Visible to the public Biblio

Found 769 results

Filters: First Letter Of Last Name is M  [Clear All Filters]
A B C D E F G H I J K L [M] N O P Q R S T U V W X Y Z   [Show ALL]
M
Myzdrikov, Nikita Ye., Semeonov, Ivan Ye., Yukhnov, Vasiliy I., Safaryan, Olga A., Reshetnikova, Irina V., Lobodenko, Andrey G., Cherckesova, Larissa V., Porksheyan, Vitaliy M..  2019.  Modification and Optimization of Solovey-Strassen's Fast Exponentiation Probablistic Test Binary Algorithm. 2019 IEEE East-West Design Test Symposium (EWDTS). :1–3.

This article will consider the probability test of Solovey-Strassen, to determine the simplicity of the number and its possible modifications. This test allows for the shortest possible time to determine whether the number is prime or not. C\# programming language was used to implement the algorithm in practice.

Mylrea, M., Gourisetti, S. N. G., Larimer, C., Noonan, C..  2018.  Insider Threat Cybersecurity Framework Webtool Methodology: Defending Against Complex Cyber-Physical Threats. 2018 IEEE Security and Privacy Workshops (SPW). :207–216.

This paper demonstrates how the Insider Threat Cybersecurity Framework (ITCF) web tool and methodology help provide a more dynamic, defense-in-depth security posture against insider cyber and cyber-physical threats. ITCF includes over 30 cybersecurity best practices to help organizations identify, protect, detect, respond and recover to sophisticated insider threats and vulnerabilities. The paper tests the efficacy of this approach and helps validate and verify ITCF's capabilities and features through various insider attacks use-cases. Two case-studies were explored to determine how organizations can leverage ITCF to increase their overall security posture against insider attacks. The paper also highlights how ITCF facilitates implementation of the goals outlined in two Presidential Executive Orders to improve the security of classified information and help owners and operators secure critical infrastructure. In realization of these goals, ITCF: provides an easy to use rapid assessment tool to perform an insider threat self-assessment; determines the current insider threat cybersecurity posture; defines investment-based goals to achieve a target state; connects the cybersecurity posture with business processes, functions, and continuity; and finally, helps develop plans to answer critical organizational cybersecurity questions. In this paper, the webtool and its core capabilities are tested by performing an extensive comparative assessment over two different high-profile insider threat incidents. 

Myint, Phyo Wah Wah, Hlaing, Swe Zin, Htoon, Ei Chaw.  2018.  A Policy Revocation Scheme for Attributes-based Encryption. Proceedings of the 10th International Conference on Advances in Information Technology. :12:1–12:8.
Attributes-based encryption (ABE) is a promising cryptographic mechanism that provides a fine-grained access control for cloud environment. Since most of the parties exchange sensitive data among them by using cloud computing, data protection is very important for data confidentiality. Ciphertext policy attributes-based encryption (CP-ABE) is one of the ABE schemes, which performs an access control of security mechanisms for data protection in cloud storage. In CP-ABE, each user has a set of attributes and data encryption is associated with an access policy. The secret key of a user and the ciphertext are dependent upon attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access structure in the ciphertext. The practical applications of CP-ABE have still requirements for attributes policy management and user revocation. This paper proposed an important issue of policy revocation in CP-ABE scheme. In this paper, sensitive parts of personal health records (PHRs) are encrypted with the help of CP-ABE. In addition, policy revocation is considered to add in CP-ABE and generates a new secret key for authorized users. In proposed attributes based encryption scheme, PHRs owner changes attributes policy to update authorized user lists. When policy revocation occurs in proposed PHRs sharing system, a trusted authority (TA) calculates a partial secret token key according to a policy updating level and then issues new or updated secret keys for new policy. Proposed scheme emphasizes on key management, policy management and user revocation. It provides a full control on data owner according to a policy updating level what he chooses. It helps both PHRs owner and users for flexible policy revocation in CP-ABE without time consuming.
Myint, Phyo Wah Wah, Hlaing, Swe Zin, Htoon, Ei Chaw.  2019.  Policy-based Revolutionary Ciphertext-policy Attributes-based Encryption. 2019 International Conference on Advanced Information Technologies (ICAIT). :227–232.
Ciphertext-policy Attributes-based Encryption (CP-ABE) is an encouraging cryptographic mechanism. It behaves an access control mechanism for data security. A ciphertext and secret key of user are dependent upon attributes. As a nature of CP-ABE, the data owner defines access policy before encrypting plaintext by his right. Therefore, CP-ABE is suitable in a real environment. In CP-ABE, the revocation issue is demanding since each attribute is shared by many users. A policy-based revolutionary CP-ABE scheme is proposed in this paper. In the proposed scheme, revocation takes place in policy level because a policy consists of threshold attributes and each policy is identified as a unique identity number. Policy revocation means that the data owner updates his policy identity number for ciphertext whenever any attribute is changed in his policy. To be a flexible updating policy control, four types of updating policy levels are identified for the data owner. Authorized user gets a secret key from a trusted authority (TA). TA updates the secret key according to the policy updating level done by the data owner. This paper tests personal health records (PHRs) and analyzes execution times among conventional CP-ABE, other enhanced CP-ABE and the proposed scheme.
Myasnikova, N., Beresten, M. P., Myasnikova, M. G..  2020.  Development of Decomposition Methods for Empirical Modes Based on Extremal Filtration. 2020 Moscow Workshop on Electronic and Networking Technologies (MWENT). :1–4.
The method of extremal filtration implementing the decomposition of signals into alternating components is considered. The history of the method development is described, its mathematical substantiation is given. The method suggests signal decomposition based on the removal of known components locally determined by their extrema. The similarity of the method with empirical modes decomposition in terms of the result is shown, and their comparison is also carried out. The algorithm of extremal filtration has a simple mathematical basis that does not require the calculation of transcendental functions, which provides it with higher performance with comparable results. The advantages and disadvantages of the extremal filtration method are analyzed, and the possibility of its application for solving various technical problems is shown, i.e. the formation of diagnostic features, rapid analysis of signals, spectral and time-frequency analysis, etc. The methods for calculating spectral characteristics are described: by the parameters of the distinguished components, based on the approximation on the extrema by bell-shaped pulses. The method distribution in case of wavelet transform of signals is described. The method allows obtaining rapid evaluation of the frequencies and amplitudes (powers) of the components, which can be used as diagnostic features in solving problems of recognition, diagnosis and monitoring. The possibility of using extremal filtration in real-time systems is shown.
Myalapalli, V.K., Chakravarthy, A.S.N..  2014.  A unified model for cherishing privacy in database system an approach to overhaul vulnerabilities. Networks Soft Computing (ICNSC), 2014 First International Conference on. :263-266.

Privacy is the most anticipated aspect in many perspectives especially with sensitive data and the database is being targeted incessantly for vulnerability. The database must be persistently monitored for ensuring comprehensive security. The proposed model is intended to cherish the database privacy by thwarting intrusions and inferences. The Database Static protection and Intrusion Tolerance Subsystem proposed in the architecture bolster this practice. This paper enunciates Privacy Cherished Database architecture model and how it achieves security under sundry circumstances.

Myalapalli, V.K., Chakravarthy, A.S.N..  2014.  A unified model for cherishing privacy in database system an approach to overhaul vulnerabilities. Networks Soft Computing (ICNSC), 2014 First International Conference on. :263-266.

Privacy is the most anticipated aspect in many perspectives especially with sensitive data and the database is being targeted incessantly for vulnerability. The database must be persistently monitored for ensuring comprehensive security. The proposed model is intended to cherish the database privacy by thwarting intrusions and inferences. The Database Static protection and Intrusion Tolerance Subsystem proposed in the architecture bolster this practice. This paper enunciates Privacy Cherished Database architecture model and how it achieves security under sundry circumstances.

Myalapalli, V.K., Chakravarthy, A.S.N..  2014.  A unified model for cherishing privacy in database system an approach to overhaul vulnerabilities. Networks Soft Computing (ICNSC), 2014 First International Conference on. :263-266.

Privacy is the most anticipated aspect in many perspectives especially with sensitive data and the database is being targeted incessantly for vulnerability. The database must be persistently monitored for ensuring comprehensive security. The proposed model is intended to cherish the database privacy by thwarting intrusions and inferences. The Database Static protection and Intrusion Tolerance Subsystem proposed in the architecture bolster this practice. This paper enunciates Privacy Cherished Database architecture model and how it achieves security under sundry circumstances.

MüUller, W., Kuwertz, A., Mühlenberg, D., Sander, J..  2017.  Semantic Information Fusion to Enhance Situational Awareness in Surveillance Scenarios. 2017 IEEE International Conference on Multisensor Fusion and Integration for Intelligent Systems (MFI). :397–402.

In recent years, the usage of unmanned aircraft systems (UAS) for security-related purposes has increased, ranging from military applications to different areas of civil protection. The deployment of UAS can support security forces in achieving an enhanced situational awareness. However, in order to provide useful input to a situational picture, sensor data provided by UAS has to be integrated with information about the area and objects of interest from other sources. The aim of this study is to design a high-level data fusion component combining probabilistic information processing with logical and probabilistic reasoning, to support human operators in their situational awareness and improving their capabilities for making efficient and effective decisions. To this end, a fusion component based on the ISR (Intelligence, Surveillance and Reconnaissance) Analytics Architecture (ISR-AA) [1] is presented, incorporating an object-oriented world model (OOWM) for information integration, an expressive knowledge model and a reasoning component for detection of critical events. Approaches for translating the information contained in the OOWM into either an ontology for logical reasoning or a Markov logic network for probabilistic reasoning are presented.

Mutiarachim, A., Pranata, S. Felix, Ansor, B., Shidik, G. Faiar, Fanani, A. Zainul, Soeleman, A., Pramunendar, R. Anggi.  2018.  Bit Localization in Least Significant Bit Using Fuzzy C-Means. 2018 International Seminar on Application for Technology of Information and Communication. :290-294.

Least Significant Bit (LSB) as one of steganography methods that already exist today is really mainstream because easy to use, but has weakness that is too easy to decode the hidden message. It is because in LSB the message embedded evenly to all pixels of an image. This paper introduce a method of steganography that combine LSB with clustering method that is Fuzzy C-Means (FCM). It is abbreviated with LSB\_FCM, then compare the stegano result with LSB method. Each image will divided into two cluster, then the biggest cluster capacity will be choosen, finally save the cluster coordinate key as place for embedded message. The key as a reference when decode the message. Each image has their own cluster capacity key. LSB\_FCM has disadvantage that is limited place to embedded message, but it also has advantages compare with LSB that is LSB\_FCM have more difficulty level when decrypted the message than LSB method, because in LSB\_FCM the messages embedded randomly in the best cluster pixel of an image, so to decrypted people must have the cluster coordinate key of the image. Evaluation result show that the MSE and PSNR value of LSB\_FCM some similiar with the pure LSB, it means that LSB\_FCM can give imperceptible image as good as the pure LSB, but have better security from the embedding place.

Muthusamy, Vinod, Slominski, Aleksander, Ishakian, Vatche, Khalaf, Rania, Reason, Johnathan, Rozsnyai, Szabolcs.  2016.  Lessons Learned Using a Process Mining Approach to Analyze Events from Distributed Applications. Proceedings of the 10th ACM International Conference on Distributed and Event-based Systems. :199–204.

The execution of distributed applications are captured by the events generated by the individual components. However, understanding the behavior of these applications from their event logs can be a complex and error prone task, compounded by the fact that applications continuously change rendering any knowledge obsolete. We describe our experiences applying a suite of process-aware analytic tools to a number of real world scenarios, and distill our lessons learned. For example, we have seen that these tools are used iteratively, where insights gained at one stage inform the configuration decisions made at an earlier stage. As well, we have observed that data onboarding, where the raw data is cleaned and transformed, is the most critical stage in the pipeline and requires the most manual effort and domain knowledge. In particular, missing, inconsistent, and low-resolution event time stamps are recurring problems that require better solutions. The experiences and insights presented here will assist practitioners applying process analytic tools to real scenarios, and reveal to researchers some of the more pressing challenges in this space.

Muthumanickam, K., Ilavarasan, E..  2017.  Optimizing Detection of Malware Attacks through Graph-Based Approach. 2017 International Conference on Technical Advancements in Computers and Communications (ICTACC). :87–91.

Today the technology advancement in communication technology permits a malware author to introduce code obfuscation technique, for example, Application Programming Interface (API) hook, to make detecting the footprints of their code more difficult. A signature-based model such as Antivirus software is not effective against such attacks. In this paper, an API graph-based model is proposed with the objective of detecting hook attacks during malicious code execution. The proposed model incorporates techniques such as graph-generation, graph partition and graph comparison to distinguish a legitimate system call from malicious system call. The simulation results confirm that the proposed model outperforms than existing approaches.

Mutalemwa, Lilian C., Shin, Seokjoo.  2018.  Realizing Source Location Privacy in Wireless Sensor Networks Through Agent Node Routing. 2018 International Conference on Information and Communication Technology Convergence (ICTC). :1283–1285.
Wireless Sensor Networks (WSNs) are used in sensitive applications such as in asset monitoring applications. Due to the sensitivity of information in these applications, it is important to ensure that flow of data between sensor nodes is secure and does not expose any information about the source node or the monitored assets. This paper proposes a scheme to preserve the source location privacy based on random routing techniques. To achieve high privacy, the proposed scheme randomly sends packet to sink node through tactically positioned agent nodes. The position of agent nodes is designed to guarantee that successive packets are routed through highly random and perplexing routing paths as compared to other routing schemes. Simulation results demonstrate that proposed scheme provides longer safety period and higher privacy against both, patient and cautious adversaries.
Mutalemwa, Lilian C., Shin, Seokjoo.  2019.  Investigating the Influence of Routing Scheme Algorithms on the Source Location Privacy Protection and Network Lifetime. 2019 International Conference on Information and Communication Technology Convergence (ICTC). :1188–1191.
There exist numerous strategies for Source Location Privacy (SLP) routing schemes. In this study, an experimental analysis of a few routing schemes is done to investigate the influence of the routing scheme algorithms on the privacy protection level and the network lifetime performance. The analysis involved four categories of SLP routing schemes. Analysis results revealed that the algorithms used in the representative schemes for tree-based and angle-based routing schemes incur the highest influence. The tree-based algorithm stimulates the highest energy consumption with the lowest network lifetime while the angle-based algorithm does the opposite. Moreover, for the tree-based algorithm, the influence is highly dependent on the region of the network domain.
Mutalemwa, Lilian C., Seok, Junhee, Shin, Seokjoo.  2019.  Experimental Evaluation of Source Location Privacy Routing Schemes and Energy Consumption Performance. 2019 19th International Symposium on Communications and Information Technologies (ISCIT). :86–90.
Network lifetime and energy consumption of sensor nodes have an inversely proportional relationship. Thus, it is important to ensure source location privacy (SLP) routing schemes are energy-efficient. This work performs an experimental evaluation of some existing routing schemes and proposes a new angle-based routing algorithm to modify the schemes. The dynamic route creation process of the modified schemes is characterized by processes which include determination of route and banned regions and computation of control angle and lead factor parameters. Results of the analysis show that the modified schemes are effective at obfuscating the adversaries to provide strong SLP protection. Furthermore, the modified schemes consume relatively lower energy and guarantee longer network lifetime.
Muszynska, Maria, Michels, Denise, von Zezschwitz, Emanuel.  2018.  Not On My Phone: Exploring Users' Conception of Related Permissions. Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems. :LBW508:1–LBW508:6.

Many smartphone security mechanisms prompt users to decide on sensitive resource requests. This approach fails if corresponding implications are not understood. Prior work identified ineffective user interfaces as a cause for insufficient comprehension and proposed augmented dialogs. We hypothesize that, prior to interface-design, efficient security dialogs require an underlying permission model based on user demands. We believe, that only an implementation which corresponds to users\guillemotright mental models, in terms of the handling, granularity and grouping of permission requests, allows for informed decisions. In this work, we propose a study design which leverages materialization for the extraction of the mental models. We present preliminary results of three Focus Groups. The findings indicate that the materialization provided sufficient support for non-experts to understand and discuss this complex topic. In addition to this, the results indicate that current permission approaches do not match users\guillemotright demands for information and control.

Musto, Cataldo, Lops, Pasquale, Basile, Pierpaolo, de Gemmis, Marco, Semeraro, Giovanni.  2016.  Semantics-aware Graph-based Recommender Systems Exploiting Linked Open Data. Proceedings of the 2016 Conference on User Modeling Adaptation and Personalization. :229–237.

The ever increasing interest in semantic technologies and the availability of several open knowledge sources have fueled recent progress in the field of recommender systems. In this paper we feed recommender systems with features coming from the Linked Open Data (LOD) cloud - a huge amount of machine-readable knowledge encoded as RDF statements - with the aim of improving recommender systems effectiveness. In order to exploit the natural graph-based structure of RDF data, we study the impact of the knowledge coming from the LOD cloud on the overall performance of a graph-based recommendation algorithm. In more detail, we investigate whether the integration of LOD-based features improves the effectiveness of the algorithm and to what extent the choice of different feature selection techniques influences its performance in terms of accuracy and diversity. The experimental evaluation on two state of the art datasets shows a clear correlation between the feature selection technique and the ability of the algorithm to maximize a specific evaluation metric. Moreover, the graph-based algorithm leveraging LOD-based features is able to overcome several state of the art baselines, such as collaborative filtering and matrix factorization, thus confirming the effectiveness of the proposed approach.

Mustapha, Hanan, Alghamdi, Ahmed M.  2018.  DDoS Attacks on the Internet of Things and Their Prevention Methods. Proceedings of the 2Nd International Conference on Future Networks and Distributed Systems. :4:1-4:5.

The Internet of Things (IoT) vulnerabilities provides an ideal target for botnets, making them a major contributor in the increased number of Distributed Denial of Service (DDoS) attacks. The increase in DDoS attacks has made it important to address the consequences it implies on the IoT industry being one of the major causes. The aim of this paper is to provide an analysis of the attempts to prevent DDoS attacks, mainly at a network level. The sensibility of these solutions is extracted from their impact in resolving IoT vulnerabilities. It is evident from this review that there is no perfect solution yet for IoT security, this field still has many opportunities for research and development.

Muslukhov, Ildar, Boshmaf, Yazan, Beznosov, Konstantin.  2018.  Source Attribution of Cryptographic API Misuse in Android Applications. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. :133–146.

Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. It is unclear, however, if these mistakes originate from code written by application or third-party library developers. Understanding the responsible party for a misuse case is important for vulnerability disclosure. In this paper, we bridge this knowledge gap and introduce source attribution to the analysis of cryptographic API misuse. We developed BinSight, a static program analyzer that supports source attribution, and we analyzed 132K Android applications collected in years 2012, 2015, and 2016. Our results suggest that third-party libraries are the main source of cryptographic API misuse. In particular, 90% of the violating applications, which contain at least one call-site to Java cryptographic API, originate from libraries. When compared to 2012, we found the use of ECB mode for symmetric ciphers has significantly decreased in 2016, for both application and third-party library code. Unlike application code, however, third-party libraries have significantly increased their reliance on static encryption keys for symmetric ciphers and static IVs for CBC mode ciphers. Finally, we found that the insecure RC4 and DES ciphers were the second and the third most used ciphers in 2016.

Muslim, A. A., Budiono, A., Almaarif, A..  2020.  Implementation and Analysis of USB based Password Stealer using PowerShell in Google Chrome and Mozilla Firefox. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). :421—426.

Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer's internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author's email.

Musgrove, J., Cukic, B., Cortellessa, V..  2014.  Proactive Model-Based Performance Analysis and Security Tradeoffs in a Complex System. High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International Symposium on. :211-215.

Application domains in which early performance evaluation is needed are becoming more complex. In addition to traditional measures of complexity due, for example, to the number of components, their interactions, complicated control coordination and schemes, emerging applications may require adaptive response and reconfiguration the impact of externally observable (security) parameters. In this paper we introduce an approach for effective modeling and analysis of performance and security tradeoffs. The approach identifies a suitable allocation of resources that meet performance requirements, while maximizing measurable security effects. We demonstrate this approach through the analysis of performance sensitivity of a Border Inspection Management System (BIMS) with changing security mechanisms (e.g. biometric system parameters for passenger identification). The final result is a model-based approach that allows us to take decisions about BIMS performance and security mechanisms on the basis of rates of traveler arrivals and traveler identification security guarantees. We describe the experience gained when applying this approach to daily flight arrival schedule of a real airport.

Musca, Constantin, Mirica, Emma, Deaconescu, Razvan.  2013.  Detecting and Analyzing Zero-Day Attacks Using Honeypots. 2013 19th International Conference on Control Systems and Computer Science. :543–548.
Computer networks are overwhelmed by self propagating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem in the information security domain remains detecting unknown attacks known as zero-day attacks. This paper presents methods for isolating the malicious traffic by using a honeypot system and analyzing it in order to automatically generate attack signatures for the Snort intrusion detection/prevention system. The honeypot is deployed as a virtual machine and its job is to log as much information as it can about the attacks. Then, using a protected machine, the logs are collected remotely, through a safe connection, for analysis. The challenge is to mitigate the risk we are exposed to and at the same time search for unknown attacks.
Musa, Tanvirali, Yeo, Kheng Cher, Azam, Sami, Shanmugam, Bharanidharan, Karim, Asif, Boer, Friso De, Nur, Fernaz Narin, Faisal, Fahad.  2019.  Analysis of Complex Networks for Security Issues using Attack Graph. 2019 International Conference on Computer Communication and Informatics (ICCCI). :1–6.
Organizations perform security analysis for assessing network health and safe-guarding their growing networks through Vulnerability Assessments (AKA VA Scans). The output of VA scans is reports on individual hosts and its vulnerabilities, which, are of little use as the origin of the attack can't be located from these. Attack Graphs, generated without an in-depth analysis of the VA reports, are used to fill in these gaps, but only provide cursory information. This study presents an effective model of depicting the devices and the data flow that efficiently identifies the weakest nodes along with the concerned vulnerability's origin.The complexity of the attach graph using MulVal has been greatly reduced using the proposed approach of using the risk and CVSS base score as evaluation criteria. This makes it easier for the user to interpret the attack graphs and thus reduce the time taken needed to identify the attack paths and where the attack originates from.
Murvay, Pal-Stefan, Groza, Bogdan.  2017.  DoS Attacks on Controller Area Networks by Fault Injections from the Software Layer. Proceedings of the 12th International Conference on Availability, Reliability and Security. :71:1–71:10.
The Controller Area Network (CAN) is still the most widely employed bus in the automotive sector. Its lack of security mechanisms led to a high number of attacks and consequently several security countermeasures were proposed, i.e., authentication protocols or intrusion detection mechanisms. We discuss vulnerabilities of the CAN data link layer that can be triggered from the application level with the use of an off the shelf CAN transceiver. Namely, due to the wired-AND design of the CAN bus, dominant bits will always overwrite recessive ones, a functionality normally used to assure priority for frames with low value identifiers. We exploit this characteristic and show Denial of Service attacks both on senders and receivers based on bit injections by using bit banging to maliciously control the CAN transceiver. We demonstrate the effects and limitations of such attacks through experimental analysis and discuss possible countermeasures. In particular, these attacks may have high impact on centralized authentication mechanisms that were frequently proposed in the literature since these attacks can place monitoring nodes in a bus-off state for certain periods of time.
Murvay, Pal-Stefan, Groza, Bogdan.  2018.  A Brief Look at the Security of DeviceNet Communication in Industrial Control Systems. Proceedings of the Central European Cybersecurity Conference 2018. :5:1–5:6.
Security is a vital aspect of industrial control systems since they are used in critical infrastructures and manufacturing processes. As demonstrated by the increasing number of emerging exploits, securing such systems is still a challenge as the employed fieldbus technologies do not offer intrinsic support for basic security objectives. In this work we discuss some security aspects of DeviceNet, a communication protocol widely used for control applications especially in the North American industrial sector. Having the Controller Area Network (CAN) protocol at its base, DeviceNet inherits all the vulnerabilities that were already illustrated on CAN in-vehicle communication. We discuss how the lack of security in DeviceNet can be exploited and point on the fact that these vulnerabilities can be modelled by existing formal verification tools and countermeasures can be put in place.