R Langner

Bio: R Langner is an academic researcher. The author has contributed to research in topics: Cyberwarfare & Cyber-attack. The author has an hindex of 1, co-authored 1 publications receiving 1230 citations.

Stuxnet: Dissecting a Cyberwarfare Weapon

Abstract: Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet Not only was Stuxnet much more complex than any other piece of malware seen before, it also followed a completely new approach that's no longer aligned with conven tional confidentiality, integrity, and availability thinking Con trary to initial belief, Stuxnet wasn't about industrial espionage: it didn't steal, manipulate, or erase information Rather, Stuxnet's goal was to physically destroy a military target-not just meta phorically, but literally Let's see how this was done

Cyber-Physical Systems Security—A Survey

Abstract: With the exponential growth of cyber-physical systems (CPSs), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lacks a systematic review of the CPS security literature. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it difficult to study the problem with one generalized model. In this paper, we study and systematize existing research on CPS security under a unified framework. The framework consists of three orthogonal coordinates: 1) from the security perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; 2) from the CPS components perspective, we focus on cyber, physical, and cyber-physical components; and 3) from the CPS systems perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS, and smart cars). The model can be both abstract to show general interactions of components in a CPS application, and specific to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection. With this intensive literature review, we attempt to summarize the state-of-the-art on CPS security, provide researchers with a comprehensive list of references, and also encourage the audience to further explore this emerging field.

Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs

Abstract: Cyberphysical systems (CPSs) refer to the embedding of widespread sensing, networking, computation, and control into physical spaces with the goal of making them safer, more efficient, and reliable. Driven by the miniaturization and integration of sensing, communication, and computation in cost-efficient devices, CPSs are bound to transform industries such as aerospace, transportation, built environments, energy, health care, and manufacturing, to name a few. This great opportunity, unfortunately, is matched by even greater challenges. Taming the complexity of design and analysis of these systems poses a fundamental problem as a new paradigm is needed to bridge various scientific domains, which, through the years, have developed significantly different formalisms and methodologies. In addition, while the use of dedicated communication networks has so far sheltered systems from the outside world, use of off-the-shelf networking and computing, combined with the unattended operation of a plethora of devices, provides several opportunities for malicious entities to inject attacks on CPSs. A wide variety of motivations exists for launching an attack on CPSs, ranging from economic reasons, such as obtaining a financial gain, all the way to terrorism, for instance, threatening an entire population by manipulating life-critical resources. Any attack on safety-critical CPSs may significantly hamper the economy and lead to the loss of human lives. While the threat of attacks on CPSs tends to be underplayed at times, the Stuxnet worm provided a clear example of the possible future to come. This malware, targeting a uranium enriching facility in Iran, managed to reach the supervisory control and data acquisition (SCADA) system controlling the centrifuges used in the enrichment process. Stuxnet modified the control system, increasing pressure in the centrifuges in a first version of the worm and spinning centrifuges in an erratic fashion in a second version. As a result, Stuxnet caused significant damage to the plant [1]. For details, see "The Stuxnet Attack."

On the feasibility of online malware detection with performance counters

Abstract: The proliferation of computers in any domain is followed by the proliferation of malware in that domain. Systems, including the latest mobile platforms, are laden with viruses, rootkits, spyware, adware and other classes of malware. Despite the existence of anti-virus software, malware threats persist and are growing as there exist a myriad of ways to subvert anti-virus (AV) software. In fact, attackers today exploit bugs in the AV software to break into systems.In this paper, we examine the feasibility of building a malware detector in hardware using existing performance counters. We find that data from performance counters can be used to identify malware and that our detection techniques are robust to minor variations in malware programs. As a result, after examining a small set of variations within a family of malware on Android ARM and Intel Linux platforms, we can detect many variations within that family. Further, our proposed hardware modifications allow the malware detector to run securely beneath the system software, thus setting the stage for AV implementations that are simpler and less buggy than software AV. Combined, the robustness and security of hardware AV techniques have the potential to advance state-of-the-art online malware detection.

A Survey of Physics-Based Attack Detection in Cyber-Physical Systems

Abstract: Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false control commands or false sensor readings. In this article, we review previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges and to propose new solutions.