论文信息 - Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems

Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems

Data Distribution Service (DDS) is a realtime peer-to-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

[1] Alessandro Orso,et al. Using positive tainting and syntax-aware evaluation to counter SQL injection attacks , 2006, SIGSOFT '06/FSE-14.

[2] Agostino Cortesi,et al. Procedurally Provisioned Access Control for Robotic Systems , 2018, 2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[3] Dong-Seong Kim,et al. Node discovery scheme of DDS using dynamic bloom filters , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[4] Aniruddha S. Gokhale,et al. Publish/subscribe-enabled software defined networking for efficient and scalable IoT communications , 2015, IEEE Communications Magazine.

[5] Eli Ben-Sasson,et al. SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[6] Ke Ci,et al. Hacking Exposed : Network Security Secrets and Solutions , 2013 .

[7] Jerry den Hartog,et al. Formal analysis of XACML policies using SMT , 2017, Comput. Secur..

[8] Laurent Vanbever,et al. NetHide: Secure and Practical Network Topology Obfuscation , 2018, USENIX Security Symposium.

[9] Richard Ruggles,et al. An Empirical Approach to Economic Intelligence in World War II , 1947 .

[10] Javier Povedano-Molina,et al. Bloom filter-based discovery protocol for DDS middleware , 2011, J. Parallel Distributed Comput..