Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514196
Mordechai Guri, B. Zadov, Andrey Daidakulov, Y. Elovici
An air-gapped network is a type of IT network that is separated from the Internet - physically – due to the sensitive information it stores. Even if such a network is compromised with a malware, the hermetic isolation from the Internet prevents an attacker from leaking out any data - thanks to the lack of connectivity. In this paper we show how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device (‘side-channel’), malware controlling the status LEDs to carry any type of data (‘covert-channel’) has never studied before. Sensitive data can be covertly encoded over the blinking of the LEDs and received by remote cameras and optical sensors. A malicious code is executed in a compromised LAN switch or router allowing the attacker direct, low-level control of the LEDs. We provide the technical background on the internal architecture of switches and routers at both the hardware and software level which enables these attacks. We present different modulation and encoding schemas, along with a transmission protocol. We implement prototypes of the malware and discuss its design and implementation. We tested various receivers including remote cameras, security cameras, smartphone cameras, and optical sensors, and discuss detection and prevention countermeasures. Our experiments show that sensitive data can be covertly leaked via the status LEDs of switches and routers at bit rates of 1 bit/sec to more than 2000 bit/sec per LED.
{"title":"xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs","authors":"Mordechai Guri, B. Zadov, Andrey Daidakulov, Y. Elovici","doi":"10.1109/PST.2018.8514196","DOIUrl":"https://doi.org/10.1109/PST.2018.8514196","url":null,"abstract":"An air-gapped network is a type of IT network that is separated from the Internet - physically – due to the sensitive information it stores. Even if such a network is compromised with a malware, the hermetic isolation from the Internet prevents an attacker from leaking out any data - thanks to the lack of connectivity. In this paper we show how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device (‘side-channel’), malware controlling the status LEDs to carry any type of data (‘covert-channel’) has never studied before. Sensitive data can be covertly encoded over the blinking of the LEDs and received by remote cameras and optical sensors. A malicious code is executed in a compromised LAN switch or router allowing the attacker direct, low-level control of the LEDs. We provide the technical background on the internal architecture of switches and routers at both the hardware and software level which enables these attacks. We present different modulation and encoding schemas, along with a transmission protocol. We implement prototypes of the malware and discuss its design and implementation. We tested various receivers including remote cameras, security cameras, smartphone cameras, and optical sensors, and discuss detection and prevention countermeasures. Our experiments show that sensitive data can be covertly leaked via the status LEDs of switches and routers at bit rates of 1 bit/sec to more than 2000 bit/sec per LED.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"35 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123404969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514218
Giulia Traverso, Denis Butin, J. Buchmann, Alex Palesandro
The outsourced storage of sensitive data requires long-term confidentiality guarantees. Proactive secret sharing in a distributed storage system provides such guarantees. However, some storage service providers lack in reliability or performance for proactive secret sharing to be viable, which can threaten data confidentiality. Data owners need guidance to select the best-performing storage service providers. Aggregated peer ratings with a mediator can provide such guidance. Nevertheless, providers may rate each other inaccurately to undermine competitors. This rational behaviour must be taken into account to devise performance scoring mechanisms generating accurate aggregate scores. The natural formalism to analyse the strategies of rational agents is game theory. In this paper, we introduce a game-theoretic model of the peer rating strategies of providers. Within this model, we first show that an unincentivised performance scoring mechanism results in providers reporting inaccurate ratings. We then introduce an incentivised performance scoring mechanism, modelled as an infinitely repeated game, that discourages inaccurate ratings. We prove that this mechanism leads to accurate ratings and thus to accurate performance scores for each provider, within a margin depending on coalition sizes.
{"title":"Coalition-Resistant Peer Rating for Long-Term Confidentiality","authors":"Giulia Traverso, Denis Butin, J. Buchmann, Alex Palesandro","doi":"10.1109/PST.2018.8514218","DOIUrl":"https://doi.org/10.1109/PST.2018.8514218","url":null,"abstract":"The outsourced storage of sensitive data requires long-term confidentiality guarantees. Proactive secret sharing in a distributed storage system provides such guarantees. However, some storage service providers lack in reliability or performance for proactive secret sharing to be viable, which can threaten data confidentiality. Data owners need guidance to select the best-performing storage service providers. Aggregated peer ratings with a mediator can provide such guidance. Nevertheless, providers may rate each other inaccurately to undermine competitors. This rational behaviour must be taken into account to devise performance scoring mechanisms generating accurate aggregate scores. The natural formalism to analyse the strategies of rational agents is game theory. In this paper, we introduce a game-theoretic model of the peer rating strategies of providers. Within this model, we first show that an unincentivised performance scoring mechanism results in providers reporting inaccurate ratings. We then introduce an incentivised performance scoring mechanism, modelled as an infinitely repeated game, that discourages inaccurate ratings. We prove that this mechanism leads to accurate ratings and thus to accurate performance scores for each provider, within a margin depending on coalition sizes.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129305471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514168
Andrew Sutton, Reza Samavi, T. Doyle, D. Koff
In this paper, we propose an architecture that utilizes blockchain technology for enabling verifiable trust in collaborative health research environments. The architecture supports the human-in-the-loop paradigm for health research by establishing trust between participants, including human researchers and AI systems, by making all data transformations transparent and verifiable by all participants. We define the trustworthiness of the system and provide an analysis of the architecture in terms of trust requirements. We then evaluate our architecture by analyzing its resiliency to common security threats and through an experimental realization.
{"title":"Digitized Trust in Human-in-the-Loop Health Research","authors":"Andrew Sutton, Reza Samavi, T. Doyle, D. Koff","doi":"10.1109/PST.2018.8514168","DOIUrl":"https://doi.org/10.1109/PST.2018.8514168","url":null,"abstract":"In this paper, we propose an architecture that utilizes blockchain technology for enabling verifiable trust in collaborative health research environments. The architecture supports the human-in-the-loop paradigm for health research by establishing trust between participants, including human researchers and AI systems, by making all data transformations transparent and verifiable by all participants. We define the trustworthiness of the system and provide an analysis of the architecture in terms of trust requirements. We then evaluate our architecture by analyzing its resiliency to common security threats and through an experimental realization.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121851323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514185
Yiming Zhang, Baljeet Malhotra, Cheng Chen
Open Source Software (OSS) has become de-facto industry standard for developing software solutions and services. Either it's Telecommunication industry or Aerospace or Health Care or Media and Entertainment, OSS is widely used because of its benefits and community based support. Regardless of the benefits, OSS continues to attract security vulnerabilities due to its inherent open nature. Because of the security vulnerabilities industries need to constantly evaluate security posture of OSS projects. Unfortunately, there are no readily available studies that have analyzed the security posture of various OSS projects with respect to various industries. This is the precise goal of this research, which not only analyzes the popularity of various OSS projects among various industries but also provides insights into the security vulnerabilities and their impact on various industries that consume those OSS projects. Toward that end this paper makes the following contributions. (1) We evaluated the OSS usage trends across various categories of industries, which has never been attempted before. (2) We proposed two metrics to quantify the impact of security vulnerabilities in OSS projects that are used by various categories of industries. (3) We conducted a detailed set of analysis using real datasets to evaluate the proposed metrics and their impact on various industries. We have concluded this paper with some future
{"title":"Industry-Wide Analysis of Open Source Security","authors":"Yiming Zhang, Baljeet Malhotra, Cheng Chen","doi":"10.1109/PST.2018.8514185","DOIUrl":"https://doi.org/10.1109/PST.2018.8514185","url":null,"abstract":"Open Source Software (OSS) has become de-facto industry standard for developing software solutions and services. Either it's Telecommunication industry or Aerospace or Health Care or Media and Entertainment, OSS is widely used because of its benefits and community based support. Regardless of the benefits, OSS continues to attract security vulnerabilities due to its inherent open nature. Because of the security vulnerabilities industries need to constantly evaluate security posture of OSS projects. Unfortunately, there are no readily available studies that have analyzed the security posture of various OSS projects with respect to various industries. This is the precise goal of this research, which not only analyzes the popularity of various OSS projects among various industries but also provides insights into the security vulnerabilities and their impact on various industries that consume those OSS projects. Toward that end this paper makes the following contributions. (1) We evaluated the OSS usage trends across various categories of industries, which has never been attempted before. (2) We proposed two metrics to quantify the impact of security vulnerabilities in OSS projects that are used by various categories of industries. (3) We conducted a detailed set of analysis using real datasets to evaluate the proposed metrics and their impact on various industries. We have concluded this paper with some future","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"359 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132100857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514183
N. Mohammadi, Nelufar Ulfat-Bunyadi, M. Heisel
The trustworthiness of cyber-physical systems (CPS) that support complex collaborative business processes is an emergent property. New technologies like cloud computing bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might introduce new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users become more concerned about trust. In order to address users’ trust concerns, trustworthiness requirements for the CPS must be elicited and satisfied. They describe the properties (qualities) the CPS must possess in order to be trustworthy. In this paper, we suggest a problem-based requirements engineering method that supports specifically the derivation of trustworthiness requirements. Based on identified trust concerns of users, trust assumptions are made explicit in problem diagrams. They express the conditions under which users are willing to trust. The problem diagrams and trust assumptions are then refined until they are concrete enough to derive trustworthiness requirements from them. During the refinement process, trust assumptions may influence and modify the system design (and vice versa, i.e., due to a certain system design, new trust concerns may arise that need to be addressed). In this way, users’ trust concerns are considered right from the beginning and trustworthiness is designed into the CPS. An application example from the healthcare domain is used to demonstrate our approach.
{"title":"Problem-based Derivation of Trustworthiness Requirements from Users’ Trust Concerns","authors":"N. Mohammadi, Nelufar Ulfat-Bunyadi, M. Heisel","doi":"10.1109/PST.2018.8514183","DOIUrl":"https://doi.org/10.1109/PST.2018.8514183","url":null,"abstract":"The trustworthiness of cyber-physical systems (CPS) that support complex collaborative business processes is an emergent property. New technologies like cloud computing bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might introduce new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users become more concerned about trust. In order to address users’ trust concerns, trustworthiness requirements for the CPS must be elicited and satisfied. They describe the properties (qualities) the CPS must possess in order to be trustworthy. In this paper, we suggest a problem-based requirements engineering method that supports specifically the derivation of trustworthiness requirements. Based on identified trust concerns of users, trust assumptions are made explicit in problem diagrams. They express the conditions under which users are willing to trust. The problem diagrams and trust assumptions are then refined until they are concrete enough to derive trustworthiness requirements from them. During the refinement process, trust assumptions may influence and modify the system design (and vice versa, i.e., due to a certain system design, new trust concerns may arise that need to be addressed). In this way, users’ trust concerns are considered right from the beginning and trustworthiness is designed into the CPS. An application example from the healthcare domain is used to demonstrate our approach.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"183 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124636896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514209
Lukasz Opiola, L. Dutka, R. Słota, J. Kitowski
The observation of current trends in data access, especially in the field of scientific computations, shows that global data access that crosses federation boundaries is highly desirable. However, administrative constraints require that data centers remain autonomous, which effectively eliminates the possibility of cooperation. To overcome this, we plan to establish an open network of cooperating data providers. In this paper, we address the issue of data access control for such network. Our proposition is to use a synergy of hybrid peer-to-peer architecture, decentralized identity and access management, metadata synchronization protocol and trust driven authorization flow. The proposed solution is discussed using real-life use-cases concerning cross-federation data access.
{"title":"Trust-driven, Decentralized Data Access Control for Open Network of Autonomous Data Providers","authors":"Lukasz Opiola, L. Dutka, R. Słota, J. Kitowski","doi":"10.1109/PST.2018.8514209","DOIUrl":"https://doi.org/10.1109/PST.2018.8514209","url":null,"abstract":"The observation of current trends in data access, especially in the field of scientific computations, shows that global data access that crosses federation boundaries is highly desirable. However, administrative constraints require that data centers remain autonomous, which effectively eliminates the possibility of cooperation. To overcome this, we plan to establish an open network of cooperating data providers. In this paper, we address the issue of data access control for such network. Our proposition is to use a synergy of hybrid peer-to-peer architecture, decentralized identity and access management, metadata synchronization protocol and trust driven authorization flow. The proposed solution is discussed using real-life use-cases concerning cross-federation data access.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128485168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514180
Wanpeng Li, C. Mitchell, Thomas M. Chen
Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to crosssite request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect. Index Terms—OAuth 2.0, OpenID Connect, CSRF
{"title":"Mitigating CSRF attacks on OAuth 2.0 Systems","authors":"Wanpeng Li, C. Mitchell, Thomas M. Chen","doi":"10.1109/PST.2018.8514180","DOIUrl":"https://doi.org/10.1109/PST.2018.8514180","url":null,"abstract":"Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to crosssite request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect. Index Terms—OAuth 2.0, OpenID Connect, CSRF","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128176005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514162
Dieudonne Mulamba, I. Ray, I. Ray
Sybil attack is a problem that seriously affects Online Social Networks (OSNs). These attacks are made possible by the openness of OSN platforms that allows an attacker to create multiple fake accounts, called Sybils, which are then used to compromise the underlining trust pinnings of the OSN. Early Sybil account detection mechanisms involved classification of users into benign and malicious based on various attributes collected from the user profiles. One challenge affecting these classification methods is that user attributes can often be in-complete or inaccurate. In addition, these classification methods can be evaded by sophisticated attackers. More importantly, user profiles can often reveal sensitive user information that can potentially be misused causing privacy violation. In this work, we propose a Sybil detection method that is based on the classification of users into malicious and benign based on the inherent topology or structure of the underlining OSN graph. We propose a new set of structural features for a graph. Using this new feature set, we perform several experiments on both synthetic as well as real-world OSN data. Our results show that the proposed detection method is very effective in correctly classifying Sybil accounts without running the risk of being evaded by a sophisticated attacker and without compromising privacy of users.
Sybil攻击是严重影响osn (Online Social Networks)的网络安全问题。这些攻击之所以成为可能,是因为OSN平台的开放性允许攻击者创建多个虚假账户,称为Sybils,然后用来破坏OSN的基础信任。早期的Sybil帐户检测机制涉及根据从用户配置文件收集的各种属性将用户分为良性和恶意。影响这些分类方法的一个挑战是用户属性通常是不完整或不准确的。此外,这些分类方法可以被老练的攻击者规避。更重要的是,用户配置文件经常会暴露敏感的用户信息,这些信息可能会被滥用,从而导致隐私侵犯。在这项工作中,我们提出了一种基于用户分类的Sybil检测方法,该方法基于下划线OSN图的固有拓扑或结构将用户分为恶意和良性。我们提出了一组新的图的结构特征。使用这个新特性集,我们对合成的和真实的OSN数据执行了几个实验。我们的研究结果表明,所提出的检测方法在正确分类Sybil帐户方面非常有效,而不会冒被复杂的攻击者规避的风险,也不会损害用户的隐私。
{"title":"On Sybil Classification in Online Social Networks Using Only Structural Features","authors":"Dieudonne Mulamba, I. Ray, I. Ray","doi":"10.1109/PST.2018.8514162","DOIUrl":"https://doi.org/10.1109/PST.2018.8514162","url":null,"abstract":"Sybil attack is a problem that seriously affects Online Social Networks (OSNs). These attacks are made possible by the openness of OSN platforms that allows an attacker to create multiple fake accounts, called Sybils, which are then used to compromise the underlining trust pinnings of the OSN. Early Sybil account detection mechanisms involved classification of users into benign and malicious based on various attributes collected from the user profiles. One challenge affecting these classification methods is that user attributes can often be in-complete or inaccurate. In addition, these classification methods can be evaded by sophisticated attackers. More importantly, user profiles can often reveal sensitive user information that can potentially be misused causing privacy violation. In this work, we propose a Sybil detection method that is based on the classification of users into malicious and benign based on the inherent topology or structure of the underlining OSN graph. We propose a new set of structural features for a graph. Using this new feature set, we perform several experiments on both synthetic as well as real-world OSN data. Our results show that the proposed detection method is very effective in correctly classifying Sybil accounts without running the risk of being evaded by a sophisticated attacker and without compromising privacy of users.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"143 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127288897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514166
Milica Stojmenovic, R. Biddle
Online security involves user decision-making, so it is important to support users in this process. One important decision users face involves website identity, in order to avoid fraudulent sites. Sophisticated fraudulent sites avoid detection by using familiar names and replicated appearance, and they are active too briefly for safe browsing services to be effective. In these circumstances, website certificate identity information can help users detect fraudulent cites. In this paper we report on two studies to assess how well users are supported in this process by the Google Chrome browser. We first worked with usability evaluators and then conducted a study with real users. 70% of participants chose a fraudulent website before a 5min tutorial. After it, 100% correctly identified the proper website. With a little support, users were able to understand and apply certificate information. We suggest that a little better design, and some brief education, would benefit users.
{"title":"Hide-and-Seek with Website Identity Information","authors":"Milica Stojmenovic, R. Biddle","doi":"10.1109/PST.2018.8514166","DOIUrl":"https://doi.org/10.1109/PST.2018.8514166","url":null,"abstract":"Online security involves user decision-making, so it is important to support users in this process. One important decision users face involves website identity, in order to avoid fraudulent sites. Sophisticated fraudulent sites avoid detection by using familiar names and replicated appearance, and they are active too briefly for safe browsing services to be effective. In these circumstances, website certificate identity information can help users detect fraudulent cites. In this paper we report on two studies to assess how well users are supported in this process by the Google Chrome browser. We first worked with usability evaluators and then conducted a study with real users. 70% of participants chose a fraudulent website before a 5min tutorial. After it, 100% correctly identified the proper website. With a little support, users were able to understand and apply certificate information. We suggest that a little better design, and some brief education, would benefit users.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131044977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/PST.2018.8514197
Rafiullah Khan, K. Mclaughlin, John Hastings, D. Laverty, S. Sezer
Synchrophasor technology is used for real-time control and monitoring in smart grid. Previous works in literature identified critical vulnerabilities in IEEE C37.118.2 synchrophasor communication standard. To protect synchrophasor-based systems, stealthy cyber-attacks and effective defense mechanisms still need to be investigated.This paper investigates how an attacker can develop a custom tool to execute stealthy man-in-the-middle attacks against synchrophasor devices. In particular, four different types of attack capabilities have been demonstrated in a real synchrophasorbased synchronous islanding testbed in laboratory: (i) command injection attack, (ii) packet drop attack, (iii) replay attack and (iv) stealthy data manipulation attack. With deep technical understanding of the attack capabilities and potential physical impacts, this paper also develops and tests a distributed Intrusion Detection System (IDS) following NIST recommendations. The functionalities of the proposed IDS have been validated in the testbed for detecting aforementioned cyber-attacks. The paper identified that a distributed IDS with decentralized decision making capability and the ability to learn system behavior could effectively detect stealthy malicious activities and improve synchrophasor network security.
{"title":"Demonstrating Cyber-Physical Attacks and Defense for Synchrophasor Technology in Smart Grid","authors":"Rafiullah Khan, K. Mclaughlin, John Hastings, D. Laverty, S. Sezer","doi":"10.1109/PST.2018.8514197","DOIUrl":"https://doi.org/10.1109/PST.2018.8514197","url":null,"abstract":"Synchrophasor technology is used for real-time control and monitoring in smart grid. Previous works in literature identified critical vulnerabilities in IEEE C37.118.2 synchrophasor communication standard. To protect synchrophasor-based systems, stealthy cyber-attacks and effective defense mechanisms still need to be investigated.This paper investigates how an attacker can develop a custom tool to execute stealthy man-in-the-middle attacks against synchrophasor devices. In particular, four different types of attack capabilities have been demonstrated in a real synchrophasorbased synchronous islanding testbed in laboratory: (i) command injection attack, (ii) packet drop attack, (iii) replay attack and (iv) stealthy data manipulation attack. With deep technical understanding of the attack capabilities and potential physical impacts, this paper also develops and tests a distributed Intrusion Detection System (IDS) following NIST recommendations. The functionalities of the proposed IDS have been validated in the testbed for detecting aforementioned cyber-attacks. The paper identified that a distributed IDS with decentralized decision making capability and the ability to learn system behavior could effectively detect stealthy malicious activities and improve synchrophasor network security.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127666972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: