CSE4003– Cyber Security

Digital Assignment I

WINTER SEMESTER 19-20

C2+TC2 Slot

TITLE:
Cyber Protecting Critical Infrastructure

Submitted By

S.No Name Reg.No

1 Vaibhav Singh 18𝐵𝐶𝐸2257
2 Aditya Bist 18𝐵𝐶𝐸2303
3 Hrugved Pawar 18𝐵𝐶𝐸2309

Under the guidance of Dr.M.Anand

VELLORE

INSTITUTE

OF TECHNOLOGY
ABSTRACT

Particularly modern reconnaissance and the hacking of basic frameworks present genuine
dangers to national security. One can envisage that it can have genuine ramifications when
layouts of new plans for military equipment are being taken from a privately owned business
by an enemy state. Also, when basic foundations are being hacked, our everyday life can be
intensely influenced and the inventory of fundamental necessities, for example, water and
power goes under weight. Alongside this adjustment in the danger condition comes the rise of
a discussion about whether such cyberattacks ought to try and be named demonstrations of war.
This underlines the amount of an effect the advancements in the internet conceivably have on
national security. Emphatic states have a lot of enthusiasm for hacking into the basic foundation
of other (adversary) states. It is now freely realized that states, for example, China, hack into
remote climate stations, databases or essential infrastructural PC frameworks so as to pick up
understanding into both the digital security estimations and computerized abilities. With this
understanding, these digital forceful states would then be able to get ready for bigger assaults
on basic framework, (for example, water and power supply, security administrations and
media. In late 2015, a Russian programmers aggregate previously prevailing with regards to
performing such a hack on imperative computerized framework by holding onto command over
a power control focus in Western Ukraine, leaving a quarter million residents without power
for a few hour. Through this survey we wanted to explain the complexity involved in several
sectors which are meant to be highly secured because of the amount of data they carry and the
capital they have. The paper will follow our understanding of methods and prevention systems
used by public sectors to help them being effected from any attack.
INTRODUCTION

Due to an increase in utilization and rise in demand, in the form of good outputs from every
behemoth sector like vehicular automation, banking, public works and law, and enforcements.
The governments across the globe had to introduce them as online services, which involve the
utilization of the web so that the services possible to be accessed could be available for
everyone from any remote area. This has resulted in transparency for the services and also
introduces many more problems like theft of data and hijacking of the systems for using them
against the governments. In this survey, we intend to put light on the methods and underlying
technologies protecting these sectors and how management wise improvement is introduced
by using the cryptographic methods to secure the data. Starting from integrating Automation
in driving and developing one single network of cars on a global scale to make them completely
automated and to make them a hundred percent efficient, by saving them from any malware
attacks. The Development of VANET( Vehicular Ad-hoc Networks) and using it to introduce
one fully integrated buffer system in order to handle the traffic congestion and terminating any
accident. It could be well efficient in order to trace any vehicle and will allow inter-vehicular
communication so that one completely automated environment is possible to be created.
The banking sector is most active and has to be highly efficient for proper capital management
of the country’s credit. This sector has been tested for its securities and loop wholes many times
in the past with introductions of new methods to exploit the system and hide the vulnerabilities
in the system. So it requires the most complicated, fast and reliant methods for its security.
Later on through the survey, we will introduce you to the most lethal attacks to date on the
banking sector and how they were tackled and what strategies are used in the present banking
division to make sure about its various branches like portable banking and net banking. The
different common attacks on mobile banking which are computationally very easy to
implement and are generally deadly has caused billions of loss to governments. Internet
banking and NFC cards are on the rise as they satisfy the demand of saving time for the
millennials and are highly efficient for them but they have a exchange off and furthermore have
a significant level vulnerabilities risk of the account as they are very easy to break into, So
there are separate methods and heuristics to secure the mobile and internet banking sections.
Whether it’s a small sector or a large one but due to the transition of every sector on the internet
has produced a trade-off in the high accessibility and high vulnerabilities. In developing
countries, all the data for every sector is stored on some particular server and they have started
using cloud infrastructure which makes the centers as stores for trillions of data from the public
using different–different sectors. Such sectors are law and enforcement, fire department, public
works and many more, these sectors require the data warehousing for every task and purchases
made by them, which eventually gets stored in some server room. This can be very dangerous
if the data center is not secured to a certain level, it could lead to many faults and espionages
by adversaries. Throughout our survey, we will explain points about how these centers can be
targeted with different techniques, cyber-attacks, and methods used by governments to prevent
espionage.
Transportation

A Reputation System for Detection of Black Hole Attack in Vehicular Networking

Abstract
This paper proposes a method to secure the Vehicular network from black hole attacks where
each vehicle reports the packet transfer with its neighbours and the trust authority classifies the
reliability of players based on the reports. Author’s reputation system detected malicious
players in the network and prevented them from damaging the system and improve the
effectiveness of routing process.
Introduction
Proposed Model and Algorithm
The paper proposes a model to save the vehicle from a black hole effect, authors have taken
into consideration few factors that are:
o Reputation score based system which could detect the nodes that drop packets
frequently.
o Table was set in vehicles in a way to store the behaviour of its direct neighbour.
o A system to check modification of information in receiving the packets.
The system is dived in two parts vehicle part(VP) and road side unit(RSU) part. VP records the
behaviour of the neighbours and provides result to RSU. The RSU calculates and stores the
reputation score of each vehicle.

For communicating between A to C. A transmits packet to B and B transfers it to C. Later A

receives feedback that the packet was transmitted correctly with proper modification by B.
Then A reports the reliability of B on feedback it received.
Format of Report Frame
The observation format in Fig 2 is A represents observer, B represents monitored vehicle. T
are the slots used to store the successful transmission rate.
T1 -> forwarding of emergency messages.
T2 -> forwarding of temporary messages.
T3 -> forwarding of Web messages.
T4 -> modification of emergency messages.
T5 -> modification of temporary messages.
T6 -> modification 0f Web messages.
Reputation score calculation
Calculation of report received by the RSU
Β->weight of historical score
• -> historical reputation score
Wi -> represents weight of each slot Ti
After some time received report related to B, The RSU updates reputation score of B in its
table by using :

Rv represents reputation score of observer v. The RSU can also calculate the reputation
score for each type of packet by using the following formula:

Rb1,2,3 -> reputation score for emergency message, temporary message and web message.
Β1 -> weight of forwarding correction compared with the integrity of information.
Communication models
Authors talk about two types of communication in a vehicular network working. Vehicle to
Infrastructure (V2I) and Vehicle to Vehicle(V2V)
• V2I similar to wifi network. The reports are transmitted from vehicle to RSU. Reports
are ecrypted through a public key hybrid algo RSU K+(R)
_ Vehicle need to be authenticated, the RSU has the
certificates of vehicles which contains their public
keys K+(V ).
_ Based on the request of the vehicle, the RSU sends
its certificate and lists the approved cryptographic
algorithms which contains its public key K+(R).
_ Vehicle checks the validity of the certificate.
_ Vehicle then generates a report signed with its own
private key K-(V ) and encrypted with the public key
of the RSU K+(R).
_ The RSU decrypt the report with its own private key
K-(R) and verifies the signature of vehicle with the
public key of vehicle K+(V )
V2V using algorithm 1 the vehicles set the threshold for each type of packets:

α represents the threshold set for total reputation, α1,2,3 represents threshold set for emergency
message, temporary message and web message. The vehicle is able to choose perfect routing
for certain type of packets.
Packet loss ratio
Similar to DoS attack black hole attack results in high packet loss ratio. In fig 3 no attack results
in 10% loss ratio. When malicious nodes were introduced loss ratio increased to 50%. Which
concluded that about one half of the packets could not reach the destination during
transmission. This gave confidence to authors in their system against the black hole attack.
End-end latency
Shown in Fig 4 the end-to-end latency of the scheme was higher than the initial AODV. When
node in network are about 20, the increase in end-to-end latency comparing the scheme with
intial AODV was 12.5% This was an expected outcome due to less number of nodes giving
feedback does not result in good decision. Whereas 12.5% increase in end-to-end latency is
good in vehicular networking.
Detection rate
can be caluculateed by number of vehicles and average speed of the vehicle
As shown in Fig 5 it is depicted that when there are a large number of vehicles and vehicle
movement is slow up to 90% of the attacks can be detected. Which gives confidence to apply
this scheme in urban areas.
False Positive Rate(FPR)
Banking
Cyber banking refers to banking over the web and cyber security refers to the new
technologies, practices and processes designed to protect the information, networks and
computer programs from cyber-attacks. A cyber security threat is a type of financial terrorism
that the world is facing lately in recent times. Customers’ privacy data protection has been the
most testing part of modern day cyber banking.Cyber security is a way to protect cyber space
from cyber-attack. A break in any cyber security leads to some type of financial and non-
financial losses to the victim organization and its clients, thus the purpose of cyber security is
to secure against these breaks.Non-financial losses may incorporate burglary of organization
intellectual property, robbery of customers’ sensitive information like adhaar card and account
data. Cyber-crime is a worldwide issue and it is having a huge economic impact on the society.
A genuine test about cyber security and privacy in the banking cyber space is guaranteeing that
sensitive data is secured.In the present day,we are dependent on computer equipment for
collection, storage, processing, retrieval, transmission and delivery of information, broadly
utilized in banking. These includethe database management system. Text, tabular, graphic
processors, algorithmic languages, etc.It will penetrate all the activities of a modern
commercial Bank, including the provision of banking services as well as areas like accounting,
control, analysis and planning.It also helps in external interaction with customers, Bank
branches, correspondent banks and other credit institutions. With the advancement of Internet
technologies, the number of both production, distributed and local systems, as well as users
utilizing the connection to the global network for their own needs has increased.Increasing the
speed of transfering information,improving connection quality, the ability to access any
network resources from anywhere in the world has made the Internet an imperative device for
almost everyone.These attributes are important for public services and different organizations.
In this regard,distributed information systems are turning out to be increasingly common,
allowing us to simultaneously work with the same information from different points of the
country. Computer networks providea us with execution of communication functions and
access to shared resources like file transfer, access to remote databases, and remote task
execution. Local and corporate networks bind together the various divisions of the
Bank,increasing the proficiency of credit institutions and giving a full complex of specific
means and measures of protection against the unauthorized access inside your banking data.
The telecommunications system of interaction allows us to organize a remote service client;
interstate, interbank cooperation and Telegraph networks can carry out information transfer.
Activities that pose a threat to information systems can be divided into two primary categories:
internal which are those associated with intentional and unintentional actions of employees like
data breaches and Data leakage.and the external network attacks and theft of storage media.
Protection of data in the Bank is a complex problem that cannot be explained only through the
banking programs.Viable protection starts with the selection and configuration of operating
systems and network system that will support the functioning of the banking programs. Banks
in the rising countries do feature the security practices that an Internet banking user ought to
follow. Banks which provide E-banking do mention Information Technology security practice
for the clients to follows in order to guarantee a safer experience.With the development of new
security threats, users may be unable to cope with the everyday changes made by the banks.
For instance, banks in Saudi Arabia provide a two factor authentication in which once a user is
signed in successfully and then a onetime password (OTP) is sent on the client's registered
mobile number which the user has to enter before being diverted to the Internet banking
webpage.All transaction notifications are sent by means of SMS. Banks in India also give a
two-factor authentication, where a user needs to have a separate password for login and a
separate password for transactions. In order to perform a transaction, the user has to enter an
OTP reference number, which is sent as OTP to the enrolled mobile number and a password
for the transaction. The significant duty of maintaining a secure Internet banking experience
lies with the client,they must choose an appropriate proper browser and update the browser,he
must also choose appropriate antivirus and update it.He must also be aware of phishing
attacks,Malware, remember to update passwords and choose a complex password, etc. Banks
should also have state of the art Information Technology Operations and Centers. By
contributing a bit more, the banks can take some of the responsibilities away from the customer
and diminish the risk of security threats, thereby offering a good secure environment for their
customers.Banks can uphold their security policies to ensure safer banking experience for
users. On the other hand, users should adhere to the instructions provided by the bank to
guarantee a safe Internet banking experience. The proposed approach to network and
application security is divided into two parts which are boundary,security and applications
boundary security which consists of four sections:-
1.Authentication
2.Policy manager
3.Known vulnerabilities system
4.network administrator.
Boundary security ensures the cyber banking space and the physical space and application
security ensures the cyber banking information systems. The prevention of attack by boundary
security portion of the approach is defined by the organization’s security methadologies and
managed by the policy manager. The applications security checks for vulnerabilities inside the
applications and should be executed at the system or software development level.When a
communication crosses the physical space isolating the outside world and the banking cyber
space, the communication is handled according to the policies set by the components at the
transit point,which is defined and managed by the policy manager.The proposed cyber banking
security framework is separated into four parts:
1. Controls that address operational conditions;
2.Controls that address initial threat entry points;
3. Controls that address known propagation techniques;
4.Controls that optimize and validate the threats.
The propagation strategies & techniques and the section point of this framework are related to
the network security defense mechanism. The entry point separates the outside physical
space and the cyber banking physical space which characterizes the access point to the network.
Devices such as the firewall,routers are placed at the entry of a network. The propagation
strategies & techniques are then defined and arranged by the policy manager and the firewall
of the network. The optimization & approval and operational conditions of the framework
relate with the application security. Least privilege standard could be applied to accomplish
operational conditions. Optimization and approval could be accomplish by implementing
vulnerabilities checks in the application.Controls that address operational conditions deal with
issues such as purchasing of software and hardware, secure arrangement for the software and
hardware on workstations,laptops and servers, continuous vulnerabilities assessment and
remediation.Controls that address initial threat entry points deal with cyber security defense
strategies, application level security defense strategies,wireless and mobile devices control,
data recovery capabilities strategies, security skill assessment and training.Controls that
address known propagation methods deal with configuration of network devices such as
firewalls,switches and routers. Access control to the network ports, services and protocols,
management of administrative privileges, applying of boundary defense, maintenance,
monitoring and analysis of security audit logs.Then controls that enhance and validate the
threats deal with monitoring and control of accounts, security incidents reaction capability and
data recovery capabilities.

Fig.Cyber banking security framework]

Some of the Information Security Governance Framework are:-

FFIEC- The Federal Financial Institutions Examination Council was set up in 1979. It was
given the authority to recommend uniform standards and report forms for the federal
examination of financial institutions. The FFIEC publication: "Information Security IT
Examination Handbook" is utilized by federal examiners auditing the operations of money
related foundations for compliance with their commitments.
COBIT-Control Objectives for Information and related Technology is created by The
Information Systems Audit and Control Association & Foundation (ISACAF) to provide
management and business process owners with an IT governance model to help comprehend
and deal with the risks related with IT. COBIT comprises of four primary components namely,
plan and organize, acquire and implement, deliver and support, and lastly and assess.
ISO 27002-The International Organization for Standarization (ISO) is the world's biggest
developer and distributer of global standards in a wide area of subjects including information
security management systems and practices. The ISO 27002 (2006) standard which was
originally known as The ISO 17799 (2005) standard, is an industry benchmark code of practice
for information security practice” (ISO, 2009). It outlines 11 control mechanisms and 130
security controls. The standard helps in establishing guidelines and the general principles for
initiating, implementing, maintaining, and improving data security management within an
organization.
IISA-Information Systems Security Association (ISSA) distributed The Generally Accepted
Information Security Principles (GAISP).The essential objective of the ISSA is to advance
practices, from the meeting room to the information security professional that will
guarantee the confidentiality, integrity, and availability of organizational information
resources. The ISSA encourages connection and education to create a more fruitful
environment for worldwide information systems security and for the experts involved.

POWER
Over the 100-year history, power control structures have gotten dynamically multifaceted and
interconnected. While this improves efficiency and engages customer decisions, it furthermore
constructs lack of protection to physical and data bursts. Since nothing is clearly executed in a
cyberattack on the power system, nations have been anxious to guide them without an
introduction of war. The present control structures in the U.S. power structure may change to
some degree, anyway there are standard strategies at every movement that can be even more
solidly broke down. Most force age occurs inside a power station or plant. There is a control
space for greater generators (~5 MW and up), where all procedures are watched and adjusted
differing. Generators are by and largely tweaked to change their ability yield through modified
age control, and they are really proposed to hold system repeat at 60 cycles/s (hertz). While
power plants share these general points essentially, other age structures move subject to the
sort of fuel being used. For instance: ample, nuclear and non-sustainable power source units
balance steam creation to meet the electrical burden and cutoff the cooling load. Hydroelectric
units promote basically the purpose of the water affirmation "wicket entryways" to addition or
reduction the proportion of power made.In the United States, regional transmission affiliations
(RTOs) are responsible for their nearby piece of the power arrangement . RTOs organize
commonplace power respect stack, engineer the arrangement and movement of force across
control regions, and run an imperativeness supervisement system (EMS). The EMS takes
sensor data, registers power streams, and performs plausibility examinations to ensure strong
transmission. Another piece of various RTOs is the direct of a consistently, day ahead "sell off"
to choose the most budgetary dispatch of the next day's producing units. These RTOs similarly
manage a continuous imperativeness exhibit that nearby facilitates genuine enthusiasm for
essentialness to stack.This level of control room uses SCADA systems to screen and work its
field gadgets. Intensely impacted by the SCADA system, capacitor banks are used to keep up
voltage inside 10% of ostensible over the structure, and circuit breakers and switches, in a joint
effort with field circuit repairmen, help make safe work zones for upkeep and advancement.
Close by transmission control rooms furthermore work their own EMS.Neighborhood
transmission control rooms work in couples with close by dispersion control rooms that manage
a more diminutive piece of the grid. The conveyance control chairmen work with hands on
linemen, circuit analyzers, and end use customers. They get client information and organization
requests and dispatch fix groups to restore power transport to those experiencing power
outages. An impressive parcel of these apportionment control concentrates also have SCADA
for system watching and remote control of equipment.After some time, various utilities have
set up relationship from their working advancement (OT), like SCADA structures, to their data
development (IT) through the Internet. These affiliations encourage basic access to data for
utility agents and merchants. They may similarly allow utility planners and venders to remotely
research and reexamine field gear. These relationship between utility OT and IT over the
transparently available Internet make "attack surfaces," potential openings in the OT
framework's electronic fringe. The control system layers and their regular relationship with the
Internet are portrayed in the Fig.
In our examination we executed a recreation stage that comprises:
(a) A test system of the physical framework being controlled (for example the force plant or an
area of it): this incorporates a gathering of electromechanical gadgets like PLCs, RTUs, sensors
and actuators, ready to reenact most key states of the objective plant (gas under tension, valves,
sensors for temperature, and so forth.
(b) The constant piece of the ICS under examination (or a recreation of it): a SCADA
framework indistinguishable from the one utilized in the objective force plant has been
arranged and associated with the plant test system depicted.
(c) The remaining of the ICS (e.g.database,communicationlinks,etc.): all the ICT parts like the
Intranet Windows area, the Intranet customers, the Internet Gateway, the firewall, and so on
have been recre-ated imitating the ones in the force plant, regarding all subtleties. Besides, the
reenactment condition incorporates all delicate product applications, and all the security and
the entrance approaches utilized in the establishment taken as reference.
(d) Remote control frameworks: since a few activities in the force plant include association
with remote administrators, we made a perplexing, reconfigurable system duplicating the
"outer world" (for example Web).
(e) The assault test system: this incorporates a lot of PCs, ICT gadgets and programming for
reproducing distinctive assault profiles and scenarios.
While the reproduction of the operational sub-frameworks is required to reenact the best
possible "creation condition", the implemen-tation in the test system of different subsystems
ensure fitting control and information gathering, and consequently the repeatability of the trials:
(a) The recreation administrator: which permits dealing with and designing from a main issue
all the components of the research facility.
(b) The onlooker framework: it measures and assembles explicit information dur-ing the tests
with respect to various working parameters of the force plant so as to comprehend top to bottom
what is hap-pening into the framework during the execution of the objective assault situations.
The onlooker framework is made out of a system of dispersed sensors, mark and peculiarity
based (for example in light of the two examples got from known assaults, and heuristic
standards targeting finding abnormal practices) permitting to mea-sure a configurable
arrangement of parameters which would then be able to be utilized for the examination of the
analyses.
(c) Analysis framework: in view of the product device InSAW (Industrial Security Analysis
Work-Bench), actualizing the hazard evaluate men strategy received in our methodology. That
apparatus can be utilized for breaking down the consequences of the trials to dis spread new
vulnerabilities, new assault situations, and to recognize appropriate countermeasures.
(d) Backup framework: this framework makes various pictures of the scenarios under test as
they are run, to be put away in a memorable chronicle. This is to rapidly reestablish the earth
to be reproduced, by getting from the file the relating picture.
(e) Attack and helplessness chronicles: these documents contain infor-mation about known
vulnerabilities and assaults identified with the ICT and force framework gadgets, and the
relative countermeasures.

Fig.Power plant simulator

Conclusion
At that point world's entrance to power, transportation systems, drinking water and numerous
other basic foundation administrations is progressively in danger from cyber-attacks. These
dangers can have devastating outcomes and could threaten worldwide economies and entire
communities. The accomplishment of critical infrastructure protection initiatives always
depend on the strong and meaningful partnerships between governments and business parties.
Success also relies on the solutions that are used to manage and actualize these initiatives. It is
also important to recognize the dangers that could threaten the integrity of critical infrastructure
framework. When we think about framework or network security, we almost always
immediately think of a terrorist threats, however there are other threats that should also be
taken into account, such as equipment failure, human error and regular causes (the climate, for
example). When choosing solutions that distinguish and recognize security risks and
peculiarities in expected behavior, it is essential to factor in as many of these risks as possible.
Before Deloitte launched the Cyber Intelligence Centre, there was an understanding that the
absence of a practical national cyber security incidents response team in the country the main
challenge to manage cyber threats and attacks. There was a perception that there is no
centralized source of data hub to provide a clear view of cyber related incidents in the
world.The starting of legislations and standards to force organizations into compliance and
uncovering of cyber incidents would improve security governance. In any case,most
associations are focused on increasing revenues and decreasing the costs, thus security taking
a back seat or looked at as a side issue. There is a general requirement for greater cyber security
awareness and education in most financial institutions. Also identified during the research is
lack for security experts in the world. Worms was the most widely recognized classification of
malware in the world followed by Trojans with a slight drop of the computer infections in the
fourth quarter of 2014 from the third quarter of 2014 according to Microsoft Security
intelligence of 2014. As cyber banking is becoming more developed and becoming more and
more digital, management of big data becomes more significant. The capacity of this big data
will depend on technologies such as cloud. The security of these cloud technologies and legal
issues need further research as these cloud suppliers are not hosted in most part of the world.
Issues may incorporate things like the vendor lock-in threats, what level of security to apply,
business progression if there is a breach of the cloud security, and so on. More research is
needed on social engineering and its impact on the world's economy. Further research needs to
be taken at the developing threats and drivers of cybercrime and attacks in the world.
REFERENCE
[1]. Technologies of Safety in the Bank Sphere from Cyber Attacks by Nyrkov Anatoliy P
[2]. Cyber Security Analysis of Internet Banking in Emerging Countries: User and Bank
Perspectives by Jaafar M. Alghazo
[3]. Cyber Security, a Threat to Cyber Banking in South Africa An approach to Network and
application security by Thierry Mbah Mbelli
[4]. How to Attack Two-Factor Authentication Internet Banking by Manal Adham
[5].A Framework for the Governance of Information Security in Banking System by Munirul
Ula
[6].A Project to Develop a Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) by
Peter W. Sauer
[7].Cybersecurity in power systems by Michael F. Ahern
[8]. A Low Power Cybersecurity Mechanism for WSNs in a Smart Grid Environment by
Gurpreet Singh Dhunna
[9]. Cyber security issues imposed on nuclear power plants by Do-Yeon Kim
[10]. Cyber security assessment of a power plant by Igor Nai Fovino
[11].A reputation system for detection of black hole attack in vehicular networking by
R.Khatoun
[12].Critical Infrastructure Protection:Beyond the hybrid port and airport firmware security by
Andrea Chippetta
[13].Integrated safety and cybersecurity risk analysis of cooperative intelligent transport
systems by Jin Cui
[14].Trust in IOT enabled mobility services;predictive analytics and the impact of prediction
errors on the quality of services in bike sharing by Charilaos Latinopoulas
[15].Cyber physical security:protecting critical infrastructure at the state and local level by
Robert M Clark
[16].Securtiy challenges and methods for protecting critical infrastructure cyber physical
systems by James M Taylor
[17].A survey SCADA pf an critical infrastructure incidents by Bill Miller
[18].Creating a cyber moving target for critical infrastructure applications using platform
diversity by Hamed Okhravi
[19].Cybersecurity:Protecting critical infrastructure from cyber attack and cyber warfare by
Thomas A Johnson
[20].Analytics for protecting critical infrastructure by Adam Zagorecki