Computer Security. ESORICS 2022 International Workshops

Table of Contents

1. Frontmatter

2. 8th Workshop on Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2022)

   1. Frontmatter

   2. Towards Comprehensive Modeling of CPSs to Discover and Study Interdependencies

      Aida Akbarzadeh, Sokratis Katsikas

      Abstract

      To a large extent, modeling Cyber-Physical systems (CPSs) and interdependency analysis collaborate in the security enhancement of CPSs and form the basis of various research domains such as risk propagation, attack path analysis, reliability analysis, robustness evaluation, and fault identification. Interdependency analysis as well as modeling of interdependent systems such as CPSs rely on the understanding of system dynamics and flows. Despite the major efforts, previously developed methods could not provide the required knowledge as they have either followed data-driven or physics-based modeling approaches. To fill this gap, we propose a new modeling approach called BG2 based on Graph theory and Bond graph. Our proposed method is able to portray the physical process of CPSs from different domains and capture both information and commodity flows. Based on the fundamental characteristics of the Graph theory and Bond graph in the BG2 model, we discover higher order of dependencies in CPSs and analyze causal relationships within the system components. We illustrate the workings of the proposed method by applying it to a realistic case study of a CPS in the energy domain. The results provide valuable insight into the dependencies among the system components and substantiate the applicability of the proposed method in modeling and analyzing interdependent systems.

   3. Coordinated Network Attacks on Microgrid Dispatch Function: An EPIC Case Study

      Muhammad Ramadan Saifuddin, Lin Wei, Heng Chuan Tan, Binbin Chen

      Abstract

      Communication network dependencies for microgrid’s operations increases cybersecurity risks, where vulnerabilities found in communication protocols can be exploited for malicious intent. In this paper, we enumerate important attack techniques on multiple communication protocols and investigate their impacts on the microgrid dispatch function. We also show that an attacker can leverage multiple protocols to launch coordinated attacks that offers longer-term, stealthier, and larger adversarial impact, an advanced persistent threat. Our main contribution in this work is a detailed case study carried out on Electrical Power and Intelligent Control (EPIC) testbed located in Singapore. Through a series of experiments, we demonstrated individual protocols’ vulnerability, verified their negative impacts on several microgrid’s dispatch functions, and also illustrated the practicality of coordinated attacks through the manipulation of multiple protocols.

   4. Adversarial Attacks and Mitigations on Scene Segmentation of Autonomous Vehicles

      Yuqing Zhu, Sridhar Adepu, Kushagra Dixit, Ying Yang, Xin Lou

      Abstract

      In this study, we focus on the effectiveness of adversarial attacks on the scene segmentation function of autonomous driving systems (ADS). We explore both offensive as well as defensive aspects of the attacks in order to gain a comprehensive understanding of the effectiveness of adversarial attacks with respect to semantic segmentation. More specifically, in the offensive aspect, we improved the existing adversarial attack methodology with the idea of momentum. The adversarial examples generated by the improved method show higher transferability in both targeted as well as untargeted attacks. In the defensive aspect, we implemented and analyzed five different mitigation techniques proven to be effective in defending against adversarial attacks in image classification tasks. The image transformation methods such as JPEG compression and low pass filtering showed good performance when used against adversarial attacks in a white box setting.

   5. Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions

      Adriaan de Vos, Alessandro Brighente, Mauro Conti

      Abstract

      IEEE 802.1CB provides a standard for reliable packet delivery within Time-Sensitive Networking (TSN). As this standard is envisioned to be used in mission-critical networks in the near future, it has to be protected against security threats. The integrity of the network communication should be the biggest focus as guaranteed delivery is essential. However, IEEE 802.1CB does not come with security guarantees. Indeed, as we show in this paper, an attacker may be able to exploit different threat vectors to impair the correctness of communication, impacting on the safety of users. Due to TSN strict delay and reliability requirements, classical security solutions can not be easily applied without significant efforts. Therefore, researchers proposed multiple solutions to guarantee secure communication. However, the current state-of-the-art is not able to guarantee both security and timing guarantees.

      In this paper, we provide a detailed analysis of the security of IEEE 802.1CB exploiting the STRIDE methodology. Compared to the existing state-of-the art on the subject, we provide a deeper analysis of the possible threats and their effect. We then analyze available solutions for security in IEEE 802.1CB, and compare their performance in terms of time, reliability, and security guarantees. Based on our analysis, we show that, although there exist promising solutions trying to provide security to 802.1CB, there is still a gap to be filled both in terms of security and latency guarantees.

   6. The Effects of the Russo-Ukrainian War on Network Infrastructures Through the Lens of BGP

      • Open Access

      Zisis Tsiatsikas, Georgios Karopoulos, Georgios Kambourakis

      Abstract

      One of the most critical building blocks of the reliable operation of the Internet is the Border Gateway Protocol (BGP) that is used to exchange routing messages, signaling active and defective routing paths. During large-scale catastrophic incidents, such as conventional military operations or cyberwarfare, the stability of the Internet is affected, causing the announcements of defective routing paths to increase substantially. This work studies the relation between major incidents, such as armed conflicts in a country scale, and the corresponding network outages observed in the core of the Internet infrastructure as announced by BGP. We focus on the Russo-Ukrainian war as a timely and prominent use case and examine geolocalized BGP data for a 2-month period. Our methodology allows us to cherry-pick long-term network outages among temporary interruptions of service in this specific time window, and pinpoint them to the areas of the operations. Our results indicate that there is a high correlation between the start of military operations and network outages in a city and country level. Furthermore, we show that the last few days before the start of the operations network outages rise as well, indicating that preparatory cyberattack activities take place. No less important, network outages remain at much higher than usual levels during the operations, something that can be attributed to infrastructure destruction possibly backed by cyberattacks.

      Download PDF-version

   7. Cybersecurity Awareness for Small and Medium-Sized Enterprises (SMEs): Availability and Scope of Free and Inexpensive Awareness Resources

      Sunil Chaudhary, Vasileios Gkioulos, David Goodman

      Abstract

      Small and medium-sized enterprises (SMEs) are considered the backbone of Europe’s economy. However, SMEs are often bounded by resource constraints that also limit their cybersecurity posture. In such circumstances, SMEs could potentially benefit from the free and inexpensive cybersecurity awareness (CSA) resources produced and distributed by various public and private entities. SMEs can utilize these affordable resources to elevate the knowledge and skills of employees and transform their cybersecurity attitudes and behavior. The security-conscious employees can serve as the organization’s first line of defense against cyber-attacks and -crimes. However, prior to employing such awareness resources, it would require answering the question “how abundance and well-suited are the (affordable) awareness resources for SMEs?” To address this concern, we used an exploratory approach and examined the awareness resources from 71 sources chosen after the review of 938 potential sources. Since the primary audience of the study was European SMEs, most of the sources analyzed come from European organizations. Based on our findings, while these affordable awareness resources could benefit SMEs, they do require some adjustment to better meet the requirements and situations of SMEs. Furthermore, the awareness resources exclusively targeting SMEs and the diverse business areas SMEs serve, are insufficient. As a result, all involved entities, at the national and European levels, are encouraged to produce and distribute more localized awareness resources that are affordable and best match the demands and business areas of SMEs. Finally, the awareness resources should also include appropriate features for interested users to submit their feedback.

   8. A Framework for Developing Tabletop Cybersecurity Exercises

      Nabin Chowdhury, Vasileios Gkioulos

      Abstract

      As remote work increases in adoption, partly pushed by the 2020 COVID-19 pandemic, conducting and offering security training to employees is ever more challenging, due to physical constraints. Cyber-security training is ever more critical as both digitalization of controls and services increases, and remote working increases the risks of cyber-threats, due to vulnerable communication channels and lack of security practices from remote location working. As physical presence and coordination of large groups of employees becomes more challenging, it is necessary to offer more flexible, adaptable and lightweight training and exercise solutions for cyber-security training. For this reason, in this work we propose a lightweight tabletop framework for conducting cybersecurity exercises. The framework has been developed taking into consideration personalized learning theory concepts and feedback from academic and industrial stakeholders. Evaluation of the framework was conducted through a series of exercises with industrial personnel and university students. According to the results of the experiments, the framework is effective at developing a great range of table-top exercises for both students, security professionals and technical operators. By focusing on flexibility, ease of implementation, remote accessibility and other key attributes, the exercises developed with the framework have been reported to be successful in achieving the goals, and found engaging and motivating by participants.

   9. A Hybrid Dynamic Risk Analysis Methodology for Cyber-Physical Systems

      Christos Lyvas, Konstantinos Maliatsos, Andreas Menegatos, Thrasyvoulos Giannakopoulos, Costas Lambrinoudakis, Christos Kalloniatis, Athanasios Kanatas

      Abstract

      Recent technological advances allow us to design and implement sophisticated infrastructures to assist users’ everyday life; technological paradigms such as Intelligent Transportation Systems (ITS) and Multi-modal Transport are excellent instances of those cases. Therefore, a systematic risk evaluation process in conjunction with proper threat identification are essential for environments like those mentioned above as they involve human safety. Threat modelling is the process of identifying and understanding threats while risk analysis is the process of identifying and analyzing potential risks. This research initially focuses on the most widely-used threat modelling and risk analysis approaches and reviewing their characteristics. Then, it presents a service-oriented dynamic risk analysis approach that focuses on Cyber-Physical Systems (CPS) by adopting threat modelling characteristics and by blending other methods and well-established sources to achieve automation in several stages. Finally, it provides the qualitative features of the proposed method and other related threat modelling and risk analysis approaches with a discussion regarding their similarities, differences, advantages and drawbacks.

3. 6th International Workshop on Security and Privacy Requirements Engineering (SECPRE 2022)

   1. Frontmatter

   2. OntoCyrene: Towards Ontology-Enhanced Asset Modelling for Supply Chains in the Context of Cyber Security

      Mohammad Heydari, Haralambos Mouratidis, Vahid Heydari Fami Tafreshi

      Abstract

      A Supply chain in the era of the Internet of Industrial Things faces new challenges in terms of modelling. The challenges stem from a number of characteristics like scalability, dependency and dynamism. In this paper, we introduce an ontology-enhanced method for modelling assets and their dependency in the context of supply chains. This method enables us to infer new insights from the domain. It also provides a dynamic knowledge representation and reasoning by capturing all aspects of supply chains from three different perspectives including business, asset, and sector. The results show that the proposed method can address the challenges by utilizing ontology and synching three relevant perspectives. Moreover, the developed ontology (OntoCyrene) is rich enough to bring light to the dark angles of the modelled scenarios. The theme chosen for this work is cyber security and we used real-world scenarios derived from the Cyrene (Cyrene EU H2020 Project is available at: https://www.cyrene.eu.) project to populate and evaluate the ontology.

   3. Measuring the Adoption of TLS Encrypted Client Hello Extension and Its Forebear in the Wild

      • Open Access

      Zisis Tsiatsikas, Georgios Karopoulos, Georgios Kambourakis

      Abstract

      The Transport Layer Security (TLS) protocol was introduced to solve the lack of security and privacy in the early versions of the world wide web. However, even though it has substantially evolved over the years, certain features still present privacy issues. One such feature is the Server Name Indication (SNI) extension, which allows multiple web servers to reside behind a provider hosting multiple domains with the same IP address; at the same time it allows third parties to discover the domains that end users visit. In the last few years, the Encrypted Server Name Indication (ESNI) Internet draft is being developed by the Internet Engineering Task Force (IETF); this encrypted variant of the extension was renamed to Encrypted Client Hello (ECH) in latest versions. In this paper, we measure the adoption of both these versions, given that they have substantial differences. By analyzing the top 1M domains in terms of popularity, we identify that only a small portion, less than 19%, supports the privacy-preserving ESNI extension and practically no domain supports ECH. Overall, these results demonstrate that there is still a long way to go to ensure the privacy of end users visiting TLS-protected domains which are co-located behind a common Internet-facing server.

      Download PDF-version

4. 4th Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE 2022)

   1. Frontmatter

   2. Influencing Factors for Users’ Privacy and Security Protection Behavior in Smart Speakers: Insights from a Swiss User Study

      • Open Access

      Frank Ebbers, Murat Karaboga

      Abstract

      Smart speakers pose several risks to security and privacy, which users can counter with protective measures. This paper investigates the factors contributing to the adoption of protective measures by smart speaker users. Using survey data from Swiss participants, we first captured four different combinations of users with (no) concerns and (no) measures. We then used six factors to examine which of these influence protective behavior. Our findings reveal that whether or not protective measures are taken is affected by the usage context, usage duration, gender, opinion toward emotion recognition, and reasons for acquisition, but not by model/manufacturer, age and education level. With our results, we want to contribute to the ongoing discussion about influencing factors on concerns and protective measures, using the smart speaker domain as an example.

      Download PDF-version

   3. Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach

      Abdelhadi Belfadel, Martin Boyer, Jérôme Letailleur, Yohann Petiot, Reda Yaich

      Abstract

      Cyber security assessment aims at determining the cybersecurity state of an assessed asset to check how effectively the asset fulfills specific security objectives. We are confronted with a lack of an integrated framework coupling a top-down approach such as a risk-based analysis of information systems, with a bottom-up approach such as MITRE Attack to map and understand the details of the actions taken by the attackers to evaluate a defensive coverage throughout the development life cycle. We depict in this ongoing work the description of a Security Impact Analysis Framework (SAIF) to support cyber analysts, cyber administrators, and developers in their daily tasks of security impact analysis and provide project stakeholders with sufficient security proof and defense gaps. The goal is to avoid the use of a myriad of “tool islands” to automate the security impact assessment process providing sufficient safety evidence throughout the development cycle of a project. A case study of the development of an autonomous shuttle service is used to illustrate some selected assets from the MITRE Attack approach as practical usage of this framework.

   4. Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems

      Stephan Wiefling, Jan Tolsdorf, Luigi Lo Iacono

      Abstract

      Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy. In this paper, we explore these challenges from the perspective of digital ecosystems’ platform providers. To this end, we present the results of an interview study with seven data protection officers representing a total of 12 digital ecosystems in Germany. We identified current and future challenges for the implementation of data protection requirements, covering issues on legal obligations and data subject rights. Our results support stakeholders involved in the implementation of privacy protection measures in digital ecosystems, and form the foundation for future privacy-related studies tailored to the specifics of digital ecosystems.

   5. Rebooting IT Security Awareness – How Organisations Can Encourage and Sustain Secure Behaviours

      • Open Access

      M. Angela Sasse, Jonas Hielscher, Jennifer Friedauer, Annalina Buckmann

      Abstract

      Most organisations are using online security awareness training and simulated phishing attacks to encourage their employees to behave securely. Buying off-the-shelf training packages and making it mandatory for all employees to complete them is easy, and satisfies most regulatory and audit requirements, but does not lead to secure behaviour becoming a routine. In this paper, we identify the additional steps employees must go through to develop secure routines, and the blockers that stop a new behaviour from becoming a routine. Our key message is: security awareness as we know it is only the first step; organisations who want employees have to do more to smooth the path: they have to ensure that secure behaviour is feasible, and support their staff through the stages of the Security Behaviour Curve – concordance, self-efficacy, and embedding – for secure behaviour to become a routine. We provide examples of those organisational activities, and specific recommendations to different organisational stakeholders.

      Download PDF-version