Akamai: API: The attack surface that connects us all

Smart Grid (SG) infrastructure is an energy network connected with computer networks for communication over the internet and intranets. The revolution of SGs has also introduced new avenues of security threats. Although Digital Certificates provide countermeasures, however, one of the issues that exist, is how to efficiently distribute certificate revocation information among Edge devices. The conventional mechanisms, including certificate revocation list (CRL) and online certificate status protocol (OCSP), are subjected to some limitations in energy efficient environments like SG infrastructure. To address the aforementioned challenges, this paper proposes a scheme incorporating the advantages and strengths of the fog computing. The fog node can be used for this purpose with much better resources closer to the edge. Keeping the resources closer to the edge strengthen the security aspect of smart grid networks. Similarly, a fog node can act as an intermediate Certification Authority (CA) (i.e., Fog Node as an Intermediate Certification Authority (FONICA)). Further, the proposed scheme has reduced storage, communication, processing overhead, and latency for certificate verification at edge devices. Furthermore, the proposed scheme reduces the attack surface, even if the attacker becomes a part of the network.

Download Full-text

IoT Botnet Anomaly Detection Using Unsupervised Deep Learning

Electronics ◽

10.3390/electronics10161876 ◽

2021 ◽

Vol 10 (16) ◽

pp. 1876

Author(s):

Ioana Apostol ◽

Marius Preda ◽

Constantin Nila ◽

Ion Bica

Keyword(s):

Deep Learning ◽

Detection System ◽

False Positive Rate ◽

Empirical Evaluation ◽

Learning Approaches ◽

Promising Alternative ◽

Positive Rate ◽

Unsupervised Deep Learning ◽

Attack Surface ◽

Iot Devices

The Internet of Things has become a cutting-edge technology that is continuously evolving in size, connectivity, and applicability. This ecosystem makes its presence felt in every aspect of our lives, along with all other emerging technologies. Unfortunately, despite the significant benefits brought by the IoT, the increased attack surface built upon it has become more critical than ever. Devices have limited resources and are not typically created with security features. Lately, a trend of botnet threats transitioning to the IoT environment has been observed, and an army of infected IoT devices can expand quickly and be used for effective attacks. Therefore, identifying proper solutions for securing IoT systems is currently an important and challenging research topic. Machine learning-based approaches are a promising alternative, allowing the identification of abnormal behaviors and the detection of attacks. This paper proposes an anomaly-based detection solution that uses unsupervised deep learning techniques to identify IoT botnet activities. An empirical evaluation of the proposed method is conducted on both balanced and unbalanced datasets to assess its threat detection capability. False-positive rate reduction and its impact on the detection system are also analyzed. Furthermore, a comparison with other unsupervised learning approaches is included. The experimental results reveal the performance of the proposed detection method.

Download Full-text

A Guideline on Pseudorandom Number Generation (PRNG) in the IoT

ACM Computing Surveys ◽

10.1145/3453159 ◽

2021 ◽

Vol 54 (6) ◽

pp. 1-38

Author(s):

Peter Kietzmann ◽

Thomas C. Schmidt ◽

Matthias Wählisch

Keyword(s):

General Purpose ◽

Packet Transmission ◽

Limited Resources ◽

Systematic Evaluation ◽

The Internet ◽

Random Numbers ◽

Essential Input ◽

Attack Surface ◽

Pseudorandom Number Generation ◽

The Internet Of Things

Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sources are a challenging desire due to limited resources, deterministic real-time operations, and frequent lack of a user interface. In this article, we revisit the generation of randomness from the perspective of an IoT operating system (OS) that needs to support general purpose or crypto-secure random numbers. We analyze the potential attack surface, derive common requirements, and discuss the potentials and shortcomings of current IoT OSs. A systematic evaluation of current IoT hardware components and popular software generators based on well-established test suits and on experiments for measuring performance give rise to a set of clear recommendations on how to build such a random subsystem and which generators to use.

Download Full-text

Transport Layer Scanning for Attack Surface Detection in Vehicular Networks

Computer Science in Cars Symposium ◽

10.1145/3385958.3430476 ◽

2020 ◽

Author(s):

Nils Weiss ◽

Sebastian Renner ◽

Jürgen Mottok ◽

Václav Matoušek

Keyword(s):

Vehicular Networks ◽

Transport Layer ◽

Surface Detection ◽

Attack Surface

Download Full-text

Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

Journal of Cybersecurity and Privacy ◽

10.3390/jcp1020014 ◽

2021 ◽

Vol 1 (2) ◽

pp. 252-273

Author(s):

Pavlos Papadopoulos ◽

Oliver Thornewill von Essen ◽

Nikolaos Pitropakis ◽

Christos Chrysoulas ◽

Alexios Mylonas ◽

...

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection Systems ◽

Learning Models ◽

Detection Systems ◽

Network Intrusion ◽

Robust Model ◽

Significant Probability ◽

Adversarial Examples ◽

Attack Surface

As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability.

Download Full-text

Reducing Attack Surface with VM-Based Phantom Server

MILCOM 2013 - 2013 IEEE Military Communications Conference ◽

10.1109/milcom.2013.242 ◽

2013 ◽

Author(s):

Li Wang ◽

Zhan Wang ◽

Kun Sun ◽

Sushil Jajodia

Keyword(s):

Attack Surface

Download Full-text

Cybersecurity Considerations for Grid-Connected Batteries with Hardware Demonstrations

Energies ◽

10.3390/en14113067 ◽

2021 ◽

Vol 14 (11) ◽

pp. 3067

Author(s):

Megan Culler ◽

Hannah Burroughs

Keyword(s):

Power Systems ◽

Network Connectivity ◽

Energy Resources ◽

System Stability ◽

Distributed Energy Resources ◽

Distributed Energy ◽

Defense Strategies ◽

Storage Devices ◽

Attack Surface ◽

Area Of Concern

The share of renewable and distributed energy resources (DERs), like wind turbines, solar photovoltaics and grid-connected batteries, interconnected to the electric grid is rapidly increasing due to reduced costs, rising efficiency, and regulatory requirements aimed at incentivizing a lower-carbon electricity system. These distributed energy resources differ from traditional generation in many ways including the use of many smaller devices connected primarily (but not exclusively) to the distribution network, rather than few larger devices connected to the transmission network. DERs being installed today often include modern communication hardware like cellular modems and WiFi connectivity and, in addition, the inverters used to connect these resources to the grid are gaining increasingly complex capabilities, like providing voltage and frequency support or supporting microgrids. To perform these new functions safely, communications to the device and more complex controls are required. The distributed nature of DER devices combined with their network connectivity and complex controls interfaces present a larger potential attack surface for adversaries looking to create instability in power systems. To address this area of concern, the steps of a cyberattack on DERs have been studied, including the security of industrial protocols, the misuse of the DER interface, and the physical impacts. These different steps have not previously been tied together in practice and not specifically studied for grid-connected storage devices. In this work, we focus on grid-connected batteries. We explore the potential impacts of a cyberattack on a battery to power system stability, to the battery hardware, and on economics for various stakeholders. We then use real hardware to demonstrate end-to-end attack paths exist when security features are disabled or misconfigured. Our experimental focus is on control interface security and protocol security, with the initial assumption that an adversary has gained access to the network to which the device is connected. We provide real examples of the effectiveness of certain defenses. This work can be used to help utilities and other grid-connected battery owners and operators evaluate the severity of different threats and the effectiveness of defense strategies so they can effectively deploy and protect grid-connected storage devices.

Download Full-text