Security Evaluation of Modern Industrial Control Systems
Michail (Mihalis) Maniatakos
Associate Professor of Computer Engineering, NYU Abu Dhabi
Abstract: Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS. The evolution of ICS abstracting the control logic to a purely software level hosted on a generic OS, combined with hyperconnectivity and the integration of popular open source libraries providing advanced features, have expanded the ICS attack surface by increasing the entry points and by allowing traditional software vulnerabilities to be repurposed to the ICS domain. In this keynote, we will shed light to the security landscape of modern ICS, dissecting firmware from the dominant vendors and motivating the need of employing appropriate vulnerability assessment tools. We will present methodologies for blackbox fuzzing of modern ICS, both directly using the device and by using emulation. We will then proceed with methodologies on hotpatching, since ICS cannot be easily restarted in order to patch any discovered vulnerabilities. We will demonstrate our proposed methodologies on a desalination plant testbed.
Speaker Bio: Michail (Mihalis) Maniatakos is an Associate Professor of Electrical and Computer Engineering at New York University (NYU) Abu Dhabi, UAE, and a Research Associate Professor at the NYU Tandon School of Engineering, New York, USA. He is the Director of the MoMA Laboratory (nyuad.nyu.edu/momalab), NYU Abu Dhabi. He received his Ph.D. in Electrical Engineering, as well as M.Sc., M.Phil. degrees from Yale University. He also received the B.Sc. and M.Sc. degrees in Computer Science and Embedded Systems, respectively, from the University of Piraeus, Greece. His research interests, funded by industrial partners, the US government, and the UAE government include privacy-preserving computation and industrial control systems security.
Trend of Charging Infrastructure Threats: From Mobile Devices to Automotive
Weizhi Meng
Associate Professor, Technical University of Denmark
Abstract: With the high demand of public charging facilities, public chargers, especially phone charging stations, have become common in various locations while being an attractive target for cyber-attackers. By malfunctioning a charging facility, attackers are able to infer either private or sensitive data from smartphones. In addition, such charging threat may pose a challenge for future automotive, which has to use a charging station periodically. This talk first introduces several existing charging attacks via a USB charging cable, as well as our developed Juice Filming Charging (JFC) attack, which can steal users' private information through automatically video-capturing phone screen during the whole charging period, via a standard USB connector. Then, this talk presents an improved BadUSB-C attack with several potential security solutions. In the end, this talk discusses the potential impact of charging threats from mobile platforms to automotive.
Speaker Bio: Weizhi Meng is currently an Associate Professor in the Department of Applied Mathematics and Computer Science, Technical University of Denmark (DTU), Denmark. He won the Outstanding Academic Performance Award during his doctoral study, and is a recipient of the Hong Kong Institution of Engineers (HKIE) Outstanding Paper Award for Young Engineers/Researchers in both 2014 and 2017. He also received the IEEE ComSoc Best Young Researcher Award for Europe, Middle East, & Africa Region (EMEA) in 2020. His primary research interests are cyber security and intelligent technology in security, including blockchain, intrusion detection, AI security, IoT security, biometric authentication, and trust management. He serves as associate editors / editorial board members for many reputed journals such as IEEE TDSC. He is an ACM Distinguished Speaker, and is directing the SPTAGE Lab at DTU.