presenting the methods used to protect systems with strong authentication using the HMAC ONE TIME PASSWORD established by the Open Authentication consortium.
Boolean logic Driven Markov Process (BDMP)
BDMP is a graphical modeling formalism originally designed for safety and reliability assessment of systems. This formalism is an extension of fault trees used to represent Markov graphs of large size . It therefore provides a good readability, a good hierarchical representation and an advanced quantification capabilities. The formalism BDMP offers, features dynamic modeling with a particular type of link called "triggers." Fig.1 shows an example of modeling BDMP Figure 1: Modeling BDMP
Stuxnet is a virus developed to attack information systems using SCADA networks exploiting. This virus has infected thousands of machines, based on a new technique of attack. This is achieved by the use of trusted certificates, allowing it, to be executed in legitimacy in windows OS. The functioning of the virus is presented bellow. After his appearance, many countermeasures were made, like the proposal done by Siemens WinCC SCADA System editor, who offer a tool to remove Stuxnet. Microsoft have also, corrected the vulnerabilities exploited by the virus (for possessing the
rights) . But the exploitation of any zero-day vulnerabilities may lead to a same result. If one of the exploited Windows vulnerabilities is not corrected, it will allow modifying the executed processes, and this is considered as a real danger.
Supervisory Control And Data Acquisition SCADA:
The networks SCADA is a set of computers and applications that perform key functions in the delivery of services and commodities (electricity, natural gas, etc) and offers remote management on a large scale distributed at measures and controls .
Open Authentication OATH:
It is a consortium in which there are large companies driven by the strong growth which aims to improve safety in a world increasingly connected. It provides solutions that enable strong authentication for all users on all devices and networks .
Hashed Message Authentication Code One Time Password HOTP:
HMAC OTP (HOTP) is an algorithm to generate the one-time-password value based on Hashed Message Authentication Code (HMAC) . This algorithm is used in a wide variety of networks and systems application. We give an example of the implementation of this algorithm in chapter IV.
Dynamic Link Library DLL:
DLLs are executable files that allow applications to share code to perform one or more predefined functions. One of the biggest advantages is that a DLL is not loaded into memory, which saves memory while allowing several programs to function effectively. However, there are malicious DLL. These programs can change the parameters of the systems and allow to intruders to remotely access to these latter. III.
STUXNET Generally, the machines are infected by execution of autorun.inf or by file sharing. The machines are infected by loading a DLL file. This file contain a multiple functions which are exploited later by Stuxnet, subsequently, the virus checks the
and its environment, in order to choose the continuation or discontinuation of scripts based on the machine configuration. If the configuration of the system is correct and updated; Stuxnet verifies if it possesses the administrator rights, if not, it exploits one of the two zero-day vulnerabilities in order to get the required rights : (i) CVE- 2010-2743 (MS -10- 073) Or (ii) vulnerability in the Windows Task Scheduler. Both vulnerabilities allow any program to have privileges, and also, to be run in a new process or as a new task in the task manager. The environment is now ready to be infected by Stuxnet. The infection process is done according to the antivirus installed. Stuxnet installs the device drivers in the registry, to ensure their performances every time the machine started. They are loaded before all Windows applications. Then it changes the settings of the Windows Firewall (Windows Defender) to avoid being blocked later . The Fig.2 shows the different steps of that operation.
(IJCSIS) International Journal of Computer Science and Information Security, Vol. 12, No. 5, May 20148http://sites.google.com/site/ijcsis/ ISSN 1947-5500