RESUMO
Cybersecurity has become a central concern in the contemporary digital era due to the exponential increase in cyber threats. These threats, ranging from simple malware to advanced persistent attacks, put individuals and organizations at risk. This study explores the potential of artificial intelligence to detect anomalies in network traffic in a university environment. The effectiveness of automatic detection of unconventional activities was evaluated through extensive simulations and advanced artificial intelligence models. In addition, the importance of cybersecurity awareness and education is highlighted, introducing CyberEduPlatform, a tool designed to improve users' cyber awareness. The results indicate that, while AI models show high precision in detecting anomalies, complementary education and awareness play a crucial role in fortifying the first lines of defense against cyber threats. This research highlights the need for an integrated approach to cybersecurity, combining advanced technological solutions with robust educational strategies.
RESUMO
The proliferation of radio frequency (RF) devices in contemporary society, especially in the fields of smart homes, Internet of Things (IoT) gadgets, and smartphones, underscores the urgent need for robust identification methods to strengthen cybersecurity. This paper delves into the realms of RF fingerprint (RFF) based on applying the Jensen-Shannon divergence (JSD) to the statistical distribution of noise in RF signals to identify Bluetooth devices. Thus, through a detailed case study, Bluetooth RF noise taken at 5 Gsps from different devices is explored. A noise model is considered to extract a unique, universal, permanent, permanent, collectable, and robust statistical RFF that identifies each Bluetooth device. Then, the different JSD noise signals provided by Bluetooth devices are contrasted with the statistical RFF of all devices and a membership resolution is declared. The study shows that this way of identifying Bluetooth devices based on RFF allows one to discern between devices of the same make and model, achieving 99.5% identification effectiveness. By leveraging statistical RFFs extracted from noise in RF signals emitted by devices, this research not only contributes to the advancement of the field of implicit device authentication systems based on wireless communication but also provides valuable insights into the practical implementation of RF identification techniques, which could be useful in forensic processes.
RESUMO
The rapid development of the Internet of Things (IoT) has brought about the processing and storage of sensitive information on resource-constrained devices, which are susceptible to various hardware attacks. Fault injection attacks (FIAs) stand out as one of the most widespread. Particularly, voltage-based FIAs (V-FIAs) have gained popularity due to their non-invasive nature and high effectiveness in inducing faults by pushing the IoT hardware to its operational limits. Improving the security of devices and gaining a comprehensive understanding of their vulnerabilities is of utmost importance. In this study, we present a novel fault injection method and employ it to target an 8-bit AVR microcontroller. We identify the optimal attack parameters by analyzing the detected failures and their trends. A case study is conducted to validate the efficacy of this new method in a more realistic scenario, focusing on a simple authentication method using the determined optimal parameters. This analysis not only demonstrates the feasibility of the V-FIA but also elucidates the primary characteristics of the resulting failures and their propagation in resource-constrained devices. Additionally, we devise a hardware/software countermeasure that can be integrated into any resource-constrained device to thwart such attacks in IoT scenarios.
RESUMO
Cybersecurity can be effectively managed with an architecture-based approach, composed with three viewpoints, namely system, security and process. Using models for describing a system and its security objectives enables a systemic and exhaustive risk management process. The architecture approach produces an integral set of security policies and controls that can be fully maintained during the entire system life-cycle. Furthermore, architecture models support automation and high scalability, thus providing an innovative way for constructing and maintaining the cybersecurity for very large systems or even for system of systems. This work describes details, technical aspects, and examples for the risk management process of the architecture, including the establishment of the system representation, the security goals, going through risk identification and analysis, up to the policies and control definition. Some highlighting points of the methodology follow. â¢System representation is simple because it focuses only on aspects relevant to security purposes.â¢Security objectives behave as an end-to-end guidance of the security, for the whole system and also during its life-cycle.â¢Risk management can be done with existing methods and standards, but additionally supported with the comprehensive capability provided by the system representation and the security objectives.
RESUMO
Wearable devices are starting to gain popularity, which means that a large portion of the population is starting to acquire these products. This kind of technology comes with a lot of advantages, as it simplifies different tasks people do daily. However, as they recollect sensitive data, they are starting to be targets for cybercriminals. The number of attacks on wearable devices forces manufacturers to improve the security of these devices to protect them. Many vulnerabilities have appeared in communication protocols, specifically Bluetooth. We focus on understanding the Bluetooth protocol and what countermeasures have been applied during their updated versions to solve the most common security problems. We have performed a passive attack on six different smartwatches to discover their vulnerabilities during the pairing process. Furthermore, we have developed a proposal of requirements needed for maximum security of wearable devices, as well as the minimum requirements needed to have a secure pairing process between two devices via Bluetooth.
Assuntos
Dispositivos Eletrônicos Vestíveis , Humanos , Segurança Computacional , ComunicaçãoRESUMO
In recent years, cybersecurity has been strengthened through the adoption of processes, mechanisms and rapid sources of indicators of compromise in critical areas. Among the most latent challenges are the detection, classification and eradication of malware and Denial of Service Cyber-Attacks (DoS). The literature has presented different ways to obtain and evaluate malware- and DoS-cyber-attack-related instances, either from a technical point of view or by offering ready-to-use datasets. However, acquiring fresh, up-to-date samples requires an arduous process of exploration, sandbox configuration and mass storage, which may ultimately result in an unbalanced or under-represented set. Synthetic sample generation has shown that the cost associated with setting up controlled environments and time spent on sample evaluation can be reduced. Nevertheless, the process is performed when the observations already belong to a characterized set, totally detached from a real environment. In order to solve the aforementioned, this work proposes a methodology for the generation of synthetic samples of malicious Portable Executable binaries and DoS cyber-attacks. The task is performed via a Reinforcement Learning engine, which learns from a baseline of different malware families and DoS cyber-attack network properties, resulting in new, mutated and highly functional samples. Experimental results demonstrate the high adaptability of the outputs as new input datasets for different Machine Learning algorithms.
RESUMO
The Zero Trust concept is being adopted in information technology (IT) deployments, while human users remain to be the main risk for operational technology (OT) deployments. This article proposes to enhance the new Modbus/TCP Security protocol with authentication and authorization functions that guarantee security against intentional unauthorized access. It aims to comply with the principle of never trusting the person who is accessing the network before carrying out a security check. Two functions are tested and used in order to build an access control method that is based on a username and a password for human users with knowledge of industrial automation control systems (IACS), using simple means, low motivation, and few resources. A man-in-the-middle (MITM) component was added in order to intermediate the client and the server communication and to validate these functions. The proposed scenario was implemented using the Node-RED programming platform. The tests implementing the functions and the access control method through the Node-RED software have proven their potential and their applicability.
Assuntos
Segurança Computacional , Telemedicina , Humanos , Confidencialidade , SoftwareRESUMO
Hospital organizations have adopted telehealth systems to expand their services to a portion of the Brazilian population with limited access to healthcare, mainly due to the geographical distance between their communities and hospitals. The importance and usage of those services have recently increased due to the COVID-19 state-level mobility interventions. These services work with sensitive and confidential data that contain medical records, medication prescriptions, and results of diagnostic processes. Understanding how cybersecurity impacts the development of telehealth strategies is crucial for creating secure systems for daily operations. In the application reported in this article, the Fuzzy Cognitive Maps (FCMs) translated the complexity of cybersecurity in telehealth services into intelligible and objective results in an expert-based cognitive map. The tool also allowed the construction of scenarios simulating the possible implications caused by common factors that affect telehealth systems. FCMs provide a better understanding of cybersecurity strategies using expert knowledge and scenario analysis, enabling the maturation of cybersecurity in telehealth services.
RESUMO
Jamming attacks in wireless sensor networks (WSNs) scenarios are detrimental to the performance of these networks and affect the security and stability of the service perceived by users. Therefore, the evaluation of the effectiveness of smart environment platforms based on WSNs has to consider the system performance when data collection is executed under jamming attacks. In this work, we propose an experimental testbed to analyze the performance of a WSN using the IEEE 802.15.4 CSMA/CA unslotted mode under jamming attacks in terms of goodput, packet receive rate (PRR), and energy consumption to assess the risk for users and the network in the smart scenario. The experimental results show that constant and reactive jamming strategies severely impact the evaluated performance metrics and the variance' of the received signal strength (RSS) for some signal-to-interference-plus-noise ratio (SINR) ranges. The measurements obtained using the experimental testbed were correlated with analytical models. The results show that in the presence of one interferer, for SINR values higher than 4.5 dB, the PRR is almost 0.99, and the goodput 3.05 Kbps, but the system performance is significantly degraded when the amount of interferers increases. Additionally, the energy efficiency associated with reactive strategies is superior to the constant attack strategy. Finally, based on the evaluated metrics and with the proposed experimental testbed, our findings offer a better understanding of jamming attacks on the sensor devices in real smart scenarios.
RESUMO
In the maritime sector, the integration of radar systems, Automatic Identification System (AIS) and Electronic Chart Display and Information System (ECDIS) through digital technologies enables several benefits to maritime operations, but also make ships prone to cyberattacks. In this context, this work investigates the feasibility of an attacker using a radar system or AIS as open door to remotely send commands to a cyber threat hosted on a ship, even if the ship's systems are air gapped-i.e., are not connected to other networks. The received commands are intended to trigger a cyber threat located in the ship. Although the literature covers several analyzes on cyber risks and vulnerabilities in naval systems, it lacks exploiting mechanisms capable of acknowledging attack commands received through radar and AIS. To this end, this work proposes a triggering mechanism that uses a template matching technique to detect specific patterns transmitted by the attacker to the ship's radar or AIS. The results show the effectiveness of the proposed technique as a tool to acknowledge the received attack commands and activate a malicious code previously installed on the ship. In the case of attacks on a radar system, the accuracy achieved by the proposed method is 0.90. In the case of attacks on an AIS/ECDIS setup it presents an accuracy of 0.93. In both cases the proposed mechanism maintains the due safety against accidental attack activations.
RESUMO
The purpose of this paper is to propose a framework for cybersecurity risk management in telemedicine. The framework, which uses a bow-tie approach for medical image diagnosis sharing, allows the identification, analysis, and assessment of risks, considering the ISO/TS 13131:2014 recommendations. The bow-tie method combines fault tree analysis (FTA) and event tree analysis (ETA). The literature review supported the identification of the main causes and forms of control associated with cybersecurity risks in telemedicine. The main finding of this paper is that it is possible, through a structured model, to manage risks and avoid losses for everyone involved in the process of exchanging medical image information through telemedicine services. Through the framework, those responsible for the telemedicine services can identify potential risks in cybersecurity and act preventively, recognizing the causes even as, in a mitigating way, identifying viable controls and prioritizing investments. Despite the existence of many studies on cybersecurity, the paper provides theoretical contributions to studies on cybersecurity risks and features a new methodological approach, which incorporates both causes and consequences of the incident scenario.
Assuntos
Gestão de Riscos , Telemedicina , Segurança Computacional , Medição de RiscoRESUMO
The fundamental right to confidentiality and integrity of IT systems was recognized by the Bundesverfassungsgericht (BVerfG) in Germany and responds to the growing need to recognize new rights that are able to properly protect the individual as new technologies continue to develop. In the said scenario, this paper will seek to answer the question: Starting from the premises set by the BVerfG in the ruling rendered on February 27th, 2008, are there similar grounds to sustain the existence of an IT Privacy right in Brazil, regarding the Brazilian juridical scenario, mainly as to data protection? To that end, the paper is divided into four main parts to: (i) assess the fundamentals of the decision rendered by the BVerfG in the case mentioned; (ii) present the privacy and data protection legal scenario in Brazil; (iii) point out how information security is provided for in Brazilian legislation; and (iv) validate whether the premises adopted by the BVerfG are also coherent in Brazil, considering the legal landscape presented. The research is based on a hypothetical-deductive method, through inquiry and bibliographic analysis, grounded both in Brazilian and European doctrine. Lastly, the research concludes in the sense that the Brazilian and German Constitutional Legal Orders are different, not only relating to the way in which new fundamental rights are acknowledged, but also in regard to the privacy and data protection legal culture, which directly impacts the feasibility of a fundamental right to confidentiality and integrity of IT systems.