Real-time and interactive attacks on DNP3 critical infrastructure using Scapy

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols, to control national infrastructure. Widely used interactive packet manipulation tools, such as Scapy, have not yet been augmented to parse and create DNP3 frames (Biondi 2014). In this paper we extend Scapy to include DNP3, thus allowing us to perform attacks on DNP3 in real-time. Our contribution builds on East et al. (2009), who proposed a range of possible attacks on DNP3. We implement several of these attacks to validate our DNP3 extension to Scapy, then executed the attacks on real world equipment. We present our results, showing that many of these theoretical attacks would be unsuccessful in an Ethernet-based network.

Desynchronization and Traceability Attacks on RIPTA-DA Protocol

Recently Gao et al. proposed a lightweight RFID mutual authentication protocol [3] to resist against intermittent position trace attacks and desynchronization attacks and called it RIPTA-DA. They also verified their protocol’s security by data reduction method with the learning parity with noise (LPN) and also formally verified the functionality of the proposed scheme by Colored Petri Nets. In this paper, we investigate RIPTA-DA’s security. We present an efficient secret disclosure attack against the protocol which can be used to mount both de-synchronization and traceability attacks against the protocol. Thus our attacks show that RIPTA-DA protocol is not a RIPTA-DA.

A framework for generating realistic traffic for distributed denial-of-service attacks and flash events

An intrinsic challenge associated with evaluating proposed techniques for detecting Distributed Denial-of-Service (DDoS) attacks and distinguishing them from Flash Events (FEs) is the extreme scarcity of publicly available real-word traffic traces. Those available are either heavily anonymised or too old to accurately reflect the current trends in DDoS attacks and FEs. This paper proposes a traffic generation and testbed framework for synthetically generating different types of realistic DDoS attacks, FEs and other benign traffic traces, and monitoring their effects on the target. Using only modest hardware resources, the proposed framework, consisting of a customised software traffic generator, ‘Botloader’, is capable of generating a configurable mix of two-way traffic, for emulating either large-scale DDoS attacks, FEs or benign traffic traces that are experimentally reproducible. Botloader uses IP-aliasing, a well-known technique available on most computing platforms, to create thousands of interactive UDP/TCP endpoints on a single computer, each bound to a unique IP-address, to emulate large numbers of simultaneous attackers or benign clients.

Effects of severity of threshing damage on seed quality of Gatton panic Panicum maximum)

Different degrees of severity of threshing were imposed during combine-harvesting of seed of Gatton panic, a cultivar of Panicum maximum , to determine effects of degree of threshing damage on subsequent properties of seed. Threshing cylinder peripheral speeds and concave clearances covering the normal range employed commercially were varied experimentally in the harvest of 2 crops grown in north Queensland. Harvested seed was dried and cleaned, then stored under ambient conditions. The extent of physical damage was measured, and samples were tested at intervals for viability, germination, dormancy and seedling emergence from soil in a glasshouse and in the field over the 2 seasons following harvest. Physical damage increased as peripheral rotor speed rose and (though less markedly) as concave clearance was reduced. As the level of damage increased, viability was progressively reduced, life expectancy was shortened, and dormancy was broken. When the consequences were measured as seedling emergence from soil, the adverse effects on viability tended to cancel out the benefits of dormancy-breaking, leaving few net differences attributable to the degree of threshing severity. We concluded that there would be no value in trying to manipulate the quality of seed produced for normal commercial use through choice of cylinder settings, but that deliberate light or heavy threshing could benefit special-purpose seed, destined, respectively, for long-term storage or immediate use.

Forgery attacks on ++AE authenticated encryption mode

In this paper, we analyse a block cipher mode of operation submitted in 2014 to the cryptographic competition for authenticated encryption (CAESAR). This mode is designed by Recacha and called ++AE (plus-plus-ae). We propose a chosen plaintext forgery attack on ++AE that requires only a single chosen message query to allow an attacker to construct multiple forged messages. Our attack is deterministic and guaranteed to pass ++AE integrity check. We demonstrate the forgery attack using 128-bit AES as the underlying block cipher. Hence, ++AE is insecure as an authenticated encryption mode of operation.

Nucleophilic attacks of 1,2-diaminoethane on MeCN ligands: synthesis, x-ray structure, and spectral and electrochemical properties of [Ru(.mu.-O)(.mu.-O2CAr)2[NH2CH2CH2NHC(Me)NH]2(PPh3)2](ClO4)2(Ar = C6H4-p-X; X = H, Me, OMe, Cl)

The diruthenium(III) complex [Ru2O(O2CAr)2(MeCN)4(PPh3)2](ClO4)2 (1), on reaction with 1,2-diaminoethane (en) in MeOH at 25-degrees-C, undergoes nucleophilic attacks at the carbon of two facial MeCN ligands to form [(Ru2O)-O-III(O2CAr)2-{NH2CH2CH2NHC(Me)NH}2(PPh3)2](ClO4)2 (2) (Ar = C6H4-p-X, X = H, Me, OMe, Cl) containing two seven-membered amino-amidine chelating ligands. The molecular structure of 2 with Ar = C6H4-p-OMe was determined by X-ray crystallography. Crystal data are as follows: triclinic, P1BAR, a = 13.942 (5) angstrom, b = 14.528 (2) angstrom, c = 21.758 (6) angstrom, alpha = 109.50 (2)-degrees, beta = 92.52 (3)-degrees, gamma = 112.61 (2)-degrees, V = 3759 (2) angstrom 3, and Z = 2. The complex has an {Ru2(mu-O)(mu-O2CAr2)2(2+)} core. The Ru-Ru and average Ru-O(oxo) distances and the Ru-O-Ru angle are 3.280 (2) angstrom, 1.887 [8] angstrom, and 120.7 (4)-degrees, respectively. The amino group of the chelating ligand is trans to the mu-oxo ligand. The nucleophilic attacks take place on the MeCN ligands cis to the mu-oxo ligand. The visible spectra of 2 in CHCl3 display an absorption band at 565 nm. The H-1 NMR spectra of 2 in CDCl3 are indicative of the formation of an amino-amidine ligand. Complex 2 exhibits metal-centered quasireversible one-electron oxidation and reduction processes in the potential ranges +0.9 to +1.0 V and -0.3 to -0.5 V (vs SCE), respectively, involving the Ru(III)2/Ru(III)Ru(IV) and Ru(III)2/Ru(II)Ru(III) redox couples in CH2Cl2 containing 0.1 M TBAP. The mechanistic aspects of the nucleophilic reaction are discussed.

Nonlinear measures of respiration: Respiratory irregularity and increased chaos of respiration in patients with panic disorder

Background. Respiratory irregularity has been previously reported in patients with panic disorder using time domain measures. However, the respiratory signal is not entirely linear and a few previous studies used approximate entropy (APEN), a measure of regularity of time series. We have been studying APEN and other nonlinear measures including a measure of chaos, the largest Lyapunov exponent (LLE) of heart rate time series, in some detail. In this study, we used these measures of respiration to compare normal controls (n = 18) and patients with panic disorder (n = 22) in addition to the traditional time domain measures of respiratory rate and tidal volume. Methods: Respiratory signal was obtained by the Respitrace system using a thoracic and an abdominal belt, which was digitized at 500 Hz. Later, the time series were constructed at 4 Hz, as the highest frequency in this signal is limited to 0.5 Hz. We used 256 s of data (1,024 points) during supine and standing postures under normal breathing and controlled breathing at 12 breaths/min. Results: APEN was significantly higher in patients in standing posture during normal as well as controlled breathing (p = 0.002 and 0.02, respectively). LLE was also significantly higher in standing posture during normal breathing (p = 0.009). Similarly, the time domain measures of standard deviations and the coefficient of variation (COV) of tidal volume (TV) were significantly higher in the patient group (p = 0.02 and 0.004, respectively). The frequency of sighs was also higher in the patient group in standing posture (p = 0.02). In standing posture, LLE (p < 0.05) as well as APEN (p < 0.01) contributed significantly toward the separation of the two groups over and beyond the linear measure, i.e. the COV of TV. Conclusion: These findings support the previously described respiratory irregularity in patients with panic disorder and also illustrate the utility of nonlinear measures such as APEN and LLE as additional measures toward a better understanding of the abnormalities of respiratory physiology in similar patient populations as the correlation between LLE, APEN and some of the time domain measures only explained up to 50-60% of the variation. Copyright (C) 2002 S. Karger AG, Basel.

Effect of nortriptyline and paroxetine on measures of chaos of heart rate time series in patients with panic disorder

Tricyclic antidepressants have notable cardiac side effects, and this issue has become important due to the recent reports of increased cardiovascular mortality in patients with depression and anxiety. Several previous studies indicate that serotonin reuptake inhibitors (SRIs) do not appear to have such adverse effects. Apart from the effects of these drugs on routine 12-lead ECG, the effects on beat-to-beat heart rate (HR) and QT interval time series provide more information on the side effects related to cardiac autonomic function. In this study, we evaluated the effects of two antidepressants, nortriptyline (n = 13), a tricyclic, and paroxetine (n = 16), an SRI inhibitor, on HR variability in patients with panic disorder, using a measure of chaos, the largest Lyapunov exponent (LLE) using pre- and posttreatment HR time series. Our results show that nortriptyline is associated with a decrease in LLE of high frequency (HF: 0.15-0.5 Hz) filtered series, which is most likely due to its anticholinergic effect, while paroxetine had no such effect. Paroxetine significantly decreased sympathovagal ratios as measured by a decrease in LLE of LF/HF. These results suggest that paroxetine appears to be safer in regards to cardiovascular effects compared to nortriptyline in this group of patients. (C) 2003 Elsevier Inc. All rights reserved.

Recovery from DoS Attacks in MIPv6: Modelling and Validation

Denial-of-service (DoS) attacks form a very important category of security threats that are prevalent in MIPv6 (mobile internet protocol version 6) today. Many schemes have been proposed to alleviate such threats, including one of our own [9]. However, reasoning about the correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate the solutions in a timely manner before deployment in the real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have not been successful so far. Here, we propose a new simulation based approach for validation using a tool called FRAMOGR that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that may be needed for making MIPv6 more robust.

Fault Attacks on Pairing-Based Protocols Revisited

Several papers have studied fault attacks on computing a pairing value e(P, Q), where P is a public point and Q is a secret point. In this paper, we observe that these attacks are in fact effective only on a small number of pairing-based protocols, and that too only when the protocols are implemented with specific symmetric pairings. We demonstrate the effectiveness of the fault attacks on a public-key encryption scheme, an identity-based encryption scheme, and an oblivious transfer protocol when implemented with a symmetric pairing derived from a supersingular elliptic curve with embedding degree 2.

La propaganda por el hecho dentro del discurso anarquista en la Argentina del Centenario

Dueños de un discurso contestatario y crítico, pero a la vez formativo y comprometido con el hombre trabajador como centro de sus proyectos, el principal objetivo del movimiento anarquista argentino fue impugnar, cuestionar y contradecir el discurso oficialista. Una de las tácticas que utilizaron los militantes libertarios fue la propaganda por el hecho o acción directa, como denominaremos los actos terroristas ácratas. Si bien en la Argentina encontramos una importante literatura libertaria con un lenguaje perturbador y radicalizado, los sucesos violentos fueron aislados, aunque no por ello dejaron de preocupar tanto a la clase dirigente como a la sociedad en general, que llegó a identificar al militante ácrata con un criminal y lo transformó en un problema de higiene y seguridad pública. Esta situación, sumada no sólo al tenor violento que caracterizó los conflictos laborales, sino también a las noticias nada tranquilizadoras que llegaban de Europa, donde una ola de atentados sacudió la opinión pública, provocaron un pánico exagerado en los distintos ambientes sociales. La consecuencia directa fue la celebración del Centenario en medio de una oleada de huelgas, protestas y con declaración del estado de sitio.