Automotive Cyber Security Safety in a 5G World
|
|
- Lucinda Henry
- 5 years ago
- Views:
Transcription
1 Automotive Cyber Security Safety in a 5G World Billy Kihei, Ph.D. billy@reachrf.com 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 1 / 62
2 Who am I Cyber-Safety Advocate Everything is in Reach. Connected Car Consultant V2X Solutions V2X Deployments Research Collaboration White-Paper Authorship 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 2 / 62
3 What I want you to get from this presentation The reality of your profession. Employ more white-hats into your entire product lifecycle. Think like Steve. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 3 / 62
4 1G 2G 3G 4G 5G 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 4 / 62
5 1G 2G 3G 4G 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 5 / 62
6 5G Requires Larger data pipes Flexible data pipes Robust data pipes Shorter data pips More data pipes 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 6 / 62
7 Network Traffic 5G: The Machines 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 7 / 62
8 Our dependence on connected technology is growing faster than our ability to secure it. -I Am The Cavalry 8
9 Where bits and bytes meet flesh and blood. -Josh Corman, Co-founder IATC 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 9 / 62
10 How you envision the car of the future MaaS 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 10 / 62
11 Steve. He s a hacker. How Steve sees the car of the future 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 11 / 62
12 Any capability that can be used to preserve life, can be used to degrade life in the hands of the adversary. -I Am The Cavalry 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 12 / 62
13 RF Jammers WALNUT Attack Wi-Fi Protocol Attacks GPS Spoofing Row Hammer Social Engineering 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 13 / 62
14 HACK NYC /28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 14 / 62
15 Fake Base Station 4G Cellular enb IMSI Catcher 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 15 / 62
16 WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks by Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu. To Appear at IEEE European Symposium on Security and Privacy (Oaklawn), Paris, France, April /28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 16 / 62
17 WALNUT: Mitigation Techniques Deploy MEMS sensors in an a way that limits their exposure to acoustic interference, e.g., surround them with acoustic dampening foam. Deploy data processing algorithms that attempt to reject abnormal acceleration signals, especially those with frequency components around the resonant frequency of the MEMS sensor. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 17 / 62
18 Social Engineering 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 18 / 62
19 Attacks on Wi-Fi Broadpwn Attack surface: Broadcom BCM43XX Wi-Fi controller chipsets No authentication in network association Damage: Remote attack allowing code execution on main processor. 1 st Wi-Fi worm. Enabler: Leaked Source Code 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 19 / 62
20 Attacks on Wi-Fi KRACK Attack surface: WPA2 4-way handshake. Damage: Decrypt and forge and inject packets. Key re-installation attack Enabler: During key reinstallation, nonce and replay counter are reset to initial value. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 20 / 62
21 Attacks on DRAM ROW HAMMER Attack surface: Rows in DRAM. Damage: Flip bits in adjacent rows. Enabler: Repeatedly seeking same memory row can leak bits into adjacent memory lines. Need to catch flips in real-time with memory.. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 21 / 62
22 Aaron Guzman Remotely Exploiting Connected Vehicle APIs and Apps 44CON 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 22 / 62
23 Vulnerabilities Observed Authorized users who the car owner delegates have full control over remote services Owner doesnt get notified of auth user adding XSS in vehicle nickname No anti-csrf tokens for state changing configs URL rewrite everywhere Token never expires.. logout or passwd change New handoff token per device / installed app Auth bypass - handoff token does not require username or password 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 23 / 62
24 Adam Mistick, CMU, Cybersecurity Vulnerabilities in Autonomous Vehicle Development 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 24 / 62
25 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 25 / 62
26 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 26 / 62
27 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 27 / 62
28 Best practice rarely is. Good enough isn t anymore. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 28
29 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 29 / 62
30 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 30 / 62
31 Distributed: 8/8/ /28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 31 / 62
32 Vulnerability Projection Implementation Vulnerability Assessment Detailed Design Requirements and Architecture Integration, Test, and Verification Verification and Validation Concept of Operation Over-The-Air Updating Operation and Maintenance 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 32 / 62
33 Software Liability 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 33 / 62
34 Dependence Complexity Vulnerability Exposure 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 34 / 62
35 If you can t afford to protect it, then you can t afford to connect it. -I Am The Cavalry 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 35 / 62
36 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 36 / 62
37 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 37 / 62
38 Motivations of Security Researchers Protect Puzzle Pride/Prestige Profit/Payment Protest/Patriot 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 38 / 62
39 Who are we defending against? 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 39 / 62
40 But they wouldn t hurt you Murphy s Law I d prefer to know they couldn t. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 40 / 62
41 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 41 / 62
42 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 42 / 62
43 What will 5G cyber threats look like? 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 43 / 62
44 As seen by 5 Steves 1ms latency 10Gbps speeds 10,000+ users 1,000,000 device connections Fastest malware delivery Most persistent threat Higher probability of success Largest scaled attacks 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 44 / 62
45 Timescale 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 45 / 62
46 Urgency 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 46 / 62
47 One Vulnerability 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 47 / 62
48 One Program 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 48 / 62
49 The Internet 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 49 / 62
50 Obfuscation is NOT security. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 50 / 62
51 What you do. What Steve does. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 51 / 62
52 Controlled Access Space Blue Prints Nakatomi Plaza User Space 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 52 / 62
53 Nakatomi Space Nakatomi Space 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 53 / 62
54 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 54 / 62
55 Had the Babylonians been apprised of what Cyrus was about, or had they noticed their danger, they would never have allowed the Persians to enter the city But, as it was, the Persians came upon them by surprise and so took the city. -Herodotus on Cyrus' capture of Babylon 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 55 / 62
56 Had you been apprised of what Steve was about, or had you noticed your customer in danger, you would never have allowed Steve to enter But, as it was, Steve came upon you by surprise and so took your enterprise. -Your Conscious 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 56 / 62
57 Physical 2-Factor Authentication Quantum Computing Deep Learning Quantum Encryption Blockchain Technology 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 57 / 62
58 Security Forecast As digital infrastructure protection becomes more complex, the attack vectors become more primitive. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 58 / 62
59 Replay Messages User-in-the-Loop Internal Dynamics Deny Access 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 59 / 62
60 Cheap. Low-Cost. Hacking. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 60 / 62
61 I have to think like Steve. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 61 / 62
62 ITS GA, Thank you! Billy Kihei, 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 62 / 62
Frequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationKey Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017 Overview 1. Key reinstallation in 4-way handshake 2. Misconceptions and remarks
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationCybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute
Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Securing Java/ JEE Web Applications (TT8320-J) Day(s): 4 Course Code: GK1123 Overview Securing Java Web Applications is a lab-intensive, hands-on Java / JEE security training course, essential for experienced
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationOverview. Priorities for Immediate Action with Adaptive Response The top priorities for Adaptive Response are:
Disrupting the Attack Surface Overview The design principles for disrupting the attack surface create a more difficult environment for the adversary, provide defenders with the ability to observe and analyze
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationAgenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2
Security Insert the Vulnerabilities title of your of the presentation Connected here Car Presented Presented by by Peter Name Vermaat Here Principal Job Title ITS - Date Consultant 24/06/2015 Agenda 1
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationWhat is Eavedropping?
WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationImproved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018
Improved KRACK Attacks Against WPA2 Implementations Mathy Vanhoef @vanhoefm OPCDE, Dubai, 7 April 2018 Overview Key reinstalls in 4-way handshake New KRACKs Practical impact Lessons learned 2 Overview
More informationDomain System Threat Landscape. Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor
Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor Agenda n History n Nic.PR Case Study q Registrar Perspective q Registry Perspective n Future solutions History n Over
More informationBuilding cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security
Building cyber resilience into our railway s DNA Matthew Simpson Technical Director, Cyber Security Building cyber resilience into our railway s DNA As we move into the age of the digital railway, retro-fixing
More informationVulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database
Case Study 2018 Solution/Service Title Vulnerability Management & Vulnerability Assessment Client Industry Cybersecurity, Vulnerability Assessment and Management, Network Security Client Overview Client
More informationDevelopment of Intrusion Detection System for vehicle CAN bus cyber security
Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia
More informationWireless Ethernet: Technologies and Security for the Water Industries
Wireless Ethernet: Technologies and Security for the Water Industries John Lavoie, Mike Nager Phoenix Contact, Inc. 5 th ISA Water/Wastewater Automatic Controls Division Symposium (WWAC) 3-5, Orlando,
More informationGPS SPOOFING: NO LONGER A FISH STORY
SESSION ID: MBS-F03 GPS SPOOFING: NO LONGER A FISH STORY Michael Shalyt CEO and Co-Founder Aperio Systems @MShalyt Outline Intro the world is being measured. Good examples of bad data. GPS forgery and
More informationPerspectives on Cybersecurity
Perspectives on Cybersecurity Beau Woods Cyber Safety Innovation Fellow, Atlantic Council Leader, I Am The Cavalry (.org) 2019 Winter Conference February 2, 2019 What s at stake Mirai took out large parts
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationTurbocharging Connectivity Beyond Cellular
Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Turbocharging Connectivity Beyond Cellular Scott Beutler, Head of Interior Division
More informationAIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.
AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE Microsoft Windows Security www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION
More informationCOMPLETING THE PAYMENT SECURITY PUZZLE
COMPLETING THE PAYMENT SECURITY PUZZLE An NCR white paper INTRODUCTION With the threat of credit card breaches and the overwhelming options of new payment technology, finding the right payment gateway
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security expert and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationBuilding Trust in the Internet of Things
AN INTEL COMPANY Building Trust in the Internet of Things Developing an End-to-End Security Strategy for IoT Applications WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Recent security breaches
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationSecurity Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe
Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe Talk Overview Security has been one of the great detractors for wireless technologies (and
More informationAutomotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division
Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division Cybersecurity is not one Entry Point Four Major Aspects of Cybersecurity How
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationPRODUCT GUIDE Wireless Intrusion Prevention Systems
PRODUCT GUIDE Wireless Intrusion Prevention Systems The Need for Wireless INTRUSION PREVENTION SYSTEMS A Wireless Intrusion Prevention System (WIPS) is designed to address two classes of challenges facing
More informationKRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018
KRACKing WPA2 by Forcing Nonce Reuse Mathy Vanhoef @vanhoefm Nullcon, 2 March 2018 Introduction PhD Defense, July 2016: You recommend WPA2 with AES, but are you sure that s secure? Seems so! No attacks
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationIBM Security Access Manager
IBM Access Manager Take back control of access management with an integrated platform for web, mobile and cloud Highlights Protect critical assets with risk-based and multi-factor authentication Secure
More informationCross-Domain Security Issues for Connected Autonomous Vehicles
Cross-Domain Security Issues for Connected Autonomous Vehicles Anthony Lopez, Mohammad Al Faruque Advanced Integrated Cyber -Physical Systems Lab 1 Outline Overview on Connected Vehicle Security Ongoing
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationOrange Smart Cities. Smart Metering and Smart Grid : how can a telecom operator contribute? November
Orange Smart Cities Smart Metering and Smart Grid : how can a telecom operator contribute? November 5 2012 Nathalie Leboucher Vice President Smart Cities Program Orange 1 the Orange Group in a nutshell
More informationAIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1)
AIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1) AIIC Associazione Italiana esperti Infrastrutture Critiche Non-governmental and non-profit scientific association legally registered
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationHacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free
Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free The latest wireless security solutions Protect your wireless systems from crippling attacks using the detailed security information
More informationSecuring V2X communications with Infineon HSM
Infineon Security Partner Network Securing V2X communications with Infineon HSM Savari and Infineon The Sign of Trust for V2X Products SLI 97 www.infineon.com/ispn Use case Application context and security
More informationHacking Air Wireless State of the Nation. Presented By Adam Boileau
Hacking Air Wireless State of the Nation Presented By Adam Boileau Introduction Wireless in 2006 802-dot-what? Threats to Wireless Networks Denial of Service Attacks against Authentication Attacks against
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationMARCH Secure Software Development WHAT TO CONSIDER
MARCH 2017 Secure Software Development WHAT TO CONSIDER Table of Content Introduction... 2 Background... 3 Problem Statement... 3 Considerations... 4 Planning... 4 Start with security in requirements (Abuse
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationLong Term Evolution (LTE) / Fifth Generation (5G) mobile networks for military use
Long Term Evolution (LTE) / Fifth Generation (5G) mobile networks for military use The views in this paper are those of the authors and do not represent the views of LAND 2072 or the Department of Defence.
More informationKRACKing WPA2 by Forcing Nonce Reuse. Mathy Chaos Communication Congress (CCC), 27 December 2017
KRACKing WPA2 by Forcing Nonce Reuse Mathy Vanhoef @vanhoefm Chaos Communication Congress (CCC), 27 December 2017 Introduction PhD Defense, July 2016: You recommend WPA2 with AES, but are you sure that
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationAutomotive Cyber Security
Automotive Cyber Security Rajeev Shorey (Ph.D.) Principal Scientist TCS Innovation Labs Cincinnati, USA & Bangalore, India Copyright 2013 Tata Consultancy Services Limited Connected Vehicles Chennai, 18
More informationKRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018
KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat IL, 24 January 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned
More informationInternet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came
Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationPenetration testing a building automation system
Penetration testing a building automation system Is your smart office creating backdoors for hackers? IBM X-Force Research Click here to start There is much focus in the IT industry on securing web servers,
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More information21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING
WWW.HCLTECH.COM 21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING THE AGE OF DISRUPTION: THE AGE OF CYBER THREATS While the digital era has brought with it significant advances in technology, capabilities
More informationHacking Demonstration. Dr John McCarthy Ph.D. BSc (Hons) MBCS
Hacking Demonstration Dr John McCarthy Ph.D. BSc (Hons) MBCS Demonstration Deploying effective cyber security is one of the 21 st century s greatest challenges for business. The threats facing businesses
More informationSOCIAL NETWORKING IN TODAY S BUSINESS WORLD
SOCIAL NETWORKING IN TODAY S BUSINESS WORLD AGENDA Review the use of social networking applications within the business environment Review current trends in threats, attacks and incidents Understand how
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #6 More WiFi Security & Privacy Issues WiFi Security Issues A Scenario Internet Open AP SSID Network X Open OpenAP AP SSID Attacker Network X LaptopLaptop
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationCASE STUDY: REGIONAL BANK
CASE STUDY: REGIONAL BANK Concerned about unauthorised network traffic, a regional bank in the MD/DC/VA area contracted GBMS Tech Ltd to monitor the banks various security systems. GBMS Tech Ltd uncovered
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationTHE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.
THE KERNEL Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients. Since our founding in 1986, and establishing The Kernel s UAE office in 2008, our company
More informationDETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM
DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM Rajalakshmi 1, Umamaheswari 2 and A.Vijayaraj 3 1 Department
More informationContinuously Discover and Eliminate Security Risk in Production Apps
White Paper Security Continuously Discover and Eliminate Security Risk in Production Apps Table of Contents page Continuously Discover and Eliminate Security Risk in Production Apps... 1 Continuous Application
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationRestech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS
Restech User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS Your presenter: Vince Gremillion, CISSP 30+ years technical and customer service experience Founder/Co-Owner RESTECH
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationThe Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1
The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber
More informationScanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.
I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More information