attacks

Understanding Cyber Warfare Through Frameworks

/ bugejajoseph / Leave a comment
Photo by Joseph Fuller on Pexels.com

Cyber warfare is a rapidly evolving field, and various frameworks have been developed to better understand and defend against cyber attacks. Several cyber kill chains have been developed to explain what an attacker might do. The most commonly used at present are the Lockheed Martin Cyber Kill Chain and the MITRE ATT&CK framework.

The Lockheed Martin Cyber Kill Chain is a seven-stage framework that describes the steps an attacker might take in a cyber attack. It includes stages for reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. 

The MITRE ATT&CK framework is a comprehensive database of tactics, techniques, and procedures used by attackers that is organized into several categories such as initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, and exfiltration.

The Unified Kill Chain is a framework that combines elements from the Lockheed Martin Cyber Kill Chain, the MITRE ATT&CK framework, and other frameworks to provide a more comprehensive view of cyber attacks.  It includes eighteen attack phases, which are the steps a cyberattack may progress through.

Overall, cyber warfare is highly complex and requires extensive knowledge and understanding of the different frameworks and best practices for defending against attacks. By familiarizing ourselves with these frameworks, we can better prepare ourselves for the challenges ahead and ensure our networks remain secure.

Panel Discussion on the topic of Designing IoT Systems

/ bugejajoseph / Leave a comment

I was invited to participate in a panel discussion at Malmö University on Friday, April 8th. The topic of “Designing IoT Systems” was the one I was asked to speak about. There were representatives from Sony and Sigma Connectivity in the panel with me. Concerns about trustworthiness were a major topic of discussion during the session. 

Safety, security, privacy, reliability, and resilience tend to be identified by several researchers as the main trustworthiness concerns in the IoT domain. These concerns are there to ensure that systems function as intended in a variety of situations.

According to several academics, the most challenging aspects of designing trustworthy IoT systems are achieving privacy and security. From applications to devices, each layer of the Internet of Things has its own set of security risks and potential attacks. From a research perspective, a hot topic is that of building energy-efficient security, along with scalable and dynamic security architectures. Preserving data privacy in the IoT, on the other hand, is also particularly challenging. Existing IoT privacy mechanisms are often built for single services, and not necessarily for interdependent, dynamic, and heterogeneous services. Building new privacy preservation techniques for interdependent services is a hot topic, as is federated learning when it comes to data privacy.

Panel discussion on the topic of “Designing IoT Systems”

Finally, there are a number of standards that pertain to trustworthiness. ISO/IEC 30147 “Integration of trustworthiness in IoT lifecycle processes” and ISO/IEC 30149 “IoT trustworthiness principles” are two ISO/IEC standards.

If you want to collaborate with me or learn more about a specific topic that is related to my research topics, please send me an email.

The Internet of Things and Security

/ bugejajoseph / Leave a comment

The Internet of Things (IoT) is changing the way we live. The IoT is the idea of having devices that are connected to each other and can be controlled via the Internet. Cameras, refrigerators, alarm systems, televisions, and other electronic gadgets are examples of such devices. The IoT has contributed to giving people an improved quality of life.

But how can we put our trust in all of these IoT devices? How can we be sure they will not turn against us? How will we know whether or not the device we are utilizing is safe? All of these questions are key to unlocking growth in the IoT.

IoT devices can be both, physical and virtual in nature. They can have a variety of different functions, from being a simple remote control to being a complex system that monitors the environment, collects data, and sends it back for analysis.

Many people do not realize that their smart home devices may contain security vulnerabilities that hackers could exploit. Hackers can enter a smart home or even switch off the power by exploiting weaknesses in IoT devices such as connected door locks and lighting systems. For instance, over the course of one week, a study by the UK-based consumer group Which? discovered 2,435 malicious attempts to enter into devices with weak default usernames and passwords in a fake “smart home.”

Cybersecurity is a critical responsibility for organizations of all sizes, but manufacturers, in particular, must do more to ensure that IoT devices are secure from hackers and do not endanger consumer lives. Recently, in the UK, the Product Security and Telecommunications Infrastructure (PSTI) Bill was introduced subjecting stricter cybersecurity rules for manufacturers, importers, and distributors of IoT technologies. This new legislation intends to better protect consumers’ IoT devices from hackers, as well as help the IoT market get the trust it needs to reach its full potential. 

If you would like to learn about IoT security and how to safeguard your IoT devices, please get in touch.

Lecture about IoT Security

/ bugejajoseph / Leave a comment

On Tuesday, September 28th, I delivered an online lecture to Bachelor’s students at Lund University in Sweden. In the lecture I covered the topic of IoT security, especially in relation to consumer IoT systems.

One of the slides that I discussed in my lecture is shown below. Mirai malware is seen as a watershed moment in the threat landscape, demonstrating that IoT botnets can be deployed in distributed denial-of-service (DDoS) attacks and do substantial damage.

  • The equipment that was used to deliver the online lecture (September 2021).

Recognizing the significance of addressing IoT security, especially as more and more things become connected to the Internet, European Commission President Ursula von der Leyen unveiled a Cyber Resilience Act on September 15, 2021. This Act lays out a common European approach to cyber security by establishing common cybersecurity standards for connected devices.

If you have any queries about information security or would like to collaborate with me, please contact me.

A Research Proposal about Poisoning Attacks

/ bugejajoseph / Leave a comment

On Tuesday, 29th June, I did my last presentation before taking my Summer vacation. In the presentation, I talked about a potential research proposal concentrated on data poisoning attacks. Specifically, I discussed how this attack class could target an IoT-based system, such as a smart building, resulting in potentially severe consequences to a business. While poisoning attacks have been researched for a bit, they are relatively understudied especially in contexts involving online learning and interactive learning.

Here is a link to a redacted version of my presentation:

Research ProposalDownload

In case you want to know more about cyber security especially its application to the IoT and Machine Learning based systems you are welcome to drop me a message.

Security Engineering and Machine Learning

/ bugejajoseph / Leave a comment

This week I attended the 36th IFIP TC-11 International Information Security and Privacy Conference. The conference was organized by the Department of Informatics at the University of Oslo. During the first day of the conference, there was a keynote on Security Engineering by the celebrated security expert Prof. Dr. Ross Anderson.

He discussed the topic involving the interaction between security engineering and machine learning. He warned us about the things that can go wrong with machine learning systems, including some new attacks and defenses, such as the Taboo Trap, data ordering attacks, sponge attacks, and more.

Outline of Ross Anderson’s keynote (IFIP TC-11).

I especially enjoyed the part of his talk where he mentions the human to machine learning interaction. Coincidentally, this is a topic that I am researching. He discusses cases when robots incorporating machine learning components start mixing with humans, and then some tension and conflict, e.g., robots trying to deceive and bully humans, arises. This is a scenario that we should expect to see more in the future.

I highly recommend you to consider purchasing his brilliant book titled: “Security Engineering: A Guide to Building Dependable Distributed Systems”. This book is filled with actionable advice and latest research on how to design, implement, and test systems to withstand attacks. Certainly, this book has an extremely broad coverage of security in general and absolutely worth the purchase!

Keeping Your Smart Home Secure

/ bugejajoseph / Leave a comment

Smart homes are increasingly being subjected to attacks. The motives for this range from pranking users, causing chaos, cyberstalking, and more nefarious purposes. In spite of that, there are various strategies that residents can use to keep their home secure from intruders. In my latest article, I identify and discuss five of these strategies.

Check out the full article (in Swedish) by clicking here.

A full transcript in English is available to any interested reader.

Common Attacks in the IoT

/ bugejajoseph / Leave a comment

In general, an IoT architecture is composed of three layers: physical layer, network layer, and services layer. The physical layer (also called perception layer) constitutes of hardware, namely, sensors, actuators, RFID, etc., that collect data from individuals and their environment. The network layer (also called transport layer) facilitates the interchange and processing of data between the physical and services layer.  Examples of technologies used here are: 4G/5G, Wi-Fi, Bluetooth, etc. The services layer (also called application layer) is responsible for processing the received information from the network layer and issuing instructions to be implemented by the equipment in the physical layer.  Hereunder, I identify some of the common attacks occurring at the different IoT architecture layers:

Attacks at the Physical Layer

  • Denial-of-service: Packets are sent along the routing path to the base station causing network disruption and battery exhaustion of the node.
  • False node: Addition of a node to the network which sends malicious data and thereby affecting the availability of a system.
  • Integrity: Injection of false sensor measurements and control inputs causing system disruption.
  • Node capture: Information leakage caused by taking control over a node that could contain sensitive data such as encryption keys.
  • Node outage: Node services are stopped making it rather difficult to extract information from them.

Attacks at the Network Layer

  • Jamming: The wireless channel between the sensor nodes and the remote base station becomes obstructed through a signal with the same frequency.
  • Selective Forwarding: A compromised node is introduced to drop and discard packets and forward selected packets.
  • Sinkhole: The attacking node offers the best routing path for the devices in the network; and hence resulting in congestion (amongst other issues) in the IoT environment.
  • Sybil: An attacker can manipulate false identities or misuse pseudo identities to compromise the efficiency of the IoT and even spread spam.
  • Wormhole: Creation of information holes in the network by the announcement of false paths through which all the packets are routed.

Attacks at the Services Layer

  • Buffer Overflow: The vulnerable features in the software lead to buffer overflow vulnerabilities (where a program while writing data to a buffer overwrites adjacent memory locations) and exploit it to launch attacks.
  • Malicious Code: Services are attacked by via malware, worms, virus, adware, and spyware. These can degrade performance or collapse client devices.
  • Phishing: This attack aims to capture an individual’s personal information where an attacker appears as legitimate user in the network and gains knowledge about the sensitive information regarding an individual.

In this article, I listed some of the more common security attacks affecting IoT-based systems. The reality, is that there can be more attacks (e.g., man-in-the-middle attacks), and the architecture can be further decomposed into additional layers (e.g., physical layer, data link layer, network layer, transport layer, and application layer).

Given that there is no dictionary, glossary, or list of some kind, that acts as a reference identifying the different IoT security and privacy attacks, from my side I will be working to put one myself. I believe that this will be somewhat useful for both researchers and industry, e.g., as a way to measure the strength of their product or as a tool to assess risks in an IoT-based system.

Stay tuned, as I will be soon having such a list available under the “Projects” section. In the meantime, as always if you want to learn more about IoT attacks, cybersecurity threats, risks, etc. get in touch; and I would be willing to help.