Fraunhofer-Institut für Angewandte Informationstechnik FIT

Filters

Reset filters

Settings
Now showing 1 - 10 of 20
  • Publication
    Towards Improving Accountability in Sensitive-Disclosure Scenarios
    ( 2024-06)
    Matzutt, Roman
    ;
    Wagner, Eric
    Public transparency has become increasingly important to uphold trust in government agencies and private companies alike, e.g., by establishing police accountability and proving abiding to ethical supply chain practices. Oftentimes, however, this public interest conflicts with the need for confidentiality of ongoing processes. In this paper, we investigate these sensitive-disclosure scenarios and the requirements for technical solutions to support the data dissemination in these scenarios. We identify translucent blockchains as a promising building block to provide transparency in sensitive-disclosure scenarios with fine-granular access control.
  • Publication
    Security Vulnerabilities in 5G Non-Stand-Alone Networks: A Systematic Analysis and Attack Taxonomy
    ( 2024)
    Wani, Mohamad Saalim
    ;
    Rademacher, Michael
    ;
    Horstmann, Thorsten
    ;
    Kretschmer, Mathias
    5G networks, pivotal for our digital mobile societies, are transitioning from 4G to 5G Stand-Alone (SA) networks. However, during this transition, 5G Non-Stand-Alone (NSA) networks are widely used. This paper examines potential security vulnerabilities in 5G NSA networks. Through an extensive literature review, we identify known 4G attacks that can theoretically be applied to 5G NSA. We organize these attacks into a structured taxonomy. Our findings reveal that 5G NSA networks may offer a false sense of security, as most security and privacy improvements are concentrated in 5G SA networks. To underscore this concern, we implement three attacks with severe consequences and successfully validate them on various commercially available smartphones. Notably, one of these attacks, the IMSI Leak, consistently exposes user information with no apparent security mitigation in 5G NSA networks. This highlights the ease of tracking individuals on current 5G networks.
  • Publication
    Investigation of Multi-Stage Attack and Defense Simulation for Data Synthesis
    ( 2023-09)
    Sen, Ömer
    ;
    Ivanov, Bozhidar
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    The power grid is a critical infrastructure that plays a vital role in modern society. Its availability is of utmost importance, as a loss can endanger human lives. However, with the increasing digitalization of the power grid, it also becomes vulnerable to new cyberattacks that can compromise its availability. To counter these threats, intrusion detection systems are developed and deployed to detect cyberattacks targeting the power grid. Among intrusion detection systems, anomaly detection models based on machine learning have shown potential in detecting unknown attack vectors. However, the scarcity of data for training these models remains a challenge due to confidentiality concerns. To overcome this challenge, this study proposes a model for generating synthetic data of multi-stage cyber attacks in the power grid, using attack trees to model the attacker's sequence of steps and a game-theoretic approach to incorporate the defender's actions. This model aims to create diverse attack data on which machine learning algorithms can be trained.
  • Publication
    An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids
    ( 2023)
    Sen, Ömer
    ;
    Malskorn, Philipp
    ;
    Glomb, Simon
    ;
    Hacker, Immanuel
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    Power grids are becoming more digitized, resulting in new opportunities for the grid operation but also new chal-lenges, such as new threats from the cyber-domain. To address these challenges, cybersecurity solutions are being considered in the form of preventive, detective, and reactive measures. Machine learning-based intrusion detection systems are used as part of detection efforts to detect and defend against cyberattacks. However, training and testing data for these systems are often not available or suitable for use in machine learning models for detecting multi-stage cyberattacks in smart grids. In this paper, we propose a method to generate synthetic data using a graph-based approach for training machine learning models in smart grids. We use an abstract form of multi-stage cyberattacks defined via graph formulations and simulate the propagation behavior of attacks in the network. Within the selected scenarios, we observed promising results, but a larger number of scenarios need to be studied to draw a more informed conclusion about the suitability of synthesized data.
  • Publication
    Designing Secure and Privacy-Preserving Information Systems for Industry Benchmarking
    ( 2023)
    Pennekamp, Jan
    ;
    Lohmöller, Johannes
    ;
    Vlad, Eduard
    ;
    Loos, Joscha
    ;
    Rodemann, Niklas
    ;
    Sapel, Patrick
    ;
    Fink, Ina Berenice
    ;
    Schmitz, Seth
    ;
    Hopmann, Christian
    ;
    Jarke, Matthias
    ;
    Schuh, Günther
    ;
    Wehrle, Klaus
    ;
    Henze, Martin
    Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees - an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today’s building blocks from private computing.
  • Publication
    A cyber-physical digital twin approach to replicating realistic multi-stage cyberattacks on smart grids
    ( 2023)
    Sen, Ömer
    ;
    Bleser, N.
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    The integration of information and communication technology in distribution grids presents opportunities for active grid operation management, but also increases the need for security against power outages and cyberattacks. This paper examines the impact of cyberattacks on smart grids by replicating the power grid in a secure laboratory environment as a cyber-physical digital twin. A simulation is used to study communication infrastructures for secure operation of smart grids. The cyber-physical digital twin approach combines communication network emulation and power grid simulation in a common modular environment, and is demonstrated through laboratory tests and attack replications.
  • Publication
    PowerDuck: A GOOSE Data Set of Cyberattacks in Substations
    ( 2022)
    Zemanek, Sven
    ;
    Hacker, Immanuel
    ;
    Wolsing, Konrad
    ;
    Wagner, Eric
    ;
    Henze, Martin
    ;
    Serror, Martin
    Power grids worldwide are increasingly victims of cyberattacks, where attackers can cause immense damage to critical infrastructure. The growing digitalization and networking in power grids combined with insufficient protection against cyberattacks further exacerbate this trend. Hence, security engineers and researchers must counter these new risks by continuously improving security measures. Data sets of real network traffic during cyberattacks play a decisive role in analyzing and understanding such attacks. Therefore, this paper presents PowerDuck, a publicly available security data set containing network traces of GOOSE communication in a physical substation testbed. The data set includes recordings of various scenarios with and without the presence of attacks. Furthermore, all network packets originating from the attacker are clearly labeled to facilitate their identification. We thus envision PowerDuck improving and complementing existing data sets of substations, which are often generated synthetically, thus enhancing the security of power grids.
  • Publication
    On specification-based cyber-attack detection in smart grids
    ( 2022)
    Sen, Ömer
    ;
    Velde, Dennis van der
    ;
    Lühman, Maik
    ;
    Sprünken, Florian
    ;
    Hacker, Immanuel
    ;
    Ulbig, Andreas
    ;
    Andres, Michael
    ;
    Henze, Martin
    The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication flows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner.
  • Publication
    Cybersecurity in Power Grids: Challenges and Opportunities
    ( 2021)
    Krause, T.
    ;
    Ernst, R.
    ;
    Klaer, B.
    ;
    Hacker, I.
    ;
    Henze, M.
    Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids.
  • Publication
    Towards an approach to contextual detection of multi-stage cyber attacks in smart grids
    ( 2021)
    Sen, O.
    ;
    Velde, D. van der
    ;
    Wehrmeister, K.A.
    ;
    Hacker, I.
    ;
    Henze, M.
    ;
    Andres, M.
    Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provide an adequate basis to contextually assess and understand the situation of smart grids in case of coordinated cyber-attacks, we need a systematic and coherent approach to identify cyber incidents. In this paper, we present an approach that collects and correlates cross-domain cyber threat information to detect multi-stage cyber-attacks in energy information systems. We investigate the applicability and performance of the presented correlation approach and discuss the results to highlight challenges in domain-specific detection mechanisms.