Stefano Bistarelli, Emanuele Bosimini, Francesco Santini
We present LOGistICS, a monitoring-framework with the aim to study the security of industrial PLC systems. The architecture encompasses different processing components and probes, with different tasks. In particular, this paper focuses on the description of a new medium-interaction honeypot attracting Modbus and S7comm traffic. With respect to related open-projects (e.g. Conpot), our proposal is highly extensible, configurable, and it allows for interacting more with an attacker while remaining less detectable. With LOGistICS the main objective is to study the behaviour of hosts that are interested in attacking industrial services.
{"title":"A Medium-Interaction Emulation and Monitoring System for Operational Technology","authors":"Stefano Bistarelli, Emanuele Bosimini, Francesco Santini","doi":"10.1145/3465481.3470100","DOIUrl":"https://doi.org/10.1145/3465481.3470100","url":null,"abstract":"We present LOGistICS, a monitoring-framework with the aim to study the security of industrial PLC systems. The architecture encompasses different processing components and probes, with different tasks. In particular, this paper focuses on the description of a new medium-interaction honeypot attracting Modbus and S7comm traffic. With respect to related open-projects (e.g. Conpot), our proposal is highly extensible, configurable, and it allows for interacting more with an attacker while remaining less detectable. With LOGistICS the main objective is to study the behaviour of hosts that are interested in attacking industrial services.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126544201","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To date, ideal functionalities securely realized with secure multi-party computation (SMPC) mainly considers functions of the private input of a fixed number of a priori known parties. In this paper, we generalize these definitions such that protocols implementing online algorithms in a distributed fashion can be proven to be privacy-preserving. Online algorithms compute online functionalities that allow parties to join and leave over time, to provide multiple inputs and to obtain multiple outputs. In particular, the set of parties participating changes over time, i. e., at different points in time different sets of parties evaluate a function over their private inputs. To this end, we propose the notion of an online trusted third party that allows to prove the security of SMPC protocols implementing online functionalities or online algorithms, respectively. We show that any online functionality can be implemented perfectly secure in the presence of a semi-honest adversary, if strictly less than 1/2 of the parties participating are corrupted. We show that the same result holds in the presence of a malicious adversary if it corrupts strictly less than 1/3 of the parties and always allows the corrupted parties to arrive.
{"title":"Towards Secure Evaluation of Online Functionalities","authors":"Andreas Klinger, Ulrike Meyer","doi":"10.1145/3465481.3469203","DOIUrl":"https://doi.org/10.1145/3465481.3469203","url":null,"abstract":"To date, ideal functionalities securely realized with secure multi-party computation (SMPC) mainly considers functions of the private input of a fixed number of a priori known parties. In this paper, we generalize these definitions such that protocols implementing online algorithms in a distributed fashion can be proven to be privacy-preserving. Online algorithms compute online functionalities that allow parties to join and leave over time, to provide multiple inputs and to obtain multiple outputs. In particular, the set of parties participating changes over time, i. e., at different points in time different sets of parties evaluate a function over their private inputs. To this end, we propose the notion of an online trusted third party that allows to prove the security of SMPC protocols implementing online functionalities or online algorithms, respectively. We show that any online functionality can be implemented perfectly secure in the presence of a semi-honest adversary, if strictly less than 1/2 of the parties participating are corrupted. We show that the same result holds in the presence of a malicious adversary if it corrupts strictly less than 1/3 of the parties and always allows the corrupted parties to arrive.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121321562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alexander Hartl, J. Fabini, Christoph Roschger, Peter Eder-Neuhauser, Marco Petrovic, Roman Tobler, T. Zseby
In highly security-critical network environments, it is a popular design decision to offload cryptographic tasks like encryption or signature generation to a dedicated trusted module or key server with paramount security features, we in this paper refer to with the general term Cryptographic Key Management Device (CKMD). While this network design yields several benefits, we demonstrate that the use of popular counter mode encryption modes like CTR or GCM can show substantial shortcomings in terms of security when used in conjunction with this network design. In particular, we show how the use of authenticated encryption using GCM enables the possibility of establishing a subliminal channel by exploiting the authentication information within messages. We show how decoding of hidden information can proceed in addition to decryption of overt information without raising authentication failures. With an exemplary but typical infrastructure, we show how the subliminal channel might be exploited and discuss approaches to mitigating the threat by preventing the ability to embed hidden information. In contrast to previous work, we conclude that, when using an infrastructure involving a CKMD and GCM is deployed, the use of random, CKMD-generated Initialization Vectors (IVs) is beneficial to avoid the subliminal channel described in this paper. However, the most potent remedy is deploying a different operational mode like GCM-SIV.
{"title":"Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures","authors":"Alexander Hartl, J. Fabini, Christoph Roschger, Peter Eder-Neuhauser, Marco Petrovic, Roman Tobler, T. Zseby","doi":"10.1145/3465481.3470082","DOIUrl":"https://doi.org/10.1145/3465481.3470082","url":null,"abstract":"In highly security-critical network environments, it is a popular design decision to offload cryptographic tasks like encryption or signature generation to a dedicated trusted module or key server with paramount security features, we in this paper refer to with the general term Cryptographic Key Management Device (CKMD). While this network design yields several benefits, we demonstrate that the use of popular counter mode encryption modes like CTR or GCM can show substantial shortcomings in terms of security when used in conjunction with this network design. In particular, we show how the use of authenticated encryption using GCM enables the possibility of establishing a subliminal channel by exploiting the authentication information within messages. We show how decoding of hidden information can proceed in addition to decryption of overt information without raising authentication failures. With an exemplary but typical infrastructure, we show how the subliminal channel might be exploited and discuss approaches to mitigating the threat by preventing the ability to embed hidden information. In contrast to previous work, we conclude that, when using an infrastructure involving a CKMD and GCM is deployed, the use of random, CKMD-generated Initialization Vectors (IVs) is beneficial to avoid the subliminal channel described in this paper. However, the most potent remedy is deploying a different operational mode like GCM-SIV.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125235857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rosangela Casolare, Giovanni Ciaramella, F. Martinelli, F. Mercaldo, A. Santone
Mobile malware is growing in number and its complexity is constantly increasing. Malware authors are continuously looking new ways to elude anti-malware controls. Anti-malware are not able to detect zero-day malware, because to detect malicious behaviour they need to know its signature, but to have this information the malware must already be widespread. Furthermore, anti-malware are able to scan one application at a time: for this reason a type of malware characterized by the colluding attack, where the malicious action is split in two (or more) applications, can not be recognised. To demonstrate the ineffectiveness of current anti-malware mechanisms in recognizing colluding attacks, in this paper we propose SteælErgon, a framework aimed to inject a malicious payload in two or more different Android applications. Clearly the malicious payload will be executed once all the applications composing the collusive attacks are installed into the infected device. In detail, SteælErgon is able to inject a collusive malicious payload attacking the external storage, allowing the attacker to catch sensitive and private information stored into the infected device. We perform an experimental analysis by submitting the generated colluding application to different 79 anti-malware, by showing that current detection mechanism are not able to detect this kind of threat. To boost research in focusing the attention in colluding attacks we freely release SteælErgon, is available for research purposes at the following url: https://github.com/vigimella/StealErgon.
{"title":"SteælErgon: A Framework for Injecting Colluding Malicious Payload in Android Applications","authors":"Rosangela Casolare, Giovanni Ciaramella, F. Martinelli, F. Mercaldo, A. Santone","doi":"10.1145/3465481.3470077","DOIUrl":"https://doi.org/10.1145/3465481.3470077","url":null,"abstract":"Mobile malware is growing in number and its complexity is constantly increasing. Malware authors are continuously looking new ways to elude anti-malware controls. Anti-malware are not able to detect zero-day malware, because to detect malicious behaviour they need to know its signature, but to have this information the malware must already be widespread. Furthermore, anti-malware are able to scan one application at a time: for this reason a type of malware characterized by the colluding attack, where the malicious action is split in two (or more) applications, can not be recognised. To demonstrate the ineffectiveness of current anti-malware mechanisms in recognizing colluding attacks, in this paper we propose SteælErgon, a framework aimed to inject a malicious payload in two or more different Android applications. Clearly the malicious payload will be executed once all the applications composing the collusive attacks are installed into the infected device. In detail, SteælErgon is able to inject a collusive malicious payload attacking the external storage, allowing the attacker to catch sensitive and private information stored into the infected device. We perform an experimental analysis by submitting the generated colluding application to different 79 anti-malware, by showing that current detection mechanism are not able to detect this kind of threat. To boost research in focusing the attention in colluding attacks we freely release SteælErgon, is available for research purposes at the following url: https://github.com/vigimella/StealErgon.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122487810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rupa Chiramdasu, Gautam Srivastava, S. Bhattacharya, Praveen Kumar Reddy Maddikunta, T. Gadekallu
Malicious websites predominantly promote the growth of criminal activities over the Internet restraining the development of web services. Furthermore, we see different types of devices being equipped with WiFi capabilities, that allow web traffic to pass through the device’s data systems with ease. The proposed framework in the present study analyzes the Uniform Resource Locator (URL) through which malicious users can gain access to the content of the websites. It thus eliminates issues of run-time latency and possibilities of users being subjected to browser oriented vulnerabilities. The primary objective of this paper is to detect malicious links on the web using a machine learning classification technique that would help users defend against cyber-crime attacks and related threats of the real world. This may be helpful in the newly expanding Intelligent Infrastructures, where we see more data availability almost daily. The embedding of malicious URLs is a predominant web threat faced by the Internet community in the present day and age. Attackers falsely claim of being a trustworthy entity and lure users to click on compromised links to extract confidential information, victimizing them towards identity theft. The present work explores the various ways of detecting malicious links from the host-based and lexical features of the URL in order to protect users from being subjected to identity theft attacks.
{"title":"A Machine Learning Driven Threat Intelligence System for Malicious URL Detection","authors":"Rupa Chiramdasu, Gautam Srivastava, S. Bhattacharya, Praveen Kumar Reddy Maddikunta, T. Gadekallu","doi":"10.1145/3465481.3470029","DOIUrl":"https://doi.org/10.1145/3465481.3470029","url":null,"abstract":"Malicious websites predominantly promote the growth of criminal activities over the Internet restraining the development of web services. Furthermore, we see different types of devices being equipped with WiFi capabilities, that allow web traffic to pass through the device’s data systems with ease. The proposed framework in the present study analyzes the Uniform Resource Locator (URL) through which malicious users can gain access to the content of the websites. It thus eliminates issues of run-time latency and possibilities of users being subjected to browser oriented vulnerabilities. The primary objective of this paper is to detect malicious links on the web using a machine learning classification technique that would help users defend against cyber-crime attacks and related threats of the real world. This may be helpful in the newly expanding Intelligent Infrastructures, where we see more data availability almost daily. The embedding of malicious URLs is a predominant web threat faced by the Internet community in the present day and age. Attackers falsely claim of being a trustworthy entity and lure users to click on compromised links to extract confidential information, victimizing them towards identity theft. The present work explores the various ways of detecting malicious links from the host-based and lexical features of the URL in order to protect users from being subjected to identity theft attacks.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131565469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
On embedded systems, Trusted Computing schemes can be used to detect manipulations of firmware. It is however not possible to detect a wide range of hardware manipulations such as passive listeners, active signal manipulations and circuit modifications. This work extends the Trusted Computing approach of detection through integrity measurement to the analog domain. It examines the step response of a circuit for its suitability as a component’s fingerprint. These fingerprints are combined with statistical comparison methods such as the Manhattan Distance or the Root Mean Square Error in order to provide a reliable fingerprint verification scheme. The fingerprinting and verification techniques are then combined with a remote attestation protocol based on the Device Identifier Composition Engine to yield a remote attestation scheme that covers both a device’s firmware and its peripheral hardware. This scheme is implemented and evaluated on a resource-constrained MCU in order to demonstrate its feasibility for embedded systems.
{"title":"Remote Attestation Extended to the Analog Domain","authors":"Lukas Jäger, Dominik Lorych","doi":"10.1145/3465481.3465762","DOIUrl":"https://doi.org/10.1145/3465481.3465762","url":null,"abstract":"On embedded systems, Trusted Computing schemes can be used to detect manipulations of firmware. It is however not possible to detect a wide range of hardware manipulations such as passive listeners, active signal manipulations and circuit modifications. This work extends the Trusted Computing approach of detection through integrity measurement to the analog domain. It examines the step response of a circuit for its suitability as a component’s fingerprint. These fingerprints are combined with statistical comparison methods such as the Manhattan Distance or the Root Mean Square Error in order to provide a reliable fingerprint verification scheme. The fingerprinting and verification techniques are then combined with a remote attestation protocol based on the Device Identifier Composition Engine to yield a remote attestation scheme that covers both a device’s firmware and its peripheral hardware. This scheme is implemented and evaluated on a resource-constrained MCU in order to demonstrate its feasibility for embedded systems.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133208762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
George Pantelis, Petros Petrou, Sophia Karagiorgou, D. Alexandrou
During the last decades, Dark Web content has risen in necessity in an increasingly connected world, where international anonymous networks provide access to data marketplaces and illicit multimedia material through the TOR or I2P networks. The motivation behind this paper is to gauge the current state and growth of the Dark Web in relation to the role it plays with special focus on Small and Medium-sized Enterprises (SMEs and MEs). More specifically, we devise Machine Learning and specialised Information Retrieval techniques to extract insights and investigate how the Dark Web enables cybercrime, maintains marketplaces with breached enterprise data collections and pawned email accounts. The research questions that we address concern: a) the role that the Dark Web plays for SMEs, MEs, and society in general; b) the criticality of cybercriminal activities and operations in the Dark Web exploiting threat taxonomies and scoring schemes; and c) the maturity and efficiency of technical tools and methods to curb illegal activities on the Dark Web through raising awareness via efficient text analytics, visual reporting and alerting mechanisms.
{"title":"On Strengthening SMEs and MEs Threat Intelligence and Awareness by Identifying Data Breaches, Stolen Credentials and Illegal Activities on the Dark Web","authors":"George Pantelis, Petros Petrou, Sophia Karagiorgou, D. Alexandrou","doi":"10.1145/3465481.3469201","DOIUrl":"https://doi.org/10.1145/3465481.3469201","url":null,"abstract":"During the last decades, Dark Web content has risen in necessity in an increasingly connected world, where international anonymous networks provide access to data marketplaces and illicit multimedia material through the TOR or I2P networks. The motivation behind this paper is to gauge the current state and growth of the Dark Web in relation to the role it plays with special focus on Small and Medium-sized Enterprises (SMEs and MEs). More specifically, we devise Machine Learning and specialised Information Retrieval techniques to extract insights and investigate how the Dark Web enables cybercrime, maintains marketplaces with breached enterprise data collections and pawned email accounts. The research questions that we address concern: a) the role that the Dark Web plays for SMEs, MEs, and society in general; b) the criticality of cybercriminal activities and operations in the Dark Web exploiting threat taxonomies and scoring schemes; and c) the maturity and efficiency of technical tools and methods to curb illegal activities on the Dark Web through raising awareness via efficient text analytics, visual reporting and alerting mechanisms.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133069356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The growth of the internet has significantly increased data breaches (i.e. privacy breaches) in software systems. It could be argued that software developers failed to implement privacy into software systems with the appropriate privacy guidelines or laws such as the General Data Protection Regulation (GDPR). GDPR has a set of guidelines that enables software developers to implement privacy into software systems. Nevertheless, these guidelines have been developed with lawyers in mind, rather than software developers. This could hinder developers from putting GDPR into practice and eventually lead to data breaches through the systems they develop. On the other hand, software developers also need help (e.g. tooling support or educational interventions). Therefore, this paper proposes a game design framework, as an educational intervention, to teach software developers to implement privacy-preserving software systems taking GDPR on-board. The proposed framework focuses on improving developers’ security coding behavior through their motivation. It also ensures software developers can put GDPR into practice when developing privacy-preserving software systems.
{"title":"A Serious Game Design Framework for Software Developers to Put GDPR into Practice","authors":"Abdulrahman Alhazmi, N. Arachchilage","doi":"10.1145/3465481.3470031","DOIUrl":"https://doi.org/10.1145/3465481.3470031","url":null,"abstract":"The growth of the internet has significantly increased data breaches (i.e. privacy breaches) in software systems. It could be argued that software developers failed to implement privacy into software systems with the appropriate privacy guidelines or laws such as the General Data Protection Regulation (GDPR). GDPR has a set of guidelines that enables software developers to implement privacy into software systems. Nevertheless, these guidelines have been developed with lawyers in mind, rather than software developers. This could hinder developers from putting GDPR into practice and eventually lead to data breaches through the systems they develop. On the other hand, software developers also need help (e.g. tooling support or educational interventions). Therefore, this paper proposes a game design framework, as an educational intervention, to teach software developers to implement privacy-preserving software systems taking GDPR on-board. The proposed framework focuses on improving developers’ security coding behavior through their motivation. It also ensures software developers can put GDPR into practice when developing privacy-preserving software systems.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133363985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays, Internet of Things (IoT) devices are widely used in several application scenarios. Due to their cheap structure, they often do not guarantee high security standard, making them prone to hacker attacks. Remote attestation is widely used to verify the configuration integrity on remote devices. Unfortunately, checking the integrity of each single device is impractical, thus several collective remote attestation protocols have been recently proposed to efficiently run attestations in wide device swarms. However, current solutions still have several limitations in terms of network topology, scalability, and efficiency. This paper presents a new efficient collective remote attestation protocol for highly dynamic networks. Our protocol is implemented according to the self-attestation procedure, where devices iteratively establish a common view of the integrity of the network through a consensus mechanism. Differently from previous protocols, we leverage on Bloom filters, which permits to drastically reduce the message size for communication and to be more flexible with mobile nodes that can also join or leave the swarm. We evaluate our proposal through several simulations and experiments, showing that it outperforms the state of the art.
{"title":"Bloom Filter based Collective Remote Attestation for Dynamic Networks","authors":"Salvatore Frontera, R. Lazzeretti","doi":"10.1145/3465481.3470054","DOIUrl":"https://doi.org/10.1145/3465481.3470054","url":null,"abstract":"Nowadays, Internet of Things (IoT) devices are widely used in several application scenarios. Due to their cheap structure, they often do not guarantee high security standard, making them prone to hacker attacks. Remote attestation is widely used to verify the configuration integrity on remote devices. Unfortunately, checking the integrity of each single device is impractical, thus several collective remote attestation protocols have been recently proposed to efficiently run attestations in wide device swarms. However, current solutions still have several limitations in terms of network topology, scalability, and efficiency. This paper presents a new efficient collective remote attestation protocol for highly dynamic networks. Our protocol is implemented according to the self-attestation procedure, where devices iteratively establish a common view of the integrity of the network through a consensus mechanism. Differently from previous protocols, we leverage on Bloom filters, which permits to drastically reduce the message size for communication and to be more flexible with mobile nodes that can also join or leave the swarm. We evaluate our proposal through several simulations and experiments, showing that it outperforms the state of the art.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115563604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital technology provides unique opportunities to revolutionize the healthcare ecosystem and health research. However, this comes with serious security, safety, and privacy threats. The healthcare sector has been proven unequipped and unready to face cyberattacks while its vulnerabilities are being systematically exploited by attackers. The growing need and use of medical devices and smart equipment, the complexity of operations and the incompatible systems are leaving healthcare organizations exposed to various malware, including ransomware, which result in compromised healthcare access, quality, safety and care. To fully benefit from the advantages of technology, cybersecurity issues need to be resolved. Cybersecurity measures are being suggested via a number of healthcare standards which are often contradicting and confusing, making these measures ineffective and difficult to implement. To place a solid foundation for the healthcare sector, in improving the understanding of complex cybersecurity issues, this paper explores the existing vulnerabilities in the health care critical information infrastructures which are used in cyberattacks and discusses the reasons why this sector is under attack. Furthermore, the existing security standards in healthcare are presented alongside with their implementation challenges. The paper also discusses the use of living labs as a novel way to discover how to practically implement cybersecurity measures and also provides a set of recommendations as future steps. Finally, to our knowledge this is the first paper that analyses security in the context of living labs and provides suggestions relevant to this context.
{"title":"The landscape of cybersecurity vulnerabilities and challenges in healthcare: Security standards and paradigm shift recommendations","authors":"K. Kioskli, Theo Fotis, H. Mouratidis","doi":"10.1145/3465481.3470033","DOIUrl":"https://doi.org/10.1145/3465481.3470033","url":null,"abstract":"Digital technology provides unique opportunities to revolutionize the healthcare ecosystem and health research. However, this comes with serious security, safety, and privacy threats. The healthcare sector has been proven unequipped and unready to face cyberattacks while its vulnerabilities are being systematically exploited by attackers. The growing need and use of medical devices and smart equipment, the complexity of operations and the incompatible systems are leaving healthcare organizations exposed to various malware, including ransomware, which result in compromised healthcare access, quality, safety and care. To fully benefit from the advantages of technology, cybersecurity issues need to be resolved. Cybersecurity measures are being suggested via a number of healthcare standards which are often contradicting and confusing, making these measures ineffective and difficult to implement. To place a solid foundation for the healthcare sector, in improving the understanding of complex cybersecurity issues, this paper explores the existing vulnerabilities in the health care critical information infrastructures which are used in cyberattacks and discusses the reasons why this sector is under attack. Furthermore, the existing security standards in healthcare are presented alongside with their implementation challenges. The paper also discusses the use of living labs as a novel way to discover how to practically implement cybersecurity measures and also provides a set of recommendations as future steps. Finally, to our knowledge this is the first paper that analyses security in the context of living labs and provides suggestions relevant to this context.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123700082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: