Category Archives: IoT

Reveal block chain technology secret – he is the Genesis-of-Bible

Preface

Blockchain technology is the hottest topic last few years. Actually a similar of block technology already infiltrate into our world since genesis of the world. Do you still remember that in your student age attend chemistry lesson. A boring subject introduce the four principle orbitals (s, p, d, and f) which are filled according to the energy level and valence electrons of the element (see below for reference).  They are the block chain fundamental concept.

The genesis did not mentioned in high profile until blockchain technology do the renovation!

We are easy to find out the key elements of blockchain on internet. According to my observation so far, the result might not similar. My observation summary are function, element and the lifetime (life cycle). See below details for reference (another boring diagram)

The blockchain technology reveal those three items of key element since Bitcoin currency concept found 90’s. Bitcoin was invented by an unknown person or group of people under the name Satoshi Nakamoto and released as open-source software in 2009. The first impression of blockchain to the world is crypto currency (Bitcoin) until ENIGMA found another new idea of concept and announced to public in 2017.

Modern world concerning data privacy blockchain can do it better

In reference to technical article (Decentralized Computation Platform with Guaranteed Privacy) written by Guy Zyskind, Oz Nathan and Alex ’Sandy’ Pentland. It shown that an advanced encryption scheme (secure multi-party computation) provides more advance benefits comparing with key encryption concept.

Blockchain technology shown his expandable feature to the world he is not limit to cryptocurrency.

Enigma technology pioneer to introduce the expandability on blockchain features (see below):

Data marketplace, secure backend, internal compartmentalization, N-Factor authentication, identity,IoT, distrubuted personal data stores, crypto bank, E-Voting and Bitcoin Wallet.

Feature highlight

IoT: A fundamental weakness of IoT technology in regards to storage, manage and use (the highly sensitive) data collected by IoT devices in a decentralized area (trustless cloud). Blockchain technology is able to strengthen design weakness in data security area.

Transport layer security: We know traditional TLS (SSL) technology contained fundamental design weakness. Even though you are now using TLS 1.3, it is hard to guarantee the asymmetric cryptography will be encountered another vulnerability in future.

E-Voting: An data breach occurred last year (2016) on election of US president. Russian hackers targeted 21 US states’ election systems in last year’s presidential race. Blockchains are governed by a set of rules called the consensus protocol. These rules define which changes are allowed to be made to the database, who may make them, when they can be made. There are currently two main types of consensus protocol:

Proof of Work (PoW) and Proof of Stake (PoS)

Build a multi-environment secure infrastructure avoid data breach

We noticed that banking industry have tough and demanding compliance requirements. Some sort of policy they are not able to outsource the hosting facilities to cloud computing environment. As a matter of fact, I totally agree with their auditors concerns of data ownership and governance of data. We heard a data breach on Amazon Simple Storage Service (S3) — Cloud Storage this year. However the on-going technology trend is going to do the system integration to cloud computing. It looks that the IT world no way to escape the cloud technology integrate to their IT infrastructure. Block chain technology itself embedded strong encryption feature which can replace traditional network transport and data protection mechanism. Even though hacker break through the public cloud computing farm, hacker not easy to decrypt the data.

How about ransomware attack?

Blockchain solutions are decentralized – a scenario may happen that ransomware encrypted the data belongs to specifics cyber victim. But another range of clients may not affected.

Who’s is ready to playing this game?

Let’s do a review on current cloud facilities located in APAC country. In the meantime AWS did not install their hosting in China and Hong Kong. But service (blockchain-as-a-service) is available,The nearest zone which have AWS hosting facility installed is Singapore. In such a way bring the advantage to Microsoft Azure cloud became a market leader in this area (see below reference).

According to the blockchain key elements: function, element and life cycle. Blockchain can conduct like a theory apply to technology world without limitation.

Let take a closer look of blockchain processing sequence. The key elements are indicated on the diagram below.

Summary:

For those country who would like to implement the Smart City. Blockchain technology is the key project element which they cannot escape.

A Breakthrough for City Innovation driven by blockchain technology

  1. Single-sign-on facility provides every registered citizen with a free verified login with which they can securely connect and transact both locally and globally across both public and private services.
  2. A secure platform for innovation.
  3. Provides integrated solutions for local commerce across retailers, service providers, dining, and lodging internal system migrate to the cloud (blockchain-as-a-service).

The art of cyberwar – Internet of things (IoT)

Preface:

The art of war (孫子兵法) written by Sun Tzu. The Art of War is an ancient Chinese military treatise dating from the Spring and Autumn period in 5th century BC. The work, which is attributed to the ancient Chinese military strategist Sun Tzu, is composed of 13 chapters. Perhaps the art of cyberwar do not have author. It is created by Artificial Intelligence.

The art of cyberwar first chapter (IoT Operating System)

The foundation of Open Systems Interconnection model strengthen the technology world. A common standard categorized software application, network protocol, network communications and hardware. Perhaps the standard founded in 1983. However it become mature till earlier of 90’s.

Obviously the situation of Internet of things (IoT) have certain similarity comparing with 80’s technology world. Since such period of time the vendor not intend enforce OSI model standard.

The Internet of Things presents a new set of data storage. Meanwhile it create cyber security challenges. First, there is large-file data, such as images and videos captured from smartphones and other devices. The second data type is very small, for example, log-file data generated from sensors. The operation system will be embedded on Flash Drive and SD Ram. Be my guest, let’s take a closer look of popular IoT OS system.

The art of cyberwar 2nd chapter

What are the parameters for selecting a suitable IoT Operating System.

Yes, it is the memory requirement and OS footprint.

The art of cyberwar 3rd chapter

Due to the Design limitation of free disk space and API library. And therefore it limit the types of cyber attack.

The art of cyberwar 4th chapter

IoT Jeopardize the world records (see below):

The art of cyberwar 5th chapter

This chapter looks straight forward. A common standard is waiting for all of you especially software developer and vendor define!

The other side of the story on cyber attack (Electronic war between countries)

 

Preface

We heard  that the new age transformation is coming.  As a result it transform the traditional military weapons to electronic codes. The computer  technologies such as DDOS (Distributed denial of services), malware and virus similar a killer. It can disrupt the financial activities,  daily network communication and health care services. An idea bring to our attention on world war II history was that classic military power result destroyed everything (mankind and properties).  But re-built the society and operation after war. It is a harsh and difficult mission! From technical point of view, the victorious might stand on ethics view point to assists defeated side to rebuild the business and economic system. As a matter of fact, the distruction level of war created by military weapon especially missile it is hard to evaluation. And this is the reason let’s cyber warfare appears in coming future! But it started already!

Analytic result on technical articles about cyber warfare

In regards to my study on technical article issued by CSS Eth Zurich (The Center for Security Studies (CSS) at ETH Zurich).The analytic result highlights serveral key factors of Cyber warfare . Cyber warfare was cheaper than traditional military force. It provides a  “cleaner” (with less or no bloodshed) suitation. No doubt that  less risky for an attacker than other forms of armed conflict. The analytic result  defines 5 different types of cyber conflict during their study. They are Cyber War, Cyber Terrorism, Cyber Espionage, internet crime and cyber vandalism.

The specific feature of cyber weapon (in between country to country)

I was sometimes confused with the headline news on prediction on cyber technology war.  The questions on my mind is that how electronic weapon or cyber weapon replacing traditional military facilities? Think it over, the appropriate technique might adopted target into the following criteria (see below):

The capabilities of cyber attack techniques ( A transformation of traditional military force)

Type Attack technology Functional feature – objective Target – Environment Remark:
Cyber Vandalism, Cyber War IOT & BOTNET (DDOS technique)

 

Services suspension – electronic communication services (IP-Telephony) Bank, Fund House , Stock Exchange
Cyber Espionage Malware Information gathering Bank, Fund House, Stock Exchange & government sector
Cyber War, Cyber Vandalism Ransomware Services suspension important facility fucntion nuclear facility , Airlines,TV broadcast station, Radio broadcast station & military facility Ransomware feature contained facility to supspend the computer services. Besides it capable listen to the instruction of C&C server. On the other hand, the attacker can resume the services once they win the battle.
Traditional military force Bomb Services Suspension on important facility function and destroy permanently nuclear facility, military facility, power station, airport & communiation facility (Digital phone system)
Internet Crime, Cyber war Email phishing and Scam email message Carry out  psychological warfare, implant malware activities in order to fulfill their objective nuclear facility, military facility, power station,

Let us dig out one of the attack technique to see how the cyber technology feature fulfill the goal of the cyber warfare features .

Do you think Ransomware is founded by military department?

The first ransomware appear in the world on 1989. A biologist Joseph L. Popp sent 20,000 infected diskettes labeled
“AIDS Information – Introductory Diskettes” to attendees of the World Health Organization’s international AIDS conference.
But after 90 reboots, the Trojan hid directories and encrypted the names of the files on the customer’s computer.
To regain access, the user would have to send $189 to PC Cyborg Corp. at a post office box in Panama.

In 2006, former President George W. Bush was increasingly worried about Iranian efforts at enriching uranium, and ultimately, its hopes to build an atomic bomb. The goal of Stuxnet is going to destroy Iraq nuclear facilities driven by US government. The rumors were told Stuxnet malware destroyed roughly one-fifth of Iran’s centrifuges in 2009.

An unconfirmed  information stated that there is a separate operation called Nitro Zeus, which gave the US access into Iran’s air defense systems so it could not shoot down planes, its command-and-control systems so communications would go dead, and infrastructure like the power grid, transportation, and financial systems.

Speculation:

WannaCry infection using EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol.  The U.S. National Security Agency (NSA) had discovered the vulnerability in the past, but used it to create an exploit for its own offensive work, rather than report it to Microsoft. As we know nuclear power facilities control system OS platform relies on Microsoft OS system (see below articles). It may causes people think is there any secret action hide by NSA (National Security Agency). He aroused my interest in questioning who is the key figure to spread WannCry ransome? It looks that there is similarity with Stuxnet worm infection in 2009. Since we all fool by NSA at that time let your computer workstation transform to a cyber army then attack USA enemy.  Do you think wanncry is the rehearsal of test or pilot run?

Malware vs. nuclear power: Do you think SCADA system is the culprit of attack on nuclear power system?

Below diagram is my imagination of the modern nuclear facility environment. The SCADA system pay a key role in nuclear power facility. Ransomeware have capabilities to suspend the services of this facilities. It doesn’t need to destroy anything but the services will be totally shut it down the services. We have seen the real example in UK health care services as a reference. I will stop written here. Should you have any queries, I will try my best to written more in future.

Supplement – The other side of the story on cyber attack (Electronic war between countries) – 13th June 2017

 

As said on above discussion topic, since it looks not interest to visitors on reflection of comments on feedback.  However there is something on my mind need to share.

North Korea President Kim’s intention show to the world of his governance power. He is in frequent to demonstrate his military power cause US government concerns his equalize of military power in the world. To be honest, it is hard to equal the military and economics power as of today. For instance China nearly become the 1st business economic leader. We all know United state is the leader in this moment. However their economic operation chain should have difficulties to do the 2nd round of transformation. Because some of their capital business and business economy contained made in China element.  Since North Korea on finance and business economy are weak. President Kim did such things seems not make sense. I did not visit North Korea however a lot of news on TV might speculate their current situation. I strongly believed that their nuclear facility might operation in 60’s fashion. The SCADA system not possibly supply by Siemens. But learn and develop a windows based SCADA system not difficult.  From information point of view, North Korea nuclear facilities might relies on window for Control Systems instead of Linux for control system.  And therefore Ransomware type attack can specifics shot the target. Meanwhile the business industry from North Korea all work with Microsoft OS  in daily life.

The infection status of wannacry was not issued by North Korea government.  But for sure that wannacry type infection can suspend North Korea business finance and industries operations.

Below are the hints how to eliminate the risks issued by  SCADA system vendor. Any interest?

Process control vendors require:
1. A system with a minimal attack surface, so that biweekly or monthly patches are not required
2. A consistent programming interface that will not change every four to five years, requiring a complete rewrite of their software
3. An environment that can be quickly and safely “locked down” to reduce the risk from hacking
4. A system with limited network access, only through specific ports to reduce the risk of network based attacks
5. Support for priority-based multi-tasking, preferably a real-time operating system (RTOS) that supports hard real-time requirements
6. A robust ecosystem of utilities and tools to make development, installation, debugging, and maintenance as easy as it is on consumer systems.

End of this topic

 

 

 

IT cup noodles – fast step detect IoT devices on your network

Preface:

The world has been changed. Modern people all unforgotable a key word on mouth. What’s is this? The word efficiency. No matter you wait for dinner, buy lunch, queue in cinema buy the ticket.  We all looking for the final expectation is quick! Right?  Since our standard life without computation is hard to survival. How about cyber security. The headlines news alerts you daily of cyber incidents. Whereby manufacturer and business man satisfy your  expectation. For the food, we have ready to eat noodle. But how about the cyber security solution. Any Quick and done solution available in the market?  Yes, it is available. Regarding to the subject matter, below solution is the quick and dirty solution to figure out the IoT devices inside your network! Sounds like a Japan food product (Cup Noodle). Be my guest. Enjoy!

Requirement:

As of today, firm install the SIEM product is the major component to compliance standard. No matter PCI, SOX & ISO 27001 compliance standard they are all require a central log management system. The technical term so all SIEM (Security information and event management). The SIEM system carry a major powerful feature so call correlation rule.  The scenario is that SIEM system will identify and filter the specifics log event of the device on custom setup. Then provide a status update (send the notification email) alert on duty IT staff what is the current situation.

Since the function is ready. We can g to next step.

What is the theory?

As we know, the ethernet mac address contains vendor ID name field (see below diagram for reference) to determine the corresponding vendor. Since this vendor ID is unique and therefore we can make use of this vendor ID to figure out the target.

Criteria (specifications):

The SIEM system default function come with parser function to identify the MAC address of each device. Since most of the log event format are compliance to common standard. The most popular one of the standardization is the common event format (CEF).
The format called Common Event Format (CEF) can be readily adopted by vendors of both security and non-security devices. This format contains the most relevant event information, making it easy for event consumers to parse and use them.

 

Procedure:

Define rogue device detection on SIEM system.  SIEM system is able to use the first few octets of a mac address to identify a rogue device. If so, then you could then use the vendor part of mac address to enforce your company IT policy. Avoid the IoT devices hide inside your network and reduce the insider threat. Below breakdown list is the vendor MAC address for your reference. Since my vendor ID on hand more than 100 pages and therefore not going to post here.

F8A45F	Xiaomi Communications Co Ltd
8CBEBE	Xiaomi Communications Co Ltd
640980	Xiaomi Communications Co Ltd
98FAE3	Xiaomi Communications Co Ltd
185936	Xiaomi Communications Co Ltd
9C99A0	Xiaomi Communications Co Ltd
84742A	zte corporation
BC3AEA	GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
E8BBA8	GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
8C0EE3	GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
006B8E	Shanghai Feixun Communication Co.,Ltd.
C81479	Samsung Electronics Co.,Ltd
54FB58	WISEWARE, Lda
A42940	Shenzhen YOUHUA Technology Co., Ltd
B00594	Liteon Technology Corporation
C0A0BB	D-Link International
28A1EB	ETEK TECHNOLOGY (SHENZHEN) CO.,LTD
4CCBF5	zte corporation
F0F5AE	Adaptrum Inc.
F42896	SPECTO PAINEIS ELETRONICOS LTDA
5C36B8	TCL King Electrical Appliances (Huizhou) Ltd.
90F3B7	Kirisun Communications Co., Ltd.
DCAD9E	GreenPriz
B4827B	AKG Acoustics GmbH
3C18A0	Luxshare Precision Industry Co.,Ltd.
186472	Aruba Networks
4CB81C	SAM Electronics GmbH
2C3731	ShenZhen Yifang Digital Technology Co.,LTD
041A04	WaveIP
94E98C	Alcatel-Lucent
50206B	Emerson Climate Technologies Transportation Solutions
C8EE75	Pishion International Co. Ltd
CC3429	TP-LINK TECHNOLOGIES CO.,LTD.
1C7B21	Sony Mobile Communications AB
BC9680	Shenzhen Gongjin Electronics Co.,Ltd
9C2840	Discovery Technology,LTD..
F89FB8	YAZAKI Energy System Corporation
709E29	Sony Computer Entertainment Inc.
E0B2F1	FN-LINK TECHNOLOGY LIMITED
F037A1	Huike Electronics (SHENZHEN) CO., LTD.

Conclusion:

As said, this is a fast food solution. If the above solution not suitable to your shop. The better idea is that invite your SIEM vendor to develop the appropriate solution fit for your requirement. It is now reach my lunch hour. Ok, we are stop the discussion here.

Cup Noodle please!