Biblio

Fully securing networks from remote attacks is recognized by the IT industry as a critical and imposing challenge. Even highly secure systems remain vulnerable to attacks and advanced persistent threats. Air-gapped networks may be secure from remote attack. One-way flows are a novel approach to improving the security of telemetry for critical infrastructure, retaining some of the benefits of interconnectivity whilst maintaining a level of network security analogous to that of unconnected devices. Simple and inexpensive techniques can be used to provide this unidirectional security, removing the risk of remote attack from a range of potential targets and subnets. The application of one-way networks is demonstrated using IEEE compliant PMU data streams as a case study. Scalability is demonstrated using SDN techniques. Finally, these techniques are combined, demonstrating a node which can be secured from remote attack, within defined limitations.

Traditionally Industrial Control System(ICS) used air-gap mechanism to protect Operational Technology (OT) networks from cyber-attacks. As internet is evolving and so are business models, customer supplier relationships and their needs are changing. Hence lot of ICS are now connected to internet by providing levels of defense strategies in between OT network and business network to overcome the traditional mechanism of air-gap. This upgrade made OT networks available and accessible through internet. OT networks involve number of physical objects and computer networks. Physical damages to system have become rare but the number of cyber-attacks occurring are evidently increasing. To tackle cyber-attacks, we have a number of measures in place like Firewalls, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). To ensure no attack on or suspicious behavior within network takes place, we can use visual aids like creating dashboards which are able to flag any such activity and create visual alert about same. This paper describes creation of parser object to convert Common Event Format(CEF) to Comma Separated Values(CSV) format and dashboard to extract maximum amount of data and analyze network behavior. And working of active querying by leveraging packet level data from network to analyze network inclusion in real-time. The mentioned methodology is verified on data collected from Waste Water Treatment Plant and results are presented.,} booktitle = {2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)

In the past air-gapped systems that are isolated from networks have been considered to be very secure. Yet there have been reports of such systems being breached. These breaches have shown to use unconventional means for communication also known as covert channels such as Acoustic, Electromagnetic, Magnetic, Electric, Optical, and Thermal to transfer data. In this paper, a review of various attack methods that can compromise an air-gapped system is presented along with a summary of how efficient and dangerous a particular method could be. The capabilities of each covert channel are listed to better understand the threat it poses and also some countermeasures to safeguard against such attack methods are mentioned. These attack methods have already been proven to work and awareness of such covert channels for data exfiltration is crucial in various industries.

Air-gapped networks are isolated from the Internet, since they store and process sensitive information. It has been shown that attackers can exfiltrate data from air-gapped networks by sending acoustic signals generated by computer speakers, however this type of covert channel relies on the existence of loudspeakers in the air-gapped environment. In this paper, we present CD-LEAK - a novel acoustic covert channel that works in constrained environments where loudspeakers are not available to the attacker. Malware installed on a compromised computer can maliciously generate acoustic signals via the optical CD/DVD drives. Binary information can then be modulated over the acoustic signals and be picked up by a nearby Internet connected receiver (e.g., a workstation, hidden microphone, smartphone, laptop, etc.). We examine CD/DVD drives and discuss their acoustical characteristics. We also present signal generation and detection, and data modulation and demodulation algorithms. Based on our proposed method, we developed a transmitter and receiver for PCs and smartphones, and provide the design and implementation details. We examine the channel and evaluate it on various optical drives. We also provide a set of countermeasures against this threat - which has been overlooked.

The Automation industries that uses Supervisory Control and Data Acquisition (SCADA) systems are highly vulnerable for Network threats. Systems that are air-gapped and isolated from the internet are highly affected due to insider attacks like Spoofing, DOS and Malware threats that affects confidentiality, integrity and availability of Operational Technology (OT) system elements and degrade its performance even though security measures are taken. In this paper, a behavior-based intrusion prevention system (IPS) is designed for OT networks. The proposed system is implemented on SCADA test bed with two systems replicates automation scenarios in industry. This paper describes 4 main classes of cyber-attacks with their subclasses against SCADA systems and methodology with design of components of IPS system, database creation, Baselines and deployment of system in environment. IPS system identifies not only IT protocols but also Industry Control System (ICS) protocols Modbus and DNP3 with their inside communication fields using deep packet inspection (DPI). The analytical results show 99.89% accuracy on binary classification and 97.95% accuracy on multiclass classification of different attack vectors performed on network with low false positive rate. These results are also validated by actual deployment of IPS in SCADA systems with the prevention of DOS attack.

The cyber-physical systems (CPSes) rely on computing and control techniques to achieve system safety and reliability. However, recent attacks show that these techniques are vulnerable once the cyber-attackers have bypassed air gaps. The attacks may cause service disruptions or even physical damages. This paper designs the built-in attack characterization scheme for one general type of cyber-attacks in CPS, which we call time delay attack, that delays the transmission of the system control commands. We use the recurrent neural networks in deep learning to estimate the delay values from the input trace. Specifically, to deal with the long time-sequence data, we design the deep learning model using stacked bidirectional long short-term memory (LSTM) units. The proposed approach is tested by using the data generated from a power plant control system. The results show that the LSTM-based deep learning approach can work well based on data traces from three sensor measurements, i.e., temperature, pressure, and power generation, in the power plant control system. Moreover, we show that the proposed approach outperforms the base approach based on k-nearest neighbors.

Computer worms pose a major threat to computer and communication networks due to the rapid speed at which they propagate. Biologically based epidemic models have been widely used to analyze the propagation of worms in computer networks. For an air-gapped network with an insider threat, we propose a modified Susceptible-Exposed-Infected-Quarantined-Vaccinated (SEIQV) model called the Susceptible-Exposed-Infected-Quarantined-Patched (SEIQP) model. We describe the assumptions that apply to this model, define a set of differential equations that characterize the system dynamics, and solve for the basic reproduction number. We then simulate and analyze the parameters controlled by the insider threat to determine where resources should be allocated to attain different objectives and results.

Air-gapped computers are systems that are kept isolated from the Internet since they store or process sensitive information. In this paper, we introduce an optical covert channel in which an attacker can leak (or, exfiltlrate) sensitive information from air-gapped computers through manipulations on the screen brightness. This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys and passwords), and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam. We present related work and discuss the technical and scientific background of this covert channel. We examined the channel's boundaries under various parameters, with different types of computer and TV screens, and at several distances. We also tested different types of camera receivers to demonstrate the covert channel. Lastly, we present relevant countermeasures to this type of attack.

Using the keyboard LEDs to send data optically was proposed in 2002 by Loughry and Umphress [1] (Appendix A). In this paper we extensively explore this threat in the context of a modern cyber-attack with current hardware and optical equipment. In this type of attack, an advanced persistent threat (APT) uses the keyboard LEDs (Caps-Lock, Num-Lock and Scroll-Lock) to encode information and exfiltrate data from airgapped computers optically. Notably, this exfiltration channel is not monitored by existing data leakage prevention (DLP) systems. We examine this attack and its boundaries for today's keyboards with USB controllers and sensitive optical sensors. We also introduce smartphone and smartwatch cameras as components of malicious insider and 'evil maid' attacks. We provide the necessary scientific background on optical communication and the characteristics of modern USB keyboards at the hardware and software level, and present a transmission protocol and modulation schemes. We implement the exfiltration malware, discuss its design and implementation issues, and evaluate it with different types of keyboards. We also test various receivers, including light sensors, remote cameras, 'extreme' cameras, security cameras, and smartphone cameras. Our experiment shows that data can be leaked from air-gapped computers via the keyboard LEDs at a maximum bit rate of 3000 bit/sec per LED given a light sensor as a receiver, and more than 120 bit/sec if smartphones are used. The attack doesn't require any modification of the keyboard at hardware or firmware levels.

In this paper we consider the threat surface and security of air gapped wallet schemes for permissioned blockchains as preparation for a Markov based mathematical model, and quantify the risk associated with private key leakage. We identify existing threats to the wallet scheme and existing work done to both attack and secure the scheme. We provide an overview the proposed model and outline justification for our methods. We follow with next steps in our remaining work and the overarching goals and motivation for our methods.

Air-gapped computers are hermetically isolated from the Internet to eliminate any means of information leakage. In this paper we present HOTSPOT - a new type of airgap crossing technique. Signals can be sent secretly from air-gapped computers to nearby smartphones and then on to the Internet - in the form of thermal pings. The thermal signals are generated by the CPUs and GPUs and intercepted by a nearby smartphone. We examine this covert channel and discuss other work in the field of air-gap covert communication channels. We present technical background and describe thermal sensing in modern smartphones. We implement a transmitter on the computer side and a receiver Android App on the smartphone side, and discuss the implementation details. We evaluate the covert channel and tested it in a typical work place. Our results show that it possible to send covert signals from air-gapped PCs to the attacker on the Internet through the thermal pings. We also propose countermeasures for this type of covert channel which has thus far been overlooked.

In this paper we consider the threat surface and security of air gapped wallet schemes for permissioned blockchains as preparation for a Markov based mathematical model, and quantify the risk associated with private key leakage. We identify existing threats to the wallet scheme and existing work done to both attack and secure the scheme. We provide an overview the proposed model and outline justification for our methods. We follow with next steps in our remaining work and the overarching goals and motivation for our methods.

Air-gap attacks and mimic defense are two emerging techniques in the field of network attack and defense, respectively. However, direct confrontation between them has not yet appeared in the real world. Who will be the winner, if air-gap attacks encounter mimic defense? To this end, a preliminary analysis is conducted for exploring the possible the strategy space of game according to the core principles of air-gap attacks and mimic defense. On this basis, an architecture model is proposed, which combines some detectors for air-gap attacks and mimic defense devices. First, a Dynamic Heterogeneous Redundancy (DHR) structure is employed to be on guard against malicious software of air-gap attacks. Second, some detectors for air-gap attacks are used to detect some signal sent by air-gap attackers' transmitter. Third, the proposed architecture model is obtained by organizing the DHR structure and the detectors for air-gap attacks with some logical relationship. The simulated experimental results preliminarily confirm the power of the new model.

Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 20-30 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.

This paper presents an analytical method for predicting the electromagnetic performance in permanent magnet (PM) machine with the spoke-type rotor (STR) and a proposed hybrid rotor structure (HRS), respectively. The key of this method is to combine magnetic field analysis model (MFAM) with the magnetic equivalent circuit model. The influence of the irregular PM shape is considered by the segmentation calculation. To obtain the boundary condition in the MFAM, respectively, two equivalent methods on the rotor side are proposed. In the STR, the average flux density of the rotor core outer-surface is calculated to solve the Laplace's equation with considering for the rotor core outer-surface eccentric. In the HRS, based on the Thevenin's theorem, the equivalent parameters of PM remanence BreB and thickness hpme are obtained as a given condition, which can be utilized to compute the air-gap flux density by conventional classic magnetic field analysis model of surface-mounted PMs with air-gap region. Finally, the proposed analytical models are verified by the finite element analysis (FEA) with comparisons of the air-gap flux density, flux linkage, back-EMF and electromagnetic torque, respectively. Furthermore, the performance that the machine with the proposed hybrid structure rotor can improve the torque density as explained.

A privately owned smart device connected to a corporate network using a USB connection creates a potential channel for malware infection and its subsequent spread. For example, air-gapped (a.k.a. isolated) systems are considered to be the most secure and safest places for storing critical datasets. However, unlike network communications, USB connection streams have no authentication and filtering. Consequently, intentional or unintentional piggybacking of a malware infected USB storage or a mobile device through the air-gap is sufficient to spread infection into such systems. Our findings show that the contact rate has an exceptional impact on malware spread and destabilizing free malware equilibrium. This work proposes a USB authentication and delegation protocol based on radiofrequency identification (RFID) in order to stabilize the free malware equilibrium in air-gapped networks. The proposed protocol is modelled using Coloured Petri nets (CPN) and the model is verified and validated through CPN tools.

Airports are at the forefront of technological innovation, mainly due to the fact that the number of air travel passengers is exponentially increasing every year. As a result, airports enhance infrastructure's intelligence and evolve as smart facilities to support growth, by offering a pleasurable travel experience, which plays a vital role in increasing revenue of aviation sector. New challenges are coming up, which aviation has to deal and adapt, such as the integration of Industrial IoT in airport facilities and the increased use of Bring Your Own Device from travelers and employees. Cybersecurity is becoming a key enabler for safety, which is paramount in the aviation context. Smart airports strive to provide optimal services in a reliable and sustainable manner, by working around the domains of growth, efficiency, safety andsecurity. This paper researches the implementation rate of cybersecurity measures and best practices to improve airports cyber resilience. With the aim to enhance operational practices anddevelop robust cybersecurity governance in smart airports, we analyze security gaps in different areas including technical, organizational practices and policies.

An air-gapped network is a type of IT network that is separated from the Internet - physically - due to the sensitive information it stores. Even if such a network is compromised with a malware, the hermetic isolation from the Internet prevents an attacker from leaking out any data - thanks to the lack of connectivity. In this paper we show how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device (‘side-channel'), malware controlling the status LEDs to carry any type of data (‘covert-channel') has never studied before. Sensitive data can be covertly encoded over the blinking of the LEDs and received by remote cameras and optical sensors. A malicious code is executed in a compromised LAN switch or router allowing the attacker direct, low-level control of the LEDs. We provide the technical background on the internal architecture of switches and routers at both the hardware and software level which enables these attacks. We present different modulation and encoding schemas, along with a transmission protocol. We implement prototypes of the malware and discuss its design and implementation. We tested various receivers including remote cameras, security cameras, smartphone cameras, and optical sensors, and discuss detection and prevention countermeasures. Our experiments show that sensitive data can be covertly leaked via the status LEDs of switches and routers at bit rates of 1 bit/sec to more than 2000 bit/sec per LED.

Millions of small Unmanned Aircraft System (sUAS) aircraft of various shapes and capabilities will soon fly at low altitudes in urban environments for ambitious applications. It is critical to ensure these remotely piloted aircraft fly safely, predictably, and efficiently in this challenging airspace, without endangering themselves and other occupants sharing that airspace or in proximity. Concepts, technologies, processes, and policies to solve this hard problem of UAS Traffic Management (UTM) are being explored. But, cyber security considerations are largely missing. This paper bridges this gap and addresses UTM cyber security needs and issues. It contributes a comprehensive framework to understand, identify, classify, and assess security threats to UTM, including those resulting from sUAS vulnerabilities. Promising threat mitigations, major challenges, and research directions are discussed to secure UTM.

Air-gap data is important for the security of computer systems. The injection of the computer virus is limited but possible, however data communication channel is necessary for the transmission of stolen data. This paper considers BFSK digital modulation applied to brightness changes of screen for unidirectional transmission of valuable data. Experimental validation and limitations of the proposed technique are provided.

The following article shows the precision, the recall and the F1-measure for three knowledge extraction methods under Open Information Extraction paradigm. These methods are: ReVerb, OLLIE and ClausIE. For the calculation of these three measures, a representative sample of Reuters-21578 was used; 103 newswire texts were taken randomly from that database. A big discrepancy was observed, after analyzing the obtained results, between the expected and the observed precision for ClausIE. In order to save the observed gap in ClausIE precision, a simple improvement is proposed for the method. Although the correction improved the precision of Clausie, ReVerb turned out to be the most precise method; however ClausIE is the one with the better F1-measure.

Modern high-level languages bring compelling productivity benefits to hardware design and verification. For example, hardware generation and simulation frameworks (HGSFs) use a single "host" language for parameterization, static elaboration, test bench generation, behavioral modeling, and simulation. Unfortunately, HGSFs often suffer from slow simulator performance which undermines their potential productivity benefits. In this paper, we introduce Mamba, a new Python-based HGSF that co-optimizes both the framework and a general-purpose just-in-time compiler. We conduct a quantitative comparison of Mamba vs. traditional and emerging hardware development frameworks across both simple and complex designs. Our results suggest Mamba is able to match the performance of commercial Verilog simulators and is 10× faster than existing HGSFs while still maintaining the productivity of using a high-level language in hardware design.

This paper presents the development and configuration of a virtually air-gapped cloud environment in AWS, to secure the production software workloads and patient data (ePHI) and to achieve HIPAA compliance.

In this paper, the rotor unbalanced magnetic pull (UMP) characteristics of different field winding inter-turn short-circuit (FWISC) positions in turbo-generator are studied. Firstly, the qualitative analysis on the air gap magnetic flux density (MFD), as well as the rotor UMPs in X-direction and Y-direction, is carried out. Then the finite element numerical simulations are respectively taken to calculate the quantitative data of rotor UMP under normal condition and three different short-circuit positions. Finally, the variation rules based on rotor UMP characteristics by experimental analysis are obtained. It is shown that the occurrence of FWISC will induce generally fundamental-frequency UMP acting on the rotor in X-direction. Moreover, the different positions of FWISC are found to be sensitive to the rotor UMP amplitudes. The closer the short-circuit position is to the big teeth, the larger the rotor UMP amplitudes in X-direction will be.

While existing research has explored the trade-off between security and performance, these efforts primarily focus on software consumers and often overlook the effectiveness and productivity of software producers. In this paper, we highlight an established security practice, air-gap isolation, and some challenges it uniquely instigates. To better understand and start quantifying the impacts of air-gap isolation on software development productivity, we conducted a survey at a commercial software company: Analytical Graphics, Inc. Based on our insights of dealing with air-gap isolation daily, we suggest some possible directions for future research. Our goal is to bring attention to this neglected area of research and to start a discussion in the SE community about the struggles faced by many commercial and governmental organizations.