SlideShare ist ein Scribd-Unternehmen logo

Iidss 2017 sarwono sutikno arwin sumari (cps in defense)

Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

The document discusses risks and vulnerabilities in cyber-physical systems (CPS), especially those used in defense applications. It notes that CPS integrate computation and physical processes to monitor and control systems. In the defense sector, CPS and embedded systems are critical to network-centric warfare approaches. However, these systems are vulnerable to hardware Trojans, which are malicious modifications made during integrated circuit manufacturing that can undermine trust in affected systems. Specifically, hardware Trojans could mislead information sharing between nodes in a network-centric system, degrading situational awareness and decision making with potentially severe consequences for military missions. The document calls for preventive methods at the design, fabrication, and post-fabrication stages to help address these risks

Ingenieurwesen
1 von 21
Downloaden Sie, um offline zu lesen
Introduction to Hardware Trojan and Cyber-Physical Systems Risks and Vulnerabilities: A Case in Defense Sector Sarwono Sutikno, Dr.Eng., CISA, CISSP, CISM, CSXF Advisor to Corruption Eradication Commission (KPK) Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung (ITB), Bandung, Indonesia Colonel Dr. Arwin Datumaya Wahyudi Sumari, S.T., M.T. Policy Analyst for Contingency Plan at Deputy of Political and Strategy, Secretariat General of National Resilience Council Head of Information Resilience Division at Desk for National Cyberspace, Coordinating Ministry for Political, Law and Security Senior Researcher, Cognitive Artificial Intelligence Research Group (CAIRG) at School of Electrical Engineering and Informatics, Institut Teknologi Bandung (ITB), Bandung, Indonesia
OUTLINE • CYBERSPACE • NETWORK-CENTRIC WARFARE • CYBER-PHYSICAL SYSTEMS • INTERNET-OF-THINGS • RISKS AND VULNERABILITIES: HARDWARE TROJAN • PREVENTIVE WAYS • CONCLUDING REMARKS Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 2
CYBERSPACE A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 3
CYBERSPACE – It’s a man-made domain What do you need? - IT devices - Comm links (wired/ wireless) - Data to be exchanged VERY EASY Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 4
CYBERSPACE Air Space SeaLand Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 5
NETWORK-CENTRIC WARFARE • A digital battlefield network • Each warfare element is an information processing node, some of nodes are autonomous or intelligent, some are embedded systems • Information is exchanged amongst nodes • Shared situational awareness • Accelerate decision making cycle • Decision superiority Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 6
CYBER-PHYSICAL SYSTEMS • The integration of computation and a physical process • Composed of physical process monitored and controlled by a cyber system, which is a networked system of distributed sensing, communication, and computational devices • Embedded systems can be considered CPSes Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 7
CYBER-PHYSICAL SYSTEMS •Characteristics: •largescale system sizes •heterogeneity of resources •uncertain system dynamics •extensive physical interactions Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 8
INTERNET-OF-THINGS • Devices with Internet Protocol address that use Internet (network) as the medium for information exchanging • When everything is connected .... Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 9
INTERNET-OF-THINGS Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 10
HARDWARE VULNERABILITIES • Embedded systems are highly needed for various applications especially in Internet-of-Things era • Defense sector uses embedded systems in almost its weapon equipment especially in NCW era where size is matter • Small size embedded systems can only be achieved via Integrated (Circuit) IC technology • Vulnerabilities of embedded system hardware emerge from any level of IC manufacturing Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 11
HARDWARE TROJAN • A malicious and deliberately stealthy modification made to an electronic device such as the circuitry of an IC or chip • It can change the chips functionality and thereby undermine trust in the systems using that chip Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 12
HARDWARE TROJAN – TAXONOMY Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 13
VULNERABILITIES AND RISKS Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 14
HARDWARE TROJAN – Attack of Doping • Doping is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. • By switching the doping on a few transistors, parts of the integrated circuit no longer work as they should. Because the changes happen at the atomic level, the stuff is hard to detect. Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 15
HARDWARE TROJAN – Attack with Payload • Combinationally triggered Trojan – subclass of digitally triggered • Occurrence of condition A = 0, B = 0 at the trigger nodes A, B causes payload node C to have an incorrect value at Cmodified • Attacker chooses a rare activation condition from low-controllable inputs making trojan unlikely to trigger during manufacturing test Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 16
PREVENTIVE WAYS • At Design Level • The ability to create trusted circuits using untrusted EDA tools • At Fabrication Level • Provide both hardware specifications and a list of “security-related properties.” There must be an agreement among Customers and manufactures on the requirements of the specified hardware to be fabricated • At Post-Fabrication Level • Reconfigurable logic could be placed between the output of some ICs and the input of other ICs to cut attacker access at the Register Transfer Level Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 17
Internet-of- Things Cyber-Physical Systems Critical Infrastructures Embedded Systems Networked System High Vulnerability and Very Risky Spy Satellite Spy Satellite Operation Field UAV Example on NCW for Military Operation Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 18
Risks on NCW • Satellite may send mislead information to other nodes (F-16, UAV, AEW/C, MPA, Radar). The same occurs to other nodes • Avionics system may not work properly and may risk the aircrafts (accident, friendly fire etc.) • Reconnaissance system may be degraded • Radar system may detect erroneous targets • Information exchange may be delayed • Field Operation may be mapped wrongly • Shared situational awareness may not be achieved • Decision made may unprecise and risk the units • Decision superiority may not be achieved • Victory may not be achieved, too and probably loose Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 19
CONCLUDING REMARKS • Real examples of CPS are embedded systems which have been parts of various application especially in Defense sector • CPSes give full support to military mission moreover now is NCW era • CPSes hardware is vulnerable to hardware attack i.e. Hardware Trojan, and is almost impossible to be detected • Trojan attack to military equipment during military mission may cause severe looses not only to the equipment themselves but also to the objective of the mission itself Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 20
REFERENCES • A.D.W. Sumari, Letnan Kolonel Lek, Dr., S.T., M.T., (2011), Optimalisasi Sistem K4IPP guna Meningkatkan Efektivitas Pengambilan Keputusan dalam rangka Mendukung Tugas-Tugas TNI AU, Taskap Terbaik Peraih Penghargaan “Sastratama”, Seskoau A-48, Bandung • A.D.W. Sumari, Dr., S.T., M.T., Kolonel Lek (2015), Kedaulatan Cyber Indonesia dari Perspektif Militer, Simposium Nasional CyberSecurity (SNCS) 2015, Kemenkopolhukam, 3-4 Juni 2015 • A. Iqbal (2013), “Security Threats in Integrated Circuits”, https://sdm.mit.edu/security-threats-in-integrated- circuits/#note-xiii • A. Tiwari (2015), “Hardware Trojans”, https://www.slideshare.net/OWASPdelhi/hardware-trojans-by-anupam-tiwari • P. Paganini (2013), “Integrated circuits can be compromised using Undetectable hardware Trojans”, http://thehackernews.com/2013/09/Undetectable-hardware-Trojans.html • Ramesh Karri, Kurt Rosenfeld, Jeyavijayan Rajendran, Mohammad Tehranipoor, "Trustworthy Hardware: Identifying and Classifying Hardware Trojans", Computer, vol. 43, no. , pp. 39-46, October 2010 • X. Cao (2015), “Hardware Trojan vulnerability “, http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=5654&context=etd • Hardware attacks, backdoors and electronic component qualification, http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/ • http://gauss.ececs.uc.edu/Courses/c6056/pdf/hardware.pdf Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 21

Empfohlen

Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecuritySarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
Khaltar Togtuun
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
Tharindunuwan9
 

Empfohlen

Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecuritySarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
Khaltar Togtuun
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
Tharindunuwan9
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
Ana Meskovska
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
Ramana K V
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptx
SyedSaqlain32
 

Weitere ähnliche Inhalte

Was ist angesagt?

4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
Ana Meskovska
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 

Was ist angesagt? (20)

Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
 
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 

Ähnlich wie Iidss 2017 sarwono sutikno arwin sumari (cps in defense)

Secure and privacy preserving data centric sensor networks with multi query o...
Secure and privacy preserving data centric sensor networks with multi query o...Secure and privacy preserving data centric sensor networks with multi query o...
Secure and privacy preserving data centric sensor networks with multi query o...
eSAT Journals
 

Ähnlich wie Iidss 2017 sarwono sutikno arwin sumari (cps in defense) (20)

Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptx
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 
Survey on Security Issues of Internet of Things (IoT) Devices
Survey on Security Issues of Internet of Things (IoT) DevicesSurvey on Security Issues of Internet of Things (IoT) Devices
Survey on Security Issues of Internet of Things (IoT) Devices
 
Cps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranCps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iran
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
 
IRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud ComputingIRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1
 
A05510105
A05510105A05510105
A05510105
 
Synopsis presentation uu Purna Chandra Sethi
Synopsis presentation uu Purna Chandra SethiSynopsis presentation uu Purna Chandra Sethi
Synopsis presentation uu Purna Chandra Sethi
 
IRJET- Authentication and Context Awareness Access Control in Internet of Things
IRJET- Authentication and Context Awareness Access Control in Internet of ThingsIRJET- Authentication and Context Awareness Access Control in Internet of Things
IRJET- Authentication and Context Awareness Access Control in Internet of Things
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEODEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
 
IRJET- Ideal Security Preserving Probabilistic Direction Finding for Wireless...
IRJET- Ideal Security Preserving Probabilistic Direction Finding for Wireless...IRJET- Ideal Security Preserving Probabilistic Direction Finding for Wireless...
IRJET- Ideal Security Preserving Probabilistic Direction Finding for Wireless...
 
IRJET- Intruder Detection System using Camera with Alert Management
IRJET- Intruder Detection System using Camera with Alert ManagementIRJET- Intruder Detection System using Camera with Alert Management
IRJET- Intruder Detection System using Camera with Alert Management
 
Secure and privacy preserving data centric sensor networks with multi query o...
Secure and privacy preserving data centric sensor networks with multi query o...Secure and privacy preserving data centric sensor networks with multi query o...
Secure and privacy preserving data centric sensor networks with multi query o...
 
An iot based secured smart e-campus
An iot based secured smart e-campusAn iot based secured smart e-campus
An iot based secured smart e-campus
 
EPLQ:Efficient privacy preserving spatial range query for smart phones
EPLQ:Efficient privacy preserving spatial range query for smart phonesEPLQ:Efficient privacy preserving spatial range query for smart phones
EPLQ:Efficient privacy preserving spatial range query for smart phones
 

Mehr von Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 

Mehr von Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
 
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdfKeamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
 
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
 
SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06
 
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset InformasiTata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020
 
Keamanan Informasi - batasan
Keamanan Informasi - batasanKeamanan Informasi - batasan
Keamanan Informasi - batasan
 
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPKBuku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
 
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019 Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
 
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TIIIndeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
 
Materi wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 wonMateri wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 won
 
Materi caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod wonMateri caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod won
 
Antikorupsi mahasiswa
Antikorupsi mahasiswaAntikorupsi mahasiswa
Antikorupsi mahasiswa
 
Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02
 
SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04
 
Perguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod wonPerguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod won
 
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
 

Kürzlich hochgeladen

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Dr.Costas Sachpazis
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
ranjana rawat
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls in Nagpur High Profile
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 

Kürzlich hochgeladen (20)

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 

Iidss 2017 sarwono sutikno arwin sumari (cps in defense)

  • 1. Introduction to Hardware Trojan and Cyber-Physical Systems Risks and Vulnerabilities: A Case in Defense Sector Sarwono Sutikno, Dr.Eng., CISA, CISSP, CISM, CSXF Advisor to Corruption Eradication Commission (KPK) Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung (ITB), Bandung, Indonesia Colonel Dr. Arwin Datumaya Wahyudi Sumari, S.T., M.T. Policy Analyst for Contingency Plan at Deputy of Political and Strategy, Secretariat General of National Resilience Council Head of Information Resilience Division at Desk for National Cyberspace, Coordinating Ministry for Political, Law and Security Senior Researcher, Cognitive Artificial Intelligence Research Group (CAIRG) at School of Electrical Engineering and Informatics, Institut Teknologi Bandung (ITB), Bandung, Indonesia
  • 2. OUTLINE • CYBERSPACE • NETWORK-CENTRIC WARFARE • CYBER-PHYSICAL SYSTEMS • INTERNET-OF-THINGS • RISKS AND VULNERABILITIES: HARDWARE TROJAN • PREVENTIVE WAYS • CONCLUDING REMARKS Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 2
  • 3. CYBERSPACE A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 3
  • 4. CYBERSPACE – It’s a man-made domain What do you need? - IT devices - Comm links (wired/ wireless) - Data to be exchanged VERY EASY Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 4
  • 6. NETWORK-CENTRIC WARFARE • A digital battlefield network • Each warfare element is an information processing node, some of nodes are autonomous or intelligent, some are embedded systems • Information is exchanged amongst nodes • Shared situational awareness • Accelerate decision making cycle • Decision superiority Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 6
  • 7. CYBER-PHYSICAL SYSTEMS • The integration of computation and a physical process • Composed of physical process monitored and controlled by a cyber system, which is a networked system of distributed sensing, communication, and computational devices • Embedded systems can be considered CPSes Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 7
  • 8. CYBER-PHYSICAL SYSTEMS •Characteristics: •largescale system sizes •heterogeneity of resources •uncertain system dynamics •extensive physical interactions Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 8
  • 9. INTERNET-OF-THINGS • Devices with Internet Protocol address that use Internet (network) as the medium for information exchanging • When everything is connected .... Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 9
  • 11. HARDWARE VULNERABILITIES • Embedded systems are highly needed for various applications especially in Internet-of-Things era • Defense sector uses embedded systems in almost its weapon equipment especially in NCW era where size is matter • Small size embedded systems can only be achieved via Integrated (Circuit) IC technology • Vulnerabilities of embedded system hardware emerge from any level of IC manufacturing Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 11
  • 12. HARDWARE TROJAN • A malicious and deliberately stealthy modification made to an electronic device such as the circuitry of an IC or chip • It can change the chips functionality and thereby undermine trust in the systems using that chip Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 12
  • 13. HARDWARE TROJAN – TAXONOMY Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 13
  • 14. VULNERABILITIES AND RISKS Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 14
  • 15. HARDWARE TROJAN – Attack of Doping • Doping is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. • By switching the doping on a few transistors, parts of the integrated circuit no longer work as they should. Because the changes happen at the atomic level, the stuff is hard to detect. Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 15
  • 16. HARDWARE TROJAN – Attack with Payload • Combinationally triggered Trojan – subclass of digitally triggered • Occurrence of condition A = 0, B = 0 at the trigger nodes A, B causes payload node C to have an incorrect value at Cmodified • Attacker chooses a rare activation condition from low-controllable inputs making trojan unlikely to trigger during manufacturing test Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 16
  • 17. PREVENTIVE WAYS • At Design Level • The ability to create trusted circuits using untrusted EDA tools • At Fabrication Level • Provide both hardware specifications and a list of “security-related properties.” There must be an agreement among Customers and manufactures on the requirements of the specified hardware to be fabricated • At Post-Fabrication Level • Reconfigurable logic could be placed between the output of some ICs and the input of other ICs to cut attacker access at the Register Transfer Level Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 17
  • 18. Internet-of- Things Cyber-Physical Systems Critical Infrastructures Embedded Systems Networked System High Vulnerability and Very Risky Spy Satellite Spy Satellite Operation Field UAV Example on NCW for Military Operation Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 18
  • 19. Risks on NCW • Satellite may send mislead information to other nodes (F-16, UAV, AEW/C, MPA, Radar). The same occurs to other nodes • Avionics system may not work properly and may risk the aircrafts (accident, friendly fire etc.) • Reconnaissance system may be degraded • Radar system may detect erroneous targets • Information exchange may be delayed • Field Operation may be mapped wrongly • Shared situational awareness may not be achieved • Decision made may unprecise and risk the units • Decision superiority may not be achieved • Victory may not be achieved, too and probably loose Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 19
  • 20. CONCLUDING REMARKS • Real examples of CPS are embedded systems which have been parts of various application especially in Defense sector • CPSes give full support to military mission moreover now is NCW era • CPSes hardware is vulnerable to hardware attack i.e. Hardware Trojan, and is almost impossible to be detected • Trojan attack to military equipment during military mission may cause severe looses not only to the equipment themselves but also to the objective of the mission itself Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 20
  • 21. REFERENCES • A.D.W. Sumari, Letnan Kolonel Lek, Dr., S.T., M.T., (2011), Optimalisasi Sistem K4IPP guna Meningkatkan Efektivitas Pengambilan Keputusan dalam rangka Mendukung Tugas-Tugas TNI AU, Taskap Terbaik Peraih Penghargaan “Sastratama”, Seskoau A-48, Bandung • A.D.W. Sumari, Dr., S.T., M.T., Kolonel Lek (2015), Kedaulatan Cyber Indonesia dari Perspektif Militer, Simposium Nasional CyberSecurity (SNCS) 2015, Kemenkopolhukam, 3-4 Juni 2015 • A. Iqbal (2013), “Security Threats in Integrated Circuits”, https://sdm.mit.edu/security-threats-in-integrated- circuits/#note-xiii • A. Tiwari (2015), “Hardware Trojans”, https://www.slideshare.net/OWASPdelhi/hardware-trojans-by-anupam-tiwari • P. Paganini (2013), “Integrated circuits can be compromised using Undetectable hardware Trojans”, http://thehackernews.com/2013/09/Undetectable-hardware-Trojans.html • Ramesh Karri, Kurt Rosenfeld, Jeyavijayan Rajendran, Mohammad Tehranipoor, "Trustworthy Hardware: Identifying and Classifying Hardware Trojans", Computer, vol. 43, no. , pp. 39-46, October 2010 • X. Cao (2015), “Hardware Trojan vulnerability “, http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=5654&context=etd • Hardware attacks, backdoors and electronic component qualification, http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/ • http://gauss.ececs.uc.edu/Courses/c6056/pdf/hardware.pdf Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017 21