PhD Oral Exam - Olivier Cabana, Concordia Institute for Information Systems Engineering

When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.

Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.

Abstract

The threat to the Internet of Things (IoT) and Industrial Control Systems (ICS) is constantly increasing. With the proliferation of ICS/IoT solutions deployed in homes, businesses and infrastructure there is an urgent need for security solutions. Additionally, in the context of ICS, these security tools face another challenge as they must prioritize the availability of the services. This dissertation advances the state-of-the-art for ICS/IoT security by proposing a set of tools and algorithms for the prevention, detection, and mitigation of cyber-attacks targeting ICS/IoT devices. First, we design and implement a solution that analyzes darknet network traffic. This solution identifies and correlates in near real-time attacks targeting ICS/IoT protocols and devices and can track reconnaissance campaigns over time. Using this practical solution, we investigate the threat landscape of ICS/IoT attacks over the course of several months and analyze the top campaigns over the observation window. Second, we develop an application that leverages polynomial curve fitting and a Siamese Neural Network (SNN) to passively analyze the traffic in IoT networks to fingerprint devices. Our application can identify new devices, maintains its performance over time, and can easily be redeployed on a new network. Third, we investigate the cybersecurity aspect of IEC Precision Time Protocol (PTP), a well-known protocol for time synchronization, which is critical in ICS networks. We demonstrate that PTP can be abused to facilitate the exchange of covert messages and propose several solutions to mitigate the issue. Finally, we build a PTP simulation testbed to investigate PTP delay attacks, which can have consequences on smart grid operations. We present new PTP attack scenarios and offer a detection strategy that uses machine learning models in conjunction with passive monitoring to detect delay attacks.