Search Results (18)

The number of smart homes is increasing steadily. One of the first technologies that comes to mind when talking about smart homes is Zigbee, which stands out for its low cost, low latency, low power consumption, and mesh networking capabilities. One of the key features of Zigbee is the encryption of payloads within its frames for security purposes. However, being able to decrypt this payload is crucial for fully understanding its operation and for purposes such as testing the network’s security. Therefore, in this paper, we present the decrypted Zigbee IoT Network Traffic dataset, ZigBeeNet. We captured packets using Wireshark in real time from a smart home with 15 Zigbee devices over 20 days and saved them in pcap files. Additionally, we used a key extraction method to obtain the network key, decrypt the payload data, and analyze the characteristic features of network traffic, which we present in this paper. ZigBeeNet will be useful in wider areas than existing datasets with its ability to support network security research, pattern analysis, network performance analysis, and Zigbee traffic generator. We believe that this open-source dataset will contribute significantly to a wide range of industrial and academic research applications. Full article

ISO 15118 is an international standard for charging communication between electric vehicles and charging infrastructure. Among the series of ISO 15118, ISO 15118-4, ISO 15118-5, ISO 15118-9, and ISO 15118-21 (under development) define active conformance testing methodologies where the test system engages with the system under test as a primary actor and tests whether the counterparty is complying with the standard. However, such a full-fledged test system is not appropriate during system development and field testing. In this paper, a passive conformance testing approach that monitors the packets between the electric vehicle and the charger and performs conformance testing against the requirements of ISO 15118 is proposed. This novel approach exhibits practicality yet comprehensive testing capability for field testing because of its passive access to the packets with deep analysis for the conformance. TestShark, a modified packet analysis tool, showed that the passive conformance testing system can help developers and operators analyze problems in charging communication and assess the quality of implementation with respect to ISO 15118. Full article

The purpose of this study is to evaluate and compare how well different routing protocols perform in terms of load sharing, link failover, and overall network performance. Wireshark was used for packet-level analysis, VMWare was used for virtualization, GNS3 was used for network simulation, and Iperf3 was used to measure network performance parameters. Convergence time, packet losses, network jitter, and network delay are the parameters that were selected for assessment. To examine the behaviors of Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) routing protocols in a variety of network settings, a simulated network environment incorporating both protocols along with Border Gateway Protocol (BGP) is created for the research. The setup for the experiment entails simulating different network conditions, such as fluctuating traffic loads and connection failures, to track how the protocols function in dynamic situations. The efficiency metrics for OSPF and EIGRP with BGP are measured and evaluated using the data generated by Wireshark and Iperf3. The results of this research show that EIGRP has a better failover convergence time and packet loss percentage as compared to the OSPF. Full article

This article provides a general overview of the communication protocols used in the IEC61850 standard for the automation of electrical substations. Specifically, it examines the GOOSE and R-GOOSE protocols, which are used for exchanging various types of information. The article then presents real cases of cyber attacks on the industrial sector, highlighting the importance of addressing cybersecurity in the IEC61850 standard. The text presents security drawbacks of the communication protocols mentioned earlier and briefly explains two algorithms defined in the IEC61850 standard to address them. However, the authors suggest that having only a couple of algorithms may not be sufficient to ensure digital security in substations. This article presents a study on the cryptographic algorithms ChaCha20 and Poly1305. The purpose of the study is to experimentally verify their adaptation to the strict time requirements that GOOSE must meet for their operation. These algorithms can operate independently or in combination, creating an Authenticated Encryption with Associated Data (AEAD) algorithm. Both algorithms were thoroughly reviewed and tested using GOOSE and R-GOOSE frames generated by the S-GoSV software. The computational time required was also observed. The frames were analysed using the Wireshark software. It was concluded that the algorithms are suitable for the communication requirements of electrical substations and can be used as an alternative to the cryptographic algorithms proposed under the IEC61850 standard. Full article

This work demonstrates the feasibility of using Kali Linux in the process of power electronic device research. The novelty in this work is the use of Kali Linux in the process of power electronic device research. This operating system is mainly used for the penetration testing of various communication devices but not for power electronic device research. The aim of this work is to study the level of network security (the type of security vulnerabilities that a power electronic device has) and whether the data exchange between the power electronic device and the monitoring and control center is secure. Additionally, penetration testing has been carried out. Kali Linux was used to implement these tasks. Penetration testing was performed to verify how the studied power electronic device reacted to various TCP DoS attacks—could it be accessed, was it blocked, etc. Kali Linux and some of the tools built into the operating system—Nmap, hping3, Wireshark, Burp Suite Community Edition—were used for this study. During the penetration tests, a characterization of the traffic being processed/generated by the studied power electronic device was carried out to evaluate and analyze what impact each TCP DoS attack had on the device’s performance. In order to conduct the study, an experimental setup was designed. This experimental network was not connected to other networks, so the cyber attacks were controlled and confined within the experimental network. The research carried out validated the use of Kali Linux for the study of power electronic devices. From the obtained results, it is found that the studied power electronic device provides a certain level of network security, but the data exchange is insecure. Full article

Network protocol syntax information plays a crucial role in grammar-based fuzzing. Current network protocol syntax extraction methods are less versatile, inefficient, and the extracted information is not comprehensive. This paper proposes a novel method for extracting syntax information, which innovatively extracts network protocol syntax from Wireshark protocol dissector files. The extracted syntax information includes packet types of the protocol, the constituent fields of each packet type, and detailed attributes of each field. Based on this method, an automated system for network protocol syntax information extraction was developed. The experiment was conducted with this system on a variety of protocols including DCCP, DNP3.0, Modbus TCP, and S7COMM. The experimental results show that compared with the current methods, our method has a better performance in terms of efficiency and versatility and at the same time ensures the comprehensiveness and accuracy of the extracted syntax information. Full article

In recent times, the security of sensor networks, especially in the field of IoT, has become a priority. This article focuses on the security features of the Zigbee protocol in Xbee devices developed by Digi International, specifically in the Xbee 3 (XB3-24) devices. Using the TI LaunchXL-CC26X2R1 kit, we intercepted and analyzed packets in real-time using the Wireshark application. The study encompasses various stages of network formation, packet transmission and analysis of security key usage, considering scenarios as follows: without security, distributed security mode and centralized security mode. Our findings highlight the differences in security features of Xbee devices compared to the Zigbee protocol, validating and invalidating methods of establishing security keys, vulnerabilities, strengths, and recommended security measures. We also discovered that security features of the Xbee 3 devices are built around a global link key preconfigured therefore constituting a vulnerability, making those devices suitable for man-in-the-middle and reply attacks. This work not only elucidates the complexities of Zigbee security in Xbee devices but also provides direction for future research for authentication methods using asymmetric encryption algorithms such as digital signature based on RSA and ECDSA. Full article

In this paper, we explore how incident handling procedures are currently being implemented to efficiently mitigate malicious software. Additionally, it aims to provide a contextual understanding of diverse malcodes and their operational processes. This study also compares various ways of detecting adware against a selection of anti-virus software. Moreover, this paper meticulously examines the evolution of hacking, covering the methods employed and the actors involved. A comparative analysis of three prominent malware detection tools, Google Rapid Response (GRR), Wireshark, and VirusTotal, is also conducted, aiding in informed decision-making for enhancing application security. This paper reaches its conclusion by conducting an exhaustive analysis of two case studies, offering valuable insights into a diverse range of potential leaks and virus attacks that may pose threats to various conglomerates. In essence, this article provides a comprehensive overview that spans incident handling procedures, the historical development of hacking, and the diverse spectrum of tools accessible for achieving effective malware detection. Full article

The research problem described in this article is related to the security of an IP network that is set up between two cities using hosting. The network is used for transmitting telephone traffic between servers located in Germany and the Netherlands. The concern is that with the increasing adoption of IP telephony worldwide, the network might be vulnerable to hacking and unauthorized access, posing a threat to the privacy and security of the transmitted information. This article proposes a solution to address the security concerns of the IP network. After conducting an experiment and establishing a connection between the two servers using the WireShark sniffer, a dump of real traffic between the servers was obtained. Upon analysis, a vulnerability in the network was identified, which could potentially be exploited by malicious actors. To enhance the security of the network, this article suggests the implementation of the Transport Layer Security (TLS) protocol. TLS is a cryptographic protocol that provides secure communication over a computer network, ensuring data confidentiality and integrity during transmission. Integrating TLS into the network infrastructure, will protect the telephone traffic and prevent unauthorized access and eavesdropping. Full article

In the past decade, Long-Range Wire-Area Network (LoRaWAN) has emerged as one of the most widely adopted Low Power Wide Area Network (LPWAN) standards. Significant efforts have been devoted to optimizing the operation of this network. However, research in this domain heavily relies on simulations and demands high-quality real-world traffic data. To address this need, we monitored and analyzed LoRaWAN traffic in four European cities, making the obtained data and post-processing scripts publicly available. For monitoring purposes, we developed an open-source sniffer capable of capturing all LoRaWAN communication within the EU868 band. Our analysis discovered significant issues in current LoRaWAN deployments, including violations of fundamental security principles, such as the use of default and exposed encryption keys, potential breaches of spectrum regulations including duty cycle violations, SyncWord issues, and misaligned Class-B beacons. This misalignment can render Class-B unusable, as the beacons cannot be validated. Furthermore, we enhanced Wireshark’s LoRaWAN protocol dissector to accurately decode recorded traffic. Additionally, we proposed the passive reception of Class-B beacons as an alternative timebase source for devices operating within LoRaWAN coverage under the assumption that the issue of misaligned beacons can be addressed or mitigated in the future. The identified issues and the published dataset can serve as valuable resources for researchers simulating real-world traffic and for the LoRaWAN Alliance to enhance the standard to facilitate more reliable Class-B communication. Full article

Neighbor Discovery Protocol (NDP) is a network protocol used in IPv6 networks to manage communication between neighboring devices. NDP is responsible for mapping IPv6 addresses to MAC addresses and discovering the availability of neighboring devices on the network. The main risk of deploying NDP on public networks is the potential for hackers or attackers to launch various types of attacks, such as address spoofing attacks, denial-of-service attacks, and man-in-the-middle attacks. Although Secure Neighbor Discovery (SEND) is implemented to secure NDP, its complexity and cost hinder its widespread deployment. This research emphasizes the potential hazard of deploying IPv6 networks in public spaces, such as airports, without protecting NDP messages. These risks have the potential to crash the entire local network. To demonstrate these risks, the GNS3 testbed environment is used to generate NDP attacks and capture the resulting packets using Wireshark for analysis. The analysis results reveal that with just a few commands, attackers can execute various NDP attacks. This highlights the need to protect against the potential issues that come with deploying IPv6 on widely accessible public networks. In addition, the analysis result shows that NDP attacks have behavior that can be used to define various NDP attacks. Full article

This paper proposes the use of the GNS3 IP network modeling platform to study/verify whether the exchanged information between power electronic devices and a control center (Monitoring and Control Centre) is secure. For the purpose of this work, a power distribution unit (PDU) and a UPS (Uninterruptable Power Supply) that are used by internet service providers are studied. Capsa Free network analyzer and Wireshark network protocol analyzer were used as supporting tools. A working model of an IP network in GNS3 has been created through which this research has been carried out. In addition to checking whether the exchanged information is secure, a characterization of the generated traffic has been made, showing results for the generated traffic and which ports generate the most traffic. These carried-outstudies show that the exchanged information is not secure. As a way to secure the exchanged information, the use of VPN (Virtual Private Network) technology is proposed; thanks to a VPN, the exchange of information is secure. The obtained results confirm this and validate the applicability of GNS3 to test/study whether data exchange between power electronic devices and a control center is secure. Full article

With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques. Full article

The Vehicle-to-Grid (V2G) networks are a part of the Smart Grid networks. Their primary goal is to recharge electric vehicles. These networks, as with any computer system, are facing cyber attacks. For example, during a charge or recharge process, V2G networks can be vulnerable to attacks such as Man-in-the-Middle (MitM), Denial of Service (DoS), identity theft, and rebound attacks. It is therefore up to us to offer innovative solutions in order to reduce threats as much as possible. In this paper, a model based on copulas to detect intrusion cases in V2G networks is proposed. To achieve this model, a database is generated first from three scenarios using tools including MiniV2G, Wireshark, and CICflowMeter. Then, significant variables are selected using Principal Component Analysis (PCA). The classification algorithm is based on the notion of copulas constructed under the software R. From the obtained results, it emerges that the created model has a very high prediction rate of attacks in the aforementioned network. Full article

Industrial Internet of Things focuses on the manufacturing process and connects with other associated concepts such as Industry 4.0, Cyber-Physical Systems, and Cyber-Physical Production Systems. Because of the complexity of those components, it is necessary to define reference architectures models to manage Industry 4.0 and the Industrial Internet of Things. The reference architecture models aim to solve the interoperability problem enabling the syntactical and semantic levels of interoperability. A reference architecture model provides a bottom/top view of an industrial process, from the physical transducers at the physical layer to the business layer. The physical layer provides access to a twin representation of a physical thing in the digital world, extending the functionalities in the manufacturing process. This paper studies the syntactic interoperability between the IEEE 1451 and IEC 61499 in an industrial environment. The IEEE 1451 family of standards has the essential characteristics to support the information exchange between smart transducers (sensors and actuators), building the digital elements and meeting the Industry 4.0 requirements. The IEC 61499 standard enables industrial control and automation. These two standards combined at the syntactic level solve an interoperability problem. The IEC 61499 also provides data to the framework layer, supplying all the parameters defined for the communication layer specified by a reference architecture model. This paper combines the IEEE 1451 with the IEC 61499, enabling data exchange in a reference architecture model proposed for Industry 4.0. Network performance at the communication level of a reference architecture model in a local network and an external network is evaluated for the proposed application. The IEEE 1451 standard implementation and adoption to acquire data and communicate it inside an industrial process allowed the IEC 61499 standard to control an industrial process. The IEEE 1451 standard is implemented in a MSP430 low power microcontroller. A Raspberry Pi running FORTE and 4diac in the USA and Portugal were used to test a local network in Portugal and an external network in USA. Data related to network performance was obtained with Wireshark and processed with MATLAB. Tests using the Message Queuing Transport Telemetry Transport and Hypertext Transport Protocols verified the performance of these protocols, supported by the IEEE 1451 and IEC 61499 standards, showing that communication inside an Industry 4.0 environment is possible. MQTT protocol is faster, has a small packet size, and consumes less bandwidth. The HTTP protocol uses more bandwidth but is more reliable for real-time communication, essential for Industry 4.0. Full article