[CB16] CGCで使用した完全自動脆弱性検知ツールを使ったセキュリティの分析とその効果 by InHyuk Seo & Jason ParkCODE BLUE
ユーザーのセキュアなIT製品に対する要求は、人の生活や産業に直接影響を与えるモノのインターネット(IoT)やサイバーフィジカルシステム(CPS)といった分野で増え続けている。ベンダーとユーザーは信用性あるいは客観的セキュリティ評価に基づいて製品を売買するため、セキュリティ評価は重要な役割を担う。セキュリティ評価は大きく、ISO/IEC29128(暗号プロトコルの安全性)のようなデザインおよびISO/IEC15408(コモンクライテリア)のような実装の評価に二分される。これらのセキュリティ評価の基準、ISO/IEC29128およびISO/IEC15408はともに対象の製品に高い保証レベルが要求されている場合には、形式的検証と自動化ツールの使用を勧告している。
この自動化ツールを使用した脆弱性の検知は、長い間多くのセキュリティ研究者やハッカーにより試行や研究が行われてきた。そして最近では、DARPAのサイバーグランドチャレンジにより、自動化ツールを利用した脆弱性検知に関する研究は、今までにないくらい活発になっている。しかしながら、数多くの自動化ツールが継続的に開発され、それぞれのツールが個別の目的のために使用されるもののため、効率的にセキュリティ評価を行うことが難しくなっている。
さらに、セキュリティ評価の側面から自動化ツールを分類するために参考にできる基準が無い。このプレゼンテーションではすべての脆弱性検知のための自動化ツールを列挙、分類をした上で分析を行い、長所と短所、目的、効率性などの結果を紹介する。
--- イン・ヒュ・セオ In Hyuk Seo
Inhyuk Seo(通称 in hack)。2015年に漢陽大学(ERICA)にて、計算機科学と工学の学士号を取得。現在は高麗大学の修士課程でSecurity Analaysis aNd Evaluation(SANE)に籍を置く。現在はプログラミング言語、ソフトウェア検査、機械学習および人工知能に興味を持つ。2012年にはKITRI(Korea Information Technology Research Institute)で開催された情報セキュリティ教育コース Best of the Best(BoB)を修了し、プロジェクト「難読化されたJavaスクリプト向けエクスプロイトデコーダ」の実行を指揮した。多くの脆弱性分析関連のプロジェクトに参加。スマートTVの脆弱性分析とセキュリティ評価、 軍事環境向けモバイルセキュリティソリューション(EAL4)の開発などを指揮する。また、多岐にわたる国内の通信業者のIoT製品の脆弱性分析に参加した。
--- ジソ・パク Jiso
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...CODE BLUE
Electronは、WindowsやOS X、Linuxのデスクトップアプリケーションを簡単に作成するためのフレームワークであり、Atom EditorやVisual Studio Code、Slackといった人気アプリケーションの開発にも用いられている。ElectronはChromiumとnode.jsを内包することでWebアプリケーション開発者が慣れた手法でデスクトップアプリケーションを開発可能にしている反面、アプリケーション内にDOM-based XSSが一か所でも存在すると容易に任意コード実行が可能になるなどセキュリティ上の問題点も多数存在しており、事実、今日までに著名なElectron製アプリケーションにおいて任意コード実行が可能な脆弱性を多数発見・報告している。
本セッションでは、Electronを利用して開発する際に発生しやすいセキュリティ上の問題点を整理して理解することを目的にしている。
--- はせがわ ようすけYosuke Hasegawa
株式会社セキュアスカイ・テクノロジー常勤技術顧問。
Internet Explorer、Mozilla FirefoxをはじめWebアプリケーションに関する多数の脆弱性を発見。 Black Hat Japan 2008、韓国POC 2008、2010、OWASP AppSec APAC 2014他講演多数。
OWASP Kansai Chapter Leader / OWASP Japan Board member
[CB16] 難解なウェブアプリケーションの脆弱性 by Andrés RianchoCODE BLUE
この講演では、難解なWebアプリケーションの脆弱性を詳しく見せる。これらの脆弱性は多くのセキュリティ・コンサルタントの簡易な脆弱性診断では見逃される可能性があり、リモートコード実行、認証バイパスや、実際にお金を支払うことなくPayPal経由でお店の商品を購入されてしまうことに繋がる。
SQLインジェクションは廃れたが、私は気にしない。null、nil、NULLの世界や、noSQLインジェクション、通話音声傍受に繋がるHostヘッダ・インジェクション、PayPalの二重支払い、RailsのMessage Verifierのリモートコード実行の世界を探検しようではないか。
--- アンドレス・リアンチョ Andres Riancho
アンドレス・リアンチョはアプリケーション・セキュリティの専門家であり、現在はコミュニティを前提としたオープン・ソースのw3afプロジェクトを率いていて、世界中の企業に徹底的なWebアプリケーション侵入テストサービスを提供している。
研究の分野では、3comやISSからのIPS装置に対し重大な脆弱性を発見していて、元雇用者のひとりが行ったSAP研究に貢献し、何百ものWebアプリケーションに対して脆弱性を報告している。
彼が注力しているものは常に、Webアプリケーションのセキュリティ分野である。それは彼が開発したw3afであり、侵入テスターやセキュリティ・コンサルタントたちに幅広く使われるWebアプリケーション攻撃、Auditフレームワークだ。アンドレスは、BlackHat(米国と欧州)、SEC-T(スウェーデン)、DeepSec(オーストリア)、OWASP World C0n(米国)、CanSecWest(カナダ)、PacSecWest(日本)、T2(フィンランド)、Ekoparty(ブエノスアイレス)など、世界中の多くのセキュリティ会議において講演をし、トレーニングの場を設けてきた。
アンドレスは、自動Webアプリケーション脆弱性の検知と開発を更に研究するため、2009年にWebセキュリティに特化したコンサルタント会社Bonsai Information Securityを設立している。
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...CODE BLUE
Electron is a framework to create the desktop application on Windows,OS X, Linux easily, and it has been used to develop the popular applications such as Atom Editor, Visual Studio Code, and Slack.
Although Electron includes Chromium and node.js and allow the web application developers to be able to develop the desktop application with accustomed methods, it contains a lot of security problems such as it allows arbitrary code execution if even one DOM-based XSS exist in the application. In fact, a lot of vulnerabilities which is able to load arbitrary code in applications made with Electron have been detected and reported.
In this talk, I focus on organize and understand the security problems which tend to occur on development using Electron.
--- Yosuke Hasegawa
Secure Sky Technology Inc, Technical Adviser. Known for finding numerous vulnerablities in Internet Explorer、Mozilla Firefox and other web applications.He has also presented at Black Hat Japan 2008, South Korea POC 2008, 2010 and others.
OWASP Kansai Chapter Leader, OWASP Japan Board member.
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
It started with computer hacking and Japanese linguistics as a kid. Zach Mathis has been based in Kobe, Japan, and has performed both red team services as well as blue team incident response and defense consultation for major Japanese global Japanese corporations since 2006. He is the founder of Yamato Security, one of the largest and most popular hands-on security communities in Japan, and has been providing free training since 2012 to help improve the local security community. Since 2016, he has been teaching security for the SANS institute and holds numerous GIAC certifications. Currently, he is working with other Yamato security members to provide free and open-source security tools to help security analysts with their work.
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
Most 5G networks are built in fundamentally new ways, opening new hacking avenues.
Mobile networks have so far been monolithic systems from big vendors; now they become open vendor-mixed ecosystems. Networks are rapidly adopting cloud technologies including dockerization and orchestration. Cloud hacking techniques become highly relevant to mobile networks.
The talk dives into the hacking potential of the technologies needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks.
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. We also use it to print some internal business documents of the company, which makes it even more important to keep the printer safe.
Nowadays, most of the printers on the market do not have to be connected with USB or traditional cable. As long as you are using a LAN cable connected to the intranet, the computer can find and use the printer immediately. Most of them are based on protocols such as SLP and LLMNR. But is it really safe when vendors adopt those protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker?
In this talk, we will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as case study, showing how to analyze and gain control access to the printer. We will also demonstrate how to use the vulnerabilities to achieve RCE in RTOS in unauthenticated situations.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
Yuuma Taki is enrolled in the Hokkaido Information University Information Media Faculty of Information Media (4th year).
At university he is focusing on learning about security for lower-level components, such OS and CPU. In his third year of undergraduate school, he worked on trying to implement the OS security mechanism "KASLR", at Sechack365.
Currently, he is learning about ROP derivative technology and embedded equipment security.
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
In October 2021, we published the first analysis of Wslink – a unique loader likely linked to the Lazarus group. Most samples are packed and protected with an advanced virtual machine (VM) obfuscator; the samples contain no clear artifacts and we initially did not associate the obfuscation with a publicly known VM, but we later managed to connect it to CodeVirtualizer. This VM introduces several additional obfuscation techniques such as insertion of junk code, encoding of virtual operands, duplication of virtual opcodes, opaque predicates, merging of virtual instructions, and a nested VM.
Our presentation analyzes the internals of the VM and describes our semi automated approach to “see through” the obfuscation techniques in reasonable time. We demonstrate the approach on some bytecode from a protected sample and compare the results with a non-obfuscated sample, found subsequent to starting our analysis, confirming the method’s validity. Our solution is based on a known deobfuscation method that extracts the semantics of the virtual opcodes, using symbolic execution with simplifying rules. We further treat the bytecode chunks and some internal constructs of the VM as concrete values instead of as symbolic ones, enabling the known deobfuscation method to deal with the additional obfuscation techniques automatically.
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
Kimsuky is a North Korean APT possibly controlled by North Korea's Reconnaissance General Bureau. Based on reports from the Korea Internet & Security Agency (KISA) and other vendors, TeamT5 identified that Kimsuky's most active group, CloudDragon, built a workflow functioning as a "Credential Factory," collecting and exploiting these massive credentials.
The credential factory powers CloudDragon to start its espionage campaigns. CloudDragon's campaigns have aligned with DPRK's interests, targeting the organizations and key figures playing a role in the DPRK relationship. Our database suggested that CloudDragon has possibly infiltrated targets in South Korea, Japan, and the United States. Victims include think tanks, NGOs, media agencies, educational institutes, and many individuals.
CloudDragon's "Credential Factory" can be divided into three small cycles, "Daily Cycle," "Campaign Cycle," and "Post-exploit Cycle." The"Daily Cycle" can collect massive credentials and use the stolen credentials to accelerate its APT life cycle.
In the "Campaign Cycle," CloudDragon develops many new malware. While we responded to CloudDragon's incidents, we found that the actor still relied on BabyShark malware. CloudDragon once used BabyShark to deploy a new browser extension malware targeting victims' browsers. Moreover, CloudDragon is also developing a shellcode-based malware, Dust.
In the "Post-exploit Cycle," the actor relied on hacking tools rather than malicious backdoors. We also identified that the actor used remote desktop software to prevent detection.
In this presentation, we will go through some of the most significant operations conducted by CloudDragon, and more importantly, we will provide possible scenarios of future invasions for defense and detection.
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
Social media is no doubt a critical battlefield for threat actors to launch InfoOps, especially in a critical moment such as wartime or the election season. We have seen Bot-Driven Information Operations (InfoOps, aka influence campaign) have attempted to spread disinformation, incite protests in the physical world, and doxxing against journalists.
China's Bots-Driven InfoOps, despite operating on a massive scale, are often considered to have low impact and very little organic engagement. In this talk, we will share our observations on these persistent Bots-Driven InfoOps and dissect their harmful disinformation campaigns circulated in cyberspace.
In the past, most bots-driven operations simply parroted narratives of the Chinese propaganda machine, mechanically disseminating the same propaganda and disinformation artifacts made by Chinese state media. However, recently, we saw the newly created bots turn to post artifacts in a livelier manner. They utilized various tactics, including reposting screenshots of forum posts and disguised as members of “Milk Tea Alliance,” to create a false appearance that such content is being echoed across cyberspace.
We particularly focus on an ongoing China's bots-driven InfoOps targeting Taiwan, which we dub "Operation ChinaRoot." Starting in mid-2021, the bots have been disseminating manipulated information about Taiwan's local politics and Covid-19 measures. Our further investigation has also identified the linkage between Operation ChinaRoot and other Chinese state-linked networks such as DRAGONBRIDGE and Spamouflage.
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
Malwares written in Go is increasing every year. Go's cross-platform nature makes it an opportune language for attackers who wish to target multiple platforms. On the other hand, the statically linked libraries make it difficult to distinguish between user functions and libraries, making it difficult for analysts to analyze. This situation has increased the demand for Go malware classification and exploration.
In this talk, we will demonstrate the feasibility of computing similarity and classification of Go malware using a newly proposed method called gimpfuzzy. We have implemented "gimpfuzzy", which incorporates Fuzzy Hashing into the existing gimphash method. In this talk, we will verify the discrimination rate of the classification using the proposed method and confirm the validity of the proposed method by discussing some examples from the classified results. We will also discuss issues in Go-malware classification.
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
Malware analysts normally obtain IP addresses of the malware's command & control (C2) servers by analyzing samples. This approach works in commoditized attacks or campaigns. However, with targeted attacks using APT malware, it's difficult to acquire a sufficient number of samples for organizations other than antivirus companies. As a result, malware C2 IOCs collected by a single organization are just the tip of the iceberg.
For years, I have reversed the C2 protocols of high-profile APT malware families then discovered the active C2 servers on the Internet by emulating the protocols. In this presentation, I will explain how to emulate the protocols of two long-term pieces of malware used by PRC-linked cyber espionage threat actors: Winnti 4.0 and ShadowPad.
Both pieces of malware support multiple C2 protocols like TCP/TLS/HTTP/HTTPS/UDP. It's also common to have different data formats and encoding algorithms per each protocol in one piece of malware. I'll cover the protocol details while referring to unique functions such as server-mode in Winnti 4.0 and multiple protocol listening at a single port in ShadowPad. Additionally, I'll share the findings regarding the Internet-wide C2 scanning and its limitations.
After the presentation, I'll publish over 140 C2 IOCs with the date ranges in which they were discovered. These dates are more helpful than just IP address information since the C2s are typically found on hosted servers, meaning that the C2 could sometimes exist on a specific IP only for a very limited time. 65% of these IOCs have 0 detection on VirusTotal as of the time of this writing.
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
We are swamped with new types of malware every day. The goal of malware analysis is not to reveal every single detail of the malware. It is more important to develop tools for efficiency or introduce automation to avoid repeating the same analysis process. Therefore, malware analysts usually actively develop tools and build analysis systems. On the other hand, it costs a lot for such tool developments and system maintenance. Incident trends change daily, and malware keeps evolving. However, it is not easy to keep up with new threats. Malware analysts spend a long time maintaining their analysis systems, and it results in reducing their time for necessary analysis of new types of malware.
To solve these problems, we incorporate DevOps practices into malware analysis to reduce the cost of system maintenance by using CI/CD and Serverless. This presentation shares our experience on how CI/CD, Serverless, and other cloud technologies can be used to streamline malware analysis. Specifically, the following case studies are discussed.
* Malware C2 Monitoring
* Malware Hunting using Cloud
* YARA CI/CD system
* Malware Analysis System on Cloud
* Memory Forensic on Cloud
Through the above case studies, we will share the benefits and tips of using the cloud and show how to build a similar system using Infrastructure as Code (IaC). The audience will learn how to improve the efficiency of malware analysis and build a malware analysis system using Cloud infrastructure.
12. ISM 2.4GHz band
WiFi/Bluetooth frequency allocation
http://www.digikey.com/es/articles/techzone/2013/jun/shaping-the-wireless-future-with-low-energy-applications-and-systems
11
21. 関連プロジェクト
Travis Goodspeed, 2010
The GoodFET is an open-source JTAG adapter, loosely based
upon the TI MSP430 FET UIF and EZ430U boards
http://goodfet.sourceforge.net/
KeyKeriKiプロジェクト(CanSecWest 2010 )
Developed some device with ARM Cortex MPU and radio module
which can keyboard sniffing and remote command execution.
http://www.remote-exploit.org/articles/keykeriki_v2_0__8211_2_4ghz/index.html
Keysweeper(2015年1月)
処理の効率化とシステム化
• デバイスアドレスの一部が 0xCD固定に注目
• USB充電器の中に埋め込み、EEPROMへロギング
• キーワードを検知したら携帯モジュールでSMS送信
• キーストロークをリアルタイムで別デバイスへ転送など
https://github.com/samyk/keysweeper
20
22. ブレッドボード上で実験
Sniffer hardware
USB
制御PC
Microsoft Wireless
Keyboard 800 Arduino nano
•2403~2480MHzを1MHzステップでスキャン
•デバイスIDの中の1byte( = 0xCD )を探索
•続く2byteが(0x0A38 | 0x0A78)であれば、ス
キャンを停止して、ロギングを開始
約1500行のArduinoプログラム
nRF24L01
・2.4GHz ISM band
・GFSK modulation
・1Mbps or 2Mbps
21
23. Success?
Radio setup
End radio setup
scan
Tuning to 2480
Potential keyboard: AA AA 5A A9 CD 27 55 49
Tuning to 2403
Tuning to 2404
Potential keyboard: E4 AA AA A5 CD 55 A5 5A
Tuning to 2405
Tuning to 2406
Tuning to 2407
Tuning to 2408
…………………
No !!
22
39. ADS-Bに関する論文等
脆弱性などに関する発表
Donald L. McCallie, Major, USAF (2011年)
• http://apps.fcc.gov/ecfs/document/view.action?id=7021694523
Andrei Costin, Aurelien Francillon, BlackHat2012
• https://media.blackhat.com/bh-us-
12/Briefings/Costin/BH_US_12_Costin_Ghosts_In_Air_Slides.pdf
Brad render, DEFCON20 (2012年)
• http://korben.info/wp-content/uploads/defcon/SpeakerPresentations/Renderman/DEFCON-20-
RenderMan-Hackers-plus-Airplanes.pdf
Hugo Teso, CyCon2013 (2013年)
• https://ccdcoe.org/cycon-2013.html
対策などに関する発表
Martin Strohmeier, Ivan Martinovic、(2014年)
• Detecting False-Data Injection Attacks on Air Traffic Control Protocols
• http://www.cs.ox.ac.uk/files/6604/wisec2014-abstract.pdf
Kyle D. Wesson,Brian L. Evans,他 (2014年)
• Can Cryptography Secure Next Generation Air Traffic Surveillance?
• https://radionavlab.ae.utexas.edu/images/stories/files/papers/adsb_for_submission.pdf
Seoung-Hyeon Lee , Yong-Kyun Kim, Deok-Gyu Lee 他、(2014年)
• Protection Method for Data Communication between ADS-BSensor and Next-Generation Air
Traffic Control Systems
• http://www.mdpi.com/2078-2489/5/4/622
38