CYBER - PHYSICAL SECURITY

Slides:

Advertisements

Similar presentations

International Graduate School Cottbus / IHP microelectronics Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt.

Advertisements

SCADA Security, DNS Phishing

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Challenges in Protecting Critical National Infrastructure from Cyber Attacks Singapore University of Technology and Design Aditya P Mathur September 27,

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Vulnerabilities of Windows XP Brock Prince Dana Zottola ECE 578 Spring 2002 C.K. Koc.

February 21, 2008 Center for Hybrid and Embedded Software Systems Cyber-Physical Systems (CPS): Orchestrating networked.

Green Lights Forever Analyzing the Security of Traffic Infrastructure Branden Ghena, William Beyer, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman.

Software-based Code Attestation for Wireless Sensors.

1 Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Organizers: NC State University & UNC Chapel Hill.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

Introduction to Security Computer Networks Computer Networks Term B10.

Prepared By: Kopila Sharma  Enables communication between two or more system.  Uses standard network protocols for communication.  Do.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Security Awareness: Applying Practical Security in Your World

Host Intrusion Prevention Systems & Beyond

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Cyber Security of Smart Grid Systems

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

A sophisticated Malware Arpit Singh CPSC 420

Presented by Amira Ahmed El-Sharkawy Ibrahim.  There are six of eight turtle species in Ontario are listed as endangered, threatened or of special concern.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

1 We’ve been p0wn’d? Review of 2015 Surface Transportation Cybersecurity Incidents 2015 TRB Session 850 Edward Fok USDOT/FHWA – Resource Center.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Microcontroller-Based Wireless Sensor Networks

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

Research Overview Sencun Zhu Asst. Prof. CSE/IST, PSU

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

Networking Components Starla Wachsmann. COMPUTER NETWORKING COMPONETS Today’s wireless and enterprise networks are more complex than ever, delivering.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

REU 2004 Computer Science and Engineering Department The University of Texas at Arlington Research Experiences for Undergraduates in Distributed Rational.

Cryptography and Network Security Sixth Edition by William Stallings.

Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

June All Hands Meeting Security in Sensor Networks Tanya Roosta Chris Karlof Professor S. Sastry.

Computer Science and Engineering Department The University of Texas at Arlington MavHome: An Intelligent Home Environment.

REU 2009 Computer Science and Engineering Department The University of Texas at Arlington Research Experiences for Undergraduates in Information Processing.

Cyber Security in Smart Grids BY ADITYA KANDULA DEVASIA THOMAS.

Lecture 8: Wireless Sensor Networks By: Dr. Najla Al-Nabhan.

DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.

Green Lights Forever Analyzing the Security of Traffic Infrastructure Branden Ghena, William Beyer, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman.

Security Methods and Practice CET4884

Summary of our work Password Eavesdropping

IoT Security Part 2, The Malware

Threat Modeling for Cloud Computing

3.6 Fundamentals of cyber security

How SCADA Systems Work?.

Cyber Security By: Pratik Gandhi.

Wireless Fidelity (15881A0515).

Connected and Autonomous Vehicle Cybersecurity Controller Area Network

Secure Control Systems - A Quantitative Risk Management Approach

On the Efficacy of Anomaly Detection in Process Control Networks

Adhoc and Wireless Sensor Networks

Cyber Physical Systems

Wenyu Ren, Timothy Yardley, Klara Nahrstedt

Session 26 INST 346 Technologies, Infrastructure and Architecture

Network Security Mark Creighton GBA 576 6/4/2019.

Presentation transcript:

CYBER - PHYSICAL SECURITY James Maki & Mason Vogel

WHAT IS IT? Normally a system that monitors behaviour of physical processes and takes actions to correct those behaviors. Two Major Components

Cyber Process Network of tiny devices (like sensors) Can sense, compute, and communicate (wireless)

Physical Process Monitored by the cyber system Could be naturally occurring phenomenon Man-made Combination of the two

Example Cyber-Physical Systems Temperature/Humidity Controlled Labs Sense Temperature Sense Humidity Act accordingly

ATTACKING Areas to Attack Physical and control (Physical) Communication and Network (Cyber) Supervisory and Management (Human) Attack Types Actuator State Data Insert picture of six layer of hierarchical system Common Attack: Eavesdropping Compromised-Key attack Man-in-the-Middle Denial-of-Service

Green Lights Forever broadcast on a similar protocol as 802.11 (WLAN) unencrypted Controller setting may be configured in person or cyber default usernames and passwords Integrate security into system and change from factory default

War Games film 1983 SHALL WE PLAY A GAME?

Drone Attacks Drones are basically flying computers Incredibly hard to detect drones Drone crash in Texas

Phase of Worm: targeted Winodws machine Siemens Step7 software compromised PLCs Some Features: All actions were done in memory-no disk evidence Self-scalability control-prevent spreading to more than three others uninstall mechanism Code for man-in-the-middle Could have centrifuges tear themselves apart

STUXNET WORM targeting highly specialized industrial systems in critical high-security infrastructures (at least 14 sites were infected). Modifying the code running in PLCs in order to make them deviate from their expected behavior. Believed to had sponsorship from a nation-state, it has been suggested it was United States and Israel Other attacks 2000 Maroochy water breach, Brazil 2003 SQL Slammer worm Davis-Besse nuclear plant 2010 Stuxnet Could derail trains, poison water supplies, and cripple power grids (2012 Leon Panetta)

DETECTING AN ATTACK Cross-correlator technique to detect False Data Injection Attacks Intelligent Checker Layer 1: basic process control system Layer 2: alarm and operators Layer 3: safety instrumented systems Secutiry Objective: Integrity Authenticity Confidentiality Big thing is Attack detection and identification

Update the system

REFERENCES IEEE Control Systems Magazine Feb 2015 - Cyberphysical Security Stuxnet Worm Impact on Industrial Cyber-Physical System Security, Stamatis Karnouskos SAP Research, Germany, IEEE 2011 The Real Story of Stuxnet, spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet Feb 2013 Countermeasures to Enhance Cyber-Physical System Security and Safety, Giedre Sabaliaukaite and Aditya P. Mathur, 2014 IEEE Green Lights Forever: Analyzing the Security of Traffic Infrastructure, Branden Ghena, William Beyer, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman, 2014 Proceedings of the 8th USENIX Workshop on Offensive Technologies (WOOT)

REFERENCES Security Issues and Challenges for Cyber Physical System, Eric Ke Wang, Yunming Ye, Xiaofei Xu, S.M. Yiu, L.C.K. HUI, K.P.Chow, 2010 IEEE Cyber-Physical Security via Geometric Control: Distributed Monitoring and Malicious Attacks, Fabio Pasqualetti, Florian Dörfler, and Francesco Bullo, 2012 IEEE Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, Kim Zetter, 2014 http://www.brookings.edu/research/papers/2011/07/05-drones-villasenor