J. Cybersecur. Priv., Volume 1, Issue 2 (June 2021) – 9 articles

Water CIs are exposed to a wide number of IT challenges that go from the cooperation and alignment between physical and cyber security teams to the proliferation of new vulnerabilities and complex cyber-attacks with potential disastrous consequences. Although novel and powerful solutions are proposed in the literature, most of them lack appropriate mechanisms to detect cyber and physical attacks in real time. We propose a Cross-Layer Analytic Platform (denoted as CLAP) developed for the correlation of Cyber and Physical security events affecting water CIs. CLAP aims to improve the detection of complex attack scenarios in real time based on the correlation of cyber and physical security events. The platform assigns appropriate severity values to each correlated alarm that will guide security analysts in the decision-making process of prioritizing mitigation actions. A series of passive and active attack scenarios against the target infrastructure are presented at the end of the paper to show the mechanisms used for the detection and correlation of cyber–physical security events. Results show promising benefits in the improvement of response accuracy, false rates reduction and real-time detection of complex attacks based on cross-correlation rules. Full article

Along with the use of cloud-based services, infrastructure, and storage, the use of application logs in business critical applications is a standard practice. Application logs must be stored in an accessible manner in order to be used whenever needed. The debugging of these applications is a common situation where such access is required. Frequently, part of the information contained in logs records is sensitive. In this paper, we evaluate the possibility of storing critical logs in a remote storage while maintaining its confidentiality and server-side search capabilities. To the best of our knowledge, the designed search algorithm is the first to support full Boolean searches combined with field searching and nested queries. We demonstrate its feasibility and timely operation with a prototype implementation that never requires access, by the storage provider, to plain text information. Our solution was able to perform search and decryption operations at a rate of, approximately, 0.05 ms per line. A comparison with the related work allows us to demonstrate its feasibility and conclude that our solution is also the fastest one in indexing operations, the most frequent operations performed. Full article

In this work, we tackle a frequent problem that frequently occurs in the cybersecurity field which is the exploitation of websites by XSS attacks, which are nowadays considered a complicated attack. These types of attacks aim to execute malicious scripts in a web browser of the client by including code in a legitimate web page. A serious matter is when a website accepts the “user-input” option. Attackers can exploit the web application (if vulnerable), and then steal sensitive data (session cookies, passwords, credit cards, etc.) from the server and/or from the client. However, the difficulty of the exploitation varies from website to website. Our focus is on the usage of ontology in cybersecurity against XSS attacks, on the importance of the ontology, and its core meaning for cybersecurity. We explain how a vulnerable website can be exploited, and how different JavaScript payloads can be used to detect vulnerabilities. We also enumerate some tools to use for an efficient analysis. We present detailed reasoning on what can be done to improve the security of a website in order to resist attacks, and we provide supportive examples. Then, we apply an ontology model against XSS attacks to strengthen the protection of a web application. However, we note that the existence of ontology does not improve the security itself, but it has to be properly used and should require a maximum of security layers to be taken into account. Full article

The evolution of information systems has escalated significantly within the last decade as research unveils new concepts. The general orientation to provide solutions to complex problems continues to inspire innovation and new advancements. Cybersecurity is emerging as a critical factor for consideration within the resultant paradigm as information systems become significantly integrated. This paper provides an in-depth analysis of cybersecurity within the context of information systems. The paper examines some of the most consequential aspects of cybersecurity from the perspective of an e-government project in Saudi Arabia. A holistic system is proposed within the research framework to incorporate various scientific guidelines. The general orientation of this research is predicated on the aspiration to design and implement a complex and robust framework within which an e-government system can thrive within the Saudi Arabian context. A consideration of the physical environment within which the project will operate is also made, focusing on security. An evaluation of the cybersecurity environment in Saudi Arabia is reflective of significant advancements that have occurred in information system domains within the past few years. Full article

Although not common today, communications networks could adjust security postures based on changing mission security requirements, environmental conditions, or adversarial capability, through the coordinated use of multiple channels. This will require the ability to measure the security of communications networks in a meaningful way. To address this need, in this paper, we introduce the Quality of Secure Service (QoSS) model, a methodology to evaluate how well a system meets its security requirements. This construct enables a repeatable and quantifiable measure of security in a single- or multi-channel network under static configurations. In this approach, the quantification of security is based upon the probabilities that adversarial listeners and disruptors may gain access to or manipulate transmitted data. The initial model development, albeit a snap-shot of the network security, provides insights into what may affect end-to-end security and to what degree. The model was compared against the performance and expected security of several point-to-point networks, and three simplified architectures are presented as examples. Message fragmentation and duplication across the available channels provides a security performance trade-space, with an accompanying comprehensive measurement of the QoSS. The results indicate that security may be improved with message fragmentation across multiple channels when compared to the number of adversarial listeners or disruptors. This, in turn, points to the need, in future work, to build a full simulation environment with specific protocols and networks to validate the initial modeled results. Full article

Since several years, the overall awareness for the necessity to consider a vehicle as a potentially vulnerable system is facing accelerated growth. In 2015, the safety relevant exploitability of vulnerabilities through cyber attacks was exposed to a broader public for the first time. Only a few months after this attack has reached public awareness, affected manufacturer implemented one of the first bug bounty programs within the automotive field. Since then, many others followed by adapting some of ITs good practices for handling and responsibly disclose found and reported vulnerabilities for the automotive field. Nevertheless, this work points out that much remains to be done concerning quantity and quality of these measures. In order to cope with this, this present paper deals with what can be learned from IT and which conclusions can be drawn from these findings in the light of special conditions in the automotive environment. Furthermore, current handling and challenges regarding the disclosure process of vulnerabilities in the automotive sector are presented. These challenges are addressed by discussing desirable conditions for a beneficial disclosure culture as well as requirements and responsibilities of all parties involved in the disclosure process. Full article

As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability. Full article

Marine network protocols are domain-specific network protocols that aim to incorporate particular features within the specialized marine context that devices are implemented in. Devices implemented in such vessels involve critical equipment; however, limited research exists for marine network protocol security. In this paper, we provide an analysis of several marine network protocols used in today’s vessels and provide a classification of attack risks. Several protocols involve known security limitations, such as Automated Identification System (AIS) and National Marine Electronic Association (NMEA) 0183, while newer protocols, such as OneNet provide more security hardiness. We further identify several challenges and opportunities for future implementations of such protocols. Full article

Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness. Full article