Securing Vehicular Networks Against Denial of Service Attacks / Sécurité des réseaux VANET contre les attaques de déni de services

Mejri, Mohamed Nidhal

19 May 2016

Dans cette thèse nous nous sommes intéressés à sécuriser les réseaux véhiculaires ad hoc (VANETs) contre les attaques de déni de service (DoS) jugées comme étant les plus dangereuses pour ces réseaux. Notre travail peut être subdivisé en trois grandes parties.Dans un premier temps, nous avons étudié les différentes vulnérabilités auxquelles sont exposés les VANETs, spécialement les attaques DoS. Vu notre expertise en matière de la cryptographie, nous avons exploré, dégagé et classifié des solutions possibles à une grande panoplie de brèches de sécurité VANETs. En effet, nous avons montré que la cryptographie permet de résoudre divers problèmes de sécurité VANETs. Notre première contribution dans ce sens est un algorithme de génération de clés de groupe pour les convois de véhicules. Dans notre deuxième contribution nous avons conçu deux nouvelles méthodes de détection d’attaques DoS. Dans ce contexte, notre premier algorithme de détection est basé sur la régression linéaire, la logique floue ainsi que la définition de trois nouvelles métriques spécifiques VANETs. Dans notre deuxième algorithme de détection nous avons défini une nouvelle métrique à base de l'entropie de Shannon que nous avons introduite pour la première fois pour détecter tel type d’attaques. Notre troisième contribution a été consacrée à la réaction contre les attaques une fois détectées. Pour cela, nous avons eu recourt à l'utilisation des techniques offertes par la théorie des jeux. Nous avons proposé deux jeux non-coopératifs de réaction sous forme stratégique et extensive. Pour chacune des phases de détection et de réaction, les expérimentations ont été faites essentiellement pour les attaques greedy et jamming. Nos algorithmes proposés présentent l'avantage de la rapidité, d'être exécutés par n'importe quel nœud du réseau et ne nécessitent aucune modification du protocole IEEE 802.11p utilisée comme standard de la couche MAC et PHY des réseaux véhiculaires.Au cours de ce travail, nous avons pu participer à la sécurisation des réseaux VANETs. Cependant nous jugeons qu'il reste beaucoup à faire. A savoir par exemple, l'étude des solutions cryptographiques que nous avons menée nous a permis de découvrir à quel point l'usage de la cryptographie pour la sécurité des VANETs est un sujet assez vaste et qui nécessite d'être encore mieux exploré. Ceci constituera pour nous une ouverture assez prometteuse. / In this thesis we interested in securing Vehicular Ad hoc Networks (VANETs) against Denial of Service attacks (DoS) judged to be the most dangerous attacks to such networks. Our work can be divided into three main parts. First, we studied all the various possible existing vulnerabilities to which are exposed VANETs, we focused especially on denial of service attacks. Based on our expertise in cryptography, we explored, identified and classified the possible solutions to a wide range of VANET security breaches from a cryptographic point of view. Indeed, we showed that cryptography with its primitives and fairly powerful tools solves many VANET security problems. Our first contribution in this direction is a secure group key generation algorithm for VANET platoons. In our second contribution, we have developed two new techniques to detect denial of service attacks in VANET networks mainly characterized by the high mobility and frequent disconnections which considerably complicate the detection. Our first detection algorithm is based on the linear regression mathematical concept, fuzzy logic and three newly defined VANET appropriate metrics. In our second algorithm we define a new Shannon Entropy based metric that we introduced for the first time to detect DoS attacks in VANET. Our third contribution was devoted to the reaction against the detected attacks. For that, we used the techniques offered by game theory. We have proposed two non-cooperative reaction games in strategic and extensive forms. For both detection and reaction proposed schemes, experiments were made essentially for the greedy behavior and jamming attacks. All our proposed algorithms present the advantage of rapidity, to be executed by any node of the network and do not require any modification of the 802.11p MAC layer protocol used as a standard for VANETs. In this work, we have participated in securing VANETs, however we believe that much remains to be done. Namely, for example the study of cryptographic solutions we have conducted, allowed us to discover how the use of cryptography for VANET security is a fairly broad topic which needs to be better explored. This will be for us a very promising subject.

Réseaux véhiculaires Ad hoc (VANETs)

Deni de service (DoS)

Cryptographie

Securing Vehicular

Denial of Service

Cryptographiy

Architecture for IMS Security to Mobile:Focusing on Artificial Immune System and Mobile Agents Integration / English to Swedish

Chalamalasetty, Kalyani

January 2009

The IP Multimedia Subsystem (IMS) is an open IP based service infrastructure that enables an easy deployment of new rich multimedia services mixing voice and data. The IMS is an overlay network on top of IP that uses SIP as the primary signaling mechanism. As an emerging technology, the SIP standard will certainly be the target of Denial of Service (DoS) attacks and consequently IMS will also inherit this problem. The objective of proposed architecture for IMS is to cram the potential attacks and security threats to IP Multimedia Subsystem (IMS) and explore the security solutions developed by 3GPP. This research work incorporates the ideas of immune system and multiagent architecture that is capable of detecting, identifying and recovering from an attack. The proposed architecture protects IMS core components i.e. P-CSCF (Proxy- Call Session Control Function), I-CSCF (Interrogating-Call Session Control Function), S-CSCF (Serving Call Session Control Function) and HSS (Home Subscriber Server) from external and internal threats like eavesdropping, SQL injection and denial-ofservice (DoS) attacks. In the first level i.e. CPU under normal load all incoming and out going messages were investigated to detect and prevent SQL injection. Second level considers Denial of Service (DOS) attacks when CPU load exceeds threshold limit. Proposed architecture is designed and evaluated by using an approach called Architecture Tradeoff Analysis Method (ATAM). The results obtained confirm consistency of the architecture. / kalyani-0046737527800

IP Multimedia Subsystem (IMS)

security threats

Denial of Service (DoS)

SQL

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation

Evaluation of and Mitigation against Malicious Traffic in SIP-based VoIP Applications in a Broadband Internet Environment

Wulff, Tobias

January 2010

Voice Over IP (VoIP) telephony is becoming widespread, and is often integrated into computer networks. Because of his, it is likely that malicious software will threaten VoIP systems the same way traditional computer systems have been attacked by viruses, worms, and other automated agents. While most users have become familiar with email spam and viruses in email attachments, spam and malicious traffic over telephony currently is a relatively unknown threat. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. A novel security architecture is being developed which improves the security of a large VoIP network with many inexperienced users, such as non-IT office workers or telecommunication service customers. The new architecture establishes interaction between the VoIP backend and the end users, thus providing information about ongoing and unknown attacks to all users. An evaluation of the effectiveness and performance of different implementations of this architecture is done using virtual machines and network simulation software to emulate vulnerable clients and servers through providing apparent attack vectors.

Voice over IP (VoIP)

Session Initiation Protocol (SIP)

Denial of Service (DoS)

malware

Intrusion Detection System (IDS)

event correlation

security architecture

Aplikace pro penetrační testování webových zranitelností typu Denial of Service / Penetration Testing Application for DoS Based Web Vulnerabilities

Vrána, Jaroslav

January 2011

This work deals with a issue of a DoS vulnerability in web applications. At first, there are described principles of a computer security, general principles of the DoS and a penetration testing. Further text describes a OWASP Testing Guide v3 for the DoS in web applications. There is a design of own application on basis own experiences. This application is implemented and tested by the web applications.

Anti-sensor Network: Distortion-based Distributed Attack In Wireless Sensor Networks

Karaaslan, Ibrahim

01 February 2008

In this thesis, a novel anti-sensor network paradigm is introduced against wireless sensor networks (WSN). Anti-sensor network (ASN) aims to destroy application reliability by adaptively and anonymously introducing adequate level of artificial distortion into the communication of the event features transported from the sensor nodes (SN) to the sink. ASN is composed of anti-sensor nodes (aSN) randomly distributed over the sensor network field. aSNs pretend to be SNs tomaintain anonymity and so improve resiliency against attack detection and prevention mechanisms. Performance evaluations via mathematical analysis and simulation experiments show that ASN can effectively reduce the application reliability of WSN.

Recovery From DoS Attacks In MIPv6 : Modelling And Validation

Kumar, Manish C

03 1900

Denial-of-Service (DoS) attacks form a very important category of security threats that are possible in MIPv6 (Mobile Internet Protocol version 6). This thesis proposes a scheme for participants (Mobile Node, Home Agent, and Correspondent Node) in MIPv6 to recover from DoS attacks in the event of any of them being subjected to a DoS attack. We propose a threshold based scheme for participants in MIPv6 to detect presence of DoS attacks and to recover from DoS attacks in the event of any of them being subjected to a DoS attack. This is achieved using an infrastructure for MIPv6 that makes such a solution practical even in the absence of IPsec infrastructure. We propose a protocol that uses concepts like Cryptographically Generated Addresses (CGA), short-term IP addresses using a Lamport hash like mechanism and a hierarchy based trust management infrastructure for key distribution. However, reasoning about correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate solutions in a timely manner before deployment in real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have been not successful so far. The testing in a real network or a test bed also will not be feasible if faster and frequent deployment of DoS mitigation solutions is needed. Hence, there is a need for an approach that lies between automated/manual verification and an actual implementation. It is evident from existing literature that not many simulations for doing security analysis of MIP/MIPv6 have been done. This research is a step in that direction. We propose a simulation based approach for validation using a tool called FRAMOGR [40] that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. This work deals with simulation of DoS attacks and their mitigation solutions for MIP in FRAMOGR. This makes validation of solutions possible without mandating a complete deployment of the protocol to detect vulnerabilities in a solution. This does away with the need for a formal theoretical verification of a DoS mitigation solution. In the course of this work, some DoS attacks and recovery mechanisms are simulated and validated using FRAMOGR. We obtained encouraging results for the performance of the detection scheme. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that are needed for making MIPv6 more robust.

Mobile Internet Protocol

Computer Access Control

Computer Security

FRAMOGR

Denial-of-Service (DoS) Attacks

Communication Engineering

Improved performance high speed network intrusion detection systems (NIDS). A high speed NIDS architectures to address limitations of Packet Loss and Low Detection Rate by adoption of Dynamic Cluster Architecture and Traffic Anomaly Filtration (IADF).

Akhlaq, Monis

January 2011

Intrusion Detection Systems (IDS) are considered as a vital component in network security architecture. The system allows the administrator to detect unauthorized use of, or attack upon a computer, network or telecommunication infrastructure. There is no second thought on the necessity of these systems however; their performance remains a critical question. This research has focussed on designing a high performance Network Intrusion Detection Systems (NIDS) model. The work begins with the evaluation of Snort, an open source NIDS considered as a de-facto IDS standard. The motive behind the evaluation strategy is to analyze the performance of Snort and ascertain the causes of limited performance. Design and implementation of high performance techniques are considered as the final objective of this research. Snort has been evaluated on highly sophisticated test bench by employing evasive and avoidance strategies to simulate real-life normal and attack-like traffic. The test-methodology is based on the concept of stressing the system and degrading its performance in terms of its packet handling capacity. This has been achieved by normal traffic generation; fussing; traffic saturation; parallel dissimilar attacks; manipulation of background traffic, e.g. fragmentation, packet sequence disturbance and illegal packet insertion. The evaluation phase has lead us to two high performance designs, first distributed hardware architecture using cluster-based adoption and second cascaded phenomena of anomaly-based filtration and signature-based detection. The first high performance mechanism is based on Dynamic Cluster adoption using refined policy routing and Comparator Logic. The design is a two tier mechanism where front end of the cluster is the load-balancer which distributes traffic on pre-defined policy routing ensuring maximum utilization of cluster resources. The traffic load sharing mechanism reduces the packet drop by exchanging state information between load-balancer and cluster nodes and implementing switchovers between nodes in case the traffic exceeds pre-defined threshold limit. Finally, the recovery evaluation concept using Comparator Logic also enhance the overall efficiency by recovering lost data in switchovers, the retrieved data is than analyzed by the recovery NIDS to identify any leftover threats. Intelligent Anomaly Detection Filtration (IADF) using cascaded architecture of anomaly-based filtration and signature-based detection process is the second high performance design. The IADF design is used to preserve resources of NIDS by eliminating large portion of the traffic on well defined logics. In addition, the filtration concept augment the detection process by eliminating the part of malicious traffic which otherwise can go undetected by most of signature-based mechanisms. We have evaluated the mechanism to detect Denial of Service (DoS) and Probe attempts based by analyzing its performance on Defence Advanced Research Projects Agency (DARPA) dataset. The concept has also been supported by time-based normalized sampling mechanisms to incorporate normal traffic variations to reduce false alarms. Finally, we have observed that the IADF has augmented the overall detection process by reducing false alarms, increasing detection rate and incurring lesser data loss. / National University of Sciences & Technology (NUST), Pakistan

Intrusion Detection Systems (IDS)

Dynamic Cluster Architecture

Low detection rate

Packet loss

Network security

Telecommunication infrastructure

Network performance

Traffic Anomaly Filtration (IADF)

Denial of Service (DoS)

Increasing detection rate

Intrusion Detection of Flooding DoS Attacks on Emulated Smart Meters

Akbar, Yousef M. A. H.

11 May 2020

The power grid has changed a great deal from what has been generally viewed as a traditional power grid. The modernization of the power grid has seen an increase in the integration and incorporation of computing and communication elements, creating an interdependence of both physical and cyber assets of the power grid. The fast-increasing connectivity has transformed the grid from what used to be primarily a physical system into a Cyber- Physical System (CPS). The physical elements within a power grid are well understood by power engineers; however, the newly deployed cyber aspects are new to most researchers and operators in this field. The new computing and communications structure brings new vulnerabilities along with all the benefits it provides. Cyber security of the power grid is critical due to the potential impact it can make on the community or society that relies on the critical infrastructure. These vulnerabilities have already been exploited in the attack on the Ukrainian power grid, a highly sophisticated, multi-layered attack which caused large power outages for numerous customers. There is an urgent need to understand the cyber aspects of the modernized power grid and take the necessary precautions such that the security of the CPS can be better achieved. The power grid is dependent on two main cyber infrastructures, i.e., Supervisory Control And Data Acquisition (SCADA) and Advanced Metering Infrastructure (AMI). This thesis investigates the AMI in power grids by developing a testbed environment that can be created and used to better understand and develop security strategies to remove the vulnerabilities that exist within it. The testbed is to be used to conduct and implement security strategies, i.e., an Intrusion Detections Systems (IDS), creating an emulated environment to best resemble the environment of the AMI system. A DoS flooding attack and an IDS are implemented on the emulated testbed to show the effectiveness and validate the performance of the emulated testbed. / M.S. / The power grid is becoming more digitized and is utilizing information and communication technologies more, hence the smart grid. New systems are developed and utilized in the modernized power grid that directly relies on new communication networks. The power grid is becoming more efficient and more effective due to these developments, however, there are some considerations to be made as for the security of the power grid. An important expectation of the power grid is the reliability of power delivery to its customers. New information and communication technology integration brings rise to new cyber vulnerabilities that can inhibit the functionality of the power grid. A coordinated cyber-attack was conducted against the Ukrainian power grid in 2015 that targeted the cyber vulnerabilities of the system. The attackers made sure that the grid operators were unable to observe their system being attacked via Denial of Service attacks. Smart meters are the digitized equivalent of a traditional energy meter, it wirelessly communicates with the grid operators. An increase in deployment of these smart meters makes it such that we are more dependent on them and hence creating a new vulnerability for an attack. The smart meter integration into the power grid needs to be studied and carefully considered for the prevention of attacks. A testbed is created using devices that emulate the smart meters and a network is established between the devices. The network was attacked with a Denial of Service attack to validate the testbed performance, and an Intrusion detection method was developed and applied onto the testbed to prove that the testbed created can be used to study and develop methods to cover the vulnerabilities present.

Denial of Service (DoS)

Advanced Metering Infrastructure (AMI)

Wireless Mesh Network (WMN)

Cyber-Physical System (CPS)

Power Grid

Cyber Security of Smart Meters

Security Analysis of OPC UA in Automation Systems for IIoT / Säkerhetsanalys av OPC UA inom automationssystem för IIoT.

Varadarajan, Vaishnavi

January 2022

Establishing secured communication among the different entities in an industrial environment is a major concern. Especially with the introduction of the Industrial Internet of Things (IIoT), industries have been susceptible to cyber threats, which makes security a critical requirement for the industries. Prevailing industrial communication standards were proven to meet the security needs to some extent, but the major issue which was yet to be addressed was interoperability. To achieve interoperability, Open Platform Communication Unified Architecture (OPC UA) was introduced as a communication protocol. OPC UA helped bridge the gap between Information Technology (IT) and Operational Technology (OT) security needs, but this also gives rise to new attack opportunities for the intruder. In this thesis, we have analysed the security challenges in OPC UA and the impact of two different cyberattacks on the OPC UA. First, we have implemented an OPC UA Network with the help of Raspberry Pis and open62541, an open-source implementation of the OPC UA client and server. Following this, to evaluate the performance of the network, we performed three cybersecurity attacks, Packet Sniffing, Man in the Middle Attack (MITM) and Denial of Service attack. We assessed the impact these attacks have on the OPC UA network. We have also discussed the detection mechanism for the same attacks. This analysis has helped us recognize the threats faced by OPC UA in an IIoT environment with respect to message flooding, packet sniffing and man in the middle attack and the countermeasures to this attack have been discussed / Att etablera en säker kommunikation mellan de olika enheterna i en industriell miljö är en stor utmaning. Speciellt efter introduktionen av Industrial Internet of Things (IIoT) har industrier varit mottagliga för cyberhot vilket gör cybersäkerhet en prioritet. Rådande industriella kommunikationsstandarder har visats att till viss del uppfylla säkerhets- behoven, men en av de största problemen var bristen på interoperabilitet. För att uppnå interoperabiliteten skapades Open Platform Communication Unified Architecture (OPC UA) som kommun- ikationsprotokoll. OPC UA hjälper till att överbrygga gapet mellan säkerhetsbehoven av information- steknologi (IT) och Operational Technology (OT), men detta ger också upphov till nya attackmöjligheter för inkräktare. I detta examensarbete har vi analyserat säkerhetsutmaningarna i OPC UA och effekten av två olika cyberattacker på OPC UA. Först har vi implementerat ett OPC UA Network med hjälp av Raspberry Pis och open62541 som är en öppen källkodsimplementering av OPC UA klient och server. Efter detta utförde vi tre cybersäkerhetsattacker för att utvärdera nätverkets prestanda, packet sniffing, Man in the Middle Attack (MITM) och Denial of Service attack. Vi bedömde vilken effekt dessa attacker har på OPC UA-nätverket. Vi har också diskuterat detektionsmekanismen för samma attacker. Denna analys har hjälpt oss att känna igen de hot som OPC UA står inför i en IIoT-miljö med avseende på dataflöde, packet sniffing och Man in the Middle attack och även försvar mot dessa attacker har diskuterats.

Man in the Middle Attack

Denial of Service (DoS)

Industrial Internet of Things (IIoT)

Time Sensitive Networking (TSN)

Man in the Middle Attack

Denial of Service (DoS)

Industrial Internet of Things (IIoT)

Time Sensitive Networking (TSN)

Computer and Information Sciences

Data- och informationsvetenskap

Security Analysis of OPC UA in Automation Systems for IIoT / Säkerhetsanalys av OPC UA inom automationssystem för IIoT.

Varadarajan, Vaishnavi

January 2022

Establishing secured communication among the different entities in an industrial environment is a major concern. Especially with the introduction of the Industrial Internet of Things (IIoT), industries have been susceptible to cyber threats, which makes security a critical requirement for the industries. Prevailing industrial communication standards were proven to meet the security needs to some extent, but the major issue which was yet to be addressed was interoperability. To achieve interoperability, Open Platform Communication Unified Architecture (OPC UA) was introduced as a communication protocol. OPC UA helped bridge the gap between Information Technology (IT) and Operational Technology (OT) security needs, but this also gives rise to new attack opportunities for the intruder. In this thesis, we have analysed the security challenges in OPC UA and the impact of two different cyberattacks on the OPCUA. First, we have implemented an OPC UA Network with the help of Raspberry Pis and open62541, an open-source implementation of the OPC UA client and server. Following this, to evaluate the performance of the network, we performed three cybersecurity attacks, Packet Sniffing, Man in the Middle Attack (MITM) and Denial of Service attack. We assessed the impact these attacks have on the OPC UA network. We have also discussed the detection mechanism for the same attacks. This analysis has helped us recognize the threats faced by OPC UA in an IIoT environment with respect to message flooding, packet sniffing and man in the middle attack and the countermeasures to this attack have been discussed. / Att etablera en säker kommunikation mellan de olika enheterna i en industriell miljö är en stor utmaning. Speciellt efter introduktionen av Industrial Internet of Things (IIoT) har industrier varit mottagliga för cyberhot vilket gör cybersäkerhet en prioritet. Rådande industriella kommunikationsstandarder har visats att till viss del uppfylla säkerhets- behoven, men en av de största problemen var bristen på interoperabilitet. För att uppnå interoperabiliteten skapades Open Platform Communication Unified Architecture (OPC UA) som kommun- ikationsprotokoll. OPC UA hjälper till att överbrygga gapet mellan säkerhetsbehoven av information- steknologi (IT) och Operational Technology (OT), men detta ger också upphov till nya attackmöjligheter för inkräktare. I detta examensarbete har vi analyserat säkerhetsutmaningarna i OPC UA och effekten av två olika cyberattacker på OPC UA. Först har vi implementerat ett OPC UA Network med hjälp av Raspberry Pis och open62541 som är en öppen källkodsimplementering av OPC UA klient och server. Efter detta utförde vi tre cybersäkerhetsattacker för att utvärdera nätverkets prestanda, packet sniffing, Man in the Middle Attack (MITM) och Denial of Service attack. Vi bedömde vilken effekt dessa attacker har på OPC UA-nätverket. Vi har också diskuterat detektionsmekanismen för samma attacker. Denna analys har hjälpt oss att känna igen de hot som OPC UA står inför i en IIoT-miljö med avseende på dataflöde, packet sniffing och Man in the Middle attack och även försvar mot dessa attacker har diskuterats.

Man in the Middle Attack

Denial of Service (DoS)

Industrial Internet of Things (IIoT)

Time Sensitive Networking (TSN)

Man in the Middle Attack

Denial of Service (DoS)

Industrial Internet of Things (IIoT)

Time Sensitive Networking (TSN)

Computer and Information Sciences

Data- och informationsvetenskap