Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108931
K. Lounis, Mohammad Zulkernine
BLE (Bluetooth Low Energy) is being heavily deployed in many devices and IoT (Internet of Things) smart applications of various fields, such as medical, home automation, transportation and agriculture. It has transformed the classic Bluetooth into a technology that can be embedded into resource constrained devices running on a cell coin battery for months or years. Most BLE devices that are sold in the market use the Just Works pairing mode to establish a connection with peer devices. This mode is so lightweight that it leaves the implementation of security to application developers and device manufacturers. Unfortunately, as the market does not want to pay for security, a number of vulnerable smart devices are strolling around in the market. In this paper, we discuss how Bluetooth devices that use the Just Works pairing mode can be exploited to become nonoperational. We conduct a case study on three different Bluetooth smart devices. We show how these devices can be attacked and abused to not work properly. We also present a vulnerability that is due to the behavior of BLE smart devices and the Just Works pairing mode. This vulnerability can be exploited to generate an attack that affects BLE availability. We propose a solution to mitigate the attack.
{"title":"Bluetooth Low Energy Makes “Just Works” Not Work","authors":"K. Lounis, Mohammad Zulkernine","doi":"10.1109/CSNet47905.2019.9108931","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108931","url":null,"abstract":"BLE (Bluetooth Low Energy) is being heavily deployed in many devices and IoT (Internet of Things) smart applications of various fields, such as medical, home automation, transportation and agriculture. It has transformed the classic Bluetooth into a technology that can be embedded into resource constrained devices running on a cell coin battery for months or years. Most BLE devices that are sold in the market use the Just Works pairing mode to establish a connection with peer devices. This mode is so lightweight that it leaves the implementation of security to application developers and device manufacturers. Unfortunately, as the market does not want to pay for security, a number of vulnerable smart devices are strolling around in the market. In this paper, we discuss how Bluetooth devices that use the Just Works pairing mode can be exploited to become nonoperational. We conduct a case study on three different Bluetooth smart devices. We show how these devices can be attacked and abused to not work properly. We also present a vulnerability that is due to the behavior of BLE smart devices and the Just Works pairing mode. This vulnerability can be exploited to generate an attack that affects BLE availability. We propose a solution to mitigate the attack.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114327983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108976
A. Benzekri, R. Laborde, Arnaud Oglaza, Darine Rammal, F. Barrère
Situation awareness consists of "the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future". Being aware of the security situation is then mandatory to launch proper security reactions in response to cybersecurity attacks. Security Incident and Event Management solutions are deployed within Security Operation Centers. Some vendors propose machine learning based approaches to detect intrusions by analysing networks behaviours. But cyberattacks like Wannacry and NotPetya, which shut down hundreds of thousands of computers, demonstrated that networks monitoring and surveillance solutions remain insufficient. Detecting these complex attacks (a.k.a. Advanced Persistent Threats) requires security administrators to retain a large number of logs just in case problems are detected and involve the investigation of past security events. This approach generates massive data that have to be analysed at the right time in order to detect any accidental or caused incident. In the same time, security administrators are not yet seasoned to such a task and lack the desired skills in data science. As a consequence, a large amount of data is available and still remains unexplored which leaves number of indicators of compromise under the radar. Building on the concept of situation awareness, we developed a situation-driven framework, called dynSMAUG, for dynamic security management. This approach simplifies the security management of dynamic systems and allows the specification of security policies at a high-level of abstraction (close to security requirements). This invited paper aims at exposing real security situations elicitation, coming from networks security experts, and showing the results of exploratory analysis techniques using complex event processing techniques to identify and extract security situations from a large volume of logs. The results contributed to the extension of the dynSMAUG solution.
{"title":"Dynamic security management driven by situations: An exploratory analysis of logs for the identification of security situations","authors":"A. Benzekri, R. Laborde, Arnaud Oglaza, Darine Rammal, F. Barrère","doi":"10.1109/CSNet47905.2019.9108976","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108976","url":null,"abstract":"Situation awareness consists of \"the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future\". Being aware of the security situation is then mandatory to launch proper security reactions in response to cybersecurity attacks. Security Incident and Event Management solutions are deployed within Security Operation Centers. Some vendors propose machine learning based approaches to detect intrusions by analysing networks behaviours. But cyberattacks like Wannacry and NotPetya, which shut down hundreds of thousands of computers, demonstrated that networks monitoring and surveillance solutions remain insufficient. Detecting these complex attacks (a.k.a. Advanced Persistent Threats) requires security administrators to retain a large number of logs just in case problems are detected and involve the investigation of past security events. This approach generates massive data that have to be analysed at the right time in order to detect any accidental or caused incident. In the same time, security administrators are not yet seasoned to such a task and lack the desired skills in data science. As a consequence, a large amount of data is available and still remains unexplored which leaves number of indicators of compromise under the radar. Building on the concept of situation awareness, we developed a situation-driven framework, called dynSMAUG, for dynamic security management. This approach simplifies the security management of dynamic systems and allows the specification of security policies at a high-level of abstraction (close to security requirements). This invited paper aims at exposing real security situations elicitation, coming from networks security experts, and showing the results of exploratory analysis techniques using complex event processing techniques to identify and extract security situations from a large volume of logs. The results contributed to the extension of the dynSMAUG solution.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124411964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108845
Jorge Merchan-Lima, Fabian Astudillo-Salinas, Luis Tello-Oquendo, Franklin L. Sanchez, Gabriel López, D. Quiroz
An overview of academic articles focused on information security management (ISM) in higher education institutions (HEIs) is presented. For this purpose, an empirical study was carried out. The articles found were then analyzed following a methodological procedure consisted of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. As a result, a set of information security management frameworks (ISMF) for HEIs were identified. They are based on standards such as ISO 27000, COBIT, ITIL, NIST and EDUCAUSE.
{"title":"Information Security Management Frameworks in Higher Education Institutions: An Overview","authors":"Jorge Merchan-Lima, Fabian Astudillo-Salinas, Luis Tello-Oquendo, Franklin L. Sanchez, Gabriel López, D. Quiroz","doi":"10.1109/CSNet47905.2019.9108845","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108845","url":null,"abstract":"An overview of academic articles focused on information security management (ISM) in higher education institutions (HEIs) is presented. For this purpose, an empirical study was carried out. The articles found were then analyzed following a methodological procedure consisted of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. As a result, a set of information security management frameworks (ISMF) for HEIs were identified. They are based on standards such as ISO 27000, COBIT, ITIL, NIST and EDUCAUSE.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122612891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108933
Victor Pasknel de Alencar Ribeiro, R. H. Filho, A. Ramos
The Internet of Things (IoT) paradigm aims to bring continuous interaction between small embedded devices and humans. The IoT has the potential to affect our daily lives and bring many benefits to society. Low-Power Wide-Area Networks (LPWAN) is a new IoT technology that offers long distance connectivity for a massive number of devices. LPWAN is a promising solution to enable complex IoT scenarios, such as smart cities and smart healthcare. LoRa is currently one of the leading LPWAN solutions available for public use. Due to the great number of connected devices and, in some cases, sensitive data transmitted in IoT networks, security is one of the main concerns in LPWAN. In this paper, we focus on the issues of key management in LoRaWAN. We propose a secure architecture for key management based on private blockchain and smart contracts in order to increase the levels of security and availability in LoRaWAN environments. In order to show the feasibility of the proposed architecture, a working prototype was implemented using open-source tools and commodity hardware.
{"title":"A Secure and Fault-Tolerant Architecture for LoRaWAN Based on Blockchain","authors":"Victor Pasknel de Alencar Ribeiro, R. H. Filho, A. Ramos","doi":"10.1109/CSNet47905.2019.9108933","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108933","url":null,"abstract":"The Internet of Things (IoT) paradigm aims to bring continuous interaction between small embedded devices and humans. The IoT has the potential to affect our daily lives and bring many benefits to society. Low-Power Wide-Area Networks (LPWAN) is a new IoT technology that offers long distance connectivity for a massive number of devices. LPWAN is a promising solution to enable complex IoT scenarios, such as smart cities and smart healthcare. LoRa is currently one of the leading LPWAN solutions available for public use. Due to the great number of connected devices and, in some cases, sensitive data transmitted in IoT networks, security is one of the main concerns in LPWAN. In this paper, we focus on the issues of key management in LoRaWAN. We propose a secure architecture for key management based on private blockchain and smart contracts in order to increase the levels of security and availability in LoRaWAN environments. In order to show the feasibility of the proposed architecture, a working prototype was implemented using open-source tools and commodity hardware.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"110 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128733363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108965
Germán E. Rodríguez, Jenny G. Torres, Pamela Flores, Eduardo Benavides, Daniel Nuñez-Agurto
QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.
{"title":"XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities","authors":"Germán E. Rodríguez, Jenny G. Torres, Pamela Flores, Eduardo Benavides, Daniel Nuñez-Agurto","doi":"10.1109/CSNet47905.2019.9108965","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108965","url":null,"abstract":"QR codes are the means to offer more direct and instant access to information. However, QR codes have shown their deficiency, being a very powerful attack vector, for example, to execute phishing attacks. In this study, we have proposed a solution that allows controlling access to the information offered by QR codes. Through a scanner designed in APP Inventor which has been called XSStudent, a system has been built that analyzes the URLs obtained and compares them with a previously trained system. This study was executed by means of a controlled attack to the users of the university who through a flyer with a QR code and a fictional link accessed an infected page with JavaScript code that allowed a successful cross-site scripting attack. The results indicate that 100% of the users are vulnerable to this type of attacks, so also, with our proposal, an attack executed in the universities using the Beef software would be totally blocked.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129866700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108975
Mohammed S. Alshehri, B. Panda
People have used cloud computing approach to store their data remotely. As auspicious as this approach is, it brings forth many challenges: from data security to time latency issues with data computation as well as delivery to end users. Fog computing has emerged as an extension for cloud computing to bring data processing and storage close to end-users; however, it minimizes the time latency issue but still suffers from data security challenges. For instance, when a fog node providing services to end users is compromised, the users’ data security can be violated. Thus, this paper proposes a secure and fine-grained data access control scheme by integrating the Ciphertext Policy Attribute-Based Encryption (CP-ABE) algorithm and blockchain concept to prevent fog nodes from violating end users’ data security in a situation where a compromised fog node is being ousted. We also classify the fog nodes into fog federations, based on their attributes such as services and locations, to minimize the time latency and communication overhead between fog nodes and cloud server. Further, the exploitation and integration of the blockchain concept and the CP-ABE algorithm enables fog nodes in the same fog federation to perform the authorization process in a distributed manner. In addition, to solve time latency and communication overhead problems, we equip every fog node with an off-chain database to store most frequently accessed data files for specific time, and with an on-chain access control policies table (On-chain Files Tracking Table) which must be protected from being tampered by malicious (rogue) fog nodes. Therefore, blockchain plays a vital role here as it is tamper-proof by nature. We demonstrate our scheme’s efficiency and feasibility by designing algorithms and conducting a security analysis. The provided analysis shows that the proposed scheme is efficient and feasible in ousting malicious (rogue) fog nodes.
{"title":"A Blockchain-Encryption-Based Approach to Protect Fog Federations from Rogue Nodes","authors":"Mohammed S. Alshehri, B. Panda","doi":"10.1109/CSNet47905.2019.9108975","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108975","url":null,"abstract":"People have used cloud computing approach to store their data remotely. As auspicious as this approach is, it brings forth many challenges: from data security to time latency issues with data computation as well as delivery to end users. Fog computing has emerged as an extension for cloud computing to bring data processing and storage close to end-users; however, it minimizes the time latency issue but still suffers from data security challenges. For instance, when a fog node providing services to end users is compromised, the users’ data security can be violated. Thus, this paper proposes a secure and fine-grained data access control scheme by integrating the Ciphertext Policy Attribute-Based Encryption (CP-ABE) algorithm and blockchain concept to prevent fog nodes from violating end users’ data security in a situation where a compromised fog node is being ousted. We also classify the fog nodes into fog federations, based on their attributes such as services and locations, to minimize the time latency and communication overhead between fog nodes and cloud server. Further, the exploitation and integration of the blockchain concept and the CP-ABE algorithm enables fog nodes in the same fog federation to perform the authorization process in a distributed manner. In addition, to solve time latency and communication overhead problems, we equip every fog node with an off-chain database to store most frequently accessed data files for specific time, and with an on-chain access control policies table (On-chain Files Tracking Table) which must be protected from being tampered by malicious (rogue) fog nodes. Therefore, blockchain plays a vital role here as it is tamper-proof by nature. We demonstrate our scheme’s efficiency and feasibility by designing algorithms and conducting a security analysis. The provided analysis shows that the proposed scheme is efficient and feasible in ousting malicious (rogue) fog nodes.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115630287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108952
Maria Alejandra Osorio Angarita, E. Izquierdo, A. M. Cañadas
In this paper, we introduce an algorithm to generate emerging images which can be used to implement Human Interaction Proofs (HIPs) based on this kind of images. In a general setting we propose the design of proofs easy to solve by human beings but hard to solve by computer algorithms. These tests are able to tell apart human from bots (or robots) in order to protect online environments (as social networks, wikis, ticket sellers, free-email providers, etc) from different kind of security threats.Our proposal uses tools and techniques arising from TDA (point clouds, simplicial complexes and spatial triangulation among others), in order to create shapes which can be identified by humans as recognizable images hard to detect by machines.
{"title":"Human Interaction Proofs (HIPs) based on Emerging Images and Topological Data Analysis (TDA) Techniques","authors":"Maria Alejandra Osorio Angarita, E. Izquierdo, A. M. Cañadas","doi":"10.1109/CSNet47905.2019.9108952","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108952","url":null,"abstract":"In this paper, we introduce an algorithm to generate emerging images which can be used to implement Human Interaction Proofs (HIPs) based on this kind of images. In a general setting we propose the design of proofs easy to solve by human beings but hard to solve by computer algorithms. These tests are able to tell apart human from bots (or robots) in order to protect online environments (as social networks, wikis, ticket sellers, free-email providers, etc) from different kind of security threats.Our proposal uses tools and techniques arising from TDA (point clouds, simplicial complexes and spatial triangulation among others), in order to create shapes which can be identified by humans as recognizable images hard to detect by machines.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116361610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.1109/CSNet47905.2019.9108958
Achraf Fayad, Badis Hammi, R. Khatoun, A. Serhrouchni
Internet of Things (IoT) systems are almost a part of our daily lives. The security of this new paradigm had always faced many challenge in order to insure user privacy and authentication. These security issues are still far from being solved by the classical centralized architectures which reaches their limits in terms of scalability especially when thousands or tens of thousands of IoT devices are connected in the same network. To remedy this architectural issue, we rely on blockchains in order to propose a simple and lightweight blockchain-based authentication solution for IoT systems. We provided a real implementation of our proposed scheme relying on Ethereum blockchain and using different devices in order to confirm its feasibility and evaluate its initial performances. The results obtained confirm its suitability to such environments.
{"title":"A Blockchain-based Lightweight Authentication Solution for IoT","authors":"Achraf Fayad, Badis Hammi, R. Khatoun, A. Serhrouchni","doi":"10.1109/CSNet47905.2019.9108958","DOIUrl":"https://doi.org/10.1109/CSNet47905.2019.9108958","url":null,"abstract":"Internet of Things (IoT) systems are almost a part of our daily lives. The security of this new paradigm had always faced many challenge in order to insure user privacy and authentication. These security issues are still far from being solved by the classical centralized architectures which reaches their limits in terms of scalability especially when thousands or tens of thousands of IoT devices are connected in the same network. To remedy this architectural issue, we rely on blockchains in order to propose a simple and lightweight blockchain-based authentication solution for IoT systems. We provided a real implementation of our proposed scheme relying on Ethereum blockchain and using different devices in order to confirm its feasibility and evaluate its initial performances. The results obtained confirm its suitability to such environments.","PeriodicalId":350566,"journal":{"name":"2019 3rd Cyber Security in Networking Conference (CSNet)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130110233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: