Chapter 10 Monitoring Systems Monitoring Systems l Most

Monitoring Systems l Most examples here monitor physical systems Alarms l Pre. Payment Meters

Alarms l Threat Model Who is your attacker l See page 209 4 examples

Attacks l Sensors l Feature interactions l Attacks on Communications l Physical security

Prepayment meters l Purchase location one place use it in another Protect against forgery

Taximeters, Tachographs, Speed limiters. l Odometer in cars l Taximeters l Black Boxes l

Tachosmart l European Union Designing smart card based system l Does little to eliminate

Discussion articles l Prepayment meters l Other uses of Resurrected Duckling

List of Resources l Alarms http: //www. stevenspublishing. com/Stevens/ Sec. Prod. Pub. nsf/frame? open&redirect=http:

List of Resources l Alarms l and network security http: //www. usenix. org/publications/login/200 0

List of resources l Tachosmart l http: //www. ntc. gov. au/View. Page. aspx? page

Slides: 11

Download presentation

Chapter 10 Monitoring Systems

Monitoring Systems l Most examples here monitor physical systems Alarms l Pre. Payment Meters l Taximeters, Tachographs, Truck Speed Limiters l

Alarms l Threat Model Who is your attacker l See page 209 4 examples l l Deter – Detect – Alarm – Delay – Respond l Sensors Page 211 Eliminating false positives l Layers of defenses -- barriers l

Attacks l Sensors l Feature interactions l Attacks on Communications l Physical security

Prepayment meters l Purchase location one place use it in another Protect against forgery and duplication l Petty fraud acceptable risk l Systematic fraud is not l l Great study of prepayment meter pages 215 -222 l It is cool to read and think about these systems

Taximeters, Tachographs, Speed limiters. l Odometer in cars l Taximeters l Black Boxes l What goes wrong with Tachographs? 70% procedural l 20% tamper with supply to tachograph l 6% tamper with instrument l l hightech

Tachosmart l European Union Designing smart card based system l Does little to eliminate procedural fraud l Issues of enforcement between countries l Use of GPS units (privacy) l Turnover time to equip trucks l Digital open to additional fraud l l Resurrected Duckling

Discussion articles l Prepayment meters l Other uses of Resurrected Duckling

List of Resources l Alarms http: //www. stevenspublishing. com/Stevens/ Sec. Prod. Pub. nsf/frame? open&redirect=http: / /www. stevenspublishing. com/stevens/secpr odpub. nsf/Pub. Home/180 E 42469 D 7 AD 8 A 58 6257145005 CE 634? Opendocument l http: //www. simmons. com. au/perimeter. htm l

List of Resources l Alarms l and network security http: //www. usenix. org/publications/login/200 0 -6/features/police. html l Secure l http: //www. ftp. cl. cam. ac. uk/ftp/users/rja 14/ta cho. pdf l Tamper l Tachographs resistance http: //www. cl. cam. ac. uk/~rja 14/tamper. html

List of resources l Tachosmart l http: //www. ntc. gov. au/View. Page. aspx? page =A 02304401400730020 l Resurrected l http: //www. cl. cam. ac. uk/~fms 27/duckling/du ckling. html l Meter l Duckling Security http: //www. metering. com/archive/014/25_1. htm