Covert Attacks Research Articles

Multidevice False Data Injection Attack Models of ADS-B Multilateration Systems

Location verification is a promising approach among various ADS-B security mechanisms, which can monitor announced positions in ADS-B messages with estimated positions. Based on common assumption that the attacker is equipped with only a single device, this mechanism can estimate the position state through analysis of time measurements of messages using multilateration algorithm. In this paper, we propose the formal model of multidevice false data injection attacks in the ATC system against the location verification. Assuming that attackers equipped with multiple devices can manipulate the ADS-B messages in distributed receivers without any mutual interference, such attacker can efficiently construct attack vectors to change the results of multilateration. The feasibility of a multidevice false data injection attack is demonstrated experimentally. Compared with previous multidevice attacks, the multidevice false data injection attacks can offer lower cost and more covert attacks. The simulation results show that the proposed attack can reduce the attackers’ cost by half and achieve better time synchronization to bypass the existing anomaly detection. Finally, we discuss the real-world constraints that limit their effectiveness and the countermeasures of these attacks.

Two-Loop Covert Attacks Against Constant Value Control of Industrial Control Systems

In the field of covert data integrity attacks, considerable attention has focused on two important issues. One is the issue of how to change the state of a plant, and the other is how to avoid being detected by anomaly detectors. A two-loop covert attack is presented to provide an integrated solution for these two issues. As an exploratory attempt to establish the feasibility of machine learning-based covert attacks, it applies the least squares support vector machine to constructing covert attacks. The proposed attack consists of an attack loop and a covert loop, which are based on an attack agent and a covert agent, respectively. The attack agent can move the steady state of a target plant to a desired state, and the covert agent can closely imitate the normal steady state of the plant to cover up the attack agent. In particular, the attack is directed to proportional-integral-derivative algorithms. Experiments are carried out to demonstrate the feasibility of the proposed attack and show the applicability of machine learning methods in constructing covert attacks.

Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses

Over the last two decades, side and covert channel research has shown a variety of ways of exfiltrating information for a computer system. Processor microarchitectural timing-based side and covert channel attacks have emerged as some of the most clever attacks, and ones which are difficult to deal with, without impacting system performance. Unlike electromagnetic or power-based channels, microarchitectural timing-based side and covert channel do not require physical proximity to the target device. Instead, only malicious or cooperating spy applications need to be co-located on the same machine as the victim. And in some attacks even co-location is not needed, only timing of the execution of the victim application, as measured by a remote attacker, can lead to information leaks. This survey extracts the key features of the processor’s microarchitectural functional units which make the channels possible, presents an analysis and categorization of the variety of microarchitectural side and covert channels others have presented in literature, and surveys existing defense proposals. With advent of cloud computing and ability to launch microarchitectural side and covert channels even across virtual machines, understanding of these channels is critical for cybersecurity.

Boko Haram's Covert Front

Waging a highly irregular war — an insurgency — in Northeast Nigeria since September 2010, Boko Haram over the years has escalated as a threat form. By 2014, this threat extended beyond Nigeria’s borders; and by 2017, thousands of people had become casualties of the conflict; with millions displaced in Northeast Nigeria. Boko Haram however did not necessarily achieve this threat escalation by fighting and defeating the Nigerian military on the battlefield. A large part of Boko Haram’s calculations, rather, have been focused on its covert front and on war avoidance altogether. Indeed, covert tactics have been the main vehicle by which Boko haram has projected its threat to the Northwest and Central belt of Nigeria, as well as beyond its borders to Cameroon, Chad and Niger. Using unconventional tactics and focusing mostly on soft targets within the civilian space, Boko Haram in adopting guerrilla tactics and showing proficiency in war avoidance, has effectively taken away the Nigerian military’s traditional advantages. This approach moreover, has ensured that the insurgency has endured even as the Nigerian Army has been deploying increasing numbers of task force battalions, as a deterrent to both covert and overt attacks. Consequently, whereas overt attempts to hold and contest territory have markedly decreased since 2015 and Boko Haram continues to find relevance in its covert attacks. This paper interrogates Boko Haram’s covert front and discusses its features, impact and implications for the Nigerian military’s approach to tactical warfare in the Northeast.

A controller design for mitigation of passive system identification attacks in networked control systems

The literature regarding attacks in Networked Control Systems (NCS) indicates that covert and accurate attacks must be designed based on an accurate knowledge about the model of the attacked system. In this context, the literature on NCS presents the Passive System Identification attack as a metaheuristic-based tool to provide the attacker with the required system models. However, the scientific literature does not report countermeasures to mitigate the identification process performed by such passive metaheuristic-based attack. In this sense, this work proposes the use of a randomly switching controller as a countermeasure for the Passive System Identification attack, in case of failure of other conventional security mechanisms – such as encryption, network segmentation and firewall policies. This novel countermeasure aims to hinder the identification of the controller, so that the model obtained by the attacker is imprecise or ambiguous, in such a way that the attacker hesitates to launch covert or model-dependent attacks against the NCS. The simulation results indicate that this countermeasure is capable to mitigate the mentioned attack at the same time that it performs a satisfactory plant control.

Preprocessing Based Verification of Multiparty Protocols with Honest Majority

AbstractThis paper presents a generic “GMW-style” method for turning passively secure protocols into protocols secure against covert attacks, adding relatively cheap offline preprocessing and post-execution verification phases. Our construction performs best with a small number of parties, and its main benefit is the total cost of the online and the offline phases. In the preprocessing phase, each party generates and shares a sufficient amount of verified multiplication triples that will be later used to assist that party’s proof. The execution phase, after which the computed result is already available to the parties, has only negligible overhead that comes from signatures on sent messages. In the postprocessing phase, the verifiers repeat the computation of the prover in secret-shared manner, checking that they obtain the same messages that the prover sent out during execution. The verification preserves the privacy guarantees of the original protocol. It is applicable to protocols doing computations over finite rings, even if the same protocol performs its computation over several distinct rings. We apply our verification method to the Sharemind platform for secure multiparty computations (SMC), evaluate its performance and compare it to other existing SMC platforms offering security against stronger than passive attackers.

Covert Attacks in Cyber-Physical Control Systems

The advantages of using communication networks to interconnect controllers and physical plants motivate the increasing number of Networked Control Systems, in industrial and critical infrastructure facilities. However, this integration also exposes such control systems to new threats, typical of the cyber domain. In this context, studies have been conduced, aiming to explore vulnerabilities and propose security solutions for cyber-physical systems. In this paper, it is proposed a covert attack for service degradation, which is planned based on the intelligence gathered by another attack, herein proposed, referred as System Identification attack. The simulation results demonstrate that the joint operation of the two attacks is capable to affect, in a covert and accurate way, the physical behavior of a system.

A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing

The Internet threat landscape is fundamentally changing. A major shift away from hobby hacking toward well-organized cyber crime can be observed. These attacks are typically carried out for commercial reasons in a sophisticated and targeted manner, and specifically in a way to circumvent common security measures. Additionally, networks have grown to a scale and complexity, and have reached a degree of interconnectedness, that their protection can often only be guaranteed and financed as shared efforts. Consequently, new paradigms are required for detecting contemporary attacks and mitigating their effects. Today, many attack detection tasks are performed within individual organizations, and there is little cross-organizational information sharing. However, information sharing is a crucial step to acquiring a thorough understanding of large-scale cyber-attack situations, and is therefore seen as one of the key concepts to protect future networks. Discovering covert cyber attacks and new malware, issuing early warnings, advice about how to secure networks, and selectively distribute threat intelligence data are just some of the many use cases. In this survey article we provide a structured overview about the dimensions of cyber security information sharing. First, we motivate the need in more detail and work out the requirements for an information sharing system. Second, we highlight legal aspects and efforts from standardization bodies such as ISO and the National Institute of Standards and Technology (NIST). Third, we survey implementations in terms of both organizational and technological matters. In this regard, we study the structures of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), and evaluate what we could learn from them in terms of applied processes, available protocols and implemented tools. We conclude with a critical review of the state of the art and highlight important considerations when building effective security information sharing platforms for the future.

The real cyber war: the political economy of Internet freedom

Contemporary discussion surrounding the role of the internet in society is dominated by words like: internet freedom, surveillance, cybersecurity, Edward Snowden and, most prolifically, cyber war. Behind the rhetoric of cyber war is an on-going state-centered battle for control of information resources. Shawn Powers and Michael Jablonski conceptualize this real cyber war as the utilization of digital networks for geopolitical purposes, including covert attacks against another state's electronic systems, but also, and more importantly, the variety of ways the internet is used to further a states economic and military agendas. Moving beyond debates on the democratic value of new and emerging information technologies, The Real Cyber War focuses on political, economic, and geopolitical factors driving internet freedom policies, in particular the U.S. State Department's emerging doctrine in support of a universal freedom to connect. They argue that efforts to create a universal internet built upon Western legal, political, and social preferences is driven by economic and geopolitical motivations rather than the humanitarian and democratic ideals that typically accompany related policy discourse. In fact, the freedom-to-connect movement is intertwined with broader efforts to structure global society in ways that favor American and Western cultures, economies, and governments. Thought-provoking and far-seeing, The Real Cyber War reveals how internet policies and governance have emerged as critical sites of geopolitical contestation, with results certain to shape statecraft, diplomacy, and conflict in the twenty-first century.

The Fabian Mystique

The Fabian Mystique

Biography and Scholarship: A Reply to Professor Young

Biography and Scholarship: A Reply to Professor Young

Improving Performance of HVAC Systems to Reduce Exposure to Aerosolized Infectious Agents in Buildings; Recommendations to Reduce Risks Posed by Biological Attacks

The prospect of biological attacks is a growing strategic threat. Covert aerosol attacks inside a building are of particular concern. In the summer of 2005, the Center for Biosecurity of the University of Pittsburgh Medical Center convened a Working Group to determine what steps could be taken to reduce the risk of exposure of building occupants after an aerosol release of a biological weapon. The Working Group was composed of subject matter experts in air filtration, building ventilation and pressurization, air conditioning and air distribution, biosecurity, building design and operation, building decontamination and restoration, economics, medicine, public health, and public policy. The group focused on functions of the heating, ventilation, and air conditioning systems in commercial or public buildings that could reduce the risk of exposure to deleterious aerosols following biological attacks. The Working Group's recommendations for building owners are based on the use of currently available, off-the-shelf technologies. These recommendations are modest in expense and could be implemented immediately. It is also the Working Group's judgment that the commitment and stewardship of a lead government agency is essential to secure the necessary financial and human resources and to plan and build a comprehensive, effective program to reduce exposure to aerosolized infectious agents in buildings.

New challenges for public health care: biological and chemical weapons awareness, surveillance, and response.

Recent events in the United States have demonstrated a critical need for recognizing nurses and emergency health care providers as important elements of the nation's first line of defense and response against terrorist attacks involving biological, chemical, or radiological weapons. The anthrax letter attacks of September/October 2001 demonstrate the importance of vigilance and attention to detail while interviewing and attending patients and when entering, reviewing, and cataloging patient records. Nursing professionals, emergency care responders, and physicians can perform a crucial role in our first-line defense against terrorism by detecting and reporting unusual or anomalous illness(es) consistent with possible exposure to biological or chemical agents. Nursing professionals should become more familiar with the etiology and clinical symptoms of biological agents of greatest current concern (smallpox, anthrax, tularemia, plague) and be alert for potentially anomalous or unfamiliar combinations of symptoms that could point to unwitting exposure to biological toxins, toxic chemicals, or cryptic radiological agents. Public health surveillance systems must be developed that encourage and facilitate the rapid reporting and follow-up investigation of suspect illnesses and potential disease outbreaks that will ensure early identification and response for covert attacks involving biological, chemical, or radiological weapons.