The document discusses the security challenges in device-to-device (D2D) communications, highlighting vulnerabilities such as eavesdropping and the need for enhanced safety alongside the fast communication provided by technologies like Bluetooth and Wi-Fi. It presents a network-based anomaly detection approach and defines various outcomes of security controls, while introducing two models: the Cyber Kill Chain and the Diamond Model for analyzing attacks. The Cyber Kill Chain outlines stages of an attack, emphasizing that attackers may not follow a strict sequence.

1. Security Challenges in D2D
Communications
AJITHKUMAR VYASARAO
CCNA Cyber Ops, CCIE Service Provider, Cisco Security Ninja Black Belt

2. Agenda
• Introduction
• Security and Privacy Challenges

3. Introduction
• We are witnessing revolution in Device to device communication.
There are standards of personal area networks, such as Blue- tooth
and ZigBee.
• These technologies mainly been focused on reliable and fast
communication.
• At the same time, need to provide more safety in this domain.

4. D2D communications scope
• Device to Device communication encompass technologies
• Blue-tooth
• Wifi
• IOT
• Mobile and Handheld devices

5. D2D communication
• Vulnerable to various Security issues
• Passive Eaves dropping
• Active eaves dropping
• Side channel attacks

6. D2D Communication
• Confidentiality
• Integrity
• Availability

7. Network based anomaly detection
• Collect and Analyze flows
• Establish baseline
• Alarm on anomalies detected

8. Alerts and Actions
• All decisions of security controls can be classified as one of the following:
• True positives: The security control, such as an IPS or IDS sensor, acted as a
consequence of malicious activity, which represents normal and optimal
operation.
• False positives: The security control that is acted as a consequence of non-
malicious activity, which represents an error, generally caused by too tight
proactive controls (which do not permit all legitimate traffic) or too relaxed
reactive controls (with too broad descriptions of the attack).
• True negatives: The security control has not acted, because there was no
malicious activity, which represents normal and optimal operation.
• False negatives: The security control has not acted, even though there was
malicious activity, which represents an error, generally caused by too relaxed
proactive controls (which permit more than just minimal legitimate traffic) or too
specific reactive controls (with too-specific descriptions of the attack).

9. Cyber Kill Chain Model
• There are 2 models
• Cyber Kill chain model
• Diamond model

10. Cyber Kill Chain Model
• Cyber kill chain model explains various stages of attack
Reconnaissance
Weaponization
Delivery
Exploitation
Installationn
Command-and-control
Actions on Objectives

11. Cyber Kill Chain
• Originally introduced by Lockheed Martin
• The cyber kill chain has 7 stages.
• Attackers do not necessarily need to follow the exact steps and
sequences of the cyber kill chain

12. Diamond Model
Adversary
Infrastructure
Victim
Capability

13. Diamond Model
• Developed by Caltagirone, Pendergast, and Betzis
• The four nodes in the model are: adversary, capability, infrastructure,
victim
• An event is described as an adversary deploys a capability over some
infrastructure against a victim

14. Q&A