Abstract: The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-based Virtual Machine (KVM), LinuX Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.
Abstract: As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.
Abstract: Users’ susceptibility to malware attacks have been noticed in the past few years. Investigating the factors that make a user vulnerable to those attacks is critical because they can be utilized to set up proactive strategies such as awareness and education to mitigate the impacts of those attacks. Demographic, behavioral, and cultural vulnerabilities are the main factors that make users susceptible to malware attacks. It is challenging, however, to draw more general conclusions based on those factors due to the varieties in the type of users and different types of malware. Therefore, we conducted a systematic literature review (SLR) of the existing research for user susceptibility factors to malware attacks. The results showed that all demographic factors are consistently associated with malware infection regardless of the users' type except for age and gender. Besides, the association of culture and personality factors with malware infection is consistent in most of the selected studies and for all types of users. Moreover, malware infection varies based on age, geographic location, and host types. We propose that future studies should carefully take into consideration the type of users because different users may be exposed to different threats or targeted based on their user domains’ characteristics. Additionally, as different types of malware use different tactics to trick users, taking the malware types into consideration is important.
Abstract: With the advent of complex software and increased connectivity, security of life-critical medical devices is becoming an increasing concern, particularly with their direct impact to human safety. Security is essential, but it is impossible to develop completely secure and impenetrable systems at design time. Therefore, it is important to assess the potential impact on security and safety of exploiting a vulnerability in such critical medical systems. The common vulnerability scoring system (CVSS) calculates the severity of exploitable vulnerabilities. However, for medical devices, it does not consider the unique challenges of impacts to human health and privacy. Thus, the scoring of a medical device on which a human life depends (e.g., pacemakers, insulin pumps) can score very low, while a system on which a human life does not depend (e.g., hospital archiving systems) might score very high. In this paper, we present a Medical Vulnerability Scoring System (MVSS) that extends CVSS to address the health and privacy concerns of medical devices. We propose incorporating two new parameters, namely health impact and sensitivity impact. Sensitivity refers to the type of information that can be stolen from the device, and health represents the impact to the safety of the patient if the vulnerability is exploited (e.g., potential harm, life threatening). We evaluate 15 different known vulnerabilities in medical devices and compare MVSS against two state-of-the-art medical device-oriented vulnerability scoring system and the foundational CVSS.
Abstract: Electric power is a fundamental necessity in the 21st century. Consequently, any break in electric power is probably going to affect the general activity. To make the power supply smooth and efficient, a smart grid network is introduced which uses communication technology. In any communication network, security is essential. It has been observed from several recent incidents that adversary causes an interruption to the operation of networks. In order to resolve the issues, it is vital to understand the threats and vulnerabilities associated with the smart grid networks. In this paper, we have investigated the threats and vulnerabilities in Smart Grid Networks (SGN) and the few solutions in the literature. Proposed solutions showed developments in electricity theft countermeasures, Denial of services attacks (DoS) and malicious injection attacks detection model, as well as malicious nodes detection using watchdog like techniques and other solutions.
Abstract: The diversity and complexity of modern IT systems make it almost impossible for internal teams to find vulnerabilities in all software before the software is officially released. The emergence of threat intelligence and vulnerability reporting policy has greatly reduced the burden on software vendors and organizations to find vulnerabilities. However, to prove the existence of the reported vulnerability, it is necessary but difficult for security incident response team to build a deliberated vulnerable environment from the vulnerability report with limited and incomplete information. This paper presents a structured, standardized, machine-oriented vulnerability intelligence format, that can be used to automate the orchestration of Deliberated Vulnerable Environment (DVE). This paper highlights the important role of software configuration and proof of vulnerable specifications in vulnerability intelligence, and proposes a triad model, which is called DIR (Dependency Configuration, Installation Configuration, Runtime Configuration), to define software configuration. Finally, this paper has also implemented a prototype system to demonstrate that the orchestration of DVE can be automated with the intelligence.
Abstract: Internet of things is a new concept that its emergence has caused ubiquity of sensors in human life, so that at any time, all data are collected, processed and transmitted by these sensors. In order to establish a secure connection, the first challenge is authentication between sensors. However, this challenge also requires some features so that the authentication is done properly. Anonymity, untraceability, and being lightweight are among the issues that need to be considered. In this paper, we have evaluated the authentication protocols and have analyzed the security vulnerabilities found in them. Then an improved light weight authentication protocol for sensor-to-sensor communications is presented which uses the hash function and logical operators. The analysis of protocol shows that security requirements have been met and the protocol is resistant against various attacks. In the end, by decreasing the number of computational cost functions, it is argued that the protocol is lighter than before.
Abstract: The use of biometric identifiers in the field of
information security, access control to resources, authentication in
ATMs and banking among others, are of great concern because of
the safety of biometric data. In the general architecture of a biometric
system have been detected eight vulnerabilities, six of them allow
obtaining minutiae template in plain text. The main consequence
of obtaining minutia templates is the loss of biometric identifier
for life. To mitigate these vulnerabilities several models to protect
minutiae templates have been proposed. Several vulnerabilities in the
cryptographic security of these models allow to obtain biometric data
in plain text. In order to increase the cryptographic security and ease
of reversibility, a minutiae templates protection model is proposed.
The model aims to make the cryptographic protection and facilitate
the reversibility of data using two levels of security. The first level
of security is the data transformation level. In this level generates
invariant data to rotation and translation, further transformation is
irreversible. The second level of security is the evaluation level,
where the encryption key is generated and data is evaluated using a
defined evaluation function. The model is aimed at mitigating known
vulnerabilities of the proposed models, basing its security on the
impossibility of the polynomial reconstruction.
Abstract: In the wake of recent disasters happening around the world such as earthquake in Italy (January, 2017); hurricanes in the United States (US) (September 2016 and September 2017); and compounding disasters in Haiti (September 2010 and September 2016); to our best knowledge, never has the world seen the need to work on preemptive rather than reactionary measures to salvage this situation than now. Tornadoes are natural hazards that mostly affect mid-western and central states in the US. Tornadoes, like all natural hazards such as hurricanes, earthquakes, floods and others, are very destructive and result in massive destruction to homes, cause billions of dollars in damage and claims many lives. Healthcare facilities in general are vulnerable to disasters, and therefore, the safety of patients, health workers and those who come in to seek shelter should be a priority. The focus of this study is to assess disaster management measures instituted by healthcare facilities. Thus, the sole aim of the study is to examine the vulnerabilities and the design of safe spaces in healthcare facilities in Central US. Objectives that guide the study are to primarily identify the impacts of tornadoes in hospitals and to assess the structural design or specifications of safe spaces. St. John’s Regional Medical Center, now Mercy Hospital in Joplin, is used as a case study. Preliminary results show that the lateral base shear of the proposed design to be 684.24 ton (1508.49kip) for the safe space. Findings from this work will be used to make recommendations about the design of safe spaces for health care facilities in Central US.
Abstract: Hazard assessment and risks quantification are key components for estimating the impact of existing regulations. But since regulatory compliance cannot cover all risks in aviation, the authors point out that by studying causal factors and eliminating uncertainty, an accurate analysis can be outlined. The research debuts by making delimitations on notions, as confusion on the terms over time has reflected in less rigorous analysis. Throughout this paper, it will be emphasized the fact that the variation in human performance and organizational factors represent the biggest threat from an operational perspective. Therefore, advanced risk assessment methods analyzed by the authors aim to understand vulnerabilities of the system given by a nonlinear behavior. Ultimately, the mathematical modeling of existing hazards and risks by eliminating uncertainty implies establishing an optimal solution (i.e. risk minimization).
Abstract: Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization.
Abstract: This study is about an algorithmic dependence of Artificial Neural Network on Multilayer Perceptron (MPL) pertaining to the classification and clustering presentations for Mobile Adhoc Network vulnerabilities. Moreover, mobile ad hoc network (MANET) is ubiquitous intelligent internetworking devices in which it has the ability to detect their environment using an autonomous system of mobile nodes that are connected via wireless links. Security affairs are the most important subject in MANET due to the easy penetrative scenarios occurred in such an auto configuration network. One of the powerful techniques used for inspecting the network packets is Intrusion Detection System (IDS); in this article, we are going to show the effectiveness of artificial neural networks used as a machine learning along with stochastic approach (information gain) to classify the malicious behaviors in simulated network with respect to different IDS techniques. The monitoring agent is responsible for detection inference engine, the audit data is collected from collecting agent by simulating the node attack and contrasted outputs with normal behaviors of the framework, whenever. In the event that there is any deviation from the ordinary behaviors then the monitoring agent is considered this event as an attack , in this article we are going to demonstrate the signature-based IDS approach in a MANET by implementing the back propagation algorithm over ensemble-based Traffic Table (TT), thus the signature of malicious behaviors or undesirable activities are often significantly prognosticated and efficiently figured out, by increasing the parametric set-up of Back propagation algorithm during the experimental results which empirically shown its effectiveness for the ratio of detection index up to 98.6 percentage. Consequently it is proved in empirical results in this article, the performance matrices are also being included in this article with Xgraph screen show by different through puts like Packet Delivery Ratio (PDR), Through Put(TP), and Average Delay(AD).
Abstract: Cloud computing is one of the most sharp and important movement in various computing technologies. It provides flexibility to users, cost effectiveness, location independence, easy maintenance, enables multitenancy, drastic performance improvements, and increased productivity. On the other hand, there are also major issues like security. Being a common server, security for a cloud is a major issue; it is important to provide security to protect user’s private data, and it is especially important in e-commerce and social networks. In this paper, encryption algorithms such as Advanced Encryption Standard algorithms, their vulnerabilities, risk of attacks, optimal time and complexity management and comparison with other algorithms based on software implementation is proposed. Encryption techniques to improve the performance of AES algorithms and to reduce risk management are given. Secure Hash Algorithms, their vulnerabilities, software implementations, risk of attacks and comparison with other hashing algorithms as well as the advantages and disadvantages between hashing techniques and encryption are given.
Abstract: The benchmarking of tools for dynamic analysis of
vulnerabilities in web applications is something that is done
periodically, because these tools from time to time update their
knowledge base and search algorithms, in order to improve their
accuracy. Unfortunately, the vast majority of these evaluations are
made by software enthusiasts who publish their results on blogs
or on non-academic websites and always with the same evaluation
methodology. Similarly, academics who have carried out this type of
analysis from a scientific approach, the majority, make their analysis
within the same methodology as well the empirical authors. This
paper is based on the interest of finding answers to questions that
many users of this type of tools have been asking over the years,
such as, to know if the tool truly test and evaluate every vulnerability
that it ensures do, or if the tool, really, deliver a real report of all the
vulnerabilities tested and exploited. This kind of questions have also
motivated previous work but without real answers. The aim of this
paper is to show results that truly answer, at least on the tested tools,
all those unanswered questions. All the results have been obtained
by changing the common model of benchmarking used for all those
previous works.
Abstract: Ultra WidBand-IR physical layer technology has seen a
great development during the last decade which makes it a promising
candidate for short range wireless communications, as they bring
considerable benefits in terms of connectivity and mobility. However,
like all wireless communication they suffer from vulnerabilities in
terms of security because of the open nature of the radio channel. To
face these attacks, distance bounding protocols are the most popular
counter measures. In this paper, we presented a protocol based on
distance bounding to thread the most popular attacks: Distance Fraud,
Mafia Fraud and Terrorist fraud. In our work, we study the way
to adapt the best secure distance bounding protocols to mapping
code of ultra-wideband (TH-UWB) radios. Indeed, to ameliorate the
performances of the protocol in terms of security communication
in TH-UWB, we combine the modified protocol to ultra-wideband
impulse radio technology (IR-UWB). The security and the different
merits of the protocols are analyzed.
Abstract: For us humans, risk and insecurity are intimately linked to vulnerabilities - where there is vulnerability, there is potentially risk and insecurity. Reducing vulnerability through compensatory measures means decreasing the likelihood of a certain external event be qualified as a risk/threat/assault, and thus also means increasing the individual’s sense of security. The paper suggests that a meaningful way to approach the study of risk/ insecurity is to organize thinking about the vulnerabilities that external phenomena evoke in humans as perceived by them. Such phenomena are, through a set of given vulnerabilities, potentially translated into perceptions of "insecurity." An ontological discussion about salient timespace characteristics of external phenomena as perceived by humans, including such which potentially can be qualified as risk/threat/assault, leads to the positing of two dimensions which are central for describing what in the paper is called the essence of risk/threat/assault. As is argued, such modeling helps analysis steer free of the subjective factor which is intimately connected to human perception and which mediates between phenomena “out there” potentially identified as risk/threat/assault, and their translation into an experience of security or insecurity. A proposed set of universally given vulnerabilities are scrutinized with the help of the two dimensions, resulting in a modeling effort featuring four realms of vulnerabilities which together represent a dynamic whole. This model in turn informs modeling on human security.
Abstract: More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.
Abstract: High population and irregular urban development in Kabul city, Afghanistan's capital, are among factors that increase its vulnerability to earthquake disasters (on top of its location in a high seismic region); this can lead to widespread economic loss and casualties. This study aims to evaluate earthquake risks in Kabul's 13th district based on scientific data. The research data, which include hazard curves of Kabul, vulnerability curves, and a questionnaire survey through sampling in district 13, have been incorporated to develop risk curves. To estimate potential casualties, we used a set of M parameters in a model developed by Coburn and Spence. The results indicate that in the worst case scenario, more than 90% of district 13, which comprises mostly residential buildings, is exposed to high risk; this may lead to nearly 1000 million USD economic loss and 120 thousand casualties (equal to 25.88% of the 13th district's population) for a nighttime earthquake. To reduce risks, we present the reconstruction of the most vulnerable buildings, which are primarily adobe and masonry buildings. A comparison of risk reduction between reconstructing adobe and masonry buildings indicates that rebuilding adobe buildings would be more effective.
Abstract: Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study.
Abstract: One of the leading problems in Cyber Security today
is the emergence of targeted attacks conducted by adversaries with
access to sophisticated tools. These attacks usually steal senior level
employee system privileges, in order to gain unauthorized access to
confidential knowledge and valuable intellectual property. Malware
used for initial compromise of the systems are sophisticated and
may target zero-day vulnerabilities. In this work we utilize common
behaviour of malware called ”beacon”, which implies that infected
hosts communicate to Command and Control servers at regular
intervals that have relatively small time variations. By analysing
such beacon activity through passive network monitoring, it is
possible to detect potential malware infections. So, we focus on
time gaps as indicators of possible C2 activity in targeted enterprise
networks. We represent DNS log files as a graph, whose vertices
are destination domains and edges are timestamps. Then by using
four periodicity detection algorithms for each pair of internal-external
communications, we check timestamp sequences to identify the
beacon activities. Finally, based on the graph structure, we infer the
existence of other infected hosts and malicious domains enrolled in
the attack activities.