Zujany Salazar, H. Nguyen, Wissam Mallouli, A. Cavalli, Edgardo Montes de Oca
The fifth generation of mobile broadband is more than just an evolution to provide more mobile bandwidth, massive machine-type communications, and ultra-reliable and low-latency communications. It relies on a complex, dynamic and heterogeneous environment that implies addressing numerous testing and security challenges. In this paper we present 5Greplay, an open-source 5G network traffic fuzzer that enables the evaluation of 5G components by replaying and modifying 5G network traffic by creating and injecting network scenarios into a target that can be a 5G core service (e.g., AMF, SMF) or a RAN network (e.g., gNodeB). The tool provides the ability to alter network packets online or offline in both control and data planes in a very flexible manner. The experimental evaluation conducted against open-source based 5G platforms, showed that the target services accept traffic being altered by the tool, and that it can reach up to 9.56 Gbps using only 1 processor core to replay 5G traffic.
{"title":"5Greplay: a 5G Network Traffic Fuzzer - Application to Attack Injection","authors":"Zujany Salazar, H. Nguyen, Wissam Mallouli, A. Cavalli, Edgardo Montes de Oca","doi":"10.1145/3465481.3470079","DOIUrl":"https://doi.org/10.1145/3465481.3470079","url":null,"abstract":"The fifth generation of mobile broadband is more than just an evolution to provide more mobile bandwidth, massive machine-type communications, and ultra-reliable and low-latency communications. It relies on a complex, dynamic and heterogeneous environment that implies addressing numerous testing and security challenges. In this paper we present 5Greplay, an open-source 5G network traffic fuzzer that enables the evaluation of 5G components by replaying and modifying 5G network traffic by creating and injecting network scenarios into a target that can be a 5G core service (e.g., AMF, SMF) or a RAN network (e.g., gNodeB). The tool provides the ability to alter network packets online or offline in both control and data planes in a very flexible manner. The experimental evaluation conducted against open-source based 5G platforms, showed that the target services accept traffic being altered by the tool, and that it can reach up to 9.56 Gbps using only 1 processor core to replay 5G traffic.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"141 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127326943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Maxime Puys, Pierre-Henri Thevenon, Stéphane Mocanu
In this paper, we present a SCADA cybersecurity awareness and training program based on a Hands-On training using two twin cyber-ranges named WonderICS and G-ICS. These labs are built using a Hardware-In-the-Loop simulation system of the physical process developed by the two partners. The cyber-ranges allow replication of realistic Advanced Persistent Threat (APT) attacks and demonstration of known vulnerabilities, as they rely on real industrial control devices and softwares. In this work, we present both the demonstration scenarios used for awareness on WonderICS and the training programs developed for graduate students on G-ICS.
{"title":"Hardware-In-The-Loop Labs for SCADA Cybersecurity Awareness and Training","authors":"Maxime Puys, Pierre-Henri Thevenon, Stéphane Mocanu","doi":"10.1145/3465481.3469185","DOIUrl":"https://doi.org/10.1145/3465481.3469185","url":null,"abstract":"In this paper, we present a SCADA cybersecurity awareness and training program based on a Hands-On training using two twin cyber-ranges named WonderICS and G-ICS. These labs are built using a Hardware-In-the-Loop simulation system of the physical process developed by the two partners. The cyber-ranges allow replication of realistic Advanced Persistent Threat (APT) attacks and demonstration of known vulnerabilities, as they rely on real industrial control devices and softwares. In this work, we present both the demonstration scenarios used for awareness on WonderICS and the training programs developed for graduate students on G-ICS.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134513044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Daniela Pöhn, Sebastian Seeber, Tanja Hanauer, Jule Anna Ziegler, David Schmitz
In today’s networks, administrative access to Linux servers is commonly managed by Privileged Access Management (PAM). It is not only important to monitor these privileged accounts, but also to control segregation of duty and detect keys as well as accounts that potentially bypass PAM. Unprohibited access can become a business risk. In order to improve the security in a controlled manner, we establish IdMSecMan, a security management process tailored for identity and access management (IAM). Security management processes typically use the Deming Cycle or an adaption for continuous improvements of products, services, or processes within the network infrastructure. We adjust a security management process with visualization for IAM, which also shifts the focus from typical assets to the attacker. With the controlled cycles, the maturity of IAM is measured and can continually advance. This paper presents and applies the work in progress IdMSecMan to a motivating scenario in the field of Linux server. We evaluate our approach in a controlled test environment with first steps to roll it out in our data center. Last but not least, we discuss challenges and future work.
{"title":"Towards Improving Identity and Access Management with the IdMSecMan Process Framework","authors":"Daniela Pöhn, Sebastian Seeber, Tanja Hanauer, Jule Anna Ziegler, David Schmitz","doi":"10.1145/3465481.3470055","DOIUrl":"https://doi.org/10.1145/3465481.3470055","url":null,"abstract":"In today’s networks, administrative access to Linux servers is commonly managed by Privileged Access Management (PAM). It is not only important to monitor these privileged accounts, but also to control segregation of duty and detect keys as well as accounts that potentially bypass PAM. Unprohibited access can become a business risk. In order to improve the security in a controlled manner, we establish IdMSecMan, a security management process tailored for identity and access management (IAM). Security management processes typically use the Deming Cycle or an adaption for continuous improvements of products, services, or processes within the network infrastructure. We adjust a security management process with visualization for IAM, which also shifts the focus from typical assets to the attacker. With the controlled cycles, the maturity of IAM is measured and can continually advance. This paper presents and applies the work in progress IdMSecMan to a motivating scenario in the field of Linux server. We evaluate our approach in a controlled test environment with first steps to roll it out in our data center. Last but not least, we discuss challenges and future work.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133877586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many works on violent video classification have proposed solutions ranging from local descriptors to deep neural networks. Most approaches use the entire representation of the video as input to extract the appropriate features. However, some scenes may contain noisy and irrelevant parts that confuse the algorithm. We investigated the effectiveness of attention-based models to deal with this problem. We extended the initial implementations to work with multimodal features using the late fusion approach. We performed the experiments on three datasets with different concepts of violence: Hockey Fights, MediaEval 2015, and RWF-2000. We conducted quantitative experiments, analyzing the performance of attention-based models and comparing them with traditional methods, and qualitative, analyzing the relevance scores produced by the attention-based models. Attention-based models surpassed their traditional counterpart for all cases. Also, attention-based models have achieved better results than many more expensive approaches, highlighting the advantage of their use.
{"title":"What should we pay attention to when classifying violent videos?","authors":"Marcos Vinícius Adão Teixeira, S. Avila","doi":"10.1145/3465481.3470059","DOIUrl":"https://doi.org/10.1145/3465481.3470059","url":null,"abstract":"Many works on violent video classification have proposed solutions ranging from local descriptors to deep neural networks. Most approaches use the entire representation of the video as input to extract the appropriate features. However, some scenes may contain noisy and irrelevant parts that confuse the algorithm. We investigated the effectiveness of attention-based models to deal with this problem. We extended the initial implementations to work with multimodal features using the late fusion approach. We performed the experiments on three datasets with different concepts of violence: Hockey Fights, MediaEval 2015, and RWF-2000. We conducted quantitative experiments, analyzing the performance of attention-based models and comparing them with traditional methods, and qualitative, analyzing the relevance scores produced by the attention-based models. Attention-based models surpassed their traditional counterpart for all cases. Also, attention-based models have achieved better results than many more expensive approaches, highlighting the advantage of their use.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116615841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital transformation of many companies and government administrations, now accelerated by the pandemic, provides cybercriminals an increased opportunity of incorporating various types of information hiding techniques into the malicious software and by that perform different types of attacks. By leveraging data hiding methods, attackers can, e.g., exfiltrate confidential information, enable covert transfers between the compromised victim’s machine and an attacker-operated infrastructure, or stealthily transmit additional malicious tools. Furthermore, in the digital era, any type of digital channel can be exploited for data hiding, e.g., digital images, video or audio content, text, or network traffic. That is why it is of great importance to be acquainted with the different techniques that cybercriminals can utilize to design and introduce effective countermeasures and identify/eliminate these threats when they appear. Obfuscation is a popular technique in the software development domain which makes the code illegible and which protects the implemented algorithms and business logic from unauthorized disclosure. In this paper, we investigate whether code obfuscation can be abused for information hiding purposes. The core idea of the proposed information hiding method is to replace some randomly generated strings being a part of the introduced dead code with the encoded secret message. The performed experimental evaluation and obtained results confirm that such process can be easily adopted for data hiding, thus countermeasures need to be adjusted accordingly.
{"title":"Data Hiding Using Code Obfuscation","authors":"Paweł Rajba, W. Mazurczyk","doi":"10.1145/3465481.3470086","DOIUrl":"https://doi.org/10.1145/3465481.3470086","url":null,"abstract":"Digital transformation of many companies and government administrations, now accelerated by the pandemic, provides cybercriminals an increased opportunity of incorporating various types of information hiding techniques into the malicious software and by that perform different types of attacks. By leveraging data hiding methods, attackers can, e.g., exfiltrate confidential information, enable covert transfers between the compromised victim’s machine and an attacker-operated infrastructure, or stealthily transmit additional malicious tools. Furthermore, in the digital era, any type of digital channel can be exploited for data hiding, e.g., digital images, video or audio content, text, or network traffic. That is why it is of great importance to be acquainted with the different techniques that cybercriminals can utilize to design and introduce effective countermeasures and identify/eliminate these threats when they appear. Obfuscation is a popular technique in the software development domain which makes the code illegible and which protects the implemented algorithms and business logic from unauthorized disclosure. In this paper, we investigate whether code obfuscation can be abused for information hiding purposes. The core idea of the proposed information hiding method is to replace some randomly generated strings being a part of the introduced dead code with the encoded secret message. The performed experimental evaluation and obtained results confirm that such process can be easily adopted for data hiding, thus countermeasures need to be adjusted accordingly.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120963114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern malware increasingly exploits information hiding to remain undetected while attacking. To this aim, network covert channels, i.e., hidden communication paths established within legitimate flows, can be used to exfiltrate data or exchange commands without getting noticed by firewalls, antivirus, and intrusion detection systems. Since the secret data can be directly injected in various portions of the stream or encoded via suitable alterations of the traffic, spotting hidden communications is a challenging and poorly generalizable task. Moreover, the majority of works addressed IPv4, thus leaving the detection of covert channels targeting IPv6 almost unexplored. This paper presents bccstego, i.e., an inspection framework for computing statistical indicators to reveal covert channels targeting the IPv6 header. The proposed approach has been designed to be easily extended, for instance to search for channels not known a priori. Numerical results demonstrate the effectiveness of our first tool in the bccstego framework as well as its ability to handle high-throughput IPv6 flows without adding additional delays.
{"title":"bccstego: A Framework for Investigating Network Covert Channels","authors":"M. Repetto, L. Caviglione, M. Zuppelli","doi":"10.1145/3465481.3470028","DOIUrl":"https://doi.org/10.1145/3465481.3470028","url":null,"abstract":"Modern malware increasingly exploits information hiding to remain undetected while attacking. To this aim, network covert channels, i.e., hidden communication paths established within legitimate flows, can be used to exfiltrate data or exchange commands without getting noticed by firewalls, antivirus, and intrusion detection systems. Since the secret data can be directly injected in various portions of the stream or encoded via suitable alterations of the traffic, spotting hidden communications is a challenging and poorly generalizable task. Moreover, the majority of works addressed IPv4, thus leaving the detection of covert channels targeting IPv6 almost unexplored. This paper presents bccstego, i.e., an inspection framework for computing statistical indicators to reveal covert channels targeting the IPv6 header. The proposed approach has been designed to be easily extended, for instance to search for channels not known a priori. Numerical results demonstrate the effectiveness of our first tool in the bccstego framework as well as its ability to handle high-throughput IPv6 flows without adding additional delays.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122762885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Skias, S. Tsekeridou, T. Zahariadis, Artemis C. Voulkidis, T. Velivassaki, K. Fotiadou
Cybersecurity in the Energy sector and relevant information sharing is at the foremost of European strategy towards the digital decade targeted by the EC for the years to come. The proposed Pan-European Incidents Information Sharing Platform (I2SP) offers a cyber-shield armour to European Electrical Power and Energy Systems (EPES) enabling cooperative detection of large scale, cyber-human security and privacy incidents and attacks. Via Incidents Information Sharing Platform, early detection and appropriate mitigation, guarantees the continuity of operations and minimization of cascading effects in the infrastructure itself, the environment, the citizens and the end-users.The Incidents’ Information Sharing Platform (I2SP) constitutes the software package which enables secure Cyber-Threat Intelligence (CTI) information sharing among EPES participants, as well as with trusted nominated entities, such as Information Sharing and Analysis Centers (ISACs), Computer Security Incident Response Teams (CSIRTs) and Security Operations Centers (SOC). I2SP facilitates technical information sharing in view of a warning system and incident reporting across the EU, aligning with the pillars of the new Network Code on Cybersecurity.
{"title":"Pan-European Cybersecurity Incidents Information Sharing Platform to support NIS Directive","authors":"D. Skias, S. Tsekeridou, T. Zahariadis, Artemis C. Voulkidis, T. Velivassaki, K. Fotiadou","doi":"10.1145/3465481.3470477","DOIUrl":"https://doi.org/10.1145/3465481.3470477","url":null,"abstract":"Cybersecurity in the Energy sector and relevant information sharing is at the foremost of European strategy towards the digital decade targeted by the EC for the years to come. The proposed Pan-European Incidents Information Sharing Platform (I2SP) offers a cyber-shield armour to European Electrical Power and Energy Systems (EPES) enabling cooperative detection of large scale, cyber-human security and privacy incidents and attacks. Via Incidents Information Sharing Platform, early detection and appropriate mitigation, guarantees the continuity of operations and minimization of cascading effects in the infrastructure itself, the environment, the citizens and the end-users.The Incidents’ Information Sharing Platform (I2SP) constitutes the software package which enables secure Cyber-Threat Intelligence (CTI) information sharing among EPES participants, as well as with trusted nominated entities, such as Information Sharing and Analysis Centers (ISACs), Computer Security Incident Response Teams (CSIRTs) and Security Operations Centers (SOC). I2SP facilitates technical information sharing in view of a warning system and incident reporting across the EU, aligning with the pillars of the new Network Code on Cybersecurity.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124882111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Todays computing systems are more interconnected and sophisticated than ever before. Especially in healthcare 4.0, services and infrastructures rely on cyber-physical systemss (CPSess) and Internet of Things (IoT) devices. This adds to the complexity of these highly connected systems and their manageability. Even worse, the variety of emerging cyber attacks is becoming more severe and sophisticated, making healthcare one of the most important sectors with major security risks. The development of appropriate countermeasures constitutes one of the most complex and difficult challenges in cyber security research. Research areas include, among others, anomaly detection, network security, multi-layer event detection, cyber resiliency, and integrity protection. Securing the integrity of software running on a device is a desirable protection goal in the context of systems security. With a Trusted Platform Module (TPM), measured boot, and remote attestation there exist technologies to ensure that a system has booted up correctly and runs only authentic software. The Linux Integrity Measurement Architecture (IMA) extends these principles into the operating systems (OSes), measuring native binaries before they are loaded. However, interpreted language files, such as Java classes and Python scripts, are not considered executables and are not measured as such. Contemporary OSess ship with many of these and it is vital to consider them as security-critical as native binaries. In this paper, we introduce Userspace Software Integrity Measurement (USIM) for the Linux OSes. Userspace Software Integrity Measurement (USIM) enables interpreters to measure, log, and irrevocably anchor critical events in the TPM. We develop a software library in C which provides TPM-based measurement functionality as well as the USIM service, which provides concurrent access handling to the TPM based event logging. Further, we develop and implement a concept to realize highly frequent event logging on the slow TPM. We integrate this library into the Java Virtual Machine (JVM) to measure Java classes and show that it can be easily integrated into other interpreters. With performance measurements we demonstrate that our contribution is feasible and that overhead is negligible.
{"title":"Userspace Software Integrity Measurement","authors":"Michael Eckel, Tim Riemann","doi":"10.1145/3465481.3470018","DOIUrl":"https://doi.org/10.1145/3465481.3470018","url":null,"abstract":"Todays computing systems are more interconnected and sophisticated than ever before. Especially in healthcare 4.0, services and infrastructures rely on cyber-physical systemss (CPSess) and Internet of Things (IoT) devices. This adds to the complexity of these highly connected systems and their manageability. Even worse, the variety of emerging cyber attacks is becoming more severe and sophisticated, making healthcare one of the most important sectors with major security risks. The development of appropriate countermeasures constitutes one of the most complex and difficult challenges in cyber security research. Research areas include, among others, anomaly detection, network security, multi-layer event detection, cyber resiliency, and integrity protection. Securing the integrity of software running on a device is a desirable protection goal in the context of systems security. With a Trusted Platform Module (TPM), measured boot, and remote attestation there exist technologies to ensure that a system has booted up correctly and runs only authentic software. The Linux Integrity Measurement Architecture (IMA) extends these principles into the operating systems (OSes), measuring native binaries before they are loaded. However, interpreted language files, such as Java classes and Python scripts, are not considered executables and are not measured as such. Contemporary OSess ship with many of these and it is vital to consider them as security-critical as native binaries. In this paper, we introduce Userspace Software Integrity Measurement (USIM) for the Linux OSes. Userspace Software Integrity Measurement (USIM) enables interpreters to measure, log, and irrevocably anchor critical events in the TPM. We develop a software library in C which provides TPM-based measurement functionality as well as the USIM service, which provides concurrent access handling to the TPM based event logging. Further, we develop and implement a concept to realize highly frequent event logging on the slow TPM. We integrate this library into the Java Virtual Machine (JVM) to measure Java classes and show that it can be easily integrated into other interpreters. With performance measurements we demonstrate that our contribution is feasible and that overhead is negligible.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128623481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Automotive Ethernet is increasingly used in modern vehicles and complements or replaces legacy bus systems such as CAN. Ethernet also enables service-oriented communication with the Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. In this paper, we present a formal and practical security analysis of Scalable service-Oriented MiddlewarE over IP (SOME/IP), the identified Man-in-the-Middle (MITM) attacks, and propose two security extensions. The attacks are possible even if SOME/IP is used in combination with link layer security mechanisms. The attacker can impersonate a service offering server and a service consuming client. The two most common communication methods, request/response and publish/subscribe, are both vulnerable. In most communication scenarios, we are able to route all messages over the attacker. Our security extensions for authentication and authorization of service provisioning and usage protect against these attacks. We formally analyze the security and evaluate the overhead with practical implementations.
{"title":"Analyzing and Securing SOME/IP Automotive Services with Formal and Practical Methods","authors":"Daniel Zelle, Timm Lauser, Dustin Kern, C. Krauß","doi":"10.1145/3465481.3465748","DOIUrl":"https://doi.org/10.1145/3465481.3465748","url":null,"abstract":"Automotive Ethernet is increasingly used in modern vehicles and complements or replaces legacy bus systems such as CAN. Ethernet also enables service-oriented communication with the Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. In this paper, we present a formal and practical security analysis of Scalable service-Oriented MiddlewarE over IP (SOME/IP), the identified Man-in-the-Middle (MITM) attacks, and propose two security extensions. The attacks are possible even if SOME/IP is used in combination with link layer security mechanisms. The attacker can impersonate a service offering server and a service consuming client. The two most common communication methods, request/response and publish/subscribe, are both vulnerable. In most communication scenarios, we are able to route all messages over the attacker. Our security extensions for authentication and authorization of service provisioning and usage protect against these attacks. We formally analyze the security and evaluate the overhead with practical implementations.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125297835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Stefania Bartoletti, Giuseppe Bianchi, D. Orlando, Ivan Palamà, N. Blefari-Melazzi
Most localization systems rely on measurements gathered from signals emitted by stations whose position is assumed known as ground truth, namely anchors. As demonstrated by a significant bulk of experimental research, location security is threatened when an attacker becomes able to tamper either the signals emitted by the stations, or convince the user that the anchor station is in a different position than the true one. With this paper, we first propose a formal threat model which captures the above-mentioned wide class of attacks, and permits to quantitatively evaluate how tampering of one or more anchor locations undermines the user’s localization accuracy. We specifically derive a Cramér Rao Bound for the localization error, and we assess a number of example scenarios. We believe that our study may provide a useful formal benchmark for the design and analysis of detection and mitigation solutions.
{"title":"Location Security under Reference Signals’ Spoofing Attacks: Threat Model and Bounds","authors":"Stefania Bartoletti, Giuseppe Bianchi, D. Orlando, Ivan Palamà, N. Blefari-Melazzi","doi":"10.1145/3465481.3470098","DOIUrl":"https://doi.org/10.1145/3465481.3470098","url":null,"abstract":"Most localization systems rely on measurements gathered from signals emitted by stations whose position is assumed known as ground truth, namely anchors. As demonstrated by a significant bulk of experimental research, location security is threatened when an attacker becomes able to tamper either the signals emitted by the stations, or convince the user that the anchor station is in a different position than the true one. With this paper, we first propose a formal threat model which captures the above-mentioned wide class of attacks, and permits to quantitatively evaluate how tampering of one or more anchor locations undermines the user’s localization accuracy. We specifically derive a Cramér Rao Bound for the localization error, and we assess a number of example scenarios. We believe that our study may provide a useful formal benchmark for the design and analysis of detection and mitigation solutions.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114762819","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: