design implementation and evaluation of secure cyber
play

Design, Implementation, and Evaluation of Secure Cyber-Physical and - PowerPoint PPT Presentation

Jun 18, 2023 •334 likes •1.12k views

PhD Thesis Defense 2019 @ SUTD Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele Antonioli Singapore University of Technology and Design (SUTD) Daniele Antonioli Design, Implementation, and Evaluation

  1. PhD Thesis Defense 2019 @ SUTD Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele Antonioli Singapore University of Technology and Design (SUTD) Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems 1

  2. Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems • Thesis’s structure ◮ Part I: Cyber-physical systems security (Chapter 1-5) ◮ Part II: Wireless systems security (Chapter 6-10) ◮ TL;DR: Read sections 1.3 and 6.3 • Main collaborations ◮ SUTD (P . Szalachowski), University of Oxford (K. Rasmussen), and CISPA (N. O. Tippenhauer) Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Introduction 2

  3. Cyber-Physical Systems (CPS) • Interconnected devices managing a physical process ◮ Information technology (IT) ◮ Operational technology (OT) Historian SCADA VPN/Gateway HMI HMI HMI Internet Switch L1 Network Process 1 Process 2 Process n PLC PLC PLC PLC PLC PLC ... PLC1a PLC1b PLC2a PLC2b PLCna PLCnb L0 Network L0 Network Remote IO L0 Network Remote IO Remote IO ... RIO RIO RIO Sensor Sensor Sensor 42.42 42.42 42.42 Actuators Sensors Actuators Sensors Actuators Sensors Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 3

  4. Cyber-Physical Systems (CPS) Security • Securing CPS is paramount, yet challenging ◮ Cyber, physical, and cyber-physical attacks ◮ Wired and wireless connections (to the Internet) • High impact attacks on CPS ◮ E.g. Stuxnet (nuclear), BlackEnergy (smart grid), TRISIS/TRITON (safety) Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 4

  5. CPS Security Challenges and Research Questions • C1: Evaluation of CPS (IT and OT) technologies ◮ Q1: Can we build a low-cost real-time simulation environment for CPS? [CPS-SPC15] • C2: Cyber-physical attacks ◮ Q2: Can we detect and mitigate cyber-physical attacks? [CPS-SPC16] • C3: CPS security education ◮ Q3: Can we fill the gaps between IT and OT security professionals? [CPS-SPC17] Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 5

  6. MiniCPS: A toolkit for security research on CPS networks [CPS-SPC15] • Q1: Can we build a low-cost real-time simulation environment for CPS? (C)yber → Network Emulation − (P)hysical → Physical Layer Simulation and API − (S)ystem → Simulation of Control Devices − Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 6

  7. MiniCPS: A toolkit for security research on CPS networks [CPS-SPC15] • Q1: Can we build a low-cost real-time simulation environment for CPS? (C)yber → Network Emulation − (P)hysical → Physical Layer Simulation and API − (S)ystem → Simulation of Control Devices − Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 6

  8. Towards high-interaction virtual ICS honeypots-in-a-box [CPS-SPC16] • Q2: Can we detect and mitigate cyber-physical attacks? High-Interaction virtual honeypot Simulated PLC VPN PLC S SI Physical Device Process Emulated Simulation SSH network T elnet Gateway Simulated HMI Internet Real ICS/SCADA system PLC Attacker VPN Gateway PLC Device Physical ICS Process network SSH T elnet Gateway HMI High Interaction → Simulate physical process and ICS devices − Virtual → Linux container virtualization − In–a-box → Runs on a single Linux kernel − Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 7

  9. Towards high-interaction virtual ICS honeypots-in-a-box [CPS-SPC16] • Q2: Can we detect and mitigate cyber-physical attacks? High-Interaction virtual honeypot EtherNet/IP HMI 192.168.1.100 VPN VPN PLC1 Device 192.168.1.10 192.168.1.76 Physical Physical Switch PLC2 Process 192.168.1.20 Layer Internet Internet Simulation API PLC3 192.168.1.30 Attacker Attacker SSH SSH T T elnet elnet PLC4 192.168.1.40 Gateway 192.168.1.77 SDN Controller High Interaction → Simulate physical process and ICS devices − Virtual → Linux container virtualization − In–a-box → Runs on a single Linux kernel − Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 7

  10. Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 [CPS-SPC17] • Q3: Can we fill the gaps between IT and OT security professionals? • SWaT Security Showdown (S3) contest ◮ ICS-centric, gamified security competition ◮ We run it at SUTD in 2016 and 2017 ◮ IT and OT security professionals from academia and industry • MiniCPS based security challenges ◮ Evaluate MiniCPS as an educational tool ◮ E.g. MitM attacks, sensor and actuator manipulations • Main outcomes ◮ Conducted (novel) attacks ◮ Evaluated (novel) defenses Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CPS Security 8

  11. CPS includes Wireless Communication Systems • Wireless systems (thesis’s Part II) ◮ Transmission and reception of electro-magnetic (EM) signals ◮ Over a wireless physical layer (e.g. over the air) • Pervasive use cases ◮ Mobile communications: Wi-Fi, Bluetooth, and cellular ◮ Localization: GPS and RFID Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Wireless Security 9

  12. Wireless Systems Security • Wireless systems security is important, yet hard ◮ Wireless channel is broadcast ◮ Threats: eavesdropping, jamming, etc. • Recent high impact attacks ◮ Wi-Fi: Key Reinstallation AttaCK (KRACK) on WPA2 ◮ Bluetooth: BlueBorne implementation flaws on Android and Linux Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Wireless Security 10

  13. Our Wireless Security Challenges and Research Questions • C1: Wireless physical layer as a defense mechanism ◮ Q1: Can we leverage deployed physical layer features to secure communications? [CANS17] • C2: Complexity and accessibility of wireless technologies ◮ Q2: Can we analyze and evaluate (proprietary) wireless technologies? [NDSS19] • C3: Security evaluations and hardening of wireless technologies ◮ Q3: Can we harden already deployed technologies? [USEC19] Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Wireless Security 11

  14. Our Wireless Security Challenges and Research Questions • C1: Wireless physical layer as a defense mechanism ◮ Q1: Can we leverage deployed physical layer features to secure communications? [CANS17] Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Wireless Security 11

  15. C1: Wireless physical layer as a defense mechanism • Physical layer (PHY) ◮ From bits to EM signals and vice versa • Wireless PHY security ◮ Security guarantees from some physical layer features ◮ E.g. beamforming • Q1: Can we leverage deployed physical layer features to secure communications? ◮ Practical Evaluation of Passive COTS Eavesdropping in 802.11b/n/ac WLAN [CANS17] Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CANS17 - Motivation 12

  16. Practical Evaluation of Passive COTS Eavesdropping in 802.11b/n/ac WLAN [CANS17] • IEEE 802.11 PHY features ◮ 802.11b: single antenna, omnidirectional (SISO) ◮ 802.11n/ac: multiple antenna, beamforming (MIMO) • Threat model ◮ Alice (access point) communicates with Bob (user) ◮ Eve (attacker) wants to eavesdrop the downlink from Alice to Bob • Is Eve affected by 802.11n/ac PHY features compared to 802.11b? ◮ If yes, we should use it (together with crypto) Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CANS17 - Introduction 13

  17. 802.11b Downlink (SISO, omnidirectional) • 802.11b ◮ Alice uses 1 antennas ◮ Eve’s eavesdropping success depends on: d AE Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CANS17 - Introduction 14

  18. 802.11n/ac Downlink (MISO, beamforming) • 802.11n/ac ◮ Alice uses L antennas to dynamically beamform towards Bob ◮ Bob experiences a gain but Eve does not ◮ Eve’s eavesdropping success depends on: d AE , d BE , and L Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CANS17 - Introduction 15

  19. Metrics • Signal-to-Noise-Ratio (SNR) ◮ Power of the useful signal divided by the noise power at the receiver ◮ Usually expressed in dB (10 log 10 SNR = SNR dB ) • Bit-Error-Rate (BER) ◮ Probability of erroneously decoding 1-bit at the receiver ◮ Not an exact quantity (MCS, fading model) ◮ 10 − 6 considered reasonable • Packet-Error-Rate (PER) ◮ PER = 1 − ( 1 − BER ) N ◮ N is the average packet size in bits Daniele Antonioli Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems CANS17 - Introduction 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Submarine Design Test & Evaluation: Challenging Cyber-Provenance & Cyber Sidecars

Submarine Design Test & Evaluation: Challenging Cyber-Provenance & Cyber Sidecars

Submarine Design Test & Evaluation: Challenging Cyber-Provenance & Cyber Sidecars Capability Systems Centre, School of Engineering and Information Technology Dr Keith Joiner, CSC Group Captain (Retd) Pictures courtesy Australian

339 views • 8 slides
Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential Management in a Secure VANET) Supervisor: MSc Thesis: Prof. Panos Papadimitratos Mohammad Khodaei LCN KTH October, 2012 1 / 38 Outline

519 views • 48 slides
Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo Ming Hsieh Department of Electrical and Computer Engineering University of Southern California, Los Angeles nuzzo@usc.edu In Honor of Alberto

603 views • 23 slides
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. ODonnell, Ishan Sachdev, and Srinivas Devadas Massachusetts Institute of Technology 1 New Security Challenges

356 views • 31 slides
Communication for GPU Clusters: Design, Implementation and Evaluation with MVAPICH2 H. Wang, S.

Communication for GPU Clusters: Design, Implementation and Evaluation with MVAPICH2 H. Wang, S.

Optimized Non-contiguous MPI Datatype Communication for GPU Clusters: Design, Implementation and Evaluation with MVAPICH2 H. Wang, S. Potluri, M. Luo, A. K. Singh, X. Ouyang, S. Sur, D. K. Panda Network-Based Computing Laboratory The Ohio

742 views • 31 slides
User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation When does UI evaluation happen? Design Testing and Implementation Development evaluation Testing 2 CS 349 - UI evaluation Types of tests

820 views • 20 slides
Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas

Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas

Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas Bogk 23c3 27. December 2006 Overview Common software vulnerabilities Dylan Architecture of IP-Stack CVE sorted by bug class Software

447 views • 44 slides
Evaluation Contextual Design: Stages Interviews and observations Work modeling

Evaluation Contextual Design: Stages Interviews and observations Work modeling

Evaluation Contextual Design: Stages Interviews and observations Work modeling Consolidation Work redesign User environment design Prototypes Evaluation Implementation Evaluation Evaluation for many purposes

366 views • 32 slides
Lessons learnt: MOOC design, implementation and evaluation A closer look at Understanding

Lessons learnt: MOOC design, implementation and evaluation A closer look at Understanding

Lessons learnt: MOOC design, implementation and evaluation A closer look at Understanding Language: learning and teaching Kate Borthwick Senior Enterprise Fellow, Humanities, University of Southampton, UK ChinaCALL, Qingdao, China, 22

435 views • 18 slides
Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann Groschdl 3 , Zhe Liu 3 , Praveen K. Vadnala 3 , Srinivas Vivek 3 1 CNRS/Loria, France 2 SCYTL Secure Electronic Voting, Spain 3 University of

712 views • 33 slides
Secure Design: A Better Bug Repellent Christoph Kern, IEEE SecDev '17 Security Defects

Secure Design: A Better Bug Repellent Christoph Kern, IEEE SecDev '17 Security Defects

Secure Design: A Better Bug Repellent Christoph Kern, IEEE SecDev '17 Security Defects Implementation Bugs Shallow & Localized Patchable Straightforward & Testable Image credit: Vaniato/Shutterstock.com Design Flaws Deep &

414 views • 28 slides
CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE Cor Corpor porate O te Over erview view AT-NET

CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE Cor Corpor porate O te Over erview view AT-NET

CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE Cor Corpor porate O te Over erview view AT-NET Services offers comprehensive engineering services for the life cycle of your system; design, build, secure and manage CYBER SECURITY FOR

873 views • 65 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
PACMAS Cyber Safety Co-Design Project Project aim Co-design and test a solution prototype with

PACMAS Cyber Safety Co-Design Project Project aim Co-design and test a solution prototype with

PACMAS Cyber Safety Co-Design Project Project aim Co-design and test a solution prototype with young Tongan women to help them overcome cyber safety issues. portable.com.au Why? While interventions to enhance cyber safety in Tonga have

680 views • 49 slides
CPS 108, Fall 1999 Program Design and Implementation Software Design and Implementation

CPS 108, Fall 1999 Program Design and Implementation Software Design and Implementation

CPS 108, Fall 1999 Program Design and Implementation Software Design and Implementation Language independent principles of design and programming Object oriented programming and design design heuristics good design helps do away

295 views • 3 slides
Presentations Power Grid TCIP: Trustworthy Cyber Infrastructure for Power Secure and Reliable

Presentations Power Grid TCIP: Trustworthy Cyber Infrastructure for Power Secure and Reliable

Trustworthy Cyber Infrastructure for the Presentations Power Grid TCIP: Trustworthy Cyber Infrastructure for Power Secure and Reliable Computing Base Presenters: Sean Smith, Ravi Iyer, and Carl Gunter TCIP Year 1 Review, December 11, 2006

346 views • 17 slides
Unix/Linux Forensics Simple Linux Commands date display the date ls list the

Unix/Linux Forensics Simple Linux Commands date display the date ls list the

1 Unix/Linux Forensics Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays

996 views • 57 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida A quick history - current and

Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida A quick history - current and

Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida A quick history - current and proposed browser identity features Password store & sync Account Manager authentication and session metaprotocol Contacts API

483 views • 10 slides
+ Cyber Security CS301 Fundamentals of Computer Science United States Military Academy + An

+ Cyber Security CS301 Fundamentals of Computer Science United States Military Academy + An

+ Cyber Security CS301 Fundamentals of Computer Science United States Military Academy + An Exercise in Cyber Security n Your identity is a valuable thing that is worth stealing. n Previous courses: how to protect yourself n This

324 views • 15 slides
Administrators Todd Klindt & Shane Young SharePoint911 Who is this Todd guy? WSS MVP

Administrators Todd Klindt & Shane Young SharePoint911 Who is this Todd guy? WSS MVP

402: Taming SQL Server for Administrators Todd Klindt & Shane Young SharePoint911 Who is this Todd guy? WSS MVP since 2006 Speaker, writer, consultant, Aquarius, Ray Romanos stunt double Personal Blog www.toddklindt.com/blog

676 views • 22 slides
The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of

The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of

The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of Illinois at Chicago The standard model of senders, receivers, attackers, etc.: 1. Parties perform computation, send messages to other parties.

550 views • 32 slides
What Happened to the Dinosaurs? Dinosaurs were the dominant vertebrate animals of terres- trial

What Happened to the Dinosaurs? Dinosaurs were the dominant vertebrate animals of terres- trial

What Happened to the Dinosaurs? Dinosaurs were the dominant vertebrate animals of terres- trial ecosystems for over 160 million years from about 230 million years ago to 65 million years ago. Recent research indicates that theropod dinosaurs are

574 views • 40 slides
Topic 4: Topic 4: Local analysis of image Local analysis of image patches patches patches

Topic 4: Topic 4: Local analysis of image Local analysis of image patches patches patches

Topic 4: Topic 4: Local analysis of image Local analysis of image patches patches patches patches What do we mean by an image patch? What do we mean by an image patch? Applications of local image analysis

1.25k views • 106 slides

More recommend