Skip to main content
main-content

Über dieses Buch

This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the Second International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in Luxembourg City, Luxembourg, in September 2019, in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019.

The CyberICPS Workshop received 13 submissions from which 5 full papers and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks.

From the SECPRE Workshop 9 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling and to GDPR compliance.

The SPOSE Workshop received 7 submissions from which 3 full papers and 1 demo paper were accepted for publication. They demonstrate the possible spectrum for fruitful research at the intersection of security, privacy, organizational science, and systems engineering.

From the ADIoT Workshop 5 full papers and 2 short papers out of 16 submissions are included. The papers focus on IoT attacks and defenses and discuss either practical or theoretical solutions to identify IoT vulnerabilities and IoT security mechanisms.

Inhaltsverzeichnis

Frontmatter

CyberICPS Workshop

Frontmatter

Anomaly Detection for Industrial Control Systems Using Sequence-to-Sequence Neural Networks

Abstract
This study proposes an anomaly detection method for operational data of industrial control systems (ICSs). Sequence-to-sequence neural networks were applied to train and predict ICS operational data and interpret their time-series characteristic. The proposed method requires only a normal dataset to understand ICS’s normal state and detect outliers. This method was evaluated with SWaT (secure water treatment) dataset, and 29 out of 36 attacks were detected. The reported method also detects the attack points, and 25 out of 53 points were detected. This study provides a detailed analysis of false positives and false negatives of the experimental results.
Jonguk Kim, Jeong-Han Yun, Hyoung Chun Kim

Reflective Attenuation of Cyber-Physical Attacks

Abstract
Cyber-physical systems (CPS) integrate computation and networking resources to control a physical process. The adoption of new communication capabilities comes at the cost of introducing new security threats that need to be handled properly. Threats must be addressed at cyber and physical domains at the same time in order to detect and automatically mitigate the threats. In this paper, we elaborate an approach to attenuate cyber-physical attacks driven by reflective programmable networking actions, in order to take control of adversarial actions against cyber-physical systems. The approach builds upon the concept of programmable reflection and programmable networking. We validate the approach using experimental work.
Mariana Segovia, Ana Rosa Cavalli, Nora Cuppens, Jose Rubio-Hernan, Joaquin Garcia-Alfaro

Distributed UCON in CoAP and MQTT Protocols

Abstract
The Internet of Things (IoT) is playing a key role in consumer and business environments. Due to the sensitivity of the information IoT devices collect and share, and the potential impact a data breach can have in people’s lives, securing communication and access to data in IoT has become a critical feature. Multiple application layer protocols are used nowadays in IoT, with the Constrained Application Protocol (CoAP) and the Message Queue Telemetry Transport (MQTT) being two of the most widely popular. In this paper, we propose a solution to increase the security of both CoAP and MQTT based on the distributed Usage Control (UCON) framework. The inclusion of UCON provides dynamic access control to the data shared using these protocols. This occurs by monitoring mutable attributes related to the local protocol nodes and also by sharing data values between remote nodes via the distributed instances of UCON. We present the architecture and the workflow of our approach together with a real implementation for performance evaluation purposes.
Athanasios Rizos, Daniel Bastos, Andrea Saracino, Fabio Martinelli

Towards the Creation of a Threat Intelligence Framework for Maritime Infrastructures

Abstract
The maritime ecosystem has undergone through changes due to the increasing use of information systems and smart devices. The newly introduced technologies give rise to new attack surface in maritime infrastructures. In this position paper, we propose the MAritime Threat INtelligence FRAMEwork (MAINFRAME), which is tailored towards collection and analysis of threat intelligence in maritime environments. MAINFRAME combines: (i) data collection from ship sensors; (ii) collection of publicly available data from social media; (iii) variety of honeypots emulating different hardware and software component; (iv) event detection assisted by deep learning; (v) blockchain implementation that maintains audit trail for activities and transactions, and electronic IDs; and (vi) visual threat analytics. To highlight the interdependencies between cyber and cyber-physical threats in autonomous ships, MAINFRAME’s operation is evaluated through the liquefied natural gas (LNG) Carrier case study.
Nikolaos Pitropakis, Marios Logothetis, Gennady Andrienko, Jason Stefanatos, Eirini Karapistoli, Costas Lambrinoudakis

Connect and Protect: Requirements for Maritime Autonomous Surface Ship in Urban Passenger Transportation

Abstract
Recent innovations in the smart city domain include new autonomous transportation solutions such as buses and cars, while Autonomous Passenger Ships (APS) are being considered for carrying passengers across urban waterways. APS integrate several interconnected systems and services that are required to communicate in a reliable manner to provide safe and secure real-time operations. In this paper, we discuss the APS context, stakeholders, regulations, standards and functions in order to identify communication and cybersecurity requirements towards designing a secure communication architecture suitable for APS.
Ahmed Amro, Vasileios Gkioulos, Sokratis Katsikas

Simulation-Based Evaluation of DDoS Against Smart Grid SCADAs

Abstract
The goal of this paper is to simulate the effects of different Distributed Denial of Service (DDoS) attack scenarios which might be launched against smart grid Supervisory Control and Data Acquisition systems, i.e. SCADAs. We will analyze attacks which are launched from compromised Remote Terminal Units (RTUs) located in the process environment. We created an ICS testbed and industrial DDoS simulator environment consisting of a single C&C server and a configurable number of bots. We simulated scenarios with different numbers of hacked RTUs trying to overwhelm the SCADA with unwanted messages. We analyzed the effects of DDoS-type attacks against SCADAs with different internal queue architectures used to manage the incoming messages, i.e. no queues, single queue and separate queue for each connected RTU.
Damjan Gogic, Bojan Jelacic, Imre Lendak

Identifying Safety and Human Factors Issues in Rail Using IRIS and CAIRIS

Abstract
Security, safety and human factors engineering techniques are largely disconnected although the concepts are interlinked. We present a tool-supported approach based on the Integrating Requirements and Information Security (IRIS) framework using Computer Aided Integration of Requirements and Information Security (CAIRIS) platform to identify the safety and human factors issues in rail. We illustrate this approach with a case study, which provides a vehicle for increasing the existing collaboration between engineers in security, safety and human factors.
Amna Altaf, Shamal Faily, Huseyin Dogan, Alexios Mylonas, Eylem Thron

SECPRE Workshop

Frontmatter

How Not to Use a Privacy-Preserving Computation Platform: Case Study of a Voting Application

Abstract
We present an analysis of a recent proposal by Dang-awan et al. who develop a remote electronic voting protocol based on secure multi-party computation framework Sharemind. Even though Sharemind comes with provable security guarantees and an application development framework, the proposed protocol and its implementation contain a number of flaws making the result insecure. We hope this case study serves as a good educational material for future secure computation application and voting protocol developers.
Jan Willemson

A Proposed Privacy Impact Assessment Method Using Metrics Based on Organizational Characteristics

Abstract
The assessment of the potential impact for an organization from a privacy violation incident is important for three main reasons: the organization will have a justified estimate of the cost (financial, reputation or other) that may be raised, will facilitate the selection of the appropriate technical, procedural and organizational protection mechanisms and also will be compliant with the new General Data Protection Regulation that will be in effect from May 2018. Today, there are several methods to do a Privacy Impact Assessment but none of these quantifies the results according to specific metrics and thus can be significantly affected by various subjective parameters. Furthermore, the specific organizational characteristics (size, activities, number of clients, type of offered services etc.) are very rarely accounted, a fact that also affects the accuracy of the results. In this paper, a privacy impact assessment method that explicitly takes into account the organizational characteristics and employs a list of well-defined metrics as input, is presented.
Eleni-Laskarina Makri, Zafeiroula Georgiopoulou, Costas Lambrinoudakis

A Conceptual Redesign of a Modelling Language for Cyber Resiliency of Healthcare Systems

Abstract
Security constraints that enforce security requirements characterize healthcare systems. These constraints have a substantial impact on the resiliency of the final system. Security requirements modelling approaches allow the prevention of cyber incidents; however, the focus to date has been on prevention rather than resiliency. Resiliency extends into the detection, mitigation and recovery after security violations. In this paper, we propose an enhanced at a conceptual level that attempts to align cybersecurity with resiliency. It does so by extending the Secure Tropos cybersecurity modelling language to include resiliency. The proposed conceptual model examines resiliency from three viewpoints, namely the security requirements, the healthcare context and its implementational capability. We present an overview of our conceptual model of a cyber resiliency language and discuss a case study to attest the healthcare context in our approach.
Myrsini Athinaiou, Haralambos Mouratidis, Theo Fotis, Michalis Pavlidis

Shaping Digital Identities in Social Networks: Data Elements and the Role of Privacy Concerns

Abstract
Individuals today shape a digital identity through which they “introduce” themselves to others in Social Network Sites (SNS). SNS embody features that enable users to customize their digital identity at will and to disclose desirable elements of their personality. The processes by which users shape their digital identity through information disclosure are largely unknown, including the role of privacy concerns. In this paper we identify the data elements that users consider important for shaping their digital identity in SNS and how privacy concerns shape this process.
In order to explore the above, we conducted an online survey research with 759 participants. Our findings reveal the elements that users consider as important for shaping their digital identity. They also demonstrate that users’ privacy concerns do not seem to affect the amount of information users choose to publish when shaping their digital identity. Finally, we show that particular characteristics of social networking platforms affect the way that users shape their digital identity and privacy behavior.
Thanos Papaioannou, Aggeliki Tsohou, Maria Karyda

GDPR Compliance: Proposed Technical and Organizational Measures for Cloud Providers

Abstract
The process of GDPR compliance for cloud computing environments may turn out to be a demanding process in terms of the technical, organizational and procedural measures that should be adopted. This paper identifies the requirements and the appropriate countermeasures for GDPR compliance in cloud environments. Furthermore, it describes the necessary GDPR related roles and separates the requirements and measures in accordance to the cloud architecture (IAAS, PAAS, SAAS).
Zafeiroula Georgiopoulou, Eleni-Laskarina Makri, Costas Lambrinoudakis

On the Applicability of Security and Privacy Threat Modeling for Blockchain Applications

Abstract
Elicitative threat modeling approaches such as Microsoft STRIDE and LINDDUN for respectively security and privacy use Data Flow Diagrams (DFDs) to model the system under analysis. Distinguishing between external entities, processes, data stores and data flows, these system models are particularly suited for modeling centralized, traditional multi-tiered system architectures.
This raises the question whether these approaches are also suited for inherently decentralized architectures such as distributed ledgers or blockchains, in which the processing, storage, and control flow is shared among many equal participants.
To answer this question, we perform an in-depth analysis of the compatibility between blockchain security and privacy threat types documented in literature and these threat modeling approaches. Our findings identify areas for future improvement of elicitative threat modeling approaches.
Dimitri Van Landuyt, Laurens Sion, Emiel Vandeloo, Wouter Joosen

Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

Abstract
GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.
Aggeliki Tsohou, Manos Magkos, Haralambos Mouratidis, George Chrysoloras, Luca Piras, Michalis Pavlidis, Julien Debussche, Marco Rotoloni, Beatriz Gallego-Nicasio Crespo

Uncertainty-Aware Authentication Model for IoT

Abstract
Handling the process of authentication for the hundred million of computer embedded devices in Internet of Things (IoT) is not achievable without considering inherent IoT characteristics like scalability, heterogeneity, dependency and dynamism. In one hand, traditional and emerging access control models cannot handle indeterminate data access scenarios in IoT by applying deterministic access policies. On the other hand, moving towards resilient access control paradigms needs new attitudes and current manual risk analysis methods that rely on vulnerability calculations do not fit in IoT. This holds true as considering vulnerability as the key player in risk assessment is no longer efficient way to tackle with indeterminate access scenarios due to complicated dependency and scalability of IoT environment. Moreover, most of the IoT devices are not patchable so by discovering new vulnerabilities the vulnerable devices need to be replaced. Therefore, IoT needs agile, resilient and automatic authentication process. This work suggests a novel authentication method based on our previous work in which uncertainty was introduced as one of the neglected challenges in IoT. Uncertainty in authentication derived from incomplete information about incident happening upon authenticating an entity. Part of IoT characteristics makes such an uncertainty worse. Therefore, we have proposed an uncertainty-aware authentication model based on Attribute-Based Access Control (ABAC). Our prediction model is able to consider the uncertainty factor of mobile entities as well as fixed ones in authentication. In doing so, we have built our prediction model using boosting classifiers (AdaBoost and Gradient Boosting algorithms) besides voting classifier. We have compared the results with our previous work. Our designated model (AdaBoost) can achieve authentication performance with 86.54% accuracy.
Mohammad Heydari, Alexios Mylonas, Vasilis Katos, Emili Balaguer-Ballester, Amna Altaf, Vahid Heydari Fami Tafreshi

From ISO/IEC 27002:2013 Information Security Controls to Personal Data Protection Controls: Guidelines for GDPR Compliance

Abstract
With the enforcement of the General Data Protection Regulation (GDPR) in EU, organisations must make adjustments in their business processes and apply appropriate technical and organisational measures to ensure the protection of the personal data they process. Further, organisations need to demonstrate compliance with GDPR. Organisational compliance demands a lot of effort both from a technical and from an organisational perspective. Nonetheless, organisations that have already applied ISO27k standards and employ an Information Security Management System and respective security controls need considerably less effort to comply with GDPR requirements. To this end, this paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended in order to adequately meet, if/where possible, the data protection requirements that the GDPR imposes. Thus, an organisation that already follows ISO/IEC 27001:2013, can use this work as a basis for compliance with the GDPR.
Vasiliki Diamantopoulou, Aggeliki Tsohou, Maria Karyda

SPOSE Workshop

Frontmatter

On the Trade-Off Between Privacy and Utility in Mobile Services: A Qualitative Study

Abstract
While the widespread use of mobile services offers a variety of benefits to mobile users, it also raises serious privacy concerns. We report the results of a user study that investigated the factors that influence the decision-making process pertaining to the trade-off between privacy and utility in mobile services. Through two focus groups, 16 individual interviews and a questionnaire survey involving 60 participants, the study identified awareness and knowledge of privacy risks, trust in service providers, desire for mobile services, and belief of cyber privacy as four factors that contribute to the perceived trade-off. The results also suggest that, with appropriate adoption, privacy-preserving tools can positively influence the privacy trade-off. In addition, our findings explore the cultural differences regarding privacy between participants from western countries (with the UK as the main representative) and China. In particular, the results suggest that participants from China are more likely to be comfortable with a government department protecting their individual privacy, while participants from western countries are more likely to wish to see such responsibility reside with some combination of individuals and non-governmental organisations.
Yang Liu, Andrew Simpson

Analysis of Automation Potentials in Privacy Impact Assessment Processes

Abstract
With the recent introduction of the EU’s General Data Protection Regulation (GDPR), privacy impact assessments (PIA) have become mandatory in many cases. To support organisations in correctly implementing those, researchers and practitioners have provided reference processes and tooling. Integrating automation features into PIA tools can streamline the implementation of compliant privacy impact assessments in organizations. Based on a general reference architecture and reference process based on guidance by authorities, this contribution offers a systematic analysis of which process steps show the most promise with regard to this, and discusses impediments to this approach and directions for future research.
Jan Zibuschka

An Insight into Decisive Factors in Cloud Provider Selection with a Focus on Security

Abstract
In the last ten years cloud computing has developed from a buzz word to the new computing paradigm on a global scale. Computing power or storage capacity can be bought and consumed flexibly and on-demand, which opens up new opportunities for cost-saving and data processing. However, it also goes with security concerns as it represents a form of IT outsourcing. We investigate how these concerns manifest as a decisive factor in cloud provider selection by interviews with eight practitioners from German companies. As only a moderate interest is discovered, it is further examined why this is the case. Additionally, we compared the results from a systematic literature survey on cloud security assurance to cloud customers’ verification of their providers’ security measures. This paper provides a qualitative in-depth examination of companies’ attitudes towards security in the cloud. The results of the analysed sample show that security is not necessarily decisive in cloud provider selection. Nevertheless, providers are required to guarantee security and comply. Traditional forms of assurance techniques play a role in assessing cloud providers and verifying their security measures. Moreover, compliance is identified as a strong driver to pursue security and assurance.
Sebastian Pape, Jelena Stankovic

Discrete Event Simulation of Jail Operations in Pursuit of Organizational Culture Change

Abstract
Justice facilities such as jails are complex adaptive systems. They are people-driven, whether by the organizational culture of those that operate them, or by inmate culture. The development of organizational culture is organic and based on buy-in at all levels, or the lack thereof. Organizational culture evolves, including in response to attempted interventions from within or without. Physical and electronic security’s relationship to detention operations and detainee supervision involves similar dynamics.
In this paper, we explore jail operations. We model human use of a housing unit and associated support spaces via discrete-event simulation. We simulate this system to understand the capacity and limits on human use of building spaces. We explore how this sociotechnical system responds when stressed. We thereby validate the design within limits that correspond to planned operational capacity. The goal of the research is to design spaces and environments that support improved outcomes via improvements in organizational culture.
We introduce the specifics of jail operations via this model while exploring the full range of applications for this type of simulation in the built environment.
Hugh D. Lester, Martin J. Miller

ADIoT Workshop

Frontmatter

A Basic Theory of Lightweight Hierarchical Key Predistribution Scheme

Abstract
Key management is a basic requirement for any security solution. Lightweight key predistribution schemes (KPS) that establish symmetric secrets are best suited for resource constraint devices of low cost Internet of Things (IoT), sensors of Wireless Sensor Networks (WSN). Although there exist numerous elegant KPS, an appropriate hierarchical proposal is absent. To design such a scheme, we propose a combinatorial tool hierarchical set system/design. As an application of such a tool, we propose a deterministic lightweight hierarchical KPS (HKPS) that achieves the desirable design criteria:
  • decentralized hierarchy of a fixed number of depths (l);
  • resilient against compromise of (i) any number of lower level nodes; and (ii) a threshold number of nodes of same level in the hierarchy;
  • non-interactive which saves bandwidth and energy;
  • deterministic KPS which implies the nodes in the network have predictable behaviour of key rings;
  • efficient as it uses hash chains rather than any public key based key exchange or bilinear maps;
  • free to choose any basic KPS at any level/depth of hierarchy as per the requirement of that level;
  • simplicity in design.
To enhance the resilience of the HKPS, we exploited the hash chain idea. Further, we instantiate the HKPS with a very efficient KPS Sensornet. The studies presented here are theoretical and does not contain any experimental and comparative results.
Deepak Kumar Dalai

Adversarial Examples for Hardware-Trojan Detection at Gate-Level Netlists

Abstract
Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.
Kohei Nozawa, Kento Hasegawa, Seira Hidano, Shinsaku Kiyomoto, Kazuo Hashimoto, Nozomu Togawa

Selective Forwarding Attack on IoT Home Security Kits

Abstract
Efforts have been made to improve the security of the Internet of Things (IoT) devices, but there remain some vulnerabilities and misimplementations. This paper describes a new threat to home security devices in which an attacker can disable all functionality of a device, but to the device’s owner, everything still appears to be operational. We targeted home security devices because their security is critical as people may rely on them to protect their homes. In particular, we exploited a feature called “heartbeat”, which is exchanged between the devices and the cloud in order to check that the devices are still connected. Even though network traffic was encrypted, we successfully identified the heartbeats due to their fixed size and periodic nature. Thereafter, we established a man-in-the-middle attack between the device and the cloud and selectively forwarded heartbeats while filtering out other traffic. As a result, the device appears to be still connected (because the heartbeat traffic is being allowed through), while in reality the device’s functionality is disabled (because non-heartbeat traffic is being filtered out). We applied this exploit on a set of six devices, and five were found to be vulnerable. Consequently, an intruder can use this exploit to disable a home security device and break into a house without the awareness of the owner. We carried out a responsible disclosure exercise with the manufacturers of the affected devices, but the response has been limited. This shows that IoT security is still not taken completely seriously and many threats are still undiscovered. Finally, we provide some recommendations on how to detect and prevent the threats posed by insecure IoT devices, which ironically include IoT home security kits.
Ali Hariri, Nicolas Giannelos, Budi Arief

Denial-of-Service Attacks and Countermeasures in the RPL-Based Internet of Things

Abstract
Internet of Things (IoT) is already playing a significant role in our lives, as more and more industries are adopting IoT for improving existing systems and providing novel applications. However, recent attacks caused by Mirai and Chalubo botnets show that IoT systems are vulnerable and new security mechanisms are required. In this work, we design and implement a prototype of Intrusion Detection System (IDS) for protecting IoT networks and devices from Denial-of-Service (DoS) attacks. Our focus is on detecting attacks that exploit the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), which is a widely used protocol for packet routing in low-power IoT networks. Our considered Operating System (OS) is the popular ContikiOS and we use the Cooja simulator to study DoS attacks and test the detection algorithms. In particular, we simulated scenarios that involve both benign and malicious/compromised IoT devices. A compromised device exploits RPL control messages to cause other devices perform heavy computations and disrupt the established network routes. The obtained simulation results help us understand the characteristics of an RPL-based IoT network under its normal operation and devise effective countermeasures against malicious activity. A new threshold-based IDS is proposed and a first prototype is implemented in ContikiOS. The IDS relies on tunable parameters and involves both centralised and distributed components in order to effectively detect malicious RPL messages. Experimental results show high detection rate and low false positives in large networks.
Philokypros P. Ioulianou, Vassilios G. Vassilakis

Study of DNS Rebinding Attacks on Smart Home Devices

Abstract
DNS rebinding is an attack technique know for more than 20 years, which is experiencing a revival caused by the ever-increasing networking of Internet of Things (IoT) devices. Thus, the potential attack surface is growing rapidly, and this paper shows that DNS rebinding attacks on many smart home devices are still successful. Nevertheless, various conditions must be fulfilled for this type of attack. This leads to the fact that such attacks rarely occur in practice since router vendors often provide DNS rebinding protection. Nevertheless, we believe that it is valuable to investigate whether individual devices are theoretically vulnerable and to create a certain awareness so that the existing countermeasures are used correctly.
As part of this paper, we conducted a study analyzing five devices, four smart home devices and one router as a smart-home gateway connected with the IoT products. Three out of four of the smart home devices are vulnerable, and the router is partially vulnerable because queries reach localhost despite activated DNS rebinding protection; thus, services on localhost are vulnerable. This indicates that the manufacturers of smart home devices rely on the countermeasures of the routers in the first place, but it might even improve the security of the devices if they already implement their own additional countermeasures.
Dennis Tatang, Tim Suurland, Thorsten Holz

Anomaly Detection in the HVAC System Operation by a RadViz Based Visualization-Driven Approach

Abstract
The appearance of the smart houses, buildings, and cities has defined new attack scenarios targeting industrial information systems. The paper suggests a visualization-driven approach to the analysis of the data from heating, ventilating and conditioning system (HVAC). The key element of the approach is the RadViz visualization that is used to form daily operation patterns and can detect suspicious deviations that could be the signs of fraudulent activity in the system. It is supplemented by a matrix-based representation of the HVAC parameters that is constructed in the way that allows highlighting changes in values of parameters being analyzed. The distinctive feature of the proposed visualization models is the ability to display data from different data sources. To demonstrate and evaluate the efficiency of the proposed approach we used the VAST MiniChallenge-2 2016 data set that contains logs from the HVAC system and the access control system.
Evgenia Novikova, Mikhail Bestuzhev, Igor Kotenko

Secure Location Verification: Why You Want Your Verifiers to Be Mobile

Abstract
The integrity of location information is crucial in many applications such as access control or environmental sensing. Although there are several solutions to the problem of secure location verification, they all come with expensive requirements such as tight time synchronization, cooperative verification protocols, or dedicated hardware. Yet, meeting these requirements in practice is often not feasible which renders the existing solutions unusable in many scenarios. We therefore propose a new solution which exploits the mobility of verifiers to verify locations. We show that mobility can help minimize system requirements while at the same time achieves strong security. Specifically, we show that two moving verifiers are sufficient to securely verify location claims of a static prover without the need for time synchronization, active protocols, or otherwise specialized hardware. We provide formal proof that our method is secure with minimal effort if the verifiers are able to adjust their movement to the claimed location (“controlled mobility”). For scenarios in which controlled mobility is not feasible, we evaluate how more general claim-independent movement patterns of verifiers affect the security of our system. Based on extensive simulations, we propose simple movement strategies which improve the attack detection rate up to 290% with only little additional effort compared to random (uncontrolled) movements.
Matthias Schäfer, Carolina Nogueira, Jens B. Schmitt, Vincent Lenders

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise