【Intern Case Study_矽智財】
矽智財 (IP) 是 IC 設計所使用的智慧財產權,是一組事前設計好並驗證完畢、可重複使用的功能組塊,屬於半導體產業的上游,隨著 IC 產業垂直分工化的趨勢而崛起,具有高進入門檻、無庫存、高毛利等特色。
矽智財產業的商業模式為將設計好的 IP 模組授權給買家使用,初次會收取授權金 (License),往後開始量產則轉為收取權利金 (Royalty)。隨著先進製程不斷演進,全球矽智財市場也高速成長,終端市場以消費性電子為大宗,車用與 AI 應用則為主要成長動能。
cnc, mesin cnc, fanuc, haas, makino, yaskawa, doosan, mesin bubut, mesin milling, mesin tapping, wirecut, mesin press, mesin pabrik, mesin otomotif, sparepart mesin cnc
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...CODE BLUE
Since 2010 Stuxnet caused substantial damage to the nuclear program of Iran, ICS security issues have been raised. Lots of researchers dig into the hacking skills and path and those known attacks in the history and more malwares and events happened. Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters , which need strong background knowledge , and all the fields they have. To solve this problem, we try to make a rare OT targeting , open source adversary emulation tool as a plugin on MITRE open source tool - Caldera. Users can easily combine IT attacks with our OT adversaries and change steps of attacks or send manual commands in the process.
We summarize the experience of reviewing over 20 factories traffic and analyzing 19 MITRE defined ICS malwares, PIPEDREAM/Incontroller in 2022. We found the main trend of ICS malwares changes from single protocol targeting to modularized , multiple protocols supporting. The actions in malwares can be summarized as a 4 stages attacking flow, We will explain it with the real attacks from malwares. We use the above conclusions to build automatic adversary emulation tool.
Now the tool already supports 10 common protocols and over 23 techniques on the MITRE ICS matrix , which is able to reproduce over 80% of defined ICS malware actions in OT. We also follow the 4 stages conclusion to add some attacks havent been used by any malwares. We have tested it on real oil ,gas ,water, electric power factory devices , protocol simulations for SCADA developers and honeypot. We will have a demo in this presentation.
【Intern Case Study_矽智財】
矽智財 (IP) 是 IC 設計所使用的智慧財產權,是一組事前設計好並驗證完畢、可重複使用的功能組塊,屬於半導體產業的上游,隨著 IC 產業垂直分工化的趨勢而崛起,具有高進入門檻、無庫存、高毛利等特色。
矽智財產業的商業模式為將設計好的 IP 模組授權給買家使用,初次會收取授權金 (License),往後開始量產則轉為收取權利金 (Royalty)。隨著先進製程不斷演進,全球矽智財市場也高速成長,終端市場以消費性電子為大宗,車用與 AI 應用則為主要成長動能。
cnc, mesin cnc, fanuc, haas, makino, yaskawa, doosan, mesin bubut, mesin milling, mesin tapping, wirecut, mesin press, mesin pabrik, mesin otomotif, sparepart mesin cnc
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...CODE BLUE
Since 2010 Stuxnet caused substantial damage to the nuclear program of Iran, ICS security issues have been raised. Lots of researchers dig into the hacking skills and path and those known attacks in the history and more malwares and events happened. Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters , which need strong background knowledge , and all the fields they have. To solve this problem, we try to make a rare OT targeting , open source adversary emulation tool as a plugin on MITRE open source tool - Caldera. Users can easily combine IT attacks with our OT adversaries and change steps of attacks or send manual commands in the process.
We summarize the experience of reviewing over 20 factories traffic and analyzing 19 MITRE defined ICS malwares, PIPEDREAM/Incontroller in 2022. We found the main trend of ICS malwares changes from single protocol targeting to modularized , multiple protocols supporting. The actions in malwares can be summarized as a 4 stages attacking flow, We will explain it with the real attacks from malwares. We use the above conclusions to build automatic adversary emulation tool.
Now the tool already supports 10 common protocols and over 23 techniques on the MITRE ICS matrix , which is able to reproduce over 80% of defined ICS malware actions in OT. We also follow the 4 stages conclusion to add some attacks havent been used by any malwares. We have tested it on real oil ,gas ,water, electric power factory devices , protocol simulations for SCADA developers and honeypot. We will have a demo in this presentation.
1. Doc no WJPDSS001 09 Jul 2004
デバイスモデル
フォト・
フォト・ダイオード
株式会社ビー・テクノロジー
Copyright (C) 2004 Bee Technologies Inc.
2. Doc no WJPDSS001 09 Jul 2004
ご依頼の方法について
お客様に準備して頂くものは以下の 2 点です。
① データシートまたは、仕様書
半導体メーカーが公開しているデータシート、あるいはカスタム品の場合は、電気的特性が
記述されている仕様書です。
必要な情報として以下のものがあります。
□ Dark Current のグラフ(VR vs IR)
□ Radiant Energy(Ee) vs. Photocurrent(Ip)のグラフ
□ VR 値(容量測定時に必要です)
② フォト・ダイオードのサンプルを 3 個
対象となるフォト・ダイオードを 3 個準備して下さい。計測をする際に予備として準備して頂
きます。また、3 個準備出来ない場合はご相談下さい。
お客様より準備して頂いた後にデバイスモデリングを実施致します。
当社からお客様にご提供する納品物は以下の通りです。
① デバイスモデル(スパイスモデル)
② デバイスモデリング・レポート
以下の 4 つの特性を評価検証し、ご報告致します。
Dark Current Characteristic
Radiant Energy vs. Photocurrent
Forward Current Characteristic
Junction Capacitance Characteristic
③ 回路図シンボル
次ページ以降にデバイスモデリング・レポートのサンプルを掲載致します。
Copyright (C) 2004 Bee Technologies Inc.
3. Doc no WJPDSS001 09 Jul 2004
Device Modeling Report
COMPONENTS: Photodiode
PART NUMBER: SFH 205 FA
MANUFACTURER: SIEMENS
Bee Technologies Inc.
Copyright (C) 2004 Bee Technologies Inc.
4. Doc no WJPDSS001 09 Jul 2004
Dark Current Characteristic
Circuit simulation result
Evaluation circuit
R1
0.01m
V1
SFH_205_FA
0Vdc
V2 U2
0Vdc
0
0
Copyright (C) 2004 Bee Technologies Inc.