Attack simulations of viable cities (smart facilities) Associate - - PowerPoint PPT Presentation

Attack simulations of viable cities (smart facilities)

Associate prof. Robert Lagerström KTH Royal Institute of Technology

Sustainable cities, energy, transportation, …

Digital solutions will drive progress towards the sustainable development goals

Cyber threats

How come this happens over and over again?

Complexity in a software

Complexity in an Organization

Complexity in smart cities

Ukraine Power Grid

Spear phishing Exploring and collecting TDOS Malicious firmware Malware (KillDisk) “We want to be seen, and we want to send you a message”

Smart facilities

Advanced attacks not needed New IoT devices often lack basic security features!

Penetration testing

https://www.svt.se/nyheter/vetenskap/har-hackas- elsparkcykeln-av-kth-studenten

Recently found vulnerabilities in IoT (by KTH students)

Aldin Burdzovic, Jonathan Matsson, Pontus Johnson, and Robert Lagerström, CVE-2019-12941, AutoPi Wi-Fi/ NB and 4G/LTE devices allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. Arvid Viderberg, Pontus Johnson, and Robert Lagerström, CVE-2019-12944, Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. Arvid Viderberg, Pontus Johnson, and Robert Lagerström, CVE-2019-12943, Insecure permission, password reset function, in TTLock Open Platform. Arvid Viderberg, Pontus Johnson, and Robert Lagerström, CVE-2019-12942, Insecure permission, account revocation mechanism, in TTLock Open Platform. Theodor Olsson, Albin Larsson Forsberg, Pontus Johnson, and Robert Lagerström, CVE-2019-12821, Vulnerability in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. Theodor Olsson, Albin Larsson Forsberg, Pontus Johnson, and Robert Lagerström, CVE-2019-12820, Vulnerability in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, possible MiTM attack on http. Ludvig Christensen, Daniel Dannberg, Pontus Johnson, and Robert Lagerström, CVE-2019-12797, Vulnerability in a clone version of an ELM327 OBD2 Bluetooth device, hardcoded PIN leading to arbitrary commands to an OBD-II bus of a vehicle.

National Vulnerability Database

Google Chrome vulnerabilities - known

IoT honeypot experiment

Automatic Quantitative Data-driven Attack Simulations

Computer Aided Design (CAD)

CAD & SIMULATIONS HAVE REVOLUTIONIZED OTHER ENGINEERING FIELDS

Computer aided design and quantitative simulations have revolutionized engineering. Could you imagine building today’s fighter jets without CAD and simulation software? Would you fly with an airplane where the risks are identified, prioritized and tracked by subjective and qualitative measures?

The concept of threat modeling lets you simulate attacks on small and abstract Models created manually, like our Web Server Component, as well as large enterprise-wide Models with thousands of Objects that are automatically generated based on existing data sources. Once a Model in created, all that remains is the assignment of high value assets, with an expected Cost of loss and an entry point for the Attacker.

Various attack scenarios can be simulated by placing the Attacker on e.g., the Internet, as an Insider etc. Furthermore, the simulations will have no impact on availability or have any active connection to the actual systems. Based on the threat model the most probable attack paths from the Attacker’s entry point (red) to the high value assets in the model (blue) can be generate and visualize automatically. The Attacker will take the path of least resistance based on the built in statistics as well as the status of the Objects’ Defenses. Based on the simulation data and attack paths, reports on risk exposure, critical weaknesses and expected loss can be created. Security controls that can lower the risk exposure can also be suggested, which can be applied and evaluated against the expected cost.

Attack simulations

Attack simulations

BREAK IN THROUGH WINDOW BREAK INTO HOUSE OR BREAK IN THROUGH DOOR

Let’s assume that our most valued asset is our house and that we are worried someone might break in. As far as we now, there are two possible ways in, through the window

• r through the door.

BREAK IN THROUGH WINDOW BREAK INTO HOUSE USE TOOL

• Door material
• Lock quality
• Barb wire
• Fence hight

BYPASS DOOR ACCESS TO DOOR OR AND BYPASS FENCE BREAK IN THROUGH DOOR USE KEY OR OR PICK LOCK

To break in through the door, the attacker will have to have access to the door AND bypass the door. How easy or hard that is for the attacker depends on the parameters

• f the door and the fence

BREAK IN THROUGH WINDOW BREAK INTO HOUSE USE TOOL BYPASS DOOR ACCESS TO DOOR OR AND BYPASS FENCE BREAK IN THROUGH DOOR USE KEY OR OR PICK LOCK

BYPASS FENCE Heigh t Barb Wire TTC False True 2 True 3 … … …

%

time

BREAK INTO HOUSE

Depending on the parameters of e.g. the door, it will be tougher or easier* to bypass the door with different types of attacks. In the simulation, we sample these values and provide Time-to-compromise (TTC) distribution(s) to reach high value assets. TTC is the success rate of an attack over time i.e. the more time the attacker gets to spend trying, the more likely he/she will be succeeding.

BYPASS DOOR Lock Quality Door Material TTC Poor Poor 4 Good Poor 25 … … …

BREAK IN THROUGH WINDOW BREAK INTO HOUSE BYPASS DOOR ACCESS TO DOOR OR AND BYPASS FENCE BREAK IN THROUGH DOOR OR PICK LOCK %

time

BREAK INTO HOUSE BYPASS FENCE Heigh t Barb Wire TTC False True 2 True 3 … … …

BOB’S RUSTY CHAIN LINK → USE KEY USE TOOL STEAL SPARE KEY BREAK INTO NEIGHBOUR’S HOUSE JUMP DOWN CHIMNEY

The attacker might also exploit some unknown vulnerability or “zero- day”. Here exemplified as squeeze down the chimney. Looking at our security situation from a broader picture lets us capture structural vulnerabilities as well. In the example, the attacker might exploit a big hole in our neighbors house to steal our spare key.

If there is data available about specific products and their vulnerabilities, this can be inserted into the tool. In this example, we know that Bob delivers terrible fences.

Goals with VASA (Viable cities Attack Simulation & threAt modeling)

The main goal is to develop a threat modeling and attack simulation approach specifically designed for smart facilities, a key concept in viable cities. Ethical hacking of smart components will also take place in

• rder to improve the attack simulations.

KTMM (KTH Threat Modeling Method)

KTMM consists of five (six) phases. 0) scope & delimitations, 1) business analysis, 2) system definition & decomposition, 3) threat analysis, 4) attack & resilience analysis, and 5) risk assessment & recommendations. Currently tested at JM, Coor, and Stena Fastigheter.

Vanguard

How to participate?

Penetration testing / ethical hacking of systems / IoT devices Threat modeling & attack simulations

• with KTMM
• with Vanguard (for AWS)

Contact

robertl@kth.se www.kth.se/profile/robertl www.foreseeti.com