gamifying ics security training and research design
play

Gamifying ICS Security Training and Research: Design, - PowerPoint PPT Presentation

May 13, 2023 •272 likes •524 views

CPS-SPC 17 @ Dallas, US Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 D ANIELE A NTONIOLI , H. R. G HAEINI , S. A DEPU , M. O CHOA , N. O. T IPPENHAUER Singapore University of Technology and Design

  1. CPS-SPC 17 @ Dallas, US Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 D ANIELE A NTONIOLI , H. R. G HAEINI , S. A DEPU , M. O CHOA , N. O. T IPPENHAUER Singapore University of Technology and Design (SUTD) daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs 1

  2. Capture-The-Flag Security Competitions • Jeopardy-style CTF ◮ Teams compete online ◮ Set of challenges divided by categories (RE, crypto) ◮ Score points by finding (or computing) flags • Attack-defense CTF ◮ Each team gets a vulnerable (virtual) machine ◮ Maintain the services uptime to score points ◮ Compromise the services of other teams to score points • Why are CTF events useful? ◮ Instant feedback for the players ◮ Playing as a team is key (orthogonal skills) daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs SWaT Security Showdown (S3) 2

  3. Selected CTF Events • Diverse organizers: academia, industry, amateurs ◮ Almost no CTF targeted to Industrial Control System security daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs SWaT Security Showdown (S3) 3

  4. Our Approach: The S3 Contest • SWaT Security Showdown (S3) contest ◮ ICS-centric, gamified security competition ◮ Involves academia and industry ◮ Develop (new) attacks and evaluate (new) defenses ◮ Access to a real ICS (SWaT) • Online phase: Jeopardy-style CTF ◮ ICS-specific categories ◮ Over the web • Live phase: attack-defense CTF ◮ Attack and defend SWaT ◮ Hosted by SUTD daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs SWaT Security Showdown (S3) 4

  5. Secure Water Treatment (SWaT) Testbed DMZ IDS Network Internet SCADA Historian HMI HMI HMI Layer 1 Network Switch Process 1 Process 2 Process 3 Process 4 Process 5 Process 6 PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC1 PLC1b PLC2 PLC2b PLC3 PLC3b PLC4 PLC4b PLC5 PLC5b PLC6 PLC6b L0 Network L0 Network L0 Network L0 Network L0 Network L0 Network Remote IO Remote IO Remote IO Remote IO Remote IO Remote IO RIO RIO RIO RIO RIO RIO Sensor Sensor Sensor Sensor Sensor Sensor 42.42 42.42 42.42 42.42 42.42 42.42 Actuators Sensors Actuators Sensors Actuators Sensors Actuators Sensors Actuators Sensors Actuators Sensors Process 1: Supply and Storage Process 4: De-Chlorination Process 2: Pre-treatment Process 5: Reverse Osmosis Process 3: Ultrafiltration Process 6: Permeate Managment Layer 1 Network: control L0 Networks: field daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs SWaT Security Showdown (S3) 5

  6. S3 Online Competition Setup (2016) • 6 invited international attacking teams ◮ 3 from industry ◮ 3 from academia ◮ Team names are anonymized ◮ No defenders in this phase • Jeopardy-style CTF logistics ◮ Flask-based web application (over HTTPS) ◮ 20 challenges (mostly SWaT-related) ◮ 5 categories (worth 510 points) ◮ Two 48-hours CTFs (3 team / CTF, identical CTFs) daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Online Phase 6

  7. S3 Online Phase: CTF Challenges Category Chs Points ICS Security Domains Forensics 4 105 Packet manipulation and cryptography MiniCPS 5 210 Simulated tank overflows, industrial network mapping, MitM attacks Misc 2 90 Web authentication, steganography PLC 3 60 Remote access to real PLCs, Ladder logic programming Trivia 6 45 SWaT’s physical process, devices and attacks Total 20 510 daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Online Phase 7

  8. S3 Online Phase: MiniCPS • MiniCPS: ◮ Combines mininet network emulation with ICS devices and physical process simulation 1 ◮ Mimics part of the SWaT control network 2 1 MiniCPS: A toolkit for security research on CPS Networks [CPS-SPC15] 2 Towards High-Interaction Virtual ICS Honeypots-in-a-Box [CSP-SPC16] daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Online Phase 8

  9. S3 Online Phase: MiniCPS • MiniCPS: ◮ Combines mininet network emulation with ICS devices and physical process simulation 1 ◮ Mimics part of the SWaT control network 2 1 MiniCPS: A toolkit for security research on CPS Networks [CPS-SPC15] 2 Towards High-Interaction Virtual ICS Honeypots-in-a-Box [CSP-SPC16] daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Online Phase 8

  10. S3 Online Phase: PLC • Attackers had access to a PLC programming IDE ◮ VNC client to get a GUI on the SWaT workstation ◮ Workstation runs Studio 5000 (Rockwell Automaton) • Ladder logic programming for PLC ◮ Sequential control logic represented as a diagram ◮ Graphical programming • Attacker had to audit and modify the PLC control logic ◮ Jump to a specific subroutine ◮ Fix bugs and reload the program in real-time ◮ No access to the firmware ◮ Recent related work 3 3 On Ladder Logic Bombs in Industrial Control Systems [CyberICPS17] daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Online Phase 9

  11. S3 Live Competition Setup (2016) • 6 defending teams ◮ 4 invited from industry ◮ 2 from SUTD • Same attacking teams of the online phase • Attack-defense CTF logistics ◮ 1 day access to the SWaT (prior to S3) ◮ 3 hours per attacking team (3 teams per day) ◮ 6 defenders played in all the sessions ◮ We scored only the attackers daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 10

  12. S3 Live Scoring System • Scoring goals: ◮ Incentivise sophisticated attacks to better evaluate the countermeasures ◮ De-incentivise re-use of same attack techniques ◮ Accomodate attackers with different expertises ◮ Correlate the score to an adequate ICS attacker model 4 4 On Attacker Models and Profiles for Cyber-Physical Systems [ESORICS16] daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 11

  13. S3 Live Scoring System • Scoring goals: ◮ Incentivise sophisticated attacks to better evaluate the countermeasures ◮ De-incentivise re-use of same attack techniques ◮ Accomodate attackers with different expertises ◮ Correlate the score to an adequate ICS attacker model 4 4 On Attacker Models and Profiles for Cyber-Physical Systems [ESORICS16] daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 11

  14. S3 Our Detectors: ARGUS and HAMIDS • Disclaimer ◮ I’m not the developer of these detection mechanisms • ARGUS 5 ◮ Based on physical invariants derived from the SWaT ◮ Invariants translated to the PLC control logic ◮ Extra PLC logic used for detection • HAMIDS 6 ◮ Distribute Bro detectors nodes in the ICS network ◮ Centrally collect and process network data ◮ Detect suspicious traffic 5 Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant [AsiaCCS16] 6 HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems [CPS-SPC16] daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 12

  15. S3 Live Phase: Attackers and Defenders DMZ IDS Network Internet SCADA Historian HMI HMI HMI Layer 1 Network Switch Process 1 Process 2 Process 3 Process 4 Process 5 Process 6 PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC PLC1 PLC1b PLC2 PLC2b PLC3 PLC3b PLC4 PLC4b PLC5 PLC5b PLC6 PLC6b L0 Network L0 Network L0 Network L0 Network L0 Network L0 Network Remote IO Remote IO Remote IO Remote IO Remote IO Remote IO RIO RIO RIO RIO RIO RIO Sensor Sensor Sensor Sensor Sensor Sensor 42.42 42.42 42.42 42.42 42.42 42.42 Actuators Sensors Actuators Sensors Actuators Sensors Actuators Sensors Actuators Sensors Actuators Sensors • SWaT testbed daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 13

  16. S3 Live Phase: Attackers and Defenders • Insider attacker daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 13

  17. S3 Live Phase: Attackers and Defenders • Cybercriminal attacker daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 13

  18. S3 Live Phase: Attackers and Defenders • ARGUS detection daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 13

  19. S3 Live Phase: Attackers and Defenders • HAMIDS detection daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 13

  20. S3 Selected Attacks Description Type ARGUS HAMIDS Score DoS PLC1 by Cyber 396 � � TCP SYN flooding Dosing pump Physical 360 � � manipulation Spoofing over the Physical 324 � � field network DDoS by Cyber 104 � � distributed ARP spoofing • Legend: � = Undetected, � = Detected. daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Live Phase 14

  21. S3 Online Phase Results (2016) Jeopardy-style CTF Category-Flags Team C-5 T-6 F-4 P-3 M-2 Flags Score T2 5 6 4 3 2 20 510 T6 5 6 4 3 2 20 510 T1 2 6 4 0 1 13 250 T4 4 4 2 0 0 10 161 T3 0 4 2 0 1 7 86 T5 0 4 2 0 1 7 66 Total 16 30 18 6 7 77 1583 • Legend: C=MiniCPS, T=Trivia, F=Forensics, P=PLC, M=Misc daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Evaluation 15

  22. S3 Live Phase Results (2016) Attack-defense CTF Team Attacks Score T5 5 688 T1 4 666 T3 3 642 T6 3 477 T2 2 458 T4 1 104 Total 18 3035 daniele_antonioli@sutd.edu.sg The SWaT Security Showdown (S3) CTFs S3 Evaluation 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Gamifying Your Giving Day How to build off the momentum of your Giving Day to motivate and

Gamifying Your Giving Day How to build off the momentum of your Giving Day to motivate and

Gamifying Your Giving Day How to build off the momentum of your Giving Day to motivate and excite your supporters What is Gamifying? Uses game-like strategies to motivate and engage potential donors to take action and help you reach your

279 views • 13 slides
GAMIFYING THE STUDY OF ALGORITHMS Player: Iulia Avram Round: EuroPython 2019 Level 1 History

GAMIFYING THE STUDY OF ALGORITHMS Player: Iulia Avram Round: EuroPython 2019 Level 1 History

GAMIFYING THE STUDY OF ALGORITHMS Player: Iulia Avram Round: EuroPython 2019 Level 1 History Great for Mental exercise Breaker of routine Logic and design improvement Knowing about algorithms as a social duty Loads to

842 views • 40 slides
MCIS/UA PHP Training 2003 Chapter 9 Web Techniques, Security, & Design Introduction

MCIS/UA PHP Training 2003 Chapter 9 Web Techniques, Security, & Design Introduction

MCIS/UA PHP Training 2003 Chapter 9 Web Techniques, Security, & Design Introduction This chapter will cover several miscellaneous topics concerning web application design in PHP and in general that were not covered elsewhere.

1.14k views • 36 slides
UCP UK Security Training like no other CLOSE PROTECTION TRAINING At its very best UCP ARE

UCP UK Security Training like no other CLOSE PROTECTION TRAINING At its very best UCP ARE

UCP UK Security Training like no other CLOSE PROTECTION TRAINING At its very best UCP ARE APPROVED, INSURED AND ASSURED TO DELIVER THE UK SIA LICENSED TRAINING DONT CHOOSE A PROVIDER THAT IS NOT QUALIFIED TACTICAL FIREARMS TRAINING

684 views • 36 slides
Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security Specialists M. ANGELA SASSE, RUHR UNIVERSITY BOCHUM & UCL The problem MENSCHLICH WELTOFFEN LEISTUNGSSTARK 2 ENISA Report December 2018

362 views • 33 slides
Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security Week 6 Week 2 Responsible

190 views • 18 slides
Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

410 views • 19 slides
Beta Presentation Gamifying Gamechan3rs The Capstone Experience Team Michael Sadler Foundation

Beta Presentation Gamifying Gamechan3rs The Capstone Experience Team Michael Sadler Foundation

Beta Presentation Gamifying Gamechan3rs The Capstone Experience Team Michael Sadler Foundation Daniel Marinetti Matthew Vedua Tristan Ozkan Dima Zhang Lina Jebara Department of Computer Science and Engineering Michigan State University

301 views • 9 slides
Project Plan Gamifying GameChang3rs The Capstone Experience Team Michael Sadler Foundation

Project Plan Gamifying GameChang3rs The Capstone Experience Team Michael Sadler Foundation

Project Plan Gamifying GameChang3rs The Capstone Experience Team Michael Sadler Foundation Daniel Marinetti Tristan Ozkan Lina Jebara Matthew Vedua Dima Zhang Department of Computer Science and Engineering Michigan State University From

244 views • 12 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security Seminar, Stanford University, 2017-01-17 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

939 views • 44 slides
Gamifying Academic English Skills in Higher Education: Reading Academic English App (StratApp)

Gamifying Academic English Skills in Higher Education: Reading Academic English App (StratApp)

Gamifying Academic English Skills in Higher Education: Reading Academic English App (StratApp) Anca Daniela Frumuselu Mar Gutierrez-Colon Plana Olga Hryckiewicz Outline Background of the project Overall aims of the project

244 views • 23 slides
Isolated virtualised clusters: Testbeds for high-risk security experimentation and training

Isolated virtualised clusters: Testbeds for high-risk security experimentation and training

Isolated virtualised clusters: Testbeds for high-risk security experimentation and training Jos M. Fernandez (*) cole Polytechnique de Montral Information Systems Security Research Lab ( Laboratoire SecSI ) (*) Joint work with: -

370 views • 21 slides
IoT, SDR, and Car Security Aaron Luo Who am I Aaron Luo Come from Taiwan Start

IoT, SDR, and Car Security Aaron Luo Who am I Aaron Luo Come from Taiwan Start

IoT, SDR, and Car Security Aaron Luo Who am I Aaron Luo Come from Taiwan Start security research since 15 th Community Experience CHROOT/HITCON (security group) - member III,CSIST (government organizations) - training course

1.36k views • 110 slides
Security Awareness Training This communication is printed, published or produced and disseminated

Security Awareness Training This communication is printed, published or produced and disseminated

Security Awareness Training This communication is printed, published or produced and disseminated at U.S. taxpayer expense. 2 Security Awareness Training Completing Security Awareness Training Similar to last year, Security Awareness

388 views • 18 slides
26/07/2019 DESIGN RESEARCH Design-based research Design research is an emerging paradigm which

26/07/2019 DESIGN RESEARCH Design-based research Design research is an emerging paradigm which

26/07/2019 DESIGN RESEARCH Design-based research Design research is an emerging paradigm which in education: Getting it aims to develop a sequence of activities and to published grasp an empirically grounded understanding of how learning

419 views • 15 slides
Virtual Mission and Training Areas at the Dutch Land Training Centre Science and Innovation

Virtual Mission and Training Areas at the Dutch Land Training Centre Science and Innovation

Virtual Mission and Training Areas at the Dutch Land Training Centre Science and Innovation Interoperable by Design at the Front Line Marco Welleman Frido Kuijper Royal Netherlands Army TNO Land Training Centre Defence, Security and

850 views • 37 slides
WELCOME PLEASE SIGN IN Public Information Centre, February 11, 2016, 5:30 pm to 8 pm Town of New

WELCOME PLEASE SIGN IN Public Information Centre, February 11, 2016, 5:30 pm to 8 pm Town of New

TOWN OF NEW TECUMSETH WATER SUPPLY, STORAGE AND DISTRIBUTION MASTER PLAN WELCOME PLEASE SIGN IN Public Information Centre, February 11, 2016, 5:30 pm to 8 pm Town of New Tecumseth Council Chambers, Alliston, ON The Town of New Tecumseth

587 views • 23 slides
Yahara WINs Strategic Planning Workgroup madsewer.org December 17, 2012 Agenda Opening

Yahara WINs Strategic Planning Workgroup madsewer.org December 17, 2012 Agenda Opening

Yahara WINs Strategic Planning Workgroup madsewer.org December 17, 2012 Agenda Opening Remarks Yahara WINs Pilot Project 2013 Budget MOU Invoicing 2012 Annual Report Preparation Work Plan Status Water Quality

291 views • 13 slides
An introduction to membraneFoam Presentation of the project work for the course 'CFD with

An introduction to membraneFoam Presentation of the project work for the course 'CFD with

An introduction to membraneFoam Presentation of the project work for the course 'CFD with OpenSource software', taught at Chalmers, winter term 2016 Fynn Aschmoneit Presentation outline Motivation Theoretical Background on forward

403 views • 12 slides
All short term processes Ignore influence of the Environment Load, Deformation, Velocity,

All short term processes Ignore influence of the Environment Load, Deformation, Velocity,

Mechanical Energy Field All short term processes Ignore influence of the Environment Load, Deformation, Velocity, Weight, Mass, Wave, Sound Foundation design Governing Laws Flow through porous media Acid rains Darcys

263 views • 8 slides
MDEX ILSC BUSINESS OPPORTUNITIES MR. DAVID W. HORTON, DEPUTY EXECUTIVE DIRECTOR. INTEGRATED

MDEX ILSC BUSINESS OPPORTUNITIES MR. DAVID W. HORTON, DEPUTY EXECUTIVE DIRECTOR. INTEGRATED

UNCLASSIFIED : Distribution Statement A - Approved for public release; distribution is unlimited UNCLASSIFIED//FOUO MDEX ILSC BUSINESS OPPORTUNITIES MR. DAVID W. HORTON, DEPUTY EXECUTIVE DIRECTOR. INTEGRATED LOGISTICS SUPPORT CENTER,

284 views • 13 slides
Back to the Future on the Back of an Envelope Terry M. Gray, Ph.D. ASA 2017 Colorado School of

Back to the Future on the Back of an Envelope Terry M. Gray, Ph.D. ASA 2017 Colorado School of

Back to the Future on the Back of an Envelope Terry M. Gray, Ph.D. ASA 2017 Colorado School of Mines Golden, Colorado Cityscapes Then (~1900) and Now Global and US Population Clock https://www.census.gov/popclock/ China 1.38 billion

439 views • 22 slides
Prometheus @ Datacenters Why Modbus Is Even Worse than SNMP Richard Hartmann, RichiH@ {

Prometheus @ Datacenters Why Modbus Is Even Worse than SNMP Richard Hartmann, RichiH@ {

Introduction Background Datacenters Prometheus Outro Prometheus @ Datacenters Why Modbus Is Even Worse than SNMP Richard Hartmann, RichiH@ { freenode,OFTC,IRCnet } , richih@ { debian,fosdem,richih } .org, @TwitchiH 2019-11-07 Richard

925 views • 41 slides
The Promise of Desalination in Texas Webcast Presented by: Texas Bar CLE January 2014 Speakers:

The Promise of Desalination in Texas Webcast Presented by: Texas Bar CLE January 2014 Speakers:

The Promise of Desalination in Texas Webcast Presented by: Texas Bar CLE January 2014 Speakers: Representative Bill Callegari , Eric S. Petersen , New York, NY Houston State Representative, Hawkins Delafield & Wood LLP District 132 Ms. Mary

187 views • 8 slides

More recommend