on d n des esign gn and nd enh nhancem cement of of sm
play

On D n Des esign gn and nd Enh nhancem cement of of Sm Smart - PowerPoint PPT Presentation

Mar 26, 2023 •348 likes •483 views

On D n Des esign gn and nd Enh nhancem cement of of Sm Smart Grid H Hone oneypot S System em f for or P Practical Col Collec ection of of T Thr hrea eat In Intelli lligence - Long prelimina nary w work p pap aper -

  1. On D n Des esign gn and nd Enh nhancem cement of of Sm Smart Grid H Hone oneypot S System em f for or P Practical Col Collec ection of of T Thr hrea eat In Intelli lligence - Long prelimina nary w work p pap aper - Daisuke Mashima, Derek Kok, Wei Lin Advanced Digital Sciences Center, Illinois at Singapore Muhammad Hazwan, Alvin Cheng Custodio Technologies Pte Ltd This material is based on research/work supported in part by the Singapore National Research Foundation and the Cybersecurity R&D Consortium Grant Office under Seed Grant Award No. CRDCG2018-S01. This research is partly supported by the National Research Foundation, Singapore, Singapore University of Technology and Design under its National Satellite of Excellence in Design Science and Technology for Secure Critical Infrastructure Grant (NSoE_DeST-SCI2019-005). 1

  2. Background and Motivation • Honeypot is an effective tool to collect intelligence about attackers in the real world. • The collected intelligence helps us fine-tune cybersecurity measures (e.g., Firewall, IDS) • Honeypot for smart grid systems is still in early stage • No honeypot emulating the whole architecture or its cyber-physical behaviours • No established methodology for evaluating “goodness” of honeypot 2

  3. Approach • Develop prototype of honeypot (or honeynet) that emulates typical smart grid system • Conduct penetration testing to evaluate the honeypot system from the attackers perspective • Improve the honeypot implementation based on the findings 3

  4. Initial Honeypot Design and Implementation • Designed based on infrastructure compliant to IEC 60870 and IEC 61850 • Example of a setup that researchers would start with 4

  5. Evaluation from Attackers’ perspective • Penetration testing by cybersecurity experts • Scenario developed based on ICS-CERT and ICS Cyber Kill Chain • Use widely-used tools, such as Nmap and Metasploit 5

  6. Insights obtained from the experiments • Presence of virtual machines hinted by open ports Close related ports after virtual machines are started. • Lack of user accounts on Windows machines, which does not look like active, lively used systems Prepared user accounts with popular ID and weak password • OS/device fingerprinting results that are different from typical smart grid devices (IEDs, substation gateways) Discussed next 6

  7. Countering OS Fingerprinting against Smart Grid Devices • Active device • Passive device • Acts as a server and client (E.g., GW, PLC) • Only acts as a server (E.g. IEDs) • Run the same network services (HTTP, • Run the same network services IEC 60870-5-104, SSH) (HTTP, IEC 61850 MMS) • MAC address belonging to the same • MAC address belonging to the device vendor (e.g. Wago) same device vendor (e.g. Siemens) • Use VM running a Linux OS close to the • Honeyd to fake OS fingerprint real devices • To counter passive fingerprinting tools (e.g., P0f), Honeyd is not effective. • Devices of this category often run Linux 7

  8. Enhancement of Logging for Data Collection • Transparent proxy (TP) for secure logging of networking • Implemented as bump-in-the-wire device for network traffic monitoring • Application-level logging at virtual IED, PLC, and substation gateway SoftGrid: an open-source software-based substation testbed URL: http://www.illinois.adsc.com.sg/softgrid/ 8

  9. OS Fingerprints of Passive Devices • Significant improvement compared to initial IED using Mininet • Values of SP, ISR, and SS vary. • Only constant difference is IPL. • Although the specific IED model we studied returns 240, smart grid devices return 164. • Without the knowledge of the specific IED model, it is not feasible to tell if it is a fake device. 9

  10. OS Fingerprints of Active Devices • Difference in P0f fingerprints is seen in “mss*”, which varies depending on the network link. 10

  11. Conclusions & Future Work • Designed and implemented a honeypot that emulate comprehensive smart grid infrastructure • Presented the evaluation and enhancement of honeypot through penetration testing by security experts • The outcome is publicly available. • Conduct further evaluation with more participants, e.g., hacking/capture-the-flag competitions • Deploy the improved honeypot for real-world data collection • Explore use of honeypot for education/training purposes 11

  12. Tha hank nk y you u very m muc uch! h! • Questions and Inquiries: • Email: daisuke.m@adsc-create.edu.sg • Materials, Images, and Project Overview: • Web: https://www.illinois.adsc.com.sg/spotify/index.html 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PORTLAND CEMENT GRAY GOLD CEMENT 101 CONCRETE IS MADE FROM CEMENT, SAND, ROCKS, AND WATER THE

PORTLAND CEMENT GRAY GOLD CEMENT 101 CONCRETE IS MADE FROM CEMENT, SAND, ROCKS, AND WATER THE

PORTLAND CEMENT GRAY GOLD CEMENT 101 CONCRETE IS MADE FROM CEMENT, SAND, ROCKS, AND WATER THE CEMENT IS THE COMPONENT THAT GLUES THE MATERIALS TOGETHER QUICK HISTORY OF CEMENT The ancient Egyptians used calcined gypsum as a cement.

439 views • 17 slides
Marco Taoso Marco Taoso So Sommerf rfeld e eld enhanc nhancem ement Sommerf So rfeld e

Marco Taoso Marco Taoso So Sommerf rfeld e eld enhanc nhancem ement Sommerf So rfeld e

Instituto de Fisica Terica, IFT-CSIC Madrid Marco Taoso Marco Taoso So Sommerf rfeld e eld enhanc nhancem ement Sommerf So rfeld e eld enhanc nhancem ement and B and Bound St nd State f e forma mation and B and Bound St nd

748 views • 25 slides
Portland Cement Concrete Portland Cement Concrete Portland cement concrete consists of a mixture

Portland Cement Concrete Portland Cement Concrete Portland cement concrete consists of a mixture

Portland Cement Concrete Portland Cement Concrete Portland cement concrete consists of a mixture of portland cement, coarse and fine aggregates, and water. It may be amended with admixtures, fibers, or certain supplementary cementitious

1.26k views • 78 slides
Asphalt Cement Grading Asphalt Cement Performance During its lifetime, asphalt cement must

Asphalt Cement Grading Asphalt Cement Performance During its lifetime, asphalt cement must

Asphalt Cement Grading Asphalt Cement Performance During its lifetime, asphalt cement must perform well over a range of temperatures from more than 300F, where it behaves like a liquid, to below zero, where it behaves like an elastic solid.

812 views • 66 slides
NATURAL CEMENT DISTRIBUTION LTD. NATURAL CEMENT DISTRIBUTION LTD. TECHNICAL PRESENTATION ON

NATURAL CEMENT DISTRIBUTION LTD. NATURAL CEMENT DISTRIBUTION LTD. TECHNICAL PRESENTATION ON

NATURAL CEMENT DISTRIBUTION LTD. NATURAL CEMENT DISTRIBUTION LTD. TECHNICAL PRESENTATION ON NATURAL CEMENT & HOW IT CAN BENEFIT THE WATER INDUSTRY PRESENTED BY PHIL RICHARDSON MORTAR CHARACTERISTICS STRENGTHS In accordance with AFNOR

418 views • 30 slides
A review of global cement industry trends INSIGHTS FROM THE GLOBAL CEMENT REPORT, 12 TH EDITION

A review of global cement industry trends INSIGHTS FROM THE GLOBAL CEMENT REPORT, 12 TH EDITION

A review of global cement industry trends INSIGHTS FROM THE GLOBAL CEMENT REPORT, 12 TH EDITION Thomas Armstrong, Managing Editor International Cement Review Agenda Review of global cement markets in 2016 Consumption, trade and capacity

1.31k views • 40 slides
2 3 4

2 3 4

2 3 4 5 6 7 Bag cement still represent the largest portion of Cement demand growth was dominated by the growth of bulk cement

374 views • 19 slides
Realizing new markets, lessons learned in the cement industry Experience of the European Cement

Realizing new markets, lessons learned in the cement industry Experience of the European Cement

Realizing new markets, lessons learned in the cement industry Experience of the European Cement Industry November 17 th , 2016 Jan Theulen, Director Alternative Resources, HeidelbergCement Contents 1. Actual role of cement industry in Circular

358 views • 17 slides
BERRIMA CEMENT > Community Meeting 27 July 2017 Berrima Cement Works Berrima Agenda

BERRIMA CEMENT > Community Meeting 27 July 2017 Berrima Cement Works Berrima Agenda

Build something great BORAL BERRIMA CEMENT > Community Meeting 27 July 2017 Berrima Cement Works Berrima Agenda Welcome and introductions, safety moment Previous meeting and matters arising Boral Cement and Berrima Cement

345 views • 30 slides
Strength development of cement-treated sand using different cement types cured at different

Strength development of cement-treated sand using different cement types cured at different

4 th International Conference on Rehabilitation and Maintenance in Civil Engineering Best Western Premier Hotel, Solo Baru, July,1112 2018 Strength development of cement-treated sand using different cement types cured at different

457 views • 17 slides
Voluntary Tender Offer made by Titan Cement International S.A. (Titan Cement International)

Voluntary Tender Offer made by Titan Cement International S.A. (Titan Cement International)

Voluntary Tender Offer made by Titan Cement International S.A. (Titan Cement International) to all shareholders of Titan Cement Company S.A. (Titan) One more milestone in the dynamic growth path of Titan Group, fully reflecting

597 views • 10 slides
TAM Air An Eight Channel Isothermal Heat Flow Calorimeter for TAM Air Cement Cement / Concrete

TAM Air An Eight Channel Isothermal Heat Flow Calorimeter for TAM Air Cement Cement / Concrete

TAM Air An Eight Channel Isothermal Heat Flow Calorimeter for TAM Air Cement Cement / Concrete Research and Production Control use in the mW range Dr. Thomas Lemke C3 Prozess- und Analysentechnik GmbH Outline Isothermal calorimetry

863 views • 41 slides
Portland Cement ACI Definition portland cement ( n .) a cementitious product made by heating raw

Portland Cement ACI Definition portland cement ( n .) a cementitious product made by heating raw

Portland Cement ACI Definition portland cement ( n .) a cementitious product made by heating raw materials containing oxides of aluminum, silicon, and calcium to temperatures approaching 1500 C, then pulverizing the end product with a small

831 views • 58 slides
EsteCem II Self-Adhesive (SA) Cement VS Dual-Cured (DC) Resin Cement May-June 2017 Vol. 24, No.3

EsteCem II Self-Adhesive (SA) Cement VS Dual-Cured (DC) Resin Cement May-June 2017 Vol. 24, No.3

EsteCem II Self-Adhesive (SA) Cement VS Dual-Cured (DC) Resin Cement May-June 2017 Vol. 24, No.3 Self-adhesive resin cements are easy to use and provide low to medium bond strengths to tooth structure. They do not require the use of a bonding

453 views • 22 slides
Use of Alternative Use of Alternative Cement Cement Formulations Formulations Don Getzlaf

Use of Alternative Use of Alternative Cement Cement Formulations Formulations Don Getzlaf

Use of Alternative Use of Alternative Cement Cement Formulations Formulations Don Getzlaf Marty Stromquist Marty Stromquist Cemblend Systems Inc. I EAGHG 5 th W ellbore I ntegrity Netw ork Meeting MAY 1 5 th 1 4 2 0 0 9 w w w .cem

389 views • 21 slides
ION | I | I NTERIOR NTERIOR D ESIGN RESENTATION ESIGN A PRESENTATION BY NICHOLLS & ASSOCIATES

ION | I | I NTERIOR NTERIOR D ESIGN RESENTATION ESIGN A PRESENTATION BY NICHOLLS & ASSOCIATES

N ICHOLLS & A SSOCIATES P RESENTS M EMBERSHIP EMBERSHIP P RESENT ION | I | I NTERIOR NTERIOR D ESIGN RESENTATION ESIGN A PRESENTATION BY NICHOLLS & ASSOCIATES LTD . P E R S P E C T I V E P L A N F O Y & V & V I E W I N G L O U

981 views • 20 slides
3) OVERVIEW PLURAL OF NOUNS ( DE OLHO NO VESTIBULAR ) 4) REVIEW 2 Smartphone use could be

3) OVERVIEW PLURAL OF NOUNS ( DE OLHO NO VESTIBULAR ) 4) REVIEW 2 Smartphone use could be

1) TEXT STUDY 2) VOCABULARY 3) OVERVIEW PLURAL OF NOUNS ( DE OLHO NO VESTIBULAR ) 4) REVIEW 2 Smartphone use could be changing shape of our skull Scientists say that smartphones are changing the shape of people's skulls. Some people are

319 views • 12 slides
Mee$ng Highlights and Summary Robert C. Welsh, MD, FRCPC

Mee$ng Highlights and Summary Robert C. Welsh, MD, FRCPC

Mee$ng Highlights and Summary Robert C. Welsh, MD, FRCPC Professor of Medicine Director, Adult Cardiac Catheteriza$on and Interven$onal Cardiology

429 views • 25 slides
East Training EUGM Day 2 Pantelis Vlachos Pantelis.Vlachos@cytel.com Agenda Cytel Software map

East Training EUGM Day 2 Pantelis Vlachos Pantelis.Vlachos@cytel.com Agenda Cytel Software map

Shaping the Future of Drug Development East Training EUGM Day 2 Pantelis Vlachos Pantelis.Vlachos@cytel.com Agenda Cytel Software map East Overview/Introduction Phase I: Dose Escalation with cohort expansion (ESCALATE + PROGRAM)

1.41k views • 124 slides
Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters

Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters

Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven PQCRYPTO Mini-School and Workshop 28 June 2018 Error correction Digital media is exposed to memory corruption.

1.54k views • 72 slides
Experience in the design of fundamental couplers. S. Kazakov 09/04/2018 What is the main

Experience in the design of fundamental couplers. S. Kazakov 09/04/2018 What is the main

Experience in the design of fundamental couplers. S. Kazakov 09/04/2018 What is the main coupler of superconducting cavity and what is its purpose? The coupler is device between RF source and superconductive cavity. One side of coupler is

1.4k views • 49 slides
BioNB 4240 Name____________________________________________ Carl D. Hopkins

BioNB 4240 Name____________________________________________ Carl D. Hopkins

BioNB 4240 1. NEUROETHOLOGY: AN INTRODUCTION Carl D. Hopkins Dept. Neurobiology & Behavior Aug. 24, 2011 1 2 BioNB 4240 Name____________________________________________ Carl D. Hopkins

483 views • 6 slides
Slide 7 / 115 Slide 8 / 115 Living and Nonliving Characteristics of Living Things Categorize

Slide 7 / 115 Slide 8 / 115 Living and Nonliving Characteristics of Living Things Categorize

Slide 1 / 115 Slide 2 / 115 3 rd Grade PSI Growth and Development of Organisms 2015-12-06 www.njctl.org Slide 3 / 115 Slide 4 / 115 Set Up: Germination Lab Table of Contents Before we begin, we need to set up the Germination Lab! Click on

481 views • 20 slides
Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith,

Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith,

Trustworthy Cyber Infrastructure for the Power Grid Presentations Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith, Dartmouth College TCIP Industry Day October 17, 2007 University of Illinois

310 views • 16 slides

More recommend