Side of "Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices" ACSAC (Annual Computer Security Applications Conference) 2020
The document discusses Trusted Execution Environments (TEEs) and running the Open Portable Trusted Execution Environment (OP-TEE) trusted operating system on RISC-V. It provides an overview of TEEs, describes OP-TEE and the requirements to implement it on RISC-V, including developing a boot sequence, kernel driver, and libraries. The document also compares TEE implementations on ARM TrustZone and Intel SGX and covers memory mapping when running OP-TEE on ARM-based boards.
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
This document discusses hardware-assisted isolated execution environments (HIEE) and trusted execution environments (TEE) on RISC-V processors. It describes how TEEs are implemented using privileges worlds on ARM TrustZone and Intel SGX. For RISC-V, it summarizes proposals for TEEs including Sanctum, MultiZone, and using seL4 microkernel to implement OP-TEE. It also briefly discusses TEE implementations on FPGAs, GPUs, virtualization, and the IETF's TEE provisioning protocol.
More IC vendors are beginning to explore a device-level technology approach for safeguarding data called physically unclonable function, or PUF. Though silicon production processes are precise, this technology exploits the fact that there are still tiny variations in each circuit produced. The PUF uses these tiny differences to generate a unique digital value that can be used as a secret keys. Secret keys are essential for digital security.
Security is increasingly becoming one of the big concerns for developers of connected, or internet of things (IoT), devices, especially with the huge risk they face from attacks by hackers, or compromises to information and security breaches.
One of the challenges for adding security in an IoT device is how to do so without adding silicon real estate or cost, given the resource constraints in terms of maintaing minimum power consumption and optimizing the processing resources on the devies.
This document contains information from a group of security researchers focused on assessing industrial control systems and SCADA platforms. Their goals are to automate security assessments, understand systems, assess security features, and create audit guides. It describes common ICS components like WinCC, S7 PLCs, and engineering tools. It also outlines vulnerabilities the group has found, including in WinCC, S7 communications, and TIA Portal. The document aims to share information to help secure ICS environments.
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies HyTrust
1) It controls and logs privileged user access across physical and virtual environments to ensure accountability.
2) It enforces fine-grained authorization and prevents unauthorized access to sensitive resources.
3) It provides centralized auditing and reporting of all privileged user activities for compliance monitoring.
This document summarizes the scadasl.org website, which is focused on industrial control system (ICS) and SCADA security. It describes the group of security researchers involved in the organization and their goals of preventing industrial disasters and maintaining system integrity. It provides overviews of the group's work analyzing SCADA systems on the internet, vulnerabilities in common ICS protocols and components, and methods for identifying devices and finding vulnerabilities.
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...Kaspersky
A talk delivered by Vladimir Dashchenko at S4x19 in Miami on the history of Kaspersky Industrial Cybersecurity experience development: from delivering AV to investigation of sophisticated attacks and vulnerabilities in ICS hardware and software to providing the customers with threat intelligence and security awareness services and specific technologies for ICS threats detection and prevention.
The document discusses Trusted Execution Environments (TEEs) and running the Open Portable Trusted Execution Environment (OP-TEE) trusted operating system on RISC-V. It provides an overview of TEEs, describes OP-TEE and the requirements to implement it on RISC-V, including developing a boot sequence, kernel driver, and libraries. The document also compares TEE implementations on ARM TrustZone and Intel SGX and covers memory mapping when running OP-TEE on ARM-based boards.
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
This document discusses hardware-assisted isolated execution environments (HIEE) and trusted execution environments (TEE) on RISC-V processors. It describes how TEEs are implemented using privileges worlds on ARM TrustZone and Intel SGX. For RISC-V, it summarizes proposals for TEEs including Sanctum, MultiZone, and using seL4 microkernel to implement OP-TEE. It also briefly discusses TEE implementations on FPGAs, GPUs, virtualization, and the IETF's TEE provisioning protocol.
More IC vendors are beginning to explore a device-level technology approach for safeguarding data called physically unclonable function, or PUF. Though silicon production processes are precise, this technology exploits the fact that there are still tiny variations in each circuit produced. The PUF uses these tiny differences to generate a unique digital value that can be used as a secret keys. Secret keys are essential for digital security.
Security is increasingly becoming one of the big concerns for developers of connected, or internet of things (IoT), devices, especially with the huge risk they face from attacks by hackers, or compromises to information and security breaches.
One of the challenges for adding security in an IoT device is how to do so without adding silicon real estate or cost, given the resource constraints in terms of maintaing minimum power consumption and optimizing the processing resources on the devies.
This document contains information from a group of security researchers focused on assessing industrial control systems and SCADA platforms. Their goals are to automate security assessments, understand systems, assess security features, and create audit guides. It describes common ICS components like WinCC, S7 PLCs, and engineering tools. It also outlines vulnerabilities the group has found, including in WinCC, S7 communications, and TIA Portal. The document aims to share information to help secure ICS environments.
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies HyTrust
1) It controls and logs privileged user access across physical and virtual environments to ensure accountability.
2) It enforces fine-grained authorization and prevents unauthorized access to sensitive resources.
3) It provides centralized auditing and reporting of all privileged user activities for compliance monitoring.
This document summarizes the scadasl.org website, which is focused on industrial control system (ICS) and SCADA security. It describes the group of security researchers involved in the organization and their goals of preventing industrial disasters and maintaining system integrity. It provides overviews of the group's work analyzing SCADA systems on the internet, vulnerabilities in common ICS protocols and components, and methods for identifying devices and finding vulnerabilities.
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...Kaspersky
A talk delivered by Vladimir Dashchenko at S4x19 in Miami on the history of Kaspersky Industrial Cybersecurity experience development: from delivering AV to investigation of sophisticated attacks and vulnerabilities in ICS hardware and software to providing the customers with threat intelligence and security awareness services and specific technologies for ICS threats detection and prevention.
This document contains information about an industrial control systems (ICS) security group including their goals, objectives, and vulnerabilities they focus on. It lists the members of the group and provides information on typical ICS network configurations, protocols used including Modbus, Profinet, DNP3, and others. It also discusses tools and scripts for assessing these protocols and mentions past vulnerabilities the group has found.
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
SCADASTRANGELOVE is a group of security researchers focused on ICS/SCADA security. They have discovered over 100 vulnerabilities in industrial control systems and devices since 2012. Their goal is to raise awareness of security issues in critical infrastructure systems and work with a responsible disclosure process to help vendors patch vulnerabilities.
Positive Technologies - S4 - Scada under x-raysqqlan
This document summarizes a presentation given by Sergey Gordeychik, Gleb Gritsai, and Denis Baranov on analyzing the security of WinCC SCADA software. It introduces the presenters and their backgrounds in industrial control system security research. They discuss common vulnerabilities found in WinCC like SQL injection, XSS, and password disclosure. The researchers provide an overview of the WinCC architecture and its various components. They analyze vulnerabilities in the WinCC project files and communication protocols. The presentation aims to bring more attention to automating security assessments of industrial control systems.
The document discusses various IPv6 security issues including vulnerabilities found in the Linux kernel's IPv6 stack, risks of exposing interface identifiers that could contain embedded information, and ways attackers could abuse router advertisements like setting a low hop limit or flooding networks with router advertisements. It also provides examples of analyzing IPv6 addresses and scanning for special interface identifiers.
The document discusses improving control system security. It examines current security trends and their impact on SCADA systems. It discusses increasing the security and usability of SCADA systems through understanding tools and techniques to mitigate risks. The document also provides an overview of the speaker and their relevant experience and qualifications.
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...Kaspersky
Антон Иванов, Технический директор «Лаборатории Касперского», в своем докладе рассказывает о Kaspersky Open Single Management Platform – XDR платформе для выявления и реагирования на инциденты любого уровня сложности.
Подробнее о конференции: https://ics.kaspersky.ru/conference/
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Kaspersky
Vulnerability assessments are important to thoroughly analyze advisories from vendors as many have incomplete details, incorrect exploitation conditions, or require deeper research. The presentation provides examples of vulnerabilities from GE Grid Solutions, Schneider Electric, Cisco, Rockwell Automation and Bosch where the initial CVSS scores and details were updated after further analysis. It also outlines Kaspersky's vulnerability assessment process of monitoring, research, and analysis to help improve ICS security.
Catching Multilayered Zero-Day Attacks on MS OfficeKaspersky
Over the past few years attacks leveraging Microsoft Office documents have become a weapon of choice for APT attacks. Office documents are popular not only with APT. It doesn’t take much time for malware authors to integrate novel techniques into their own Exploit Kits and attack ordinary users. Our statistics shows that only during 2018 amount of exploits attempts targeting MS Office increased by 4 times, making it the most targeted application in the world.
In this presentation we would like to take a look at one of the most recent zero-day attacks against this platform, CVE-2018-8174, that introduced a completely new attack vector. Zero-day exploit utilized a technique to load an Internet Explorer engine component right into the process context of MS Office and exploited an unpatched VBScript vulnerability without any user interaction. This new technique changes current threat landscape, as vulnerabilities that previously could only be exploited from a browser in a drive-by-attack scenario can now be also abused from an Office document.
This, and many other vulnerabilities was discovered with the help of our sandbox technology, that is proven to be very effective in catching even sophisticated, multilayered zero-day threats. In this presentation we would like to reveal how Sandbox can be utilized to catch this and many others zero-day attacks with our exploit and vulnerability detection system in our sandbox that is part KATA (Kaspersky Anti Targeted Attack Platform).
The document provides an overview of the HPE Security ArcSight Compliance Insight Package for NERC v6.0 which helps organizations comply with NERC CIP standards for critical infrastructure protection. It addresses the NERC CIP-002 through CIP-011 standards, provides resources like reports and dashboards, and explains how to install and configure the package in an ArcSight ESM system. The solution helps with monitoring for security events, generating compliance reports, and demonstrating adherence to policies for audits.
Internet of things (IoT) Architecture Security AnalysisDaksh Raj Chopra
This Document Briefly summarizes the Security and Privacy Concern Evaluation of Internet of Things (IoT)’s Three Domain Architecture. The Security implementation challenges faced
by IoT devices are addressed along with newly Added Requirement for these devices. The Architecture which we will be using throughout our analysis is explained so as to a novice
user. We will summarize the possible attacks and countermeasures for each and every domain followed by a developer friendly checklist to be followed for security.
This document provides an overview of how Fortinet solutions can help secure industrial control systems (ICS) in accordance with IEC 62443 standards. It describes common ICS vulnerabilities and challenges, and recommends implementing network segmentation, access controls, and multi-layered security using Fortinet products to monitor traffic and enforce security policies across different ICS zones. Specific Fortinet products mentioned include the FortiGate firewall, FortiAuthenticator for authentication, and FortiAnalyzer for logging and reporting.
Security Lock Down Your Computer Like the National Security Agency (NSA)José Ferreiro
NSA has developed and distributed configuration guidance for operating systems. These guides are currently being used throughout the government and by numerous entities as a security baseline for their systems.
Here we report the current state of the ICS threat landscape, as presented at the IT&Automation 2018 conference in Böblingen.
To learn more about Kaspersky Lab's ICS CERT, visit https://kas.pr/e34v
José Ramón Palanco is an OT security expert at ElevenPaths (Telefónica) who specializes in penetration testing, vulnerability research, and programming. The presentation covers OT protocols, an OT lab for hardware hacking and firmware analysis, industrial malware examples like Stuxnet, and projects including an industrial protocol IDS and Nmap scripts for discovering SCADA/ICS devices.
MTR is a network diagnostic tool that combines the functionality of traceroute and ping. It probes routers on the network path by sending packets and listening for responses to determine the quality of each hop. As it runs continuously, it tracks response times and packet loss to identify links that may be causing issues like increased latency or buffering. The MTR output provides statistics on each hop, including the hostname, packet loss percentage, and response times, to help locate potential problems along the route.
Azure Sphere is a new solution from Microsoft that provides highly secured, connected microcontroller units (MCUs). It consists of specialized MCU chips secured by Microsoft technology, a secured operating system, and cloud security services. The solution aims to address security issues that have affected IoTs by implementing seven key properties for security, including hardware root of trust, small trusted computing base, and failure reporting. It offers long-term security updates through 2028. Microsoft is working with partners to implement Azure Sphere's security technology into their chips to help manufacturers create secure, connected devices.
The document provides an overview of Azure Sphere, a new solution from Microsoft for creating highly secured, connected microcontroller (MCU) devices. Azure Sphere includes secured MCUs with built-in Microsoft security technology, a secured operating system, and security provided by Microsoft's cloud services. It allows manufacturers to more easily create IoT devices that are protected against common security vulnerabilities and threats.
Are you ready for Microsoft Azure Sphere?Mirco Vanini
Azure Sphere is Microsoft's solution for highly securing IoT devices. It includes Azure Sphere certified chips, the Azure Sphere operating system, and the Azure Sphere Security Service. Together, these provide devices with 10 years of ongoing security updates directly from Microsoft. Azure Sphere aims to empower organizations to securely connect devices and build new IoT solutions with built-in security through its end-to-end platform. The current Azure Sphere development kit uses the MT3620 chip and provides tools to simplify and streamline IoT development.
Cisco Malware: A new risk to consider in perimeter security designsManuel Santander
The networking equipment like switches and routers have historically been considered as passive elements in implementations of the security architecture. However, the new programming capabilities of these devices involve the risk of malicious software. If this risk materializes, imagine the consequences to the company\'s information. This presentation shows proof of concept on what features could support a malware inside IOS devices, how to detect it, how to remediate it and how to minimize the risk of occurrence within a security architecture.
1) The document discusses securing IoT devices and infrastructure through X.509 certificate-based identity and attestation, TLS-based encryption, and secure provisioning and management.
2) It describes securing the cloud infrastructure with Azure Security Center, Azure Active Directory, Key Vault, and policy-based access controls.
3) The document promotes building security into devices and infrastructure from the start through standards-based and custom secure hardware modules.
This document contains information about an industrial control systems (ICS) security group including their goals, objectives, and vulnerabilities they focus on. It lists the members of the group and provides information on typical ICS network configurations, protocols used including Modbus, Profinet, DNP3, and others. It also discusses tools and scripts for assessing these protocols and mentions past vulnerabilities the group has found.
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
SCADASTRANGELOVE is a group of security researchers focused on ICS/SCADA security. They have discovered over 100 vulnerabilities in industrial control systems and devices since 2012. Their goal is to raise awareness of security issues in critical infrastructure systems and work with a responsible disclosure process to help vendors patch vulnerabilities.
Positive Technologies - S4 - Scada under x-raysqqlan
This document summarizes a presentation given by Sergey Gordeychik, Gleb Gritsai, and Denis Baranov on analyzing the security of WinCC SCADA software. It introduces the presenters and their backgrounds in industrial control system security research. They discuss common vulnerabilities found in WinCC like SQL injection, XSS, and password disclosure. The researchers provide an overview of the WinCC architecture and its various components. They analyze vulnerabilities in the WinCC project files and communication protocols. The presentation aims to bring more attention to automating security assessments of industrial control systems.
The document discusses various IPv6 security issues including vulnerabilities found in the Linux kernel's IPv6 stack, risks of exposing interface identifiers that could contain embedded information, and ways attackers could abuse router advertisements like setting a low hop limit or flooding networks with router advertisements. It also provides examples of analyzing IPv6 addresses and scanning for special interface identifiers.
The document discusses improving control system security. It examines current security trends and their impact on SCADA systems. It discusses increasing the security and usability of SCADA systems through understanding tools and techniques to mitigate risks. The document also provides an overview of the speaker and their relevant experience and qualifications.
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...Kaspersky
Антон Иванов, Технический директор «Лаборатории Касперского», в своем докладе рассказывает о Kaspersky Open Single Management Platform – XDR платформе для выявления и реагирования на инциденты любого уровня сложности.
Подробнее о конференции: https://ics.kaspersky.ru/conference/
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Kaspersky
Vulnerability assessments are important to thoroughly analyze advisories from vendors as many have incomplete details, incorrect exploitation conditions, or require deeper research. The presentation provides examples of vulnerabilities from GE Grid Solutions, Schneider Electric, Cisco, Rockwell Automation and Bosch where the initial CVSS scores and details were updated after further analysis. It also outlines Kaspersky's vulnerability assessment process of monitoring, research, and analysis to help improve ICS security.
Catching Multilayered Zero-Day Attacks on MS OfficeKaspersky
Over the past few years attacks leveraging Microsoft Office documents have become a weapon of choice for APT attacks. Office documents are popular not only with APT. It doesn’t take much time for malware authors to integrate novel techniques into their own Exploit Kits and attack ordinary users. Our statistics shows that only during 2018 amount of exploits attempts targeting MS Office increased by 4 times, making it the most targeted application in the world.
In this presentation we would like to take a look at one of the most recent zero-day attacks against this platform, CVE-2018-8174, that introduced a completely new attack vector. Zero-day exploit utilized a technique to load an Internet Explorer engine component right into the process context of MS Office and exploited an unpatched VBScript vulnerability without any user interaction. This new technique changes current threat landscape, as vulnerabilities that previously could only be exploited from a browser in a drive-by-attack scenario can now be also abused from an Office document.
This, and many other vulnerabilities was discovered with the help of our sandbox technology, that is proven to be very effective in catching even sophisticated, multilayered zero-day threats. In this presentation we would like to reveal how Sandbox can be utilized to catch this and many others zero-day attacks with our exploit and vulnerability detection system in our sandbox that is part KATA (Kaspersky Anti Targeted Attack Platform).
The document provides an overview of the HPE Security ArcSight Compliance Insight Package for NERC v6.0 which helps organizations comply with NERC CIP standards for critical infrastructure protection. It addresses the NERC CIP-002 through CIP-011 standards, provides resources like reports and dashboards, and explains how to install and configure the package in an ArcSight ESM system. The solution helps with monitoring for security events, generating compliance reports, and demonstrating adherence to policies for audits.
Internet of things (IoT) Architecture Security AnalysisDaksh Raj Chopra
This Document Briefly summarizes the Security and Privacy Concern Evaluation of Internet of Things (IoT)’s Three Domain Architecture. The Security implementation challenges faced
by IoT devices are addressed along with newly Added Requirement for these devices. The Architecture which we will be using throughout our analysis is explained so as to a novice
user. We will summarize the possible attacks and countermeasures for each and every domain followed by a developer friendly checklist to be followed for security.
This document provides an overview of how Fortinet solutions can help secure industrial control systems (ICS) in accordance with IEC 62443 standards. It describes common ICS vulnerabilities and challenges, and recommends implementing network segmentation, access controls, and multi-layered security using Fortinet products to monitor traffic and enforce security policies across different ICS zones. Specific Fortinet products mentioned include the FortiGate firewall, FortiAuthenticator for authentication, and FortiAnalyzer for logging and reporting.
Security Lock Down Your Computer Like the National Security Agency (NSA)José Ferreiro
NSA has developed and distributed configuration guidance for operating systems. These guides are currently being used throughout the government and by numerous entities as a security baseline for their systems.
Here we report the current state of the ICS threat landscape, as presented at the IT&Automation 2018 conference in Böblingen.
To learn more about Kaspersky Lab's ICS CERT, visit https://kas.pr/e34v
José Ramón Palanco is an OT security expert at ElevenPaths (Telefónica) who specializes in penetration testing, vulnerability research, and programming. The presentation covers OT protocols, an OT lab for hardware hacking and firmware analysis, industrial malware examples like Stuxnet, and projects including an industrial protocol IDS and Nmap scripts for discovering SCADA/ICS devices.
MTR is a network diagnostic tool that combines the functionality of traceroute and ping. It probes routers on the network path by sending packets and listening for responses to determine the quality of each hop. As it runs continuously, it tracks response times and packet loss to identify links that may be causing issues like increased latency or buffering. The MTR output provides statistics on each hop, including the hostname, packet loss percentage, and response times, to help locate potential problems along the route.
Azure Sphere is a new solution from Microsoft that provides highly secured, connected microcontroller units (MCUs). It consists of specialized MCU chips secured by Microsoft technology, a secured operating system, and cloud security services. The solution aims to address security issues that have affected IoTs by implementing seven key properties for security, including hardware root of trust, small trusted computing base, and failure reporting. It offers long-term security updates through 2028. Microsoft is working with partners to implement Azure Sphere's security technology into their chips to help manufacturers create secure, connected devices.
The document provides an overview of Azure Sphere, a new solution from Microsoft for creating highly secured, connected microcontroller (MCU) devices. Azure Sphere includes secured MCUs with built-in Microsoft security technology, a secured operating system, and security provided by Microsoft's cloud services. It allows manufacturers to more easily create IoT devices that are protected against common security vulnerabilities and threats.
Are you ready for Microsoft Azure Sphere?Mirco Vanini
Azure Sphere is Microsoft's solution for highly securing IoT devices. It includes Azure Sphere certified chips, the Azure Sphere operating system, and the Azure Sphere Security Service. Together, these provide devices with 10 years of ongoing security updates directly from Microsoft. Azure Sphere aims to empower organizations to securely connect devices and build new IoT solutions with built-in security through its end-to-end platform. The current Azure Sphere development kit uses the MT3620 chip and provides tools to simplify and streamline IoT development.
Cisco Malware: A new risk to consider in perimeter security designsManuel Santander
The networking equipment like switches and routers have historically been considered as passive elements in implementations of the security architecture. However, the new programming capabilities of these devices involve the risk of malicious software. If this risk materializes, imagine the consequences to the company\'s information. This presentation shows proof of concept on what features could support a malware inside IOS devices, how to detect it, how to remediate it and how to minimize the risk of occurrence within a security architecture.
1) The document discusses securing IoT devices and infrastructure through X.509 certificate-based identity and attestation, TLS-based encryption, and secure provisioning and management.
2) It describes securing the cloud infrastructure with Azure Security Center, Azure Active Directory, Key Vault, and policy-based access controls.
3) The document promotes building security into devices and infrastructure from the start through standards-based and custom secure hardware modules.
This document discusses the creation of a backdoor to gain unauthorized access to a Windows computer. It begins with an abstract that outlines creating an advanced backdoor file that works like normal files but allows an attacker to retain access and make changes. The document then covers how backdoors work by bypassing authentication, different types of backdoors like Trojans and web shells, an overview of the proposed backdoor system using Python sockets and commands, and requirements for the system.
Developing TI RTOS Applications and BLE ProfilesSumit Sapra
The project aims to develop Bluetooth® Low Energy (BLE) profiles on the Texas Instruments SimpleLink™ CC2650 SensorTag (TI-SensorTag), a low-power IoT sensor device by Texas Instruments (TI), to transmit data wirelessly according to any specific application.
This document discusses security issues related to the Internet of Things (IoT). It notes that as the number of connected devices grows, so too will cyber attacks targeting IoT devices, as they often contain personal information and have existing vulnerabilities. Common IoT security threats mentioned include denial of service attacks, malware, data breaches, and weakening of security perimeters. The document advocates addressing IoT security across all levels from devices to cloud infrastructure. It presents Intel's IoT security portfolio as providing comprehensive protection from physical attacks and cyber threats, including features like secure boot, whitelisting, encryption, and centralized management of devices and data.
Azure Sphere provides a secure platform for IoT devices. It uses a hardware root of trust and small trusted computing base to protect device identity and system integrity. Azure Sphere devices support certificate-based authentication and compartmentalization for security. They also allow for renewable security through hardware-protected defense in depth and failure reporting to Azure. Developers can get started with Azure Sphere by ordering a development kit, using the Azure Sphere SDK in Visual Studio, and connecting devices to IoT Hub.
Security Plus Training Event for ITProcamp Jacksonville 2016. Helping those new to the IT Security get prepared. Understand how to complete your DOD 8570.m requirements.. Discussion about Exam Objectives
This document discusses dynamic root of trust measurement (DRTM) and related challenges. It summarizes several open source implementations of DRTM, including OSLO, Flicker, soft cards, bottle cap, and Trust Visor. It notes that these implementations aimed to reduce the trusted computing base and remove the slow trusted platform module from the critical path. The document also outlines some challenges with DRTM, such as attacks on the enabling technologies like Intel TXT, lack of operating system support, performance issues, and instability.
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Julien Vermillard
M2M/IoT is rapidly growing and since its early days different “standard” protocols have emerged (e.g. OMA-DM, TR-069, MQTT, …) or are emerging (e.g. CoAP or Lightweight M2M). Understanding which protocol to use for which application can be intimidating, therefore we propose to give an overview of these protocols to help you understand their goals and characteristics. We’ll present common M2M use cases and why they usually require more than just one protocol ; we will also see whether CoAP associated with Lightweight M2M allows to forge “one protocol to rule them all”.
Stuxnet is a computer worm that targets industrial control systems and was the first discovered malware that spies on and subverts industrial systems. It uses zero-day exploits to spread via USB drives to programmable logic controllers, sabotaging operations by overriding input/output functions without the operator's knowledge. The sophisticated worm was likely developed with stolen technical specifications and digital certificates to infiltrate targeted Iranian nuclear facilities.
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
Work-in-Progress!
IoT Cyber+Physical+Social Security
An encyclopedic compendium of tools, techniques, and practices to defend systems that sit at the intersection of the cyber and physical domains; chiefly building automation systems and the Internet of Things.
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET Journal
This document presents a study on identifying and classifying Internet of Things (IoT) devices based on their network traffic characteristics using machine learning algorithms. The study involved collecting network traffic data from 28 different IoT devices over a period of 6 months. Statistical attributes like port numbers, domain names, and cipher suites were extracted from the traffic to analyze characteristics. A support vector machine (SVM) classifier was developed and shown to identify specific IoT devices with over 99% accuracy based on their network activity attributes. The study aims to help network operators monitor and manage IoT devices on their networks.
The document provides an overview of the trusted computing model and the trusted platform module, which aims to provide platform authentication, integrity reporting, and protected storage through a root of trust for measurement and reporting. It discusses challenges around verifying the underlying truth of attestations and whether trusted computing can meaningfully improve security, or if attackers will instead target firmware. The presentation concludes by identifying trusted computing as an interesting topic to follow and acknowledging input from a colleague that helped make the presentation possible.
Disoriented about all the Azure services in the IoT and Industrial IoT that you can use for building a modern Architecture on the Cloud and on the Edge? Well, this session aims to describe a reference architecture like Lambda and to map it to Azure services like Event Hubs, IoT Hubs just to mention a few. It also presents different approaches on how to handle communication from a more commercial devices to discrete manufacturing ones, with different standards like OPC UA. All those bricks will also help you to use already-build solutions like our Accelerators and IoT Central.
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
The document summarizes a presentation given by Tomer Teller about the Stuxnet malware. It describes how Stuxnet infected industrial control systems by exploiting Windows vulnerabilities, spreading on removable drives, and ultimately reprogramming PLCs to sabotage Iran's nuclear program. Key infection techniques discussed include exploiting LNK and Print Spooler vulnerabilities, using autorun.inf files and rootkit techniques to propagate, and replacing DLL files to monitor and inject commands to PLCs.
In the Sigfox ecosystem, the design and manufacturing of
Sigfox Ready devices and Sigfox Verified sub-systems is under
the responsibility of third parties. These third parties could be
OEMs, ODMs, Silicon vendors, module vendors or customers.
This responsibility includes design and implementation of
sufficient security measures to protect customer applications,
network access credentials and data conveyed on the
network. Therefore, the question arises of what measures
should be mandatory and whether certification or verification
of the device security should be required.
This document studies the risks related to insufficient security
in Sigfox Ready devices in order to raise awareness on this
issue within Sigfox and throughout the Sigfox ecosystem. It is
also a guide to decide what measures could be required in the
design, implementation and manufacturing of Sigfox Ready
devices.
This document provides an overview of exploiting insecure IoT firmware. It begins with an introduction to IoT protocols like CoAP, MQTT, XMPP, and AMQP. It then discusses the OWASP top 10 security risks for IoT, focusing on insecure software/firmware. Common debugging interfaces for firmware like UART, JTAG, SPI, and I2C are explained. Operating systems and compilers used for IoT development are listed. Finally, the document outlines a methodology for exploiting insecure firmware, including getting the firmware, performing reconnaissance, unpacking, localizing points of interest, and then decompiling, compiling, tweaking, fuzzing, or pentesting the firmware. Tools mentioned include binwalk, firmwalk
The document describes the design of an intelligent monitoring system for laboratory environments based on embedded Linux and Qt/Embedded. It uses an ARM-based microprocessor as the front-end controller connected to various sensors to monitor temperature, humidity, and other environmental factors. A PC serves as the monitoring host to receive and analyze sensor data, while remote terminals allow off-site monitoring. The system implements GUI interfaces using Qt/Embedded on the front-end controller. Device drivers were also developed for the various sensors to allow the ARM processor to read and write sensor data through Linux system calls. The final system was able to successfully monitor and graph laboratory environmental conditions in real-time.
Similar to ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki (20)
BMC: Bare Metal Container @Open Source Summit Japan 2017Kuniyasu Suzaki
The document introduces Bare Metal Containers (BMC), which allow applications running in containers to customize the kernel and select the machine architecture in order to optimize performance and power consumption. BMC measures power usage for each application running on different hardware to provide incentives for developing low power applications. It discusses the current implementation of the BMC manager and evaluations of the boot performance overhead on various machine types.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
This document describes a protocol test generator that uses nested virtual machines and rollback mechanisms to perform exhaustive fuzz testing of protocol implementations. It proposes using a virtual test protocol to encapsulate test packets and control the target virtual machine. Special packets allow taking snapshots of the target VM state and rolling back to previous snapshots to repeatedly test protocol states with different fuzzed packets. The current prototype implements this approach with KVM and QEMU virtual machines to find bugs in TLS/SSL protocol implementations through fuzz testing of the handshake process.
USENIX OSDI 2012 Poster "Nested Virtual Machines and Proxies for Easily Implementable Rollback of Secure Communication" by Kuniyasu Suzaki, Kengo Iijima, Akira Tanaka, and Yutaka Oiwa, AIST: National Institute of Advanced Industrial Science and Technology; Etsuya Shibayama, The University of Tokyo
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Kuniyasu Suzaki
The document discusses security issues with cloud storage and proposes a solution called Virtual Jail Storage System (VJSS). VJSS aims to prevent information leaks from servers and clients by encrypting and splitting data across multiple providers. It also seeks to address concerns about information erasure and loss through error correction and an append-only file system.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
GraphRAG for Life Science to increase LLM accuracy
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
1. 1
Reboot-Oriented IoT:
Life Cycle Management in Trusted Execution Environment
for Disposable IoT devices
Kuniyasu Suzaki 1)
, Akira Tsukamoto 1)
,
Andy Green 2)
, Mohammad Mannan 3)
1)
National Institute of Advanced Industrial Science and Technology
2)
Warmcat
3)
Concordia University
Annual Computer Security Applications Conference (ACSAC) 2020
10 December 2020 13:30-14:45 Session “System and Hardware Security”
Paper on ACM Digital Library https://dl.acm.org/doi/10.1145/3427228.3427293
2. 2
Outline
Background for IoT Security
Concept of Reboot-Oriented IoT
Network boot protected by TEE (Occasional)
Live Memory Forensics protected by TEE (Periodical)
Life Cycle Management based on PKI and protected by TEE
Implementation
RO-IoT on Linux and OP-TEE with Arm TrustZone
Watchdog timer for autonomous reboot protected by TEE
Performance
Conclusion
Occasional > Periodical
3. 3
Background for IoT Security
IoT devices targeted by RO-IoT
Smart cities and smart farming assumes many IoT deices are geologically distributed
and managed by M2M (Machine to Machine).
IoT devices works as AI Edge of Fog-Computing and use Linux to run intelligent applications.
The devices are desired to be disposable when they finish the role. Self-destruction
technologies or ITU E-Waste policy are developed, but …
Concerns
General Security issues are not solved.
If IoT devices are hijacked by malware (ex., Mirai), it is difficult to recover because no
administrator on each device.
The supply chain includes some stakeholders which have responsibilities (device,
software, and service). These stakeholders want to ruin the device when the
responsibilities are terminated because unmanaged IoT devices become Cyber Debris.
They donʼt want to support the expired devices.
4. 4
Reboot-Oriented IoT
Purpose
To prevent IoT from unknown attacks
To offer suitable life cycle management
Contributions and challenges
3 special security mechanism protected by TEE (Trusted Execution Environment)
1. Occasional Network Reboot to recover from unknown attacks
The IoT runs OS on memory only and reboots (re-installs) OS.
2. Periodical Memory Forensics to detect unknown attacks
Assumption: AI-Edge IoT runs a few intended applications only.
RO-IoT allows to run the whitelisted application only.
3. Life Cycle Management to prevent becoming cyber debris
PKI certificates (CA, Server, and Client) are linked to the lifetimes (Device, Software, and
Service).
Example
Occasional > Periodical
42 hours 15seconds
=15sec *10,000
5. 5
Secure Rebooting
Reboot (i.e., Re-Installation) is a suitable way to recover from unknown
attacks.
Related works; CIDER[IEEE SPʼ19], Misery Graphs[IEEE TIFSʼ17], YOLO[SPIEʼ19],
TPM2.0 Authenticated Countdown Timer, etc.
Challenges
1. Secure network boot
The OS image is downloaded by HTTPS and verified by TEE.
The connection of HTTPS is terminated by TEE and securely downloaded in TEE.
TEE has no mechanism to reboot an OS. So, the OS image is transferred to REE and rebooted.
The reboot mechanism utilizes the Linuxʼs kexec.
The download OS runs memory only, i.e., total reinstallation.
2. Secure autonomous rebooting
watchdog timer protected by TEE.
In order to implement TEE and reboot mechanism easily, small Linux is used as a bootloader(detail in implementation).
6. 6
Secure Memory Forensics
Assumption: IoT runs a few applications only.
RO-IoT applies whitelisting security on
memory forensics protected by TEE.
Memory forensics in TEE (TA-Forensics) has
DB for whitelisting apps and retrieves the
task_struct of Linux kernel.
If unknown application is found, TA-
Forensics causes system rest.
TA-Forensics sets the watchdog timer and
must be activated periodical to set again to
prevent system rest.
If the TA-Forensics runs more than thresh
hold, it causes system rest occasionally.
System rest causes secure reboot.
7. 7
Secure Life Cycle Management
RO-IoT assumes
Life cycle of Device
Life cycle of Software
Life cycle of Service
The life cycles are linked to PKI of HTTPS
(TLS) certificates (CA, Client, and Server).
CA Pub Cert is included in TEE by Device
Supplier.
Client Pub Cert is included in TEE by Software
Vendor.
Server Pub Cert is managed by the server of
Service Provider.
The certificates are verified in the TEE when
a HTTPS connection is established at secure
reboot. If a certificate is invalid, RO-IoT does
not boot the OS.
Device
Factory
Service
Provider
Fresh eMMC
Provisioning Server (Port 444)
EstablishTLS
with
provisioning
ServerCert
Download
Booting URL
& Client Cert
& PackageCert
Establish TLS
with
Download
Server Cert
& Client Cert
Download
ROMFS
License
Termination
Service
Termination
Device
Termination
Server Public Cert
Booting Server (Port 443)
SOKKey
Device
Supplier
Software
Vendor
Provisioning Server Private Key
Provisioning Server Public Cert
Client Private Key
Client Public Cert
Package Private Key
Package Public Key
DownloadURL
Secure Storage Encrypted
by Key inTA‐Boot
Ext4 on FirstLinux
Download Server PrivateKey
Download Server Public Cert
request
request
request
fip.bin
(Secure Storage AES Key,
ImageCache AES Key)
Provisioning URL
CA Private Key
CA Public Cert
ROMFS signed by
Package PrivateKey
fip.bin encrypted
by SOC Key
Build in TA‐Boot
Provisioning URL
CA PublicCert
Download URL
Client Public Cert
Client Private Key
Package Public Key
romfs encrypted by
Key inTA
Secure Storage Encrypted
by Key inTA‐Boot
Ext4 on FirstLinux
fip.bin encrypted
by SOC Key
Build in TA‐Boot
Provisioning URL
CA PublicCert
Download URL
Client Public Cert
Client Private Key
Package Public Key
Secure Storage Encrypted
by Key inTA‐Boot
Ext4 on FirstLinux
fip.bin encrypted
by SOC Key
Build in TA‐Boot
Provisioning URL
CA PublicCert
CA
Server Public Cert
Operation
Setup
8. 8
Implementation
2 types of Linux
First Linux: As a bootloader with kexec
The bootloader supports OP-TEE. TA-Boot on OP-TEE
downloads the IoT OS image with HTTPS.
TA-Forensics is launched on the first Linux because it
must be hidden from the second Linux.
The downloaded image is moved to REE (Linux) to
boot it with kexec.
Second Linux: As a IoT OS
Applications are monitored by TA-Forensics.
TA-Forensics is passive, and the activation must be
controlled by an application on the second Linux.
Activation Mechanism: TA-Forensics are
periodically activated because it causes
rebooting with watchdog timer if it is not reset.
Poweron
BL1: BootROM
SecureWorld NormalWorld
TA‐Boot
(BoringSSL, Libwebsocket)
TA‐Forensics
kexec
TA‐
Client1
eMMC
ROMFSfile
Secure
booting
Normal
operation
(live
memory
forensics)
Rebooting
Termination of service, or license, or IoT device
If a TLS certificate
fails.
Download
Server
TEE‐Supplicant
TA‐Forensics,
kernel,
dtb,
Initramfs.gz
(TA‐Client2)
signature
SecondLinux
TA‐Forensics
Invoked
by TA‐Client1
Survive after
kexec
memory
forensics
Invoked
by TA‐Client1
TLS
BL2:
Trusted Boot
Firmware
BL31:
Secure Monitor
BL32:
OP‐TEE
BL33:
First Linux
TA‐
Clinet2
TEE‐
Supplicant
IoT
Application
Connected
by TA‐Client2
9. 9
Implementation
RO-IoT is implanted on HiKey board (Arm
Cortex-A, 2GB Memory).
eMMC includes the bootloader (First Linux)
with OP-TEE image (TA-Boot).
TA-Boot includes BoringSSL and LibWebSockets
for HTTPS.
The bootloader has a mechanism to cache
an OS image. If the OS image is not
updated, the bootloader use the saved OS
image to eliminate the download time.
BL2: TrustedBoot
Firmware(29KB)
BL31: Secure
Monitor(33KB)
BL32: SecureOS
OP‐TEE(286KB)
BL33: First Linux
ROMFS(7,100KB)
Kernel(5,464KB)
dtb(37KB)
intramfs.gz (1,598KB)
intramfs.gz
ForNetwork
dhcp
netdate
ip
For OP‐TEE
TEE‐Supplicant (197KB)
TA‐Client1 (17KB)
TA‐Boot(1,173KB)
ForBoot
kexec
For Updatefib.bin
dd
SecureStorage
encrypted by key inTA
Download URL
Client Public Cert
Client Privatekey
ROM
Key in SOC
Run in normal world
Run in secure world
TA‐Boot
For HTTPProtocol
LibWebSockets
ForSecurity
BoringSSL
Keys
CA Pub Cert
Provisioning URL
AES Key for SecureStorage
AES Key for ImageCache
URL
URL of Provisioning Server
eMMC
fip.bin(7,590KB)
encrypted by key in SOC
First Linux FS(EXT4)
Imagecache
encrypted by key
inTA
BL1: BootROM
11. 11
Performance of memory forensics on TEE
Watchdog timer is set to cause within 30 seconds.
The time reset is issued every15 seconds.
The memory forensics must finish within 15 seconds (until next time rest is issued).
We evaluated the memory forensics on TEE with 0, 100, and 200 extra
processes.
12. 12
Future Work
Target applications of RO-IoT were AI Edge, which allowed short-time
suspension.
Next target is mission critical applications (mobility and life support for
smart city).
RO-IoT with partial OS update mechanism.
RO-IoT with fault tolerant mechanism.
13. 13
Conclusions
Return-Oriented IoT makes IoT device disposable with 3 security
mechanisms protected by TEE (Trusted Execution Environment).
1. Occasional Network Reboot replaces whole OS image on memory and recovers from
unknown attacks
2. Periodical Memory Forensics detects unknown attacks
3. Life Cycle Managements linked to PKI certificates prevents becoming cyber debris