Logotyp: till Försvarshögskolans hemsida

fhs.se
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Cyber Vulnerability Implantation Revisited
Försvarshögskolan, Militärvetenskapliga institutionen (MVI), Avdelningen för ledningsvetenskap och militärteknik (ALM), Sektionen för militärtekniska system (MteS).ORCID-id: 0000-0002-4376-9800
Assemblin, (SWE).
2021 (Engelska)Ingår i: 2021 IEEE Military Communications Conference (MILCOM), San Diego, November 29-December 2, 2021., Institute of Electrical and Electronics Engineers (IEEE), 2021, s. 464-469Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

In this paper we revisit a study presented at MILCOM 2014. Our goal then was to determine the utility of implanting a vulnerability into a cybersecurity software protocol to an actor planning to execute an offensive cyber operation. Based on a case study describing the then recently discovered Heartbleed bug as an offensive cyber operation, a model was devised to estimate the adoption rate of an implanted flaw in OpenSSL. Using the adoption rate of the cryptographic protocol Transport Layer Security version 1.2 as a proxy, we predicted that the global adoption of the vulnerability of at least 50% would take approximately three years, while surpassing 75% adoption would take four years. Compared to subsequently collected real-world data, these forecasts turned out to be surprisingly accurate. An evaluation of our proposed model shows that it yields results with a root-mean-square error of only 1.2% over the forecasting period. Thus, it has a significant degree of predictive power. Although the model may not be generalizable to describe the adoption of any software protocol, the finding helps validate our previously drawn conclusion that exploiting implanted cyber vulnerabilities, in a scenario like the one presented, requires a planning horizon of multiple years. However, as society becomes further dependent on the cyber domain, the utility of intentional vulnerability implantation is likely an exercise in diminishing returns. For a defender, however, our model development process could be useful to forecast the time required for flawed protocols to be phased out.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2021. s. 464-469
Serie
MILCOM IEEE Military Communications Conference, ISSN 2155-7578, E-ISSN 2155-7586
Nyckelord [en]
cyber operations, cybercrime, vulnerabilities, exploitation, intelligence, cyber insurance
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
Försvarssystem
Identifikatorer
URN: urn:nbn:se:fhs:diva-10554DOI: 10.1109/MILCOM52596.2021.9652921ISBN: 978-1-6654-3972-5 (tryckt)ISBN: 978-1-6654-3956-5 (digital)OAI: oai:DiVA.org:fhs-10554DiVA, id: diva2:1624204
Konferens
2021 IEEE Military Communications Conference (MILCOM)
Tillgänglig från: 2022-01-03 Skapad: 2022-01-03 Senast uppdaterad: 2022-01-05Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltext

Person

Sigholm, Johan

Sök vidare i DiVA

Av författaren/redaktören
Sigholm, Johan
Av organisationen
Sektionen för militärtekniska system (MteS)
Systemvetenskap, informationssystem och informatik

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 462 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf