Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring Devices

The growth of IoT technology, increasing prevalence of embedded devices, and advancements in biomedical technology have led to the emergence of numerous wearable health monitoring devices (WHMDs) in clinical settings and in the community. The majority of these devices are Bluetooth Low Energy (BLE) enabled. Though the advantages offered by BLE-enabled WHMDs in tracking, diagnosing, and intervening with patients are substantial, the risk of cyberattacks on these devices is likely to increase with device complexity and new communication protocols. Furthermore, vendors face risk and financial tradeoffs between speed to market and ensuring device security in all situations. Previous research has explored the security and privacy of such devices by manually testing popular BLE-enabled WHMDs in the market and generally discussed categories of possible attacks, while mostly focused on IP devices. In this work, we propose a new semi-automated framework that can be used to identify and discover both known and unknown vulnerabilities in WHMDs. To demonstrate its implementation, we validate it with a number of commercially available BLE-enabled enabled wearable devices. Our results show that the devices are vulnerable to a number of attacks, including eavesdropping, data manipulation, and denial of service attacks. The proposed framework could therefore be used to evaluate potential devices before adoption into a secure network or, ideally, during the design and implementation of new devices.

Phát triển Framework ứng dụng AI hỗ trợ tự động khai thác lỗ hổng bảo mật

Tóm tắt—Hiện nay, nhiệm vụ đánh giá an toàn thông tin cho các hệ thống thông tin có ý nghĩa quan trọng trong đảm bảo an toàn thông tin. Đánh giá/khai thác lỗ hổng bảo mật cần được thực hiện thường xuyên và ở nhiều cấp độ khác nhau đối với các hệ thống thông tin. Tuy nhiên, nhiệm vụ này đang gặp nhiều khó khăn trong triển khai diện rộng do thiếu hụt đội ngũ chuyên gia kiểm thử chất lượng ở các cấp độ khác nhau. Trong khuôn khổ bài báo này, chúng tôi trình bày nghiên cứu phát triển Framework có khả năng tự động trinh sát thông tin và tự động lựa chọn các mã để tiến hành khai thác mục tiêu dựa trên công nghệ học tăng cường (Reinforcement Learning). Bên cạnh đó Framework còn có khả năng cập nhật nhanh các phương pháp khai thác lỗ hổng bảo mật mới, hỗ trợ tốt cho các cán bộ phụ trách hệ thống thông tin nhưng không phải là chuyên gia bảo mật có thể tự động đánh giá hệ thống của mình, nhằm giảm thiểu nguy cơ từ các cuộc tấn công mạng. Abstract—Currently, security assessment is one of the most important proplem in information security. Vulnerability assessment/exploitation should be performed regularly with different levels of complexity for each information system. However, this task is facing many difficulties in large-scale deployment due to the lack of experienced testing experts. In this paper, we proposed a Framework that can automatically gather information and automatically select suitable module to exploit the target based on reinforcement learning technology. Furthermore, our framework has intergrated many scanning tools, exploited tools that help pentesters doing their work. It also can be easily updated new vulnerabilities exploit techniques.

Optimalisasi Layanan Publik Badan Intelijen Negara Dalam Perspektif Global Cybersecurity Index

Indonesia is currently ranked 24th in the Global Cybersecurity Index (GCI) 2020. Indonesia's ranking can be improved by improving the assessment pillars of the GCI survey, one of the efforts is to improve the cyber security system of government agencies through Security Assessment. For this reason, the purpose of this study is to provide alternative solutions in order to optimize the public services of the State Intelligence Agency (BIN) in the form of Security Assessment in the perspective of the GCI 2020 survey. This research is a qualitative research using data related to BIN public services and then juxtaposed with data from the Global Cybersecurity survey. Index 2020 as a reference. The results of the study indicate that the optimization of the Security Assessment can be done by implementing cyber counterintelligence and optimizing the publication of services by paying attention to the rules of intelligence secrecy. With the optimization of the Security Assessment, it will affect the assessment of the Technical and Organizational pillars in the GCI survey so that it is expected that Indonesia's ranking will increase in the next survey.

Border security and surveillance System using IoT

Security along the international border is a critical process in security assessment; It must be exercised the 24x7. With the advancements in wireless IoT technology, it has become much easier to design, develop and deploy a cost-effective, automatic and efficient system for intrusion detection in the context of surveillance. This paper set up to set up the most efficient surveillance solution, we propose a Border Surveillance Systems and sensitive sites. this surveillance and security system is to detect and track intruders trespassing into the monitoring area along the border, it able which triggers off precocious alerts and valuation necessary for the catch of efficient measurements in case of a threat. Our system is based on the classification of the human gestures drawn from videos envoy by Drones equipped with cameras and sensors in real-time. All accomplished experimentation and acquired results showed the benefit diverted from the use of our system and therefore it enables our soldiers to watch the borders at each and every moment to effectively and at low cost.