IMTrustSec

International Workshop on Incident Management, Trusted Computing, Open Hardware and Advanced Security Attacks
  • Date
    Jul 31, 2024
  • Location
    SR08
  • Duration
    15:15 — 16:45
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Diana Gratiela Berbecaru
  • → David Arroyo Guardeño
  • → Rihards Novickis

Accepted Paper

Threat-TLS: A Tool for Threat Identification in Weak, Malicious, or Suspicious TLS Connections
Diana Gratiela Berbecaru (Politecnico di Torino, Italy), Antonio Lioy (Politecnico di Torino, Italy)
Full Paper
Transport Layer Security protocol is widely used nowadays to secure communication channels in various applications running in network, IoT, and embedded systems environments. In the last decade, several attacks affecting the TLS specification, the implementation, the cryptographic vulnerabilities, or the deployment of the TLS-enabled software have been discovered. Although solutions exist for each class of attacks, an attacker may corrupt the TLS support on an end node (even temporarily) making it vulnerable to attacks. To test the resistance of a TLS server to attacks several tools or services exist, that mainly scan a target host looking for wrong configurations. We propose instead a network-based intrusion detection tool named Threat-TLS, aimed to individuate weak, suspicious, or malicious TLS connections. Attackers might establish such connections to hide and distribute potentially dangerous data content, like malware. Alternatively, weak TLS connections could be opened by (legitimate) systems or servers that have been compromised and are prone to TLS attacks, such as systems whose TLS configuration has been changed to use an old TLS version or outdated cryptographic algorithms. We have tested the proposed tool in a testbed environment, illustrating its performance in detecting some TLS attacks.
Workshop IMTrustSec
Anomaly-Based Intrusion Detection for Blackhole Attack Mitigation
Ashraf Abdelhamid (Nile University, Egypt), Mahmoud Said Elsayed (University College Dublin, Ireland), Heba K. Aslan (Nile University, Egypt), Marianne A. Azer (National Telecommunication Institute, Egypt)
Full Paper
In the contemporary environment, mobile ad hoc networks (MANETs) are becoming necessary. They are absolutely vital in a variety of situations where setting up a network quickly is required; however, this is infeasible due to low resources. Ad hoc networks have many applications: education, on the front lines of battle, rescue missions, etc. These networks are distinguished by high mobility and constrained compute, storage, and energy capabilities. As a result of a lack of infrastructure, they do not use communication tools related to infrastructure. Instead, these networks rely on one another for routing and communication. Each node in a MANET searches for another node within its communication range and uses it as a hop to relay the message through a subsequent node, and so on. Traditional networks have routers, servers, firewalls, and specialized hardware. In contrast, each node in ad hoc networks has multiple functions. Nodes, for instance, manage the routing operation. Consequently, they are more vulnerable to attacks than traditional networks. This study's main goal is to develop an approach for detecting blackhole attacks using anomaly detection based on Support Vector Machine (SVM). This detection system looks at node activity to scan network traffic for irregularities. In blackhole scenarios, attacking nodes have distinct behavioral characteristics that distinguish them from other nodes. These traits can be efficiently detected by the proposed SVM-based detection system. To evaluate the effectiveness of this approach, traffic under blackhole attack is created using the OMNET++ simulator. Based on the categorization of the traffic into malicious and non-malicious, the malicious node is then identified. The results of the suggested approach show great accuracy in detecting blackhole attacks.
Workshop IMTrustSec
Analysis of the Capability and Training of Chat Bots in the Generation of Rules for Firewall or Intrusion Detection Systems
Bernardo Louro (Universidade da Beira Interior, Portugal), Raquel Abreu (Universidade da Beira Interior, Portugal), Joana Cabral Costa (Universidade da Beira Interior and Instituto de Telecomunicações, Portugal), João B. F. Sequeiros (Universidade da Beira Interior and Instituto de Telecomunicações, Portugal), Pedro R. M. Inácio (Universidade da Beira Interior and Instituto de Telecomunicações, Portugal)
Full Paper
Large Language Models (LLMs) have the potential to aid in closing the knowledge gap in several specific technical areas, such as cybersecurity, by providing a means to translate instructions defined in natural language into specialized system or software specifications (e.g., firewall rules). The work described herein aims at an evaluation of the capability of LLMs to generate rules for firewall and Intrusion Detection Systems (IDS).

A preliminary evaluation has shown that widely available chat bots have limited capability to generate correct rules and that caution is needed when using their outputs for the aforementioned objective.

This work explores three fine-tuning approaches to address these limitations, each of them with a different objective and achieving different success rates. The first approach aimed at testing how well the model was able to use the knowledge obtained from the prompts when the question was structured differently, achieving a success rate of 89%. The second approach aimed at testing how well the model could link the knowledge obtained from two different prompts and reached a success rate of 61%. The final approach aimed at testing if the model could create complex rules by first learning simple rules, achieving a success rate of 79%.

It can be concluded that fine-tuning is sufficient to improve chat bots into creating syntactically and technically correct rules for firewalls and IDS. Results suggest that the development of a specialized model for as many attacks, firewalls and IDSs can indeed be achieved.
Workshop IMTrustSec
Acceleration of DICE Key Generation using Key Caching
Dominik Lorych (Fraunhofer SIT | ATHENE, Germany), Lukas Jäger (Fraunhofer SIT | ATHENE, Germany), Andreas Fuchs (Fraunhofer SIT | ATHENE, Germany)
Full Paper
DICE is a Trusted Computing standard intended to secure resource-constrained off-the-shelf hardware. It implements a Root of Trust that can be used to construct a Chain of Trust boot system, with symmetric keys representing firmware integrity and device identity. Based on this, asymmetric keys can be generated, but this slows down the boot process significantly as the keys need to be generated on every boot. Asymmetric keys provide multiple advantages when compared to symmetric ones, especially for updatable systems. This prevents the adoption of DICE in fields with strict boot time requirements, for example in the automotive context.

Boot times can be accelerated if keys can be cached in flash memory. However, keys must not be accessible if the state of the system changes, as otherwise the keys would not represent the state anymore. We implement two approaches for this and evaluate them on multiple MCUs regarding automotive requirements.
Workshop IMTrustSec

Detail IMTrustSec 02/05

Topics of interest include, but are not limited to 03/05

  • Cybersecurity incident management and response
  • Certification and open hardware
  • Intrusion detection and prevention systems
  • Machine learning algorithms for intrusion detection
  • Network security attacks investigation
  • Open source hardware security
  • Open source remote attestation
  • Open standards
  • Privacy and security implications of open source hardware
  • RISC-V applications for security and privacy protection
  • Risk management
  • Standards, guidelines and certification
  • Tools for evaluation of security protocols
  • Techniques and tools for cybersecurity attacks defense
  • Tools for security vulnerabilities processing
  • Trusted computing, confidential computing

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Diana Gratiela Berbecaru
Politecnico di Torino, Italy
Workshop Chairs Logo
David Arroyo Guardeño
Spanish Research Council, Spain
Workshop Chairs Logo
Rihards Novickis
Institute of Electronics and Computer Science, Latvia

Program Committee

Antonio Lioy | Politecnico di Torino, Italy
Daniele Canavese | IRIT (Institut de Recherche en Informatique de Toulouse), France
Fulvio Valenza | Politecnico di Torino, Italy
Igor Kotenko | St. Petersburg Institute for Informatics and Automation, Russia
Annachiara Ruospo | Politecnico di Torino, Italy
Andrea Vesco | LINKS Foundation, Italy
Pasquale Imputato | Universita’ degli studi di Napoli Federico II, Italy
Isaac Agudo | University of Málaga, Spain
Billy Bob Brumley | Rochester Institute of Technology , USA
Samira Briongos | NEC Laboratories Europe GmbH, Germany
Jesús Díaz Vico | IOHK, Spain
Andres Marín López | Polytechnic University of Madrid, Spain
Constantinos Patsakis | University of Piraeus, Greece
Nicola Tuveri | Tampere University, Finland

Submission 05/05

Important Dates

Extended Submission Deadline May 17, 2024
Author Notification May 27, 2024
Proceedings Version Jun 18, 2024
Conference Jul 30 — Aug 02, 2024
Join ARES 2025!

Join us at ARES 2025 in Ghent, Belgium