Yu-Lun Huang

Attacks against process control systems: risk assessment, detection, and response

In the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively attack control systems. While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing traditional information technology (IT) systems. In particular, the sophistication of new malware attacking control systems--malware including zero-days attacks, rootkits created for control systems, and software signed by trusted certificate authorities--has shown that it is very difficult to prevent and detect these attacks based solely on IT system information. In this paper we show how, by incorporating knowledge of the physical system under control, we are able to detect computer attacks that change the behavior of the targeted control system. By using knowledge of the physical system we are able to focus on the final objective of the attack, and not on the particular mechanisms of how vulnerabilities are exploited, and how the attack is hidden. We analyze the security and safety of our mechanisms by exploring the effects of stealthy attacks, and by ensuring that automatic attack-response mechanisms will not drive the system to an unsafe state. A secondary goal of this paper is to initiate the discussion between control and security practitioners--two areas that have had little interaction in the past. We believe that control engineers can leverage security engineering to design--based on a combination of their best practices--control algorithms that go beyond safety and fault tolerance, and include considerations to survive targeted attacks.

Understanding the physical and economic consequences of attacks on control systems

Abstract This paper describes an approach for developing threat models for attacks on control systems. These models are useful for analyzing the actions taken by an attacker who gains access to control system assets and for evaluating the effects of the attacker’s actions on the physical process being controlled. The paper proposes models for integrity attacks and denial-of-service (DoS) attacks, and evaluates the physical and economic consequences of the attacks on a chemical reactor system. The analysis reveals two important points. First, a DoS attack does not have a significant effect when the reactor is in the steady state; however, combining the DoS attack with a relatively innocuous integrity attack rapidly causes the reactor to move to an unsafe state. Second, an attack that seeks to increase the operational cost of the chemical reactor involves a radically different strategy than an attack on plant safety (i.e., one that seeks to shut down the reactor or cause an explosion).

Efficient key distribution schemes for secure media delivery in pay-TV systems

To provide secure media delivery in pay-TV systems, a large number of messages are exchanged for key updates in the conventional key distribution schemes. This is inefficient and costly when the client side (set-top box) uses a smart card with limited computing power. In this paper, we present three key distribution schemes for channel protection and secure media delivery in pay-TV systems. With the proposed schemes, encryption keys of the subscribed programs can be efficiently and securely distributed to the authorized subscribers. Only one message is needed to renew key in the key distribution schemes for subscription channel protection. In addition, we use simpler computation functions, including one-way hash function and exclusive-OR operation, for key updates to reduce the computation cost. With our key distribution schemes, only authorized subscribers can watch the subscribed programs correctly. Unauthorized subscribers have no information to retrieve the correct programs over the networks. Thus, service providers can charge their subscribers according to their subscriptions, and the illegal access of the media and video programs from networks can be prevented, based on the proposed schemes.

S-AKA: A Provable and Secure Authentication Key Agreement Protocol for UMTS Networks

The authentication and key agreement (AKA) protocol of Universal Mobile Telecommunication System (UMTS), which is proposed to solve the vulnerabilities found in Global System for Mobile Communications (GSM) systems, is still vulnerable to redirection and man-in-the-middle attacks. An adversary can mount these attacks to eavesdrop or mischarge the subscribers in the system. In this paper, we propose a secure AKA (S-AKA) protocol to cope with these problems. The S-AKA protocol can reduce bandwidth consumption and the number of messages required in authenticating mobile subscribers. We also give the formal proof of the S-AKA protocol to guarantee its robustness.

A Batch-Authenticated and Key Agreement Framework for P2P-Based Online Social Networks

Online social networks (OSNs) such as Facebook and MySpace are flourishing because more and more people are using OSNs to share their interests with friends. Because security and privacy issues on OSNs are major concerns, we propose a security framework for simultaneously authenticating multiple users to improve the efficiency and security of peer-to-peer (P2P)-based OSNs. In the proposed framework, three batch authentication protocols are proposed, adopting the one-way hash function, ElGamal proxy encryption, and certificates as the underlying cryptosystems. The hash-based authentication protocol requires lower computational cost and is suitable for resource-limited devices. The proxy-based protocol is based on asymmetric encryption and can be used to exchange more information among users. The certificate-based protocol guarantees nonrepudiation of transactions by signatures. Without a centralized authentication server, the proposed framework can therefore facilitate the extension of an OSN with batched verifications. In this paper, we formally prove that the proposed batch authentication protocols are secure against both passive adversaries and impersonator attacks, can offer implicit key authentication, and require fewer messages to authenticate multiple users. We also show that our protocols can meet important security requirements, including mutual authentication, reputation, community authenticity, nonrepudiation, and flexibility. With these effective security features, our framework is appropriate for use in P2P-based OSNs.

A Graph Approach to Quantitative Analysis of Control-Flow Obfuscating Transformations

Modern obfuscation techniques are intended to discourage reverse engineering and malicious tampering of software programs. We study control-flow obfuscation, which works by modifying the control flow of the program to be obfuscated, and observe that it is difficult to evaluate the robustness of these obfuscation techniques. In this paper, we present a framework for quantitative analysis of control-flow obfuscating transformations. Our framework is based upon the control-flow graph of the program, and we show that many existing control-flow obfuscation techniques can be expressed as a sequence of basic transformations on these graphs. We also propose a new measure of the difficulty of reversing these obfuscated programs, and we show that our framework can be used to easily evaluate the space penalty due to the transformations.

An Analytic Hierarchy Process-Based Risk Assessment Method for Wireless Networks

This paper presents a wireless risk assessment method to help an administrator manage wireless network security. The assessment method consists of a risk model and an assessment measure. The risk model is in charge of modeling the wireless network risk. Security requirements, wireless attacks, and system configurations are considered in the model. The assessment measure is an algorithm which determines the risk value of the wireless network according to the risk model. Our risk model is developed upon an extended analytic hierarchy process, which contains the 4 layers: the risk layer, the requirement layer, the attack layer, and the configuration layer. The separate layers of the risk model are helpful in dealing with the dynamics of a wireless network because only the related layers are introduced to the assessment measure when changes of the network are detected. Based on the risk model per device, our assessment measure evaluates the wireless network risk in consideration of the relations between devices, attacks, and configurations. Hence, our risk assessment method, composed of the risk model and the assessment measure, can determine the wireless network risk efficiently while considering the dependencies in the wireless network. Two examples are introduced in this paper to examine the feasibility of our method. In the first example, we demonstrate that the risk values derived by our method meet the ground truth by performing practical experiments. The second example shows that our method can evaluate the risk of a changing wireless network with efficiency, and can distinguish disparities in different wireless networks.

Network address translators: effects on security protocols and applications in the TCP/IP stack

One proposed method for mitigating the address shortage problem in IPv4 is to use network address translators (NATs) to allow address reuse. The basic idea is to transparently map a wide set of private network addresses and corresponding TCP/UDP ports to a small set of globally unique public network addresses and ports. NAT devices provide a way to handle IP address depletion incrementally, without changing hosts and routers, until more long-term approaches like IPv6 can be implemented. Existing Internet security protocols must be re-examined, however, to see how they function within this new network environment. We begin with a description of the four NAT environments and a discussion of their limitations. We then examine the relationships between NAT devices and popular Internet security protocols and applications at each layer of the TCP/IP stack to see if they can survive with NAT devices.

Practical key distribution schemes for channel protection

The paper presents three key distribution schemes for channel protection. With the proposed schemes, encryption keys of the ordered programs can be distributed to the authorized subscribers efficiently and securely. In these schemes, for key updates, at most two messages are transmitted and simpler computation functions, including one-way hash function and XOR operation, are used to reduce the computation cost compared to existing solutions. With our key distribution schemes, only the authorized subscribers can decrypt the ordered programs. Thus, the service provider in a Pay-TV system can charge his subscribers according to their subscriptions and the intelligent property rights of TV programs can be protected by the proposed schemes.

A control flow obfuscation method to discourage malicious tampering of software codes

The paper presents a control flow obfuscation method to discourage reverse engineering and malicious tampering of software codes. Given the original source codes and desired obfuscation criteria, the proposed method works by decomposing the source codes into fragments and then applying various transforms to the code fragments. As the output of our method, the transformed fragments are re-assembled and obfuscated with the designated obfuscation criteria. Moreover, since only control flows are obfuscated with a sequence of transformations that produce equivalent results of the original fragments, the final output can still preserve the same execution results as the original codes. The proposed method can be combined with other security technologies like watermarking or fingerprinting and thus help discouraging software piracy by making watermarked information embedded in software codes difficult to be reverse engineered or tampered.