11 |
Investigating Attacks on Industrial Control Systems Using Deterministic Replay SimulationGregory Walkup (6623090) 10 June 2019 (has links)
From factories to power grids, industrial systems are increasingly being digitally controlled and networked. While networking these systems together improves their efficiency and convenience, it also opens them up to attack by malicious actors. When these attacks occur, forensic investigators need to quickly be able to determine what was compromised and which corrective actions should be taken. In this thesis, a method is proposed for investigating attacks on industrial control systems by simulating the logged inputs of the system over time using a model constructed from the control programs that make up the system. When evaluated, this led to the detection of attacks which perturbed the normal operation of the system by comparing the simulated output to the actual output. It also allowed for dependency tracing between the inputs and outputs of the system, so that attacks could be traced from their unwanted effects to their source and vice-versa. This method can thus greatly aid investigators in recovering the complete attack story using only logs of inputs and outputs to an industrial control system.
|
12 |
Information System SecurityYucel, Okan 01 January 2003 (has links) (PDF)
This thesis analyzes the physical, communicational, and organizational
dimensions of information system security process by taking the four-layer approach,
which is composed of the policy, model, architecture, and mechanisms into account.
Within this scope, according to the results of the security analysis of information
systems in METU Informatics Institute, the policy, model, architecture, and
mechanisms necessary to prepare a new security process were proposed. As a
subcomponent of this proposed security process, the network security of the IS100
course was partially established, and the generated results were evaluated.
|
13 |
Σχεδιασμός κρυπτογραφικής πλατφόρμας για πιστοποίηση μηνυμάτων με χρήση CBC και HMAC μηχανισμών (VLSI υλοποίηση)Θανασούλης, Βασίλης 19 January 2010 (has links)
Σκοπός αυτής της διπλωματικής εργασίας ήταν: ο σχεδιασμός και η
υλοποίηση (σε γλώσσα περιγραφής υλικού VHDL) ενός πλήρως pipeline
CBC-HMAC συστήματος που εξασφαλίζει τις κρυπτογραφικές υπηρεσίες της
εμπιστευτικότητας, της ακεραιότητας και της επικύρωσης.
Το κίνητρο αυτής της υλοποίησης ήταν οι πολλές διαδεδομένες
υπηρεσίες όπου χρησιμοποιείται το CBC-HMAC σύστημα όπως: IPsec, ΙΕΕΕ
802.11i (CCMP), TLS πρωτόκολλο, ΙΕΕΕ P1619.1, SRTprotocol κ.τ.λ.
Το Advanced Encryption Standard (AES) και το CBC-AES256
κρυπτογραφικό σύστημα βελτιστοποιήθηκαν όσο αφορά την ταχύτητα και τον
παράγοντα area και υλοποιήθηκαν με pipeline τεχνική με την οποία, μπορούν
να επεξεργάζονται ταυτόχρονα μέχρι και 7 διαφορετικά μηνύματα εισόδου.
O μηχανισμός HMAC με pipeline αρχιτεκτονική βελτιστοποιήθηκε επίσης
χρησιμοποιώντας ως κρυπτογραφικό πυρήνα τον SHA-256 αλγόριθμο.
Το CBC-HMAC σύστημα εξομοιώθηκε πλήρως και ελέγχθηκε
χρησιμοποιώντας τον προσομοιωτή ModelSim. Το εργαλείο σύνθεσης της
VHDL υλοποίησης, στις FPGA τεχνολογίες (οικογένεια συσκευών Xilinx-
Virtex) ήταν η μηχανή σύνθεσης LeonardoSpectrum.
Το υλοποιημένο CBC-HMAC σύστημα σχεδιάστηκε με pipeline
αρχιτεκτονική, με αποτέλεσμα να μπορεί να επεξεργάζεται ταυτόχρονα μέχρι
και 11 διαφορετικά μηνύματα εισόδου και με εξαγωγή αποτελέσματος ανά 20
clk. Τα αποτελέσματα της σύνθεσης (Xilinx-VirtexE) είναι για τη συχνότητα
46.0 MHz και για το throughput 1177.6 Mbps. Αυτά δείχνουν ότι το
υλοποιημένο σύστημα έχει αποδοτική συχνότητα και υψηλό ρυθμό
εξυπηρέτησης (throughput) που είναι πολύ μεγαλύτερος σε σύγκριση με τη
τυπική υλοποίηση του ιδίου συστήματος. / -
|
14 |
User-centred security event visualisation / Visualisation d'événements de sécurité centrée autour de l'utilisateurHumphries, Christopher 08 December 2015 (has links)
Il est aujourd'hui de plus en plus difficile de gérer les énormes quantités de données générées dans le cadre de la sécurité des systèmes. Les outils de visualisation sont une piste pour faire face à ce défi. Ils représentent de manière synthétique et souvent esthétique de grandes quantités de données et d'événements de sécurité pour en faciliter la compréhension et la manipulation. Dans ce document, nous présentons tout d'abord une classification des outils de visualisation pour la sécurité en fonction de leurs objectifs respectifs. Ceux-ci peuvent être de trois ordres : monitoring (c'est à dire suivi en temps réel des événements pour identifier au plus tôt les attaques alors qu'elles se déroulent), exploration (parcours et manipulation a posteriori d'une quantité importante de données pour découvrir les événements importants) ou reporting (représentation a posteriori d'informations déjà connues de manière claire et synthétique pour en faciliter la communication et la transmission). Ensuite, nous présentons ELVis, un outil capable de représenter de manière cohérente des évènements de sécurité issus de sources variées. ELVis propose automatiquement des représentations appropriées en fonction du type des données (temps, adresse IP, port, volume de données, etc.). De plus, ELVis peut être étendu pour accepter de nouvelles sources de données. Enfin, nous présentons CORGI, une extension d'ELVIs permettant de manipuler simultanément plusieurs sources de données pour les corréler. A l'aide de CORGI, il est possible de filtrer les évènements de sécurité provenant d'une source de données en fonction de critères résultant de l'analyse des évènements de sécurité d'une autre source de données, facilitant ainsi le suivi des évènements sur le système d'information en cours d'analyse. / Managing the vast quantities of data generated in the context of information system security becomes more difficult every day. Visualisation tools are a solution to help face this challenge. They represent large quantities of data in a synthetic and often aesthetic way to help understand and manipulate them. In this document, we first present a classification of security visualisation tools according to each of their objectives. These can be one of three: monitoring (following events in real time to identify attacks as early as possible), analysis (the exploration and manipulation a posteriori of a an important quantity of data to discover important events) or reporting (representation a posteriori of known information in a clear and synthetic fashion to help communication and transmission). We then present ELVis, a tool capable of representing security events from various sources coherently. ELVis automatically proposes appropriate representations in function of the type of information (time, IP address, port, data volume, etc.). In addition, ELVis can be extended to accept new sources of data. Lastly, we present CORGI, an successor to ELVIS which allows the simultaneous manipulation of multiple sources of data to correlate them. With the help of CORGI, it is possible to filter security events from a datasource by multiple criteria, which facilitates following events on the currently analysed information systems.
|
15 |
Defending Against Adversarial Attacks Using Denoising AutoencodersRehana Mahfuz (8617635) 24 April 2020 (has links)
Gradient-based adversarial attacks on neural networks threaten extremely critical applications such as medical diagnosis and biometric authentication. These attacks use the gradient of the neural network to craft imperceptible perturbations to be added to the test data, in an attempt to decrease the accuracy of the network. We propose a defense to combat such attacks, which can be modified to reduce the training time of the network by as much as 71%, and can be further modified to reduce the training time of the defense by as much as 19%. Further, we address the threat of uncertain behavior on the part of the attacker, a threat previously overlooked in the literature that considers mostly white box scenarios. To combat uncertainty on the attacker's part, we train our defense with an ensemble of attacks, each generated with a different attack algorithm, and using gradients of distinct architecture types. Finally, we discuss how we can prevent the attacker from breaking the defense by estimating the gradient of the defense transformation.
|
16 |
Analyzing Sensitive Data with Local Differential PrivacyTianhao Wang (10711713) 30 April 2021 (has links)
<div>Vast amounts of sensitive personal information are collected by companies, institutions and governments. A key technological challenge is how to effectively extract knowledge from data while preserving the privacy of the individuals involved. In this dissertation, we address this challenge from the perspective of privacy-preserving data collection and analysis. We focus on investigation of a technique called local differential privacy (LDP) and studied several aspects of it. </div><div><br></div><div><br></div><div>In particular, the thesis serves as a comprehensive study of multiple aspects of the LDP field. We investigated the following seven problems: (1) We studied LDP primitives, i.e., the basic mechanisms that are used to build LDP protocols. (2) We then studied the problem when the domain size is very big (e.g., larger than $2^{32$), where finding the values with high frequency is a challenge, because one needs to enumerate through all values. (3) Another interesting setting is when each user possesses a set of values, instead of a single private value. (4) With the basic problems visited, we then aim to make the LDP protocols practical for real-world scenarios. We investigated the case where each user's data is high-dimensional (e.g., in the census survey, each user has multiple questions to answer), and the goal is to recover the joint distribution among the attributes. (5) We also built a system for companies to issue SQL queries over the data protected under LDP, where each user is associated with some public weights and holds some private values; an LDP version of the values is sent to the server from each user. (6) To further increase the accuracy of LDP, we study how to add post-processing steps to protocols to make them consistent while achieving high accuracy for a wide range of tasks, including frequencies of individual values, frequencies of the most frequent values, and frequencies of subsets of values. (7) Finally, we investigate a different model of LDP which is called the shuffler model. While users still use LDP algorithms to report their sensitive data, now there exists a semi-trusted shuffler that shuffles the users' reports and then send them to the server. This model provides better utility but at the cost of requiring more trust that the shuffler should not collude with the server.</div>
|
17 |
COMPARING SOCIAL ENGINEERING TRAINING IN THE CONTEXT OF HEALTHCAREGiovanni Ordonez (12481197) 03 May 2022 (has links)
<p>Social Engineering attacks have been a rising issue in recent years, affecting a multitude of industries. One industry that has been of great interest to hackers is the Healthcare industry due to the high value of patient information. Social Engineering attacks are mainly common because of the ease of execution and the high probability of victimization. A popular way of combatting Social Engineering attacks is by increasing the user’s ability to detect indicators of attack, which requires a level of cybersecurity education. While the number of cybersecurity training programs is increasing, Social Engineering attacks are still very successful. Therefore, education programs need to be improved to effectively increase the ability of users to notice indicators of attack. This research aimed to answer the question - what teaching method results in the greatest learning gains for understanding Social Engineering concepts? This was done by investigating text-based, gamification, and adversarial thinking teaching methods. These three teaching methods were used to deliver lessons on an online platform to a sample of Purdue students. After conducting analysis, both text-based and adversarial thinking showed significant improvement in the understanding of Social Engineering concepts within the student sample. After conducting a follow-up test, a single teaching method was not found to be better among the three teaching methods. However, this study did find two teaching methods that can be used to develop training programs to help decrease the total number of successful Social Engineering attacks across industries. </p>
|
18 |
Practical Type and Memory Safety Violation Detection MechanismsYuseok Jeon (9217391) 29 August 2020 (has links)
System programming languages such as C and C++ are designed to give the
programmer full control over the underlying hardware. However, this freedom comes
at the cost of type and memory safety violations which may allow an attacker to
compromise applications.
In particular, type safety violation, also known as type confusion, is one of the
major attack vectors to corrupt modern C++ applications. In the past years, several
type confusion detectors have been proposed, but they are severely limited by high
performance overhead, low detection coverage, and high false positive rates. To address these issues, we propose HexType and V-Type. First, we propose HexType, a
tool that provides low-overhead disjoint metadata structures, compiler optimizations,
and handles specific object allocation patterns. Thus, compared to prior work, HexType significantly improves detection coverage and reduces performance overhead. In
addition, HexType discovers new type confusion bugs in real world programs such as
Qt and Apache Xerces-C++. However, HexType still has considerable overhead from
managing the disjoint metadata structure and tracking individual objects, and has
false positives from imprecise object tracking, although HexType significantly reduces
performance overhead and detection coverage. To address these issues, we propose a
further advanced mechanism V-Type, which forcibly changes non-polymorphic types
into polymorphic types to make sure all objects maintain type information. By doing
this, V-Type removes the burden of tracking object allocation and deallocation and
of managing a disjoint metadata structure, which reduces performance overhead and
improves detection precision. Another major attack vector is memory safety violations, which attackers can take
advantage of by accessing out of bound or deleted memory. For memory safety violation detection, combining a fuzzer with sanitizers is a popular and effective approach.
However, we find that heavy metadata structure of current sanitizers hinders fuzzing
effectiveness. Thus, we introduce FuZZan to optimize sanitizer metadata structures
for fuzzing. Consequently, FuZZan improves fuzzing throughput, and this helps the
tester to discover more unique paths given the same amount of time and to find bugs
faster.
In conclusion, my research aims to eliminate critical and common C/C++ memory
and type safety violations through practical programming analysis techniques. For
this goal, through these three projects, I contribute to our community to effectively
detect type and memory safety violations.
|
19 |
Efficient Cryptographic Constructions For Resource-Constrained Blockchain ClientsDuc Viet Le (11191410) 28 July 2021 (has links)
<div><div>The blockchain offers a decentralized way to provide security guarantees for financial transactions. However, this ability comes with the cost of storing a large (distributed) blockchain state and introducing additional computation and communication overhead to all participants. All these drawbacks raise a challenging scalability problem, especially for resource-constrained blockchain clients. On the other hand, some scaling solutions typically require resource-constrained clients to rely on other nodes with higher computational and storage capabilities. However, such scaling solutions often expose the data of the clients to risks of compromise of the more powerful nodes they rely on (e.g., accidental, malicious through a break-in, insider misbehavior, or malware infestation). This potential for leakage raises a privacy concern for these constrained clients, in addition to other scaling-related concerns. This dissertation proposes several cryptographic constructions and system designs enabling resource-constrained devices to participate in the blockchain network securely and efficiently. </div><div><br></div><div>Our first proposal concerns the storage facet for which we propose two add-on privacy designs to address the scaling issue of storing a large blockchain state. </div><div>The first solution is an oblivious database framework, called T<sup>3</sup>, that allows resource-constrained clients to obliviously fetch blockchain data from potential malicious full clients. The second solution focuses on the problem of using and storing additional private-by-design blockchains (e.g., Monero or ZCash) to achieve privacy. We propose an add-on tumbler design, called AMR, that offers privacy directly to clients of non-private blockchains such as Ethereum without the cost of storing and using different blockchain states.</div><div><br></div><div>Our second proposal addresses the communication facet with focus on payment channels as a solution to address the communication overhead between the constrained clients and the blockchain network. A payment channel enables transactions between arbitrary pairs of constrained clients with a minimal communication overhead with the blockchain network. However, in popular blockchains like Ethereum and Bitcoin, the payment data of such channels are exposed to the public, which is undesirable for financial applications. Thus, to hide transaction data, one can use blockchains that are private by design like Monero. However, existing cryptographic primitives in Monero prevent the system from supporting any form of payment channels. Therefore, we present <i>Dual Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (DLSAG),</i> a linkable ring signature scheme that enables, for the first time, off-chain scalability solutions in Monero. </div><div><br></div><div>To address the computation facet, we address the computation overhead of the gossip protocol used in all popular blockchain protocols. For this purpose, we propose a signature primitive called <i>Flexible Signature</i>. In a flexible signature scheme, the verification algorithm quantifies the validity of a signature based on the computational effort performed by the verifier. Thus, the resource-constrained devices can partially verify the signatures in the blockchain transactions before relaying transactions to other peers. This primitive allows the resource-constrained devices to prevent spam transactions from flooding the blockchain network with overhead that is consistent with their resource constraints. </div></div>
|
20 |
Energy And Power Systems Simulated Attack Algorithm For Defense Testbed And AnalysisRuttle, Zachary Andrew 31 May 2023 (has links)
The power grid has evolved over the course of many decades with the usage of cyber systems and communications such as Supervisory Control And Data Acquisition (SCADA); however, due to their connectivity to the internet, the cyber-power system can be infiltrated by malicious attackers. Encryption is not a singular solution. Currently, there are several cyber security measures in development, including those based on artificial intelligence. However, there is a need for a varying but consistent attack algorithm to serve as a testbed for these AI or other practices to be trained and tested. This is important because in the event of a real attacker, it is not possible to know exactly where they will attack and in what order. Therefore, the proposed method in this thesis is to use criminology concepts and fuzzy logic inference to create this algorithm and determine its effectiveness in making decisions on a cyber-physical system model. The method takes various characteristics of the attacker as an input, builds their ideal target node, and then compares the nodes to the high-impact target and chooses one as the goal. Based on that target and their knowledge, the attackers will attack nodes if they have resources. The results show that the proposed method can be used to create a variety of attacks with varying damaging effects, and one other set of tests shows the possibility for multiple attacks, such as denial of service and false data injection. The proposed method has been validated using an extended cyber-physical IEEE 13-node distribution system and sensitivity tests to ensure that the ruleset created would take each of the inputs well. / Master of Science / For the last decades, information and communications technology has become more commonplace for electric power and energy systems around the world. As a result, it has attracted hackers to take advantage of the cyber vulnerabilities to attack critical systems and cause damage, e.g., the critical infrastructure for electric energy. The power grid is a wide-area, distributed infrastructure with numerous power plants, substations, transmission and distribution lines as well as customer facilities. For operation and control, the power grid needs to acquire measurements from substations and send control commands from the control center to substations. The cyber-physical system has its vulnerabilities that can be deployed by hackers to launch falsified measurements or commands. Much research is concerned with how to detect and mitigate cyber threats. These methods are used to determine if an attack is occurring, and, if so, what to do about it. However, for these techniques to work properly, there must be a way to test how the defense will understand the purpose and target of an actual attack, which is where the proposed modeling and simulation method for an attacker comes in. Using a set of values for their resources, motivation and other characteristics, the defense algorithm determines what the attacker's best target would be, and then finds the closest point on the power grid that they can attack. While there are still resources remaining based on the initial value, the attacker will keep choosing places and then execute the attack. From the results, these input characteristic values for the attacker can affect the decisions the attacker makes, and the damage to the system is reflected by the values too. This is tested by looking at the results for the high-impact nodes for each input value, and seeing what came out of it. This shows that it is possible to model an attacker for testing purposes on a simulation.
|
Page generated in 0.0716 seconds