Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from Research Paper:
What are Vulnerabilities?
Hardware attacks because of Vulnerabilities
Hardware Data modification / injection
The Scientist Argument
How organizations can best address its potential impacts
Cybersecurity Vulnerability: Hardware Weakness
This essay introduces the role that computer hardware weakness opens the door up for attack in cyber-physical systems. Hardware security -- whether for attack or defense -- is not the same as software, network, and data security on account of the nature of hardware. Regularly, hardware design and manufacturing take place before or throughout software development, and consequently, people must be aware of hardware security vulnerabilities early in product life cycles. Whether it is human resources management, email and coordinated calendar systems, or sales tracking systems, the cloud offers opportunity to businesses for quicker, potential cost savings and stream lined procedures. With that being said, arguments over cybersecurity and vulnerability tend to be extremely touchy. On one side, supporters of stronger cybersecurity bring up the warning that we are at risk of a "digital Pearl Harbor" wherein the United States financial system, power system, and other parts of "critical infrastructure" could be criticized and extremely injured by distant hackers. On the other side, open Internet supporters are extremely skeptical that there is any real probability of attack. With that said, this paper will focus on the hardware vulnerability and how the presence of hardware backdoors in particular represents a nightmare for the security community.
What are Vulnerabilities?
Vulnerabilities are considered to be weaknesses in hardware that allow an attacker to compromise the availability, integrity, or confidentiality of that software or the data it handles. Some of the vilest vulnerabilities permit attackers to abuse a compromised computer, producing it to run random code without the user's information.
The previous 10 years exemplify a very interesting timeframe for studying vulnerability disclosures and ensuing changes that carry on to affect risk management in IT organizations all over the world. Before examining the trends and charts, a momentary review of the past decade with respect to industry vulnerabilities is in order.
Hardware attacks because of Vulnerabilities
One of the key consequences of the world economic disaster was budget cuts for security validation and manufacturing, in both private and public sectors. Regrettably, the cost is considered the factor that most effects the final choice for buyers. This led to the debility in the utilization of authorized resellers.
Orders today are typically made directly to manufacturers located in the Far East because of cheaper production prices. Those areas are considered to be conflicting for the reason that their governments are responsible for the majority of cyber attacks against western companies.
Research shows that the risk of getting hardware machineries with a backdoor is looked at as being concrete. It is true that Asian governments are not all the way accused of silently putting together backdoors. Recently, Edward Snowden was the one that exposed that the NSA commanded that the United States manufacture to plant a backdoor in produces that are exported.
When hardware is weak, malicious hardware alterations from insiders signify a serious threat. System difficulty, the large amount of designers and engineers concerned in every project and the delocalization of production in risky countries because of low cost presents a security threat.
A person that was spiteful enough could change a small section in the entire system for sabotage or espionage. Such attacks can be particularly overwhelming in security-critical industries, for example the military. The introduction of hardware Trojans could occur in each stage of the supply chain, reliant on the methods accepted by attackers and on the technology utilized for hacking.
Common hardware attacks because of vulnerabilities are the following:
Manufacturing backdoors, for malware or other piercing resolves; backdoors are not limited to hardware and software, nevertheless they also affect embedded radio-frequency identification (RFID) memory and chips
Listen in by getting access to protected memory deprived of opening other hardware
Producing faults, affecting the break of normal behavior
Hardware modification interfering with aggressive operations; hardware or jail broken software (Carr, 2010)
Backdoor creation; the attendance of hidden approaches for bypassing usual computer verification systems
Counterfeiting product resources that can produce unusual operations, and those made to gain malicious admission to systems
Also many experts argue that because hardware weaknesses attacks relate to the following devices:
Access control systems for instance verification tokens
Network piece of equipment
Industrial control systems
Sections of communication structure
Because of the hardware liabilities, attackers could likewise act at lower levels to affect the work of microcircuits, fundamental sections of any electronic device. Lately researchers have explored the likelihood of adapting hardware behavior by managing the concentration of dopant in electronic components or changing its division.
Hardware Data modification / injection
Some experts have argued that by perceiving the pattern of data write-backs to RAM, an attacker is able to figure out the location of the runtime stack, as commonly used software stack structures are usually simple. From the time when the attacker has physical admission to the device, stack data can be inoculated and, even though the data will be decrypted into a random stream, the effect on program behavior can be witnessed (Chen, 2009). The attacker may still be able to disturb the execution or learn concerning the executable.
Another thing that happens when the hardware is extremely weak is what is called the data substitution which is also currently valid, and observe the program's behavior. Unlike instructions which are limited to the valid opcodes in the instruction set, any data injected by the attacker will be correctly decrypted and passed to the processor. Thus, encryption in this case provides no protection other than privacy of the application's data. To address this issue, EED platforms typically consist of a location label (normally a memory address) as part of the validation data.
The Scientist Argument
Scientists Adam Waksman and Simha Sethumadhavan argued the further ideas of kinds of hardware backdoors because of hardware flaws. One of those backdoors are Ticking time bombs which is when an attacker could program a time bomb backdoor into HDL code that inevitably triggers backdoors after a pre-determined ?xed quantity of time after the power-on of a method. If the hardware is really weak, a device could be forced to crash or function spitefully after a determined number of clock cycles. It's clear that this type of attack could be very dangerous when hardware has some weakness that could be taken advantage of by some threat. When the hardware is not strong, an attacker would be able to create a kill switch function that could be undetectable by any validation means.
Level of Hardware Vulnerability
Means that the source of weakness within the network is highly motivated and sufficiently skillful and the network controls in place are unsuccessful.
Vulnerability inside the company is motivated and capable and controls and organization should put the controls to impede vulnerability.
The network weakness is not encouraged and controls are in place to stop vulnerability of the company's network in addition to data.
Another thing that needs to be considered are cheat codes which have a huge impact of due to hardware flaws. If the hardware has any kind of openings or just a malfunction an attacker could program backdoor triggers which are usually based on certain input data, otherwise recognized as "cheat codes." (Kelly, 2012) A "cheat code" is secret facts that the attacker is able to utilize to recognize themselves to hardware backdoor reason. It'll then start a malicious operation type of mode. Obviously, the code must be distinctive in order to avoid being accidentally provided throughout validation tests. As opposite to time bombs, this type of backdoor needs a second attack vector, the "cheat code." (Broggi, 2014) Because the hardware is not sound enough, the attacker could deliver "cheat codes" which send a sole data value enclosing the entire code (single-shot "cheat codes") or a large cheat code in multiple pieces (consecutive "cheat codes.")
How are sensitive computations able to be executed in remote devices such that the results gotten are dependable when it comes to hardware vulnerabilities? The argument here is that programs can be changed, data can be improved, records and logs removed, or secrets shown. debuggers and simulators offer mechanisms for observing memory content and execution patterns; memory can be read and frozen; operating systems and compilers could possibly be altered; and even the hardware could possibly harbor a Trojan circuit.
Figure 1 the example illustrates three paths that an attacker can take to penetrate the network using FTP serve
However, experts debate the point that designers of secure coprocessors contend that a system's root of trust has to be a computational ploy that can execute its tasks properly and without revealing secrets in spite of any attack (programmatic or physical) (Carr, 2010). A loose, common purpose computer in a tamper-proof physical enclosure would do, nonetheless that is difficult to obtain. High-end processors take in a lot of power and produce a…[continue]
"Cybersecurity Vulnerability Issues" (2014, October 09) Retrieved December 10, 2016, from http://www.paperdue.com/essay/cybersecurity-vulnerability-issues-192554
"Cybersecurity Vulnerability Issues" 09 October 2014. Web.10 December. 2016. <http://www.paperdue.com/essay/cybersecurity-vulnerability-issues-192554>
"Cybersecurity Vulnerability Issues", 09 October 2014, Accessed.10 December. 2016, http://www.paperdue.com/essay/cybersecurity-vulnerability-issues-192554
Cyber Security Vulnerabilities Single Most Important Cybersecurity Vulnerability Facing IT Managers Today Cyber Security Vulnerabilities Facing IT Managers Today At present, computers link people to their finances through online banking and a number of many online applications that offer access to accounts. In addition, they provide a connection to a broad variety of information, including social media, for instance, Face book, YouTube and Twitter. Interconnectivity of the systems have made it possible for
The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored
Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met
Cyber Security in the 21st Century Importance President Obama has declared that the "cyber threat is one of the most serious economic and national security challenges we face as a nation" and that "America's economic prosperity in the 21st century will depend on cybersecurity" (The White House, N.d.). The importance of cyber security is paramount in the modern age. Cyberspace now touches almost every aspect of our daily lives. It is a major
technology a field study choice. a. The impact mobile devices cybersecurity Courses fulfill General Education Requirements (GERs) UMUC a common theme -- technological transformations. The preferred device for browsing the web, making purchases, using social media, and emailing is the smartphone. Many people find it is easier to carry a smartphone due to its size. A breeding ground for cyber attacks has resulted from the popularity of mobile devices. Mobile
S. Department of Defense (DOD) uses over two million computers and more than ten thousand local area networks, most of which are linked to, and vulnerable to attack from, users of the larger Internet. (2008, p. 276) These increasing threats correspond to the growing reliance on information systems to manage the entire spectrum of modern commerce and energy resources, making the disruption of a single element in the integrated system a
PDF Summary The Economics of Cybersecurity: Principles and Policy Options There are serious issues with cybersecurity when it comes to the principles and policy options that are available, and the economic challenges it faces. While a technical approach to cybersecurity is important, the easiest way to gain perspective on the issue is through economics. When an organization is not prepared for the full cost of a system failure, there is nothing to