of open-circuit faults: breaker malfunctions, broken conductors, and series arc faults. PSCAD/EMTDC simulations are performed to test the effectiveness of the proposed methods. / Master of Science / The desire to reduce carbon emissions from electric power generation is resulting in the simultaneous retirement of fossil-fuel-burning electric power generation and increase in the number of renewable energy resources. These renewable energy resources, or inverter-based resources, respond differently to disturbances than traditional generators, and; therefore, require the development of new strategies to improve the disturbance response of an inverter-based resource. Disturbances in the power system can be divided into two types: (i) normal disturbances; (ii) abnormal disturbances. The response of an IBR to normal disturbances is improved with reliable control, further improved with communication, which ensures the stable operation of the power system. The abnormal conditions can also be split into two categories: (i) cyberattacks; (ii) faults. A cyberattack is when an adversary gains access a system with the goal of causing harm. In IBRs, cyberattacks can degrade power quality and lead to local outages. Faults are events that cause a change in the normal current flow in the power system. Undetected faults can cause local outages, lead to forest fires, and personnel injury; therefore, must be detected, located, can cleared in a timely manner. This work explores methods for detecting and mitigating cyberattacks and detecting faults in the presence of inverter-based resources. Broken conductor cyberattack GPS spoofing inverter-based resources (IBR) power sharing protection.
38	A countermeasure method for video-based face spoofing attacks : Detecção de tentativas de ataque com vídeos digitais em sistemas de biometria de face / Detecção de tentativas de ataque com vídeos digitais em sistemas de biometria de face Pinto, Allan da Silva, 1984- 23 August 2018 (has links) Orientador: Anderson de Rezende Rocha / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-23T22:22:57Z (GMT). No. of bitstreams: 1 Pinto_AllandaSilva_M.pdf: 47523880 bytes, checksum: 072eb0490c26631b80cdcc47d55a4817 (MD5) Previous issue date: 2013 / Resumo: O resumo poderá ser visualizado no texto completo da tese digital / Abstract: The complete abstract is available with the full electronic document / Mestrado / Ciência da Computação / Mestre em Ciência da Computação Identificação biométrica Ataques de falsificação de face Ritmo visual Fourier, Análise de Biometric identification Face spoofing attacks Video-based face spoofing Visual rhythm Fourier analysis - Data processing
39	Soubor laboratorních úloh k demonstraci počítačových útoků / Collection of laboratory works for demonstration of computer attacks Plašil, Matouš January 2015 (has links) Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.
40	Authentication Techniques Based on Physical Layer Attributes / Autentisering tekniker baserade på fysiska lager attribut Liang, Xintai January 2022 (has links) Authentication is an indispensable part of information security. It serves to distinguish legitimate users from unauthorized ones. With the rapid growth of Internet of Things (IoT) devices, authentication of wireless communication is gathering more and more attention. Traditional authentication methods using cryptography, such as Hash-based Message Authentication Codes (HMACs) or digital signature, demand significant computational power and hardware resources, especially for low-end platforms. Spoofing attackers take advantage of trust relationships, trying to impersonate legitimate entities the wireless Access Point (AP) trusts. To tackle this issue, physical layer authentication methods are proposed. Using a fast and lightweight implementation, authentication based on physical layer attributes has the chance to improve the security performance of the authentication in the wireless network and protect it from spoofing attacks. It takes advantage of the uniqueness and inimitability of physical layer attributes by using them as identifying information. In this project, one of the physical layer attributes, Channel State Information (CSI), is utilized as the identifying information of devices. CSI samples from different wireless devices are collected by a wireless monitor. Features on amplitude and phase are extracted from raw CSI samples through data processing algorithms. For every device, a corresponding feature profile is pre-built so that authentication can be accomplished by matching the CSI profile. One-Class Support Vector Machine (OCSVM), a machine learning technique, which has a satisfying performance in novel discrimination, is used for profile building and profile matching algorithms so that the physical layer identities from various devices can be distinguished effectively. Our study aims to prove the feasibility of the authentication using CSI identity is conducted and the authentication and spoofer detection accuracy is calculated. With the profile matching algorithm based on OCSVM, the authentication accuracy and the spoofer detection accuracy remains around 98% and 100% respectively. Finally, to address the limitations in related work, such as the phase error fingerprinting which is not effective across all the bands, and the instability of the authentication results, a combined authentication method is designed and implemented successfully. The new method is based on both the traditional cryptographic authentication and CSI-based authentication. The implementation is accomplished by using the data processing methods and discrimination techniques mentioned above. The basic functions, such as detecting CSI variance and switching between CSI and cryptographic authentication, and the CPU computing performance under different authentication modes are observed. The performance of the new method is analyzed and evaluated under different potential attack scenarios. The evaluation shows that the basic functions and defense ability are valid and satisfying under different scenarios. The computing resource saves at least 36.92% and at most 79.73% compared to various traditional cryptographic authentication. / Autentisering är en oumbärlig del av informationssäkerheten, eftersom den särskiljer legitima användare och motståndare i nätverk. Med den snabba tillväxten av trådlösa IoT-enheter får säker autentisering inom trådlös kommunikation mer och mer uppmärksamhet. Traditionell trådlös autentisering metoder har en enorm efterfrågan på beräkningskraft och hårdvaruresurser, samtidigt som de är sårbara för vissa attacker. Spoofing-attack, som drar fördel av pålitliga relationer genom att imitera en person eller organisation som den trådlösa AP litar på, är en av de svåraste säkerheterna problem med trådlös autentisering. För att lösa detta problem föreslås autentiseringsmetoder för fysiska lager. Genom att använda en snabb och lätt implementering har autentiseringen baserad på fysiska lagerattribut möjlighet att förbättra säkerhetsprestandan för autentiseringen i det trådlösa nätverket och skydda den från spoofing attacker. Eftersom det tar fördelen av det unika och oefterhärmlighet av fysiska lagerattribut genom att använda dem som identitetsinformation som ska autentiseras. I detta projekt används ett av attributen för fysiskt lager, CSI som enhetsidentitet för att studera prestandan för trådlös autentisering under det nya överföringsprotokollet 802.11ac.CSI-prov från olika trådlösa enheter samlas in från den trådlösa monitorn. Funktioner på Amplitude och Phase extraheras från råa CSI-prover genom respektive dataförbehandlingsalgoritmer. För varje enhet är en motsvarande funktionsprofil förbyggd så att autentiseringen kan utföras genom att matcha CSI-profilen. Maskininlärningsteknik, OCSVM, som har en tillfredsställande prestanda i den nya diskrimineringen, används i profilbyggande och profilmatchningsalgoritmer så att de fysiska lagrets identiteter från olika enheter effektivt kan särskiljas. En studie syftar till att bevisa genomförbarheten av autentisering med CSI-identitet genomförs och noggrannheten för autentisering och spooferdetektering beräknas. Med profilmatchningsalgoritmen bas ed på OCSVM förblir autentiseringsnoggrannheten och spooferdetekteringsnoggrannheten runt 98% till 99% respektive 100%. Slutligen, med ovanstående metoder och tekniker och övervägandet av begränsningar i relaterat arbete, som fasfelsfingeravtrycksfelet som inte är tillräckligt effektivt över alla band, och instabiliteten i autentiseringsresultaten, ett lättviktigt och flexibelt autentiseringsschema baserat på kombination av traditionell kryptoautentisering och CSI-autentisering designas och implementeras framgångsrikt. Grundfunktionen och datorprestanda observeras och prestandan för den nya metoden analyseras under olika potentiella attackscenarier. Efter experimenten kan datorresurser sparas åtminstone 36,92% och som mest 79,73% jämfört med olika traditionella kryptoautentiseringar. Dessutom är den grundläggande funktionen och försvarsförmågan giltig och tillfredsställande under olika scenarier. Wireless security Spoofing attacks Physical layer authentication Channel State Information Machine learning Trådlös säkerhet Spoofing attack Autentisering av fysiska lager Kanaltill Stånds Information Maskinin lärning Elektroteknik och elektronik

Search results