Junia Valente

Limiting the Impact of Stealthy Attacks on Industrial Control Systems

While attacks on information systems have for most practical purposes binary outcomes (information was manipulated/eavesdropped, or not), attacks manipulating the sensor or control signals of Industrial Control Systems (ICS) can be tuned by the attacker to cause a continuous spectrum in damages. Attackers that want to remain undetected can attempt to hide their manipulation of the system by following closely the expected behavior of the system, while injecting just enough false information at each time step to achieve their goals. In this work, we study if attack-detection can limit the impact of such stealthy attacks. We start with a comprehensive review of related work on attack detection schemes in the security and control systems community. We then show that many of those works use detection schemes that are not limiting the impact of stealthy attacks. We propose a new metric to measure the impact of stealthy attacks and how they relate to our selection on an upper bound on false alarms. We finally show that the impact of such attacks can be mitigated in several cases by the proper combination and configuration of detection schemes. We demonstrate the effectiveness of our algorithms through simulations and experiments using real ICS testbeds and real ICS systems.

DIVAs 4.0: A Multi-Agent Based Simulation Framework

In this paper we present DIVAs 4.0, a framework that supports the development of large-scale agent-based simulation systems where agents are situated in open environments. DIVAs includes high-level abstractions for the definition of agents and open environments, a micro kernel for the management of the simulation workflow, domain-specific libraries for the rapid development of simulations, and reusable, extendable components for the control and visualization of simulations. We illustrate the use of DIVAs through the development of a simple simulator where virtual agents are situated in a virtual city.

Cyber-Physical Systems Attestation

Cyber-Physical Systems (CPS) are monitored and controlled by a wide variety of sensors and controllers. However, it has been repeatedly demonstrated that most of the devices interacting with the physical world (sensors and controllers) are extremely fragile to security incidents. One particular technology that can help us improve the trustworthiness of these devices is software attestation. While software attestation can help a verifier check the integrity of devices, it still has several drawbacks that have limited their application in the field, like establishing an authenticated channel, the inability to provide continuous attestation, and the need to modify devices to implement the attestation procedure. To overcome these limitations, we propose CPS-attestation as an attestation technique for control systems to attest their state to an external verifier. CPS-attestation enables a verifier to continuously monitor the dynamics of the control system over time and detect whether a component is not behaving as expected or if it is driving the system to an unsafe state. Our goal in this position paper is to initiate the discussion on the suitability of applying attestation techniques to control systems and the associated research challenges.

Using Visual Challenges to Verify the Integrity of Security Cameras

We propose a new way to verify the integrity and freshness of footage from security cameras by sending visual challenges to the area being monitored by the camera. We study the effectiveness of periodically updating plain text and QR code visual challenges, propose attack detection statistics for each of them, and study their performance under normal conditions (without attack) and against a variety of adversaries. Our implementation results show that visual challenges are an effective method to add defense-in-depth mechanisms to improve the trustworthiness of security cameras.

Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family

In this paper we identify new threats to drones in an effort to have a better public discussion of realistic attacks that vendors need to take into consideration when designing their products. In particular we study in detail the security of a new drone family (U818A) released in 2016, which is quickly becoming a best-selling brand, and is re-purposed and sold by a variety of drone vendors. We implemented and tested several attacks and considered privacy issues (e.g., remotely accessing someone elses drone to take video or images of a private setting), security issues (e.g., stealing a drone mid-flight), and safety issues (e.g., taking down a drone operated by someone else). We finish the paper by recommending basic steps to improve the security of drones.

A Survey of Physics-Based Attack Detection in Cyber-Physical Systems

Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false control commands or false sensor readings. In this article, we review previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges and to propose new solutions.

Remote Proofs of Video Freshness for Public Spaces

We propose the use of trusted and verified social media feeds as visual challenges to increase our confidence that video footage from public spaces is fresh and authentic. Our work is related to recent advances in a growing area dealing with ways to prove physical statements to a digital (or even human) verifier, where a verifier sends a physical (real-world) challenge to the prover and the prover (usually a sensor) takes measurements of the physical property and submits the response to the verifier. Our proposal can be used to automatically verify the video feed from a (possibly untrusted) camera monitoring a public space.

Security & Privacy in Smart Toys

We analyze the security practices of three smart toys that communicate with children through voice commands. We show the general communication architecture, and some general security and privacy practices by each of the devices. Then we focus on the analysis of one particular toy, and show how attackers can decrypt communications to and from a target device, and perhaps more worryingly, the attackers can also inject audio into the toy so the children listens to any arbitrary audio file the attacker sends to the toy. This last attack raises new safety concerns that manufacturers of smart toys should prevent.

On Modeling and Verification of Agent-Based Traffic Simulation Properties in Alloy

The advances in Intelligent Transportation Systems ITS call for a new generation of traffic simulation models that support connectivity and collaboration among simulated vehicles and traffic infrastructure. In this paper we introduce MATISSE, a complex, large scale agent-based framework for the modeling and simulation of ITS and discuss how Alloy, a modeling language based on set theory and first order logic, was used to specify, verify, and analyze MATISSEs traffic models.