Logo: to the web site of the Swedish Defence University

fhs.se
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Cyber Vulnerability Implantation Revisited
Försvarshögskolan, Militärvetenskapliga institutionen (MVI), Avdelningen för ledningsvetenskap och militärteknik (ALM), Sektionen för militärtekniska system (MteS).ORCID-id: 0000-0002-4376-9800
Assemblin, (SWE).
2021 (engelsk)Inngår i: 2021 IEEE Military Communications Conference (MILCOM), San Diego, November 29-December 2, 2021., Institute of Electrical and Electronics Engineers (IEEE), 2021, s. 464-469Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In this paper we revisit a study presented at MILCOM 2014. Our goal then was to determine the utility of implanting a vulnerability into a cybersecurity software protocol to an actor planning to execute an offensive cyber operation. Based on a case study describing the then recently discovered Heartbleed bug as an offensive cyber operation, a model was devised to estimate the adoption rate of an implanted flaw in OpenSSL. Using the adoption rate of the cryptographic protocol Transport Layer Security version 1.2 as a proxy, we predicted that the global adoption of the vulnerability of at least 50% would take approximately three years, while surpassing 75% adoption would take four years. Compared to subsequently collected real-world data, these forecasts turned out to be surprisingly accurate. An evaluation of our proposed model shows that it yields results with a root-mean-square error of only 1.2% over the forecasting period. Thus, it has a significant degree of predictive power. Although the model may not be generalizable to describe the adoption of any software protocol, the finding helps validate our previously drawn conclusion that exploiting implanted cyber vulnerabilities, in a scenario like the one presented, requires a planning horizon of multiple years. However, as society becomes further dependent on the cyber domain, the utility of intentional vulnerability implantation is likely an exercise in diminishing returns. For a defender, however, our model development process could be useful to forecast the time required for flawed protocols to be phased out.

sted, utgiver, år, opplag, sider
Institute of Electrical and Electronics Engineers (IEEE), 2021. s. 464-469
Serie
MILCOM IEEE Military Communications Conference, ISSN 2155-7578, E-ISSN 2155-7586
Emneord [en]
cyber operations, cybercrime, vulnerabilities, exploitation, intelligence, cyber insurance
HSV kategori
Forskningsprogram
Försvarssystem
Identifikatorer
URN: urn:nbn:se:fhs:diva-10554DOI: 10.1109/MILCOM52596.2021.9652921ISBN: 978-1-6654-3972-5 (tryckt)ISBN: 978-1-6654-3956-5 (digital)OAI: oai:DiVA.org:fhs-10554DiVA, id: diva2:1624204
Konferanse
2021 IEEE Military Communications Conference (MILCOM)
Tilgjengelig fra: 2022-01-03 Laget: 2022-01-03 Sist oppdatert: 2022-01-05bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekst

Person

Sigholm, Johan

Søk i DiVA

Av forfatter/redaktør
Sigholm, Johan
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric

doi
isbn
urn-nbn
Totalt: 462 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf