Urban Air Mobility is envisioned as an on-demand, highly automated and autonomous air transportation modality. It requires the use of advanced sensing and data communication technologies to gather, process, and share flight-critical data. Where this sharing of mix-critical data brings opportunities, if compromised, presents serious cybersecurity threats and safety risks due to the cyber-physical nature of the airborne vehicles. Therefore the avionics system design approach of adhering to functional safety standards (DO-178C) alone is inadequate to protect the mission-critical avionics functions from cyber-attacks. To approach this challenge, the DO-326A/ED-202A standard provides a baseline to effectively manage cybersecurity risks and to ensure the airworthiness of airborne systems. In this regard, this paper pursues a holistic cybersecurity engineering and bridges the security gap by mapping the DO-326A/ED-202A system security risk assessment activities to the Threat Analysis and Risk Assessment process. It introduces Resilient Avionics Architecture as an experimental use case for Urban Air Mobility by apprehending the DO-326A/ED-202A standard guidelines. It also presents a comprehensive system security risk assessment of the use case and derives appropriate risk mitigation strategies. The presented work facilitates avionics system designers to identify, assess, protect, and manage the cybersecurity risks across the avionics system life cycle.
Authored by Fahad Siddiqui, Alexander Ahlbrecht, Rafiullah Khan, Sena Tasdemir, Henry Hui, Balmukund Sonigara, Sakir Sezer, Kieran McLaughlin, Wanja Zaeske, Umut Durak
Wireless Sensor Networks (WSN s) have gained prominence in technology for diverse applications, such as environmental monitoring, health care, smart agriculture, and industrial automation. Comprising small, low-power sensor nodes that sense and collect data from the environment, process it locally, and communicate wirelessly with a central sink or gateway, WSN s face challenges related to limited energy resources, communication constraints, and data processing requirements. This paper presents a comprehensive review of the current state of research in WSN s, focusing on aspects such as network architecture, communication protocols, energy management techniques, data processing and fusion, security and privacy, and applications. Existing solutions are critically analysed regarding their strengths, weaknesses, research gaps, and future directions for WSNs.
Authored by Santosh Jaiswal, Anshu Dwivedi
AMLA is the novel Auckland Model for Logical Airgaps developed at University of Auckland. Convergence of IT-OT use cases are rapidly being implemented and mostly in an ad-hoc manner leaving large security holes. This paper introduces the first novel AMLA logical airgap design pattern; and showcases the AMLA’s layered defense system via New Zealand case study for the electricity distribution sector to propose how logical airgaps can be beneficial in New Zealand. Thus, able to provide security even to legacy methods and devices without replacing them to make the newer convergence use cases work economically and securely.
Authored by Abhinav Chopra, Nirmal-Kumar Nair, Rizki Rahayani
Wireless communication enables an ingestible device to send sensor information and support external on-demand operation while in the gastrointestinal (GI) tract. However, it is challenging to maintain stable wireless communication with an ingestible device that travels inside the dynamic GI environment as this environment easily detunes the antenna and decreases the antenna gain. In this paper, we propose an air-gap based antenna solution to stabilize the antenna gain inside this dynamic environment. By surrounding a chip antenna with 1 2 mms of air, the antenna is isolated from the environment, recovering its antenna gain and the received signal strength by 12 dB or more according to our in vitro and in vivo evaluation in swine. The air gap makes margin for the high path loss, enabling stable wireless communication at 2.4 GHz that allows users to easily access their ingestible devices by using mobile devices with Bluetooth Low Energy (BLE). On the other hand, the data sent or received over the wireless medium is vulnerable to being eavesdropped on by nearby devices other than authorized users. Therefore, we also propose a lightweight security protocol. The proposed protocol is implemented in low energy without compromising the security level thanks to the base protocol of symmetric challenge-response and Speck, the cipher that is optimized for software implementation.
Authored by Yeseul Jeon, Saurav Maji, So-Yoon Yang, Muhammed Thaniana, Adam Gierlach, Ian Ballinger, George Selsing, Injoo Moon, Josh Jenkins, Andrew Pettinari, Niora Fabian, Alison Hayward, Giovanni Traverso, Anantha Chandrakasan
The notion that ships, marine vessels and off-shore structures are digitally isolated is quickly disappearing. Affordable and accessible wireless communication technologies (e.g., short-range radio, long-range satellite) are quickly removing any air-gaps these entities have. Commercial, defence, and personal ships have a wide range of communication systems to choose from, yet some can weaken the overall ship security. One of the most significant information technologies (IT) being used today is satellite-based communications. While the backbone of this technology is often secure, third-party devices may introduce vulnerabilities. Within maritime industries, the market for satellite communication devices has also grown significantly, with a wide range of products available. With these devices and services, marine cyber-physical systems are now more interconnected than ever. However, some of these off-the-shelf products can be more insecure than others and, as shown here, can decrease the security of the overall maritime network and other connected devices. This paper examines the vulnerability of an existing, off-the-shelf product, how a novel attack-chain can compromise the device, how that introduces vulnerabilities to the wider network, and then proposes solutions to the found vulnerabilities.
Authored by Jordan Gurren, Avanthika Harish, Kimberly Tam, Kevin Jones
Air-gapped workstations are separated from the Internet because they contain confidential or sensitive information. Studies have shown that attackers can leak data from air-gapped computers with covert ultrasonic signals produced by loudspeakers. To counteract the threat, speakers might not be permitted on highly sensitive computers or disabled altogether - a measure known as an ’audio gap.’ This paper presents an attack enabling adversaries to exfiltrate data over ultrasonic waves from air-gapped, audio-gapped computers without external speakers. The malware on the compromised computer uses its built-in buzzer to generate sonic and ultrasonic signals. This component is mounted on many systems, including PC workstations, embedded systems, and server motherboards. It allows software and firmware to provide error notifications to a user, such as memory and peripheral hardware failures. We examine the different types of internal buzzers and their hardware and software controls. Despite their limited technological capabilities, such as 1-bit sound, we show that sensitive data can be encoded in sonic and ultrasonic waves. This is done using pulse width modulation (PWM) techniques to maintain a carrier wave with a dynamic range. We also show that malware can evade detection by hiding in the frequency bands of other components (e.g., fans and power supplies). We implement the attack using a PC transmitter and smartphone app receiver. We discuss transmission protocols, modulation, encoding, and reception and present the evaluation of the covert channel as well. Based on our tests, sensitive data can be exfiltrated from air-gapped computers through its built- in buzzer. A smartphone can receive data from up to six meters away at 100 bits per second.
Authored by Mordechai Guri
The rapid advancement of technology in aviation business management, notably through the implementation of location-independent aerodrome control systems, is reshaping service efficiency and cost-effectiveness. However, this emphasis on operational enhancements has resulted in a notable gap in cybersecurity incident management proficiency. This study addresses the escalating sophistication of the cybersecurity threat landscape, where malicious actors target critical safety information, posing risks from disruptions to potential catastrophic incidents. The paper employs a specialized conceptualization technique, derived from prior research, to analyze the interplays between malicious software and degraded modes operations in location-independent aerodrome control systems. Rather than predicting attack trajectories, this approach prioritizes the development of training paradigms to rigorously evaluate expertise across engineering, operational, and administrative levels in air traffic management domain. This strategy offers a proactive framework to safeguard critical infrastructures, ensuring uninterrupted, reliable services, and fortifying resilience against potential threats. This methodology promises to cultivate a more secure and adept environment for aerodrome control operations, mitigating vulnerabilities associated with malicious interventions.
Authored by Gabor Horvath
The medium-voltage (MV) power distribution networks have a complex topology, and this can easily cause air arc faults. However, the current of the air arc is low, and the arc temperature is only a few thousand Kelvin. In this case, the arc is in non-local thermodynamic equilibrium (non-LTE). The LTE state of arc is the basis for the establishment of arc model and the calculation of transport coefficient. In this paper, the non-LTE effect of the MV AC air arc is studied by the moiré deflection and the optical emission spectroscopy (OES) techniques.
Authored by Tong Zhou, Qing Yang, Tao Yuan
This paper presents AirKeyLogger - a novel radio frequency (RF) keylogging attack for air-gapped computers.Our keylogger exploits radio emissions from a computer’s power supply to exfiltrate real-time keystroke data to a remote attacker. Unlike hardware keylogging devices, our attack does not require physical hardware. Instead, it can be conducted via a software supply-chain attack and is solely based on software manipulations. Malware on a sensitive, air-gap computer can intercept keystroke logging by using global hooking techniques or injecting malicious code into a running process. To leak confidential data, the processor’s working frequencies are manipulated to generate a pattern of electromagnetic emissions from the power unit modulated by keystrokes. The keystroke information can be received at distances of several meters away via an RF receiver or a smartphone with a simple antenna. We provide related work, discuss keylogging methods and present multi-key modulation techniques. We evaluate our method at various typing speeds and on-screen keyboards as well. We show the design and implementation of transmitter and receiver components and present evaluation findings. Our tests show that malware can eavesdrop on keylogging data in real-time over radio signals several meters away and behind concrete walls from highly secure and air-gapped systems.
Authored by Mordechai Guri
Specific Emitter Identification (SEI) is advantageous for its ability to passively identify emitters by exploiting distinct, unique, and organic features unintentionally imparted upon every signal during formation and transmission. These features are attributed to the slight variations and imperfections that exist in the Radio Frequency (RF) front end, thus SEI is being proposed as a physical layer security technique. The majority of SEI work assumes the targeted emitter is a passive source with immutable and difficult-to-mimic signal features. However, Software-Defined Radio (SDR) proliferation and Deep Learning (DL) advancements require a reassessment of these assumptions, because DL can learn SEI features directly from an emitter’s signals and SDR enables signal manipulation. This paper investigates a strong adversary that uses SDR and DL to mimic an authorized emitter’s signal features to circumvent SEI-based identity verification. The investigation considers three SEI mimicry approaches, two different SDR platforms, the presence or lack of signal energy as well as a "decoy" emitter. The results show that "off-the-shelf" DL achieves effective SEI mimicry. Additionally, SDR constraints impact SEI mimicry effectiveness and suggest an adversary’s minimum requirements. Future SEI research must consider adversaries capable of mimicking another emitter’s SEI features or manipulating their own.
Authored by Donald Reising, Joshua Tyler, Mohamed Fadul, Matthew Hilling, Daniel Loveless
In a one-way secret key agreement (OW-SKA) protocol in source model, Alice and Bob have private samples of two correlated variables X and Y that are partially leaked to Eve through the variable Z, and use a single message from Alice to Bob to obtain a shared secret key. We propose an efficient secure OW-SKA when the sent message over the public channel can be tampered with by an active adversary. Our construction uses a specially designed hash function that is used for reconciliation, as well as detection of tampering. In detection of tampering the function is a Message Authentication Code (MAC) that maintains its security when the key is partially leaked. We prove the secrecy of the established key and robustness of the protocol, and discuss our results.
Authored by Somnath Panja, Shaoquan Jiang, Reihaneh Safavi-Naini
Can we hope to provide provable security against model extraction attacks? As a step towards a theoretical study of this question, we unify and abstract a wide range of “observational” model extraction defenses (OMEDs) - roughly, those that attempt to detect model extraction by analyzing the distribution over the adversary s queries. To accompany the abstract OMED, we define the notion of complete OMEDs - when benign clients can freely interact with the model - and sound OMEDs - when adversarial clients are caught and prevented from reverse engineering the model. Our formalism facilitates a simple argument for obtaining provable security against model extraction by complete and sound OMEDs, using (average-case) hardness assumptions for PAC-learning, in a way that abstracts current techniques in the prior literature. The main result of this work establishes a partial computational incompleteness theorem for the OMED: any efficient OMED for a machine learning model computable by a polynomial size decision tree that satisfies a basic form of completeness cannot satisfy soundness, unless the subexponential Learning Parity with Noise (LPN) assumption does not hold. To prove the incompleteness theorem, we introduce a class of model extraction attacks called natural Covert Learning attacks based on a connection to the Covert Learning model of Canetti and Karchmer (TCC 21), and show that such attacks circumvent any defense within our abstract mechanism in a black-box, nonadaptive way. As a further technical contribution, we extend the Covert Learning algorithm of Canetti and Karchmer to work over any “concise” product distribution (albeit for juntas of a logarithmic number of variables rather than polynomial size decision trees), by showing that the technique of learning with a distributional inverter of Binnendyk et al. (ALT 22) remains viable in the Covert Learning setting.
Authored by Ari Karchmer
Most proposals for securing control systems are heuristic in nature, and while they increase the protection of their target, the security guarantees they provide are unclear. This paper proposes a new way of modeling the security guarantees of a Cyber-Physical System (CPS) against arbitrary false command attacks. As our main case study, we use the most popular testbed for control systems security. We first propose a detailed formal model of this testbed and then show how the original configuration is vulnerable to a single-actuator attack. We then propose modifications to the control system and prove that our modified system is secure against arbitrary, single-actuator attacks.
Authored by John Castellanos, Mohamed Maghenem, Alvaro Cardenas, Ricardo Sanfelice, Jianying Zhou
Due to the broadcast nature of power line communication (PLC) channels, confidential information exchanged on the power grid is prone to malicious exploitation by any PLC device connected to the same power grid. To combat the ever-growing security threats, physical layer security (PLS) has been proposed as a viable safeguard or complement to existing security mechanisms. In this paper, the security analysis of a typical PLC adversary system model is investigated. In particular, we derive the expressions of the corresponding average secrecy capacity (ASC) and the secrecy outage probability (SOP) of the considered PLC system. In addition, numerical results are presented to validate the obtained analytical expressions and to assess the relevant PLS performances. The results show significant impacts of the transmission distances and the used carrier frequency on the overall transmission security.
Authored by Javier Fernandez, Aymen Omri, Roberto Di Pietro
Information system administrators must pay attention to system vulnerability information and take appropriate measures against security attacks on the systems they manage. However, as the number of security vulnerability reports increases, the time required to implement vulnerability remediation also increases, therefore vulnerability risks must be assessed and prioritized. Especially in the early stages of vulnerability discovery, such as zero-day attacks, the risk assessment must consider changes over time, since it takes time to spread the information among adversaries and defenders.The Common Vulnerability Scoring System (CVSS) is used widely for vulnerability risk assessment, but it cannot be said that it can sufficiently cope with temporal changes of risk of attacks. In this paper, we proposed software vulnerability growth models to assist system administrators in decision making. Experimental results show that these models can provide a visual representation of the risk over time.
Authored by Takashi Minohara, Masaya Shimakawa
In wireless security, cognitive adversaries are known to inject jamming energy on the victim’s frequency band and monitor the same band for countermeasures thereby trapping the victim. Under the class of cognitive adversaries, we propose a new threat model wherein the adversary, upon executing the jamming attack, measures the long-term statistic of Kullback-Leibler Divergence (KLD) between its observations over each of the network frequencies before and after the jamming attack. To mitigate this adversary, we propose a new cooperative strategy wherein the victim takes the assistance for a helper node in the network to reliably communicate its message to the destination. The underlying idea is to appropriately split their energy and time resources such that their messages are reliably communicated without disturbing the statistical distribution of the samples in the network. We present rigorous analyses on the reliability and the covertness metrics at the destination and the adversary, respectively, and then synthesize tractable algorithms to obtain near-optimal division of resources between the victim and the helper. Finally, we show that the obtained near-optimal division of energy facilitates in deceiving the adversary with a KLD estimator.
Authored by Soumita Hazra, J. Harshan
Current threat modeling methods focus on understanding the protected network from the perspective of the owners of those networks rather than on comprehensively understanding and integrating the methodology and intent of the threat. We argue that layering the human factors of the adversary over the existing threat models increases the ability of cybersecurity practitioners to truly understand possible threats. Therefore, we need to expand existing adversary and threat modeling approaches in cyberspace to include the representation of human factors of threats, specifically motivations, biases, and perceptions. This additional layer of modeling should be informed by an analysis of cyber threat intelligence reporting. By creating and adopting this expanded modeling, cybersecurity practitioners would have an understanding of how an adversary views their network, which would expand their ability to understand how their network is most likely to be attacked.
Authored by Stephanie Travis, Denis Gračanin, Erin Lanus
The high directionality of millimeter-wave (mmWave) communication systems has proven effective in reducing the attack surface against eavesdropping, thus improving the physical layer security. However, even with highly directional beams, the system is still exposed to eavesdropping against adversaries located within the main lobe. In this paper, we propose BeamSec, a solution to protect the users even from adversaries located in the main lobe. The key feature of BeamSec are: (i) Operating without the knowledge of eavesdropper’s location/channel; (ii) Robustness against colluding eavesdropping attack and (iii) Standard compatibility, which we prove using experiments via our IEEE 802.11ad/ay-compatible 60 GHz phased-array testbed. Methodologically, BeamSec first identifies uncorrelated and diverse beampairs between the transmitter and receiver by analyzing signal characteristics available through standard-compliant procedures. Next, it encodes the information jointly over all selected beampairs to minimize information leakage. We study two methods for allocating transmission time among different beams, namely uniform allocation (no knowledge of the wireless channel) and optimal allocation for maximization of the secrecy rate (with partial knowledge of the wireless channel). Our experiments show that BeamSec outperforms the benchmark schemes against single and colluding eavesdroppers and enhances the secrecy rate by 79.8\% over a random paths selection benchmark.
Authored by Afifa Ishtiaq, Arash Asadi, Ladan Khaloopour, Waqar Ahmed, Vahid Jamali, Matthias Hollick
The rapid growth of communication networks, coupled with the increasing complexity of cyber threats, necessitates the implementation of proactive measures to protect networks and systems. In this study, we introduce a federated learning-based approach for cyber threat hunting at the endpoint level. The proposed method utilizes the collective intelligence of multiple devices to effectively and confidentially detect attacks on individual machines. A security assessment tool is also developed to emulate the behavior of adversary groups and Advanced Persistent Threat (APT) actors in the network. This tool provides network security experts with the ability to assess their network environment s resilience and aids in generating authentic data derived from diverse threats for use in subsequent stages of the federated learning (FL) model. The results of the experiments demonstrate that the proposed model effectively detects cyber threats on the devices while safeguarding privacy.
Authored by Saeid Sheikhi, Panos Kostakos
Intelligent security system is an important part of intelligent site construction, which directly affects the life safety of operators and the level of engineering supervision. Traditional security communication systems for construction, mineral mining and other fields have problems such as small network coverage, low capacity, short terminal life and relatively simple function. According to the application scenarios and business requirements of intelligent security system, this paper uses LoRa AD-hoc networking technology to carry out the network architecture research and key technology design of intelligent security AD-hoc networking system. Further, the detailed design of the embedded software of the system terminal and gateway is completed, and the functions of physical sign monitoring, danger warning and terminal positioning are realized.
Authored by Ziyu Du, Daqin Peng, Xixian Chu, Hao Xu
Low probability of detection (LPD) has recently emerged as a means to enhance the privacy and security of wireless networks. Unlike existing wireless security techniques, LPD measures aim to conceal the entire existence of wireless communication instead of safeguarding the information transmitted from users. Motivated by LPD communication, in this paper, we study a privacy-preserving and distributed framework based on graph neural networks to minimise the detectability of a wireless ad-hoc network as a whole and predict an optimal communication region for each node in the wireless network, allowing them to communicate while remaining undetected from external actors. We also demonstrate the effectiveness of the proposed method in terms of two performance measures, i.e., mean absolute error and median absolute error.
Authored by Sivaram Krishnan, Jihong Park, Subhash Sagar, Gregory Sherman, Benjamin Campbell, Jinho Choi
Vehicular Ad Hoc Networks (VANETs) have the capability of swapping every node of every individual while driving and traveling on the roadside. The VANET-connected vehicle can send and receive data such as requests for emergency assistance, current traffic conditions, etc. VANET assistance with a vehicle for communication purposes is desperately needed. The routing method has the characteristics of safe routing to repair the trust-based features on a specific node.When malicious activity is uncovered, intrusion detection systems (IDS) are crucial tools for mitigating the damage. Collaborations between vehicles in a VANET enhance detection precision by spreading information about interactions across their nodes. This makes the machine learning distribution system feasible, scalable, and usable for creating VANET-based cooperative detection techniques. Privacy considerations are a major impediment to collaborative learning due to the data flow between nodes. A malicious node can get private details about other nodes by observing them. This study proposes a cooperative IDS for VANETs that safeguards the data generated by machine learning. In the intrusion detection phase, the selected optimal characteristics is used to detect network intrusion via a hybrid Deep Neural Network and Bidirectional Long Short-Term Memory approach. The Trust-based routing protocol then performs the intrusion prevention process, stopping the hostile node by having it select the most efficient routing path possible.
Authored by Raghunath Kawale, Ritesh Patil, Lalit Patil
Named Data Networking (NDN) has been considered a promising network architecture for Vehicular Ad Hoc Networks (VANETs), what became known as Vehicular Named-Data Networking (VNDN). This new paradigm brings the potential to improve Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) that are inefficient in urban intelligent transport scenarios. Despite the advantages, VNDN brings inherent problems, such as the routing interest packages on NDN, which causes serious problem in the vehicular environment. The broadcast storm attack results in a huge amount of packet loss, provoking transmission overload. In addition, the link disconnection caused by the highly dynamic topology leads to a low package delivery rate. In this article, we propose a strategy for forwarding packages of interest in VNDN networks, using fuzzy logic to mitigate the broadcast storm. The proposal also aims to avoid packet collision and efficient data recovery, which the approach is based on metrics such as the nodes distance, the link stability and the signal quality. The results show a reduction in the number of Interest and Data packets without disrupting network performance maintaining adequate Interest delays.
Authored by Ilane Cunha, Joaquim Junior, Marcial Fernandez, Ahmed Patel, Maxwell Monteiro
One of the popular networks highly used for creating various Adhoc network applications is Mobile Ad hoc Networks, which are vulnerable to various security attacks, one of which is the blackhole attack. One of the networks that come under MANET is the Vehicular Adhoc network. It uses multi-hop data transmission, which provides various pathways to malicious attacks. One of the attacks, non-identifiable easily, is a blackhole attack, a category of DoS attack. Earlier research methods provided different algorithms for identifying and detecting individual attacks or standard security methods. At the same time, the accuracy of malicious activity detection and elimination is not up to the mark. In which a malevolent node misleadingly publicizes itself as having the shortest path to a destination, causing other nodes to send their data to it, which the attacker discards. This paper proposes a genetic algorithm-based approach for detecting blackhole attacks in VANETs. Our approach uses a combination of network metrics, such as network throughput and end-to-end delay, and genetic algorithms to identify malicious nodes. The genetic algorithm is used to optimize the selection of network metrics and determine the weights given to each metric in the detection process. Simulation results show that our approach effectively detects blackhole attacks with high accuracy and low false positive rates.
Authored by Ganesh Dangat, S. Murugan
At present, the application of wireless Ad hoc network in the field of mobile security inspection is in its infancy, and the network security protection means for the power industry are still insufficient, which is highlighted by the lack of efficient security authentication means for Ad hoc network, and it is difficult to completely eliminate security risks such as illegal terminal intrusion, data counterfeiting and tampering. A decentralized security authentication scheme suitable for Ad hoc network is designed, which can solve the security trust transfer problem on the variable network topology. Under any network route, the security trust is transferred to the proxy node step by step through multiple peer authentication, and the authentication chain is eUEblished between the digital intelligence edge proxy device, the proxy node and the node to be accessed. On the one hand, it can effectively solve the counterfeit problem of A-nodes and proxy nodes; on the other hand, it can greatly reduce the problem of reduced security authentication efficiency caused by deepening network hierarchy.
Authored by Wang Kai, Fei Zhengming, Zhou Hui, Yu Jun, Shi Hongwei