Vulnerabilities, Attacks and

Countermeasures
Dr. Sriram Sankaran
Associate Professor and Deputy Director,
Center for Cybersecurity Systems and Networks
Amrita Vishwa Vidyapeetham
Amritapuri, Kollam-690525
 Overview of the Presentation
• Primer on Threats, Vulnerability and Risk
• Primer on Attacks and Countermeasures
• IoT Attacks
• Use of Systematic Approaches
 Goals of Information Assurance
• Confidentiality
• Integrity
• Authentication
• Non-repudiation
• Availability
• Resilience
• Safety
 Resiliency and Safety in Cyber-Physical
Systems
• Resiliency
• A resilient control system is one that maintains state awareness and an
accepted level of operational normalcy in response to disturbances, including
threats of an unexpected and malicious nature
• Safety
• The condition of being safe from undergoing or causing hurt, injury or loss
• Need for engineering approach that merges both attack and fault tree
analysis to identify and resolve mode failures and attack vectors
 Threats in IoT
• Information assurance threats to management and application data
• New Threats
• Threat to physical systems, hardware, software quality, environmental, supply
chain and others in security and safety domains
• Physical reliability and resilience threats
• Threats to control system transfer functions, state estimation filters and inner
control loop artifacts
Vulnerabilities
 Vulnerabilities in IoT
• Identify a weakness, either in the design, integration or operation of a
system or device
• Deficiencies in a device’s physical protection, software quality,
configuration, suitability of protocol security
• Attackers aware of the vulnerability potentials
• Unearth the vulnerabilities that are easiest, least costly or fastest to exploit
• Malicious hacking drives a for-profit marketplace of its own in dark
web settings
• System Compromise as an outcome for discovering vulnerabilities
 Risks
• Qualitative or Quantitative methods for Risk Evaluation
• Depends on the probability of a particular event, attack or condition
• Vulnerabilities in Desktop/laptop/Smart phone based operating
systems
• Risk Management through Threat Modeling
• Impact and Overall cost of a compromise
• How valuable the target may be to attackers
• Anticipated skill and motivations of the attackers
• A priori knowledge of a system’s vulnerabilities
 Common IoT Attack Types
• Wired and wireless scanning and mapping attacks
• Protocol attacks
• Eavesdropping attacks (loss of confidentiality)
• Cryptographic algorithm and key management attacks
• Spoofing and masquerading (authentication attacks)
• Operating System and application integrity attacks
• Denial of Service and jamming
• Physical Security attacks (for example: tampering, interface exposures)
• Access Control Attacks (Privilege Escalation)
Ecosystem of Attacks, Vulnerabilities and
Controls
 Attack Trees
• Numerous Attack vectors and surfaces
• Zero-day vulnerabilities
• Interconnected set of Attacks
• Attack trees
• Conceptual diagrams showing how an asset or target might be attacked
• Model the interconnected characteristics
• Visualize, communicate and understand the sequence of vulnerability
Building an attack tree for Unmanned Aircraft Systems (UAS)
Attack Trees: Expanding on Corrupt Navigation Database
Attack trees: Expanding Further
 Fault Trees and CPS
• Safety and reliability engineering
• Different from attack trees
• Used in fault tree analysis (FTA)
• History
• Originated in 1960 at Bell labs
• Missile systems prone to frequent failures
• Adopt FTA to achieve safety assurance
• Redundancy designed into many aircraft systems
 Difference between Fault and Attack Trees
• Fault Trees are not based on intelligently planned attacks
• Fault Trees traversed based on stochastic processes
• Each fault tree leaf is completely independent
 Merging fault and attack tree analysis
• Integrate fault-tree analysis into safety-critical IoT device and system
engineering methodologies
• IoT use cases need to be represented in FTA
• Need for security threat modelling for secure and fault-tolerant
design
• Understanding the interplay between Safety and Security
• Safety mitigations that don’t undermine security controls
• Security mitigations that don’t diminish safety controls
 Today’s IoT Attacks
• Miller, Charlie and Valesek, Chris. Remote Exploitation of an
Unaltered Passenger Vehicle. 10 August 2015.
• Data Exchange On The CAN Bus I, Self-Study Programme 238.
Available at http:// www.volkspage.net/technik/ssp/ssp/SSP_238.pdf.
 Attacks against Enterprise IoT
• Wireless reconnaissance and mapping
• Security protocol attacks
• Physical security attacks
• Application security attacks
Threat modelling an IoT system
 Case Study: Smart Parking System
• Consumer-facing service
• Payment Flexibility
• Entitlement Enforcement
• Trend Analysis
• Demand-response pricing
 Smart Parking System
• Security Goals
• Maintain integrity of all data collected within the system
• Maintain confidentiality of sensitive data within the system
• Maintain the availability of the system as a whole and each of its individual
components
Step 1:
Sensor data Video Streams Payment data
Identify the
assets
Lot sensors Sensor gateway IP Camera

Parking
Analytics System Kiosk
application

Infrastructure
communications
equipment
Step 2: System/Architecture Overview

Use case 2: Parking

Use case 1:
enforcement officer
Customer pays for
is alerted to non-
time in parking spot
payment incident
Architectural
Diagram
Technology/Platform Overview
 Step 3:
Decompose
the IoT
system
 Parking Management application

Smartphone application
Entry Kiosk
points for Sensor gateway administrative account
the System IP cameras

Enforcement application
 Step 4: Identify threats

Spoofing Tampering Information

Repudiation
identity with data Disclosure

Physical
Denial of Privileged Social
Security
Service Elevation Engineering
bypass

Supply chain
issues
 Smart
Parking
Threat
Matrix
 Step 5: Document the threats
• Parking thief charges legitimate customer for parking time by
accessing that customer’s account
• Parking thief receives free parking through unauthorized access to
backend smart parking application
• Parking thief receives free parking by asserting that the system
malfunctioned
 Step 6: Rate the threats

Damage Reproducibility Exploitability

Affected users Discoverability

Smart Parking: Threat Risk Ranking