loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Peter Maynard and Kieran McLaughlin

Affiliation: Centre for Secure Information Technology, Queen’s University Belfast, U.K.

Keyword(s): HTTP, ICS, IEC 60870-5-104, Man-in-the-Middle, Man-on-the-Side, SCADA, Off-path.

Abstract: We describe a new class of packet injection attacks called Man-on-the-Side (MotS), previously only seen where state actors have “compromised” a number of telecommunication companies. MotS injection attacks have not been widely investigated in scientific literature, despite having been discussed by news outlets and security blogs. MotS came to attention after the Edward Snowden revelations, which described large scale pervasive monitoring of the Internet’s infrastructure. For an advanced adversary attempting to interfere with IT connected systems, the next logical step is to adapt this class of attack to a smaller scale, such as enterprise or critical infrastructure networks. MotS is a weaker form of attack compared to a Man-in-the-Middle (MitM). A MotS attack allows an adversary to read and inject packets, but not modify packets sent by other hosts. This paper presents practical experiments where we have implemented and performed MotS attacks against two testbeds: 1) on HTTP connecti ons, by redirecting a victim to a host controlled by an adversary; and 2) on an Industrial Control network, where we inject falsified command responses to the victim. In both cases, the victims accept the injected packets without generating a suspiciously large number of unusual packets on the network. We then perform an analysis of three leading Network Intrusion Detection Systems (IDSs) to determine whether the attacks are detected, and discuss mitigation methods. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.191.165.192

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Maynard, P. and McLaughlin, K. (2020). Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-446-6; ISSN 2184-7711, SciTePress, pages 287-294. DOI: 10.5220/0009782302870294

@conference{secrypt20,
author={Peter Maynard. and Kieran McLaughlin.},
title={Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks},
booktitle={Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2020},
pages={287-294},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009782302870294},
isbn={978-989-758-446-6},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks
SN - 978-989-758-446-6
IS - 2184-7711
AU - Maynard, P.
AU - McLaughlin, K.
PY - 2020
SP - 287
EP - 294
DO - 10.5220/0009782302870294
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic