Real-time and interactive attacks on DNP3 critical infrastructure using Scapy

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols, to control national infrastructure. Widely used interactive packet manipulation tools, such as Scapy, have not yet been augmented to parse and create DNP3 frames (Biondi 2014). In this paper we extend Scapy to include DNP3, thus allowing us to perform attacks on DNP3 in real-time. Our contribution builds on East et al. (2009), who proposed a range of possible attacks on DNP3. We implement several of these attacks to validate our DNP3 extension to Scapy, then executed the attacks on real world equipment. We present our results, showing that many of these theoretical attacks would be unsuccessful in an Ethernet-based network.

Desynchronization and Traceability Attacks on RIPTA-DA Protocol

Recently Gao et al. proposed a lightweight RFID mutual authentication protocol [3] to resist against intermittent position trace attacks and desynchronization attacks and called it RIPTA-DA. They also verified their protocol’s security by data reduction method with the learning parity with noise (LPN) and also formally verified the functionality of the proposed scheme by Colored Petri Nets. In this paper, we investigate RIPTA-DA’s security. We present an efficient secret disclosure attack against the protocol which can be used to mount both de-synchronization and traceability attacks against the protocol. Thus our attacks show that RIPTA-DA protocol is not a RIPTA-DA.

Endogenous and exogenous effects in self-exciting process models of terrorist activity

A model based on the cluster process representation of the self-exciting process model in White and Porter 2013 and Ruggeri and Soyer 2008is derived to allow for variation in the excitation effects for terrorist events in a self-exciting or cluster process model. The details of the model derivation and implementation are given and applied to data from the Global Terrorism Database from 2000–2012. Results are discussed in terms of practical interpretation along with implications for a theoretical model paralleling existing criminological theory.

A framework for generating realistic traffic for distributed denial-of-service attacks and flash events

An intrinsic challenge associated with evaluating proposed techniques for detecting Distributed Denial-of-Service (DDoS) attacks and distinguishing them from Flash Events (FEs) is the extreme scarcity of publicly available real-word traffic traces. Those available are either heavily anonymised or too old to accurately reflect the current trends in DDoS attacks and FEs. This paper proposes a traffic generation and testbed framework for synthetically generating different types of realistic DDoS attacks, FEs and other benign traffic traces, and monitoring their effects on the target. Using only modest hardware resources, the proposed framework, consisting of a customised software traffic generator, ‘Botloader’, is capable of generating a configurable mix of two-way traffic, for emulating either large-scale DDoS attacks, FEs or benign traffic traces that are experimentally reproducible. Botloader uses IP-aliasing, a well-known technique available on most computing platforms, to create thousands of interactive UDP/TCP endpoints on a single computer, each bound to a unique IP-address, to emulate large numbers of simultaneous attackers or benign clients.

Forgery attacks on ++AE authenticated encryption mode

In this paper, we analyse a block cipher mode of operation submitted in 2014 to the cryptographic competition for authenticated encryption (CAESAR). This mode is designed by Recacha and called ++AE (plus-plus-ae). We propose a chosen plaintext forgery attack on ++AE that requires only a single chosen message query to allow an attacker to construct multiple forged messages. Our attack is deterministic and guaranteed to pass ++AE integrity check. We demonstrate the forgery attack using 128-bit AES as the underlying block cipher. Hence, ++AE is insecure as an authenticated encryption mode of operation.

How terrorist campaigns end : The Rode Jeugd in the Netherlands and the Symbionese Liberation Army in the United States

This study explores the decline of terrorism by conducting source-based case studies on two left-wing terrorist campaigns in the 1970s, those of the Rode Jeugd in the Netherlands and the Symbionese Liberation Army in the United States. The purpose of the case studies is to bring more light into the interplay of different external and internal factors in the development of terrorist campaigns. This is done by presenting the history of the two chosen campaigns as narratives from the participants’ points of view, based on interviews with participants and extensive archival material. Organizational resources and dynamics clearly influenced the course of the two campaigns, but in different ways. This divergence derives at least partly from dissimilarities in organizational design and the incentive structure. Comparison of even these two cases shows that organizations using terrorism as a strategy can differ significantly, even when they share ideological orientation, are of the same size and operate in the same time period. Theories on the dynamics of terrorist campaigns would benefit from being more sensitive to this. The study also highlights that the demise of a terrorist organization does not necessarily lead to the decline of the terrorist campaign. Therefore, research should look at the development of terrorist activity beyond the lifespan of a single organization. The collective ideological beliefs and goals functioned primarily as a sustaining force, a lens through which the participants interpreted all developments. On the other hand, it appears that the role of ideology should not be overstated. Namely, not all participants in the campaigns under study fully internalized the radical ideology. Rather, their participation was mainly based on their friendship with other participants. Instead of ideology per se, it is more instructive to look at how those involved described their organization, themselves and their role in the revolutionary struggle. In both cases under study, the choice of the terrorist strategy was not merely a result of a cost-benefit calculation, but an important part of the participants’ self-image. Indeed, the way the groups portrayed themselves corresponded closely with the forms of action that they got involved in. Countermeasures and the lack of support were major reasons for the decline of the campaigns. However, what is noteworthy is that the countermeasures would not have had the same kind of impact had it not been for certain weaknesses of the groups themselves. Moreover, besides the direct impact the countermeasures had on the campaign, equally important was how they affected the attitudes of the larger left-wing community and the public in general. In this context, both the attitudes towards the terrorist campaign and the authorities were relevant to the outcome of the campaigns.

Nucleophilic attacks of 1,2-diaminoethane on MeCN ligands: synthesis, x-ray structure, and spectral and electrochemical properties of [Ru(.mu.-O)(.mu.-O2CAr)2[NH2CH2CH2NHC(Me)NH]2(PPh3)2](ClO4)2(Ar = C6H4-p-X; X = H, Me, OMe, Cl)

The diruthenium(III) complex [Ru2O(O2CAr)2(MeCN)4(PPh3)2](ClO4)2 (1), on reaction with 1,2-diaminoethane (en) in MeOH at 25-degrees-C, undergoes nucleophilic attacks at the carbon of two facial MeCN ligands to form [(Ru2O)-O-III(O2CAr)2-{NH2CH2CH2NHC(Me)NH}2(PPh3)2](ClO4)2 (2) (Ar = C6H4-p-X, X = H, Me, OMe, Cl) containing two seven-membered amino-amidine chelating ligands. The molecular structure of 2 with Ar = C6H4-p-OMe was determined by X-ray crystallography. Crystal data are as follows: triclinic, P1BAR, a = 13.942 (5) angstrom, b = 14.528 (2) angstrom, c = 21.758 (6) angstrom, alpha = 109.50 (2)-degrees, beta = 92.52 (3)-degrees, gamma = 112.61 (2)-degrees, V = 3759 (2) angstrom 3, and Z = 2. The complex has an {Ru2(mu-O)(mu-O2CAr2)2(2+)} core. The Ru-Ru and average Ru-O(oxo) distances and the Ru-O-Ru angle are 3.280 (2) angstrom, 1.887 [8] angstrom, and 120.7 (4)-degrees, respectively. The amino group of the chelating ligand is trans to the mu-oxo ligand. The nucleophilic attacks take place on the MeCN ligands cis to the mu-oxo ligand. The visible spectra of 2 in CHCl3 display an absorption band at 565 nm. The H-1 NMR spectra of 2 in CDCl3 are indicative of the formation of an amino-amidine ligand. Complex 2 exhibits metal-centered quasireversible one-electron oxidation and reduction processes in the potential ranges +0.9 to +1.0 V and -0.3 to -0.5 V (vs SCE), respectively, involving the Ru(III)2/Ru(III)Ru(IV) and Ru(III)2/Ru(II)Ru(III) redox couples in CH2Cl2 containing 0.1 M TBAP. The mechanistic aspects of the nucleophilic reaction are discussed.

Recovery from DoS Attacks in MIPv6: Modelling and Validation

Denial-of-service (DoS) attacks form a very important category of security threats that are prevalent in MIPv6 (mobile internet protocol version 6) today. Many schemes have been proposed to alleviate such threats, including one of our own [9]. However, reasoning about the correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate the solutions in a timely manner before deployment in the real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have not been successful so far. Here, we propose a new simulation based approach for validation using a tool called FRAMOGR that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that may be needed for making MIPv6 more robust.

Fault Attacks on Pairing-Based Protocols Revisited

Several papers have studied fault attacks on computing a pairing value e(P, Q), where P is a public point and Q is a secret point. In this paper, we observe that these attacks are in fact effective only on a small number of pairing-based protocols, and that too only when the protocols are implemented with specific symmetric pairings. We demonstrate the effectiveness of the fault attacks on a public-key encryption scheme, an identity-based encryption scheme, and an oblivious transfer protocol when implemented with a symmetric pairing derived from a supersingular elliptic curve with embedding degree 2.

A obrigação de extraditar para a repressão do terrorismo: a prática brasileira à luz do direito penal transnacional

O combate efetivo ao flagelo secular do terrorismo, ainda que possa se revestir de muitas formas, não prescinde da repressão penal de seus autores. Em vista da maciça internacionalização do terrorismo, a partir do Século XX, a cooperação jurídica internacional em matéria penal (aí incluída a extradição) consolida-se como instrumento de essencial importância para a repressão do terrorismo pela comunidade internacional, com a vantagem de resguardar o domínio do direito e, por conseguinte, de assegurar a paz e a segurança internacionais. A evolução do tratamento do crime de terrorismo pelo direito penal transnacional influenciada pelo direito da segurança coletiva, especialmente a partir dos atentados de 11 de setembro de 2001 exerceu expressivo impacto no direito extradicional. O entendimento desse efeito é fundamental para extrair-se do instituto da extradição todo o seu potencial para a repressão penal do terrorismo. Desde que presentes determinados requisitos, uma conduta de caráter terrorista à luz de parâmetros internacionais gera a obrigação estatal de extraditar ou processar seu autor, mesmo na ausência de tratado. Além disso, a extradição exercida ou não em decorrência de obrigação convencional tem seus princípios afetados pela obrigação internacional de repressão do terrorismo, particularmente no que se refere a questões como extraditabilidade, extradição por crimes políticos e extradição de refugiados. O direito brasileiro apresenta algumas vulnerabilidades para o cumprimento da obrigação aut dedere aut iudicare e a prática judicial brasileira relativa à extradição de acusados de atos de terrorismo poderia reportar-se mais ao direito internacional, com vistas a evitar o risco de violação de obrigações internacionais pelo Brasil.

Os efeitos políticos da securitização internacional do terrorismo pós-11/09: o caso da Organização de Cooperação de Xangai

Esta dissertação trata do que se entende como terrorismo após os atentados de setembro de 2001, seja como lógica de ação ou como método de ação. A partir desta data, o terrorismo alcançou enorme projeção e passou a figurar como tema central tanto na imprensa cotidiana quanto em reuniões internacionais de cúpula. O fenômeno era, muitas vezes, historicamente circunscrito às nações que enfrentavam esse problema. Após o Onze de Setembro, o debate expandiu-se e as políticas, e a propaganda, antiterroristas incidiram sobre a sociedade, modificando comportamentos individuais e coletivos. A associação entre Islamismo e terrorismo foi frequente e a Guerra Contra ao Terror (GCT), promovida pela política externa norte-americana de George W. Bush, contribuiu para difundir uma percepção do terrorismo como uma lógica de ação afeita à violência em si. Isso contrasta com a percepção quanto a grupos terroristas de momentos históricos anteriores, cujo recurso ao terrorismo era compreendido como método de ação com valor instrumental para alcançar objetivos políticos diversos, como a emancipação nacional e a desestabilização de regimes políticos estabelecidos. O estudo de caso da Organização de Xangai (OCX) visa demonstrar que a identificação entre terrorismo e Islã leva ao equívoco de compreender os grupos terroristas contemporâneos islâmicos, com lógicas próprias, como uma fenômeno só o que leva à imprecisão de atribuir ao terrorismo o caráter de primeiro fenômeno macro-securitizado. Este breve histórico da ascensão do terrorismo na agenda política contemporânea, mediante a análise do processo securitizador tanto na GCT quanto na Organização de Cooperação de Xangai, serve como referência para as análises contidas no trabalho que o leitor tem em mãos, uma vez que o sentido atribuído ao terrorismo só pode ser entendido em termos dos atores políticos envolvidos na sua definição e no contexto em qual o fazem. Na OCX, o verificou-se o entendimento do terrorismo como método de ação de grupos separatistas, o que não corresponde à ideia do terrorismo como lógica de ação contida na GCT.