Denial of Service Attacks on RealTime Systems

1
Denial of Service Attacks on Real-Time Systems
By Thema Davis and Vipul Gupta
2
Outline

• Abstract
• Background Information
• Real-Time Systems (RTS) and examples
• Denial of Service (DoS) attacks
• Ways to cause DoS attacks on the system
• Types of failures and impact
• Research
• Incorporating Security in Real Time Systems An
  Overview
• Why RTS are more prone to DoS attack
• Misuse Cases Scenario
• Related works and Limitations

3
Abstract

• The purpose of this project and presentation
• To determine ways Denial of Service attacks can
  be caused on Real-time systems.
• To check if it is possible to delay a task in
  order to cause a Denial of Service attack on
  Real-Time systems.
• To study some of the contemporary researches in
  the area and analyze the solutions provided by
  them.

4
Real-Time Systems

• Hardware and Software
• Operational deadlines
• Task must be completed within a certain timeframe
• Mission Critical
• Deadline must be met or the system is considered
  to have failed

5
Different Types

• Two Main Types
• Hard RTS
• Must be completed before the deadline
• Can lead to a critical failure
• Soft RTS
• Doesnt necessary have to make the deadline
• May delay the system for a short period of time

6
Examples of RTSs

• Hard Real-Time Systems
• Heart Pacemaker
• Car engine control system
• Soft Real-Time Systems
• Live audio-video systems

7
Denial of Service (DoS)

• Resources are unavailable to the intended user
• Common Targets
• Internet websites or services
• Prevents the website/service from functioning
• Temporarily or indefinitely
• Targets include high-profile web servers

8
Causing DoS attacks on Systems

• Common Methods
• Saturating the victim machine with request
• Two Main Ways
• Consuming computer resources
• Obstructing communication between the user and
  victim

9
Failures and Possible Impact

• Failure in avionics software
• Loss in life
• Loss in faith
• Loss in money
• Failure in military equipment
• Software problem led to system failure at
  Dhahran, Saudi Arabia
• Loss in faith
• Loss in money

10
Security in Real Time Systems An Overview

• Tasks
• Predictability
• Two Basic Approaches for adding security in RTS
• Start with minimal security and increase it to
  the next level
• It incurs overhead,
• Security level increased till it is predicted
  that either the tasks deadline will be missed
  or subsequent task(s) will miss the deadline
• Schedulability Driven Security Optimization in
  Real Time Systems (by Man Lin, Laurence T. Yang),
  
• Scheduling Security Critical Real Time
  Applications on Clusters (by T. Xie and X.Qin),
  and
• Dynamic Task Scheduling with Security Awareness
  in Real-Time Systems (by T. Xie, A. Sung, and X.
  Qin)

11
Security in Real Time Systems An Overview

• 2. Start with maximum security and vary it as
  system gets overloaded
• Scenario - In a target tracking system, Unmanned
  Aerial Vehicles (UAVs) that are required to
  perform reconnaissance in soft real time to
  monitor and transmit the battlefield status to
  the Command and Control Center (CC).
• Systematic Security and Timeliness Tradeoffs in
  Real Time Embedded Systems (by Kyoung-Don Kang,
  Sang H. Son)

12
Timing Constraint A vulnerability

• RTSs sensitive to variations in latency
• Denying service may just be a matter of delaying
  that task rather than interdict it entirely
• Scenario - Sending a burst of spurious messages
  may delay key messages

13
Misuse Cases
14
Causing DoS in RTS Some misuses

• Flood system with requests
• Done to exhaust system resources
• System unavailable for sometime
• Disrupt system functioning by physical damage
• Vandalize the hardware
• System unavailable till hardware
  replaced/repaired
• Add spurious tasks to delay genuine tasks
• Apply additional security

15
DoS Vulnerabilities in RTS

• Temporal Signatures
• Profiling based on Temporal Signatures
• Encryption and Authentication alone cannot hide
  temporal information

16
Selective DoS

• Using temporal information to design adaptive
  attacks
• The attacker can study when the system is most
  vulnerable and the attack be mounted
• Example
• Jamming Communications in a Wireless Network when
  it is most vulnerable

17
Selective DoS
18
Defense Mechanisms

• Depends on sophistication of the attack
• Spurious messages filter
• What about a more sophisticated attacker?
• Can be improvised as we see next

19
Defense Enabling within Real Time Scheduling

• Maximum Urgency First (MUF) Secure-MUF
• Guard Operations have deadlines too and laxity
  associated with them
• Problem Uncontrolled insertion of guard
  operations

20
Profiling for Defense

• Temporal Signatures for defense
• Modify
• Camouflage
• Reduce available information
• Detect
• Compare temporal signatures at different points
  in the system
• Quantify

21
Problems???

• Defenses constrained by the feasibility of the
  system
• Solutions not yet applied to real world scenarios
• Do these solutions work?

22
Questions