-
ICCPS: Impact discovery using causal inference for cyber attacks in CPSs
Authors:
Rajib Ranjan Maiti,
Sridhar Adepu,
Emil Lupu
Abstract:
We propose a new method to quantify the impact of cyber attacks in Cyber Physical Systems (CPSs). In particular, our method allows to identify the Design Parameter (DPs) affected due to a cyber attack launched on a different set of DPs in the same CPS. To achieve this, we adopt causal graphs to causally link DPs with each other and quantify the impact of one DP on another. Using SWaT, a real world…
▽ More
We propose a new method to quantify the impact of cyber attacks in Cyber Physical Systems (CPSs). In particular, our method allows to identify the Design Parameter (DPs) affected due to a cyber attack launched on a different set of DPs in the same CPS. To achieve this, we adopt causal graphs to causally link DPs with each other and quantify the impact of one DP on another. Using SWaT, a real world testbed of a water treatment system, we demonstrate that causal graphs can be build in two ways: i) using domain knowledge of the control logic and the physical connectivity structure of the DPs, we call these causal domain graphs and ii) learning from operational data logs, we call these causal learnt graphs. We then compare these graphs when a same set of DPs is used. Our analysis shows a common set of edges between the causal domain graphs and the causal learnt graphs exists, which helps validate the causal learnt graphs. Additionally, we show that the learnt graphs can discover new causal relations, not initially considered in the domain graphs, that help significantly characterising the impact of the attack. We use causal domain graphs to estimate the parameters of the graphs, and the causal learnt graphs for causal inference. To learn the structure of the causal learnt graphs in all the six-stages of SWaT, we experiment with three learning algorithms: Peter Clarke (PC), Hill Climb (HC) search and Chow-Lie (CH). Finally, we demonstrate how causal graphs can be used to analyse the impact of cyber attacks by analysing nine well known cyber attacks on the SWaT test bed. We find that by using causal learnt graphs the DPs impacted by the attacks are correctly discovered with a probability greater than 0.9.
△ Less
Submitted 26 July, 2023;
originally announced July 2023.
-
iTieProbe: Is Your IoT Setup Secure against (Modern) Evil Twin?
Authors:
Anand Agrawal,
Rajib Ranjan Maiti
Abstract:
Evil twin attack on Wi-Fi network has been a challenging security problem and several solutions have been proposed to this problem. In general, evil twin attack aims to exfiltrate data, like Wi-Fi and service credentials, from the client devices and considered as a serious threat at MAC layer. IoT devices with its companion apps provides different pairing methods for provisioning. The "SmartConfig…
▽ More
Evil twin attack on Wi-Fi network has been a challenging security problem and several solutions have been proposed to this problem. In general, evil twin attack aims to exfiltrate data, like Wi-Fi and service credentials, from the client devices and considered as a serious threat at MAC layer. IoT devices with its companion apps provides different pairing methods for provisioning. The "SmartConfig Mode", the one proposed by Texas Instrument (TI) and the "Access Point pairing mode (AP mode)" are the most common pairing modes provided by the application developer and vendor of the IoT devices. Especially, AP mode use Wi-Fi connectivity to setup IoT devices where a device activates an access point to which the mobile device running the corresponding mobile application is required to connect. In this paper, we have used evil twin attack as a weapon to test the security posture of IoT devices that use Wi-Fi network to set them up. We have designed, implemented and applied a system, called iTieProbe, that can be used in ethical hacking for discovering certain vulnerabilities during such setup. AP mode successfully completes when the mobile device is able to communicate with the IoT device via a home router over a Wi-Fi network. Our proposed system, iTieProbe, is capable of discovering several serious vulnerabilities in the commercial IoT devices that use AP mode or similar approach. We evaluated iTieProbe's efficacy on 9 IoT devices, like IoT cameras, smart plugs, Echo Dot and smart bulbs, and discovered that several of these IoT devices have certain serious threats, like leaking Wi-Fi credential of home router and creating fake IoT device, during the setup of the IoT devices.
△ Less
Submitted 28 April, 2023; v1 submitted 24 April, 2023;
originally announced April 2023.
-
Detect and Classify IoT Camera Traffic
Authors:
Priyanka Rushikesh Chaudhary,
Rajib Ranjan Maiti
Abstract:
Deployment of IoT cameras in an organization threatens security and privacy policies, and the classification of network traffic without using IP addresses and port numbers has been challenging. In this paper, we have designed, implemented and deployed a system called iCamInspector to classify network traffic arising from IoT camera in a mixed networking environment. We have collected a total of ab…
▽ More
Deployment of IoT cameras in an organization threatens security and privacy policies, and the classification of network traffic without using IP addresses and port numbers has been challenging. In this paper, we have designed, implemented and deployed a system called iCamInspector to classify network traffic arising from IoT camera in a mixed networking environment. We have collected a total of about 36GB of network traffic containing video data from three different types of applications (four online audio/video conferencing applications, two video sharing applications and six IoT camera from different manufacturers) in our IoT laboratory. We show that with the help of a limited number of flow-based features, iCamInspector achieves an average accuracy of more than 98% in a 10-fold cross-validation with a false rate of about 1.5% in testing phase of the system. A real deployment of our system in an unseen environment achieves a commendable performance of detecting IoT camera with an average detection probability higher than 0.9.
△ Less
Submitted 17 October, 2022;
originally announced October 2022.
-
IoTScanner: Detecting and Classifying Privacy Threats in IoT Neighborhoods
Authors:
Sandra Siby,
Rajib Ranjan Maiti,
Nils Tippenhauer
Abstract:
In the context of the emerging Internet of Things (IoT), a proliferation of wireless connectivity can be expected. That ubiquitous wireless communication will be hard to centrally manage and control, and can be expected to be opaque to end users. As a result, owners and users of physical space are threatened to lose control over their digital environments.
In this work, we propose the idea of an…
▽ More
In the context of the emerging Internet of Things (IoT), a proliferation of wireless connectivity can be expected. That ubiquitous wireless communication will be hard to centrally manage and control, and can be expected to be opaque to end users. As a result, owners and users of physical space are threatened to lose control over their digital environments.
In this work, we propose the idea of an IoTScanner. The IoTScanner integrates a range of radios to allow local reconnaissance of existing wireless infrastructure and participating nodes. It enumerates such devices, identifies connection patterns, and provides valuable insights for technical support and home users alike. Using our IoTScanner, we attempt to classify actively streaming IP cameras from other non-camera devices using simple heuristics. We show that our classification approach achieves a high accuracy in an IoT setting consisting of a large number of IoT devices. While related work usually focuses on detecting either the infrastructure, or eavesdropping on traffic from a specific node, we focus on providing a general overview of operations in all observed networks. We do not assume prior knowledge of used SSIDs, preshared passwords, or similar.
△ Less
Submitted 18 January, 2017;
originally announced January 2017.