Mitigating Local Attacks Against a City Traffic Controller

Nils Ulltveit-Moe, Steffen Pfrang, László Erdödi, Héctor Nebot

2016

Abstract

This paper demonstrates how a local attack against a city traffic controller located in a public area can be detected and mitigated in a cost-effective way. This is done by applying a general security methodology, an architecture and a set of new and existing tools integrated by the PRECYSE EU-project. The traffic controller does not contain built-in security and is connected to an information panel which is used for displaying traffic messages. The proposed solution is integrated with the incident management system of the city traffic control centre. This allows for increasing the situation awareness about attacks, as well as supporting a workflow for restoring the attacked device to its normal state and ensuring attack investigation.

References

  1. Cerrudo, C. (2014). Hacking US Traffic Control Systems. https://www.defcon.org/images/defcon-22/dc-22-pres entations/Cerrudo/DEFCON-22-Cesar-Cerrudo-Hack ing-Traffic-Control-Systems-UPDATED.pdf.
  2. Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., and Valdes, A. (2007). Using Model-based Intrusion Detection for SCADA Networks. In Proceedings of the SCADA security scientific symposium , volume 46.
  3. Costin, A. and Francillon, A. (2012). Ghost in the air (traffic): On insecurity of ads-b protocol and practical attacks on ads-b devices. Black Hat USA.
  4. DeVoe, D. and Wall, R. (2008). A distributed smart signal architecture for traffic signal controls. InIEEE International Symposium on Industrial Electronics, 2008. ISIE 2008, pages 2060-2065.
  5. Enns, R., Bjorklund, M., Schoenwaelder, J., and Bierman, A. (2011). RFC 6241 Network Configuration Protocol (NETCONF).
  6. Ghena, B., Beyer, W., Hillaker, A., Pevarnek, J., and Halderman, J. A. (2014). Green Lights Forever: Analyzing the Security of Traffic Infrastructure. In Proceedings of the 8th USENIX Conference on Offensive Technologies, WOOT'14, pages 7-7, Berkeley, CA, USA. USENIX Association.
  7. Gjøsaeter, T., Ulltveit-Moe, N., Kolhe, M. L., Jacobsen, R. H., and Ebeid, E. S. M. (2014). Security and Privacy in the SEMIAH Home Energy Management System.
  8. Gordon, L. A. and Loeb, M. P. (2002). The economics of information security investment. ACM Trans. Inf. Syst. Secur., 5(4):438-457.
  9. H. Debar, D. Curry, B. F. (2007). The Intrusion Detection Message Exchange Format (IDMEF). IETF.
  10. Igure, V. M., Laughter, S. A., and Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25(7):498-506.
  11. Kippe, J. (2014). Cyber-security in kritischen infrastrukturen. In visIT IT-Sicherheit für die Produktion, number ISSN 1616-8240 in 15. Fraunhofer IOSB.
  12. Luallen, M. E. (2011). Critical Control System Vulnerabilities - And What to Do About Them. http://www.sans.org/reading-room/whitepapers/ana lyst/critical-control-system-vulnerabilitiesdemonstrated-about-35110.
  13. McGuire, G. T., Waltermire, D., and Baker, J. O. (2011). Common Remediation Enumeration (CRE) Version 1.0 (Draft).
  14. Ozimek, I. (1996). Accessing MS-DOS applications over a TCP/IP network. Microprocessors and Microsystems, 20(1):31-38.
  15. Ramon Barth (2011). Real-time processing - the basis for PC Control.
  16. Rome, J. A. (2012). Enclaves and Collaborative Domains. BEYOND˜ , page 252.
  17. Stouffer, K., Falco, J., and Kent, K. (2006). Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. Technical Report NIST 800 82, NIST.
  18. Thomalla, C. (2014). Ontologie-basierte erkennung. In visIT IT-Sicherheit für die Produktion, number ISSN 1616-8240 in 15. Fraunhofer IOSB.
  19. Ulltveit-Moe, N. and Oleshchuk, V. (2012). Decisioncache based XACML authorisation and anonymisation for XML documents. Comput. Stand. Interfaces, 34(6):527-534.
  20. Ulltveit-Moe, N. and Oleshchuk, V. (2015). A novel policy-driven reversible anonymisation scheme for xml-based services. Information Systems, 48:164 - 178.
  21. Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Pranggono, B., and Wang, H. (2013). Intrusion Detection System for IEC 60870-5-104 based SCADA networks. In 2013 IEEE Power and Energy Society General Meeting (PES), pages 1-5.
Download


Paper Citation


in Harvard Style

Ulltveit-Moe N., Pfrang S., Erdödi L. and Nebot H. (2016). Mitigating Local Attacks Against a City Traffic Controller . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 209-218. DOI: 10.5220/0005649802090218


in Bibtex Style

@conference{icissp16,
author={Nils Ulltveit-Moe and Steffen Pfrang and László Erdödi and Héctor Nebot},
title={Mitigating Local Attacks Against a City Traffic Controller},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={209-218},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005649802090218},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Mitigating Local Attacks Against a City Traffic Controller
SN - 978-989-758-167-0
AU - Ulltveit-Moe N.
AU - Pfrang S.
AU - Erdödi L.
AU - Nebot H.
PY - 2016
SP - 209
EP - 218
DO - 10.5220/0005649802090218