Dr. Tamás Holczer

Associate Professor

holczer (at) crysys.hu

office: I.E. 419
tel: +36 1 463 2047

Current courses | Student projects | Publications

Short Bio

Tamás HOLCZER was born in 1981 in Budapest. He received the Ph.D. degree in Computer Science from the Budapest University of Technology and Economics (BME) in 2013. Since 2013 he has been working as an assistant professor in the Laboratory of Cryptography and System Security (CrySyS), Department of Telecommunications, Budapest University of Technology and Economics.
Fields of interest: In the past his research interests and his Ph.D. dissertation were focused on the privacy problems of wireless sensor networks and ad hoc networks (Ph.D. dissertation title: "Privacy enhancing protocols for wireless networks"). Lately he is working on the security aspects of cyber physical systems. The research topics include: security of industrial control networks, honeypot technologies in embedded systems, network monitoring and intrusion detection in industrial networks, and security aspects of intra-vehicular networks.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security major specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This is the English version of IT Security (VIHIAC01) course.

Coding and IT Security (VIHIBB01)

This BProf course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course also gives an introduction to source software security and channel coding.

Computer and Network Security (VIHIMA23)

The course introduces security problems in computing and networked systems, as well as the principles, practical mechanisms, and tools used to solve them. The course covers physical security and OS level security of computers, and the problem of malicious software (malware). It also covers issues related to secure operation of networks in practice. Students get theoretical knowledge and practical skills to assess security risks, understand threats and vulnerabilities. The course also serves as a basis for obtaining skills in penetration testing and ethical hacking of networks.

Computer and Network Security Laboratory (VIHIMB07)

This laboratory extends and deepens the knowledge and skills obtained in the Computer and Network Security course by solving practical, hands-on exercises in real, or close-to-real environments.

Network Security in Practice (VIHIBB02)

This course gives an introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations.

Networking and Security Laboratory (VIHIBC01)

This laboratory extends and deepens the knowledge and skills obtained in the Network Security in Practise and Computer Security in Practise courses by solving practical, hands-on exercises in real, or close-to-real environments.

Cybersecurity Operations Fundamentals (VIHIAV43)

This is an elective lab exercise course where students learn the basics of security operations.

Student Project Proposals

Ipari rendszerek biztonsága

Kritikus infrastruktúráink alapját sokszor ipari automatizálási és folyamatirányítási rendszerek (ICS/SCADA) alkotják, melyek egyre nagyobb mértékben rendelkeznek külső hálózati kapcsolatokkal, esetleg internet felőli eléréssel, ezért ki vannak téve a kibertér felől érkező támadásoknak.
A projekt során a hallgató az ipari rendszerek érdekes kérdéseivel foglalkozhat, úgy mint:

Publications

2024

On the Performance Evaluation of Protocol State Machine Reverse Engineering Methods

G. Ládi and T. Holczer

Journal of Communications Software and Systems, 2024.

Bibtex | Abstract | PDF | Link

@article {
   author = {Gergõ Ládi and Tamas Holczer},
   title = {On the Performance Evaluation of Protocol State Machine Reverse Engineering Methods},
   journal = {Journal of Communications Software and Systems},
   year = {2024},
   howpublished = "\url{https://doi.org/10.24138/jcomss-2023-0149}"
}

Keywords

protocol reverse engineering, protocol state machine, performance evaluation, runtime analysis, bounded runtime, incomplete input

Abstract

Having access to the specifications of network pro- tocols is essential for several reasons in IT security. When the specifications are not known, one may turn to protocol reverse engineering methods to reconstruct these, typically by analysing recorded network traffic or inspecting an executable that implements the protocol. First, the format and structure of the messages need to be recovered, then the state machine of the protocol itself. Over the years, several solutions have been proposed for both tasks. As a consequence, picking the right solution for a given scenario is often a complex problem that involves evaluating and comparing various solutions. In this paper, we review the current means of evaluating the perfor- mance of protocol state machine reverse engineering methods. To help alleviate the shortcomings of the current methodology, we propose two new metrics of performance to be measured: correctness and completeness of output for partial runs (when runtime is bounded). These, combined with previously used metrics should make it easier to pick the most ideal choice for a given use case. We also propose the examination of cases where the algorithms have to work with incomplete or inaccurate syntactical information. We showcase how these new metrics and related information may be useful for the evaluation and comparison of various algorithms by applying these new methods to evaluate the performance of a recent protocol state machine reverse engineering method.

2023

Holistic attack methods against power systems using the IEC 60870-5-104 protocol

J. Csatár and P. György and T. Holczer

Infocommunications Journal, Vol. XV, No. 3., 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {János Csatár and Péter György and Tamas Holczer},
   title = {Holistic attack methods against power systems using the IEC 60870-5-104 protocol},
   journal = {Infocommunications Journal, Vol. XV, No. 3.},
   year = {2023},
   howpublished = "\url{https://www.infocommunications.hu/documents/169298/4893630/InfocomJournal_2023_3_5.pdf}"
}

Keywords

IEC 60870-5-104, Attack, Security, Power system

Abstract

IEC 60870-5-104 is a widely used protocol for telecontrol in European power systems. However, security was not a design goal when it was originally published: This protocol lacks built-in security features such as encryption, integrity protection, or authentication. In this paper, we describe novel types of attacks against the protocol in a holistic way. Therefore, we also enumerate the possible entry points of the threat actors and demonstrate a new technique, where the malicious actor can precisely target the attack. These methods are demonstrated both on simulated environment and actual devices and compared with already published methods.

Machine Learning Based Time Series Generation for the Nuclear Industry

T. Holczer

Proceedings of the International Conference on Computer Security in the Nuclear World: Security for Safety. (2023), 2023.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer},
   title = {Machine Learning Based Time Series Generation for the Nuclear Industry},
   booktitle = {Proceedings of the International Conference on Computer Security in the Nuclear World: Security for Safety. (2023)},
   year = {2023}
}

Keywords

machine learning, time series, radiation detection system

Abstract

We need a lot of data for various purposes. We want to test new algorithms or make a cyber exercise, but sometimes we do not have enough original publicly available data. In this case we must generate synthetic data. A special case of data generation is where we need a time series. This paper discovers different methods of time series generation and test a method called TimeGAN for generating synthetic radiation detection system data. Similar approach can be used for temperature, pressure, or other synthetic time series relevant for the nuclear industry.

Privacy pitfalls of releasing in-vehicle network data

A. Gazdag and Sz. Lestyán and M. Remeli and G. Ács and T. Holczer and G. Biczók

Vehicular Communications, 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {András Gazdag and Szilvia Lestyan and Mina Remeli and Gergely Ács and Tamas Holczer and Gergely Biczók},
   title = {Privacy pitfalls of releasing in-vehicle network data},
   journal = {Vehicular Communications},
   year = {2023},
   howpublished = "\url{https://www.sciencedirect.com/science/article/pii/S2214209622001127?via%3Dihub}"
}

Keywords

In-vehicle network data; Privacy attacks; Driver re-identification; Trajectory reconstruction; Anonymization; Differential privacy

Abstract

The ever-increasing volume of vehicular data has enabled different service providers to access and monetize in-vehicle network data of millions of drivers. However, such data often carry personal or even potentially sensitive information, and therefore service providers either need to ask for drivers\' consent or anonymize such data in order to comply with data protection regulations. In this paper, we show that both fine-grained consent control as well as the adequate anonymization of in-network vehicular data are very challenging. First, by exploiting that in-vehicle sensor measurements are inherently interdependent, we are able to effectively i) re-identify a driver even from the raw, unprocessed CAN data with 97% accuracy, and ii) reconstruct the vehicle's complete location trajectory knowing only its speed and steering wheel position. Since such signal interdependencies are hard to identify even for data controllers, drivers' consent will arguably not be informed and hence may become invalid. Second, we show that the non-systematic application of different standard anonymization techniques (e.g., aggregation, suppression, signal distortion) often results in volatile, empirical privacy guarantees to the population as a whole but fails to provide a strong, worst-case privacy guarantee to every single individual. Therefore, we advocate the application of principled privacy models (such as Differential Privacy) to anonymize data with strong worst-case guarantee.

2021

Attacking IEC 60870-5-104 Protocol

P. György and T. Holczer

CEUR Workshop Proceedings, 2874 pp. 140-150. Paper: 13 , 11 p., 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Péter György and Tamas Holczer},
   title = {Attacking IEC 60870-5-104 Protocol},
   booktitle = {CEUR Workshop Proceedings, 2874 pp. 140-150. Paper: 13 , 11 p.},
   year = {2021}
}

Keywords

IEC-104, attack, security, power grid

Abstract

IEC 60870-5-104 is a widely used protocol for telecontrol in European power systems. Despite its wide usage, security was not a priority when the protocol was created. The IEC-104 protocol lacks important security features such as encryption, integrity protection, or authentication. In this paper, our goal is to show the risks of using this insecure protocol. To demonstrate it, we designed and implemented a wide range of different attacks. We also rated the stealthiness of these attacks in order to show that detection of an intruder is not always obvious. Our stealthy and successful attacks were carried out in a test environment with several virtual machines running an open-source implementation of the protocol.

Enhancing Safety and Security of Digital Instrumentation and Control System by Event Aggregation

R. Altschaffel and F. Zhang and J. Li and J. Hielscher and T. Holczer and W. Si and K. Lamshöft

12th Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Robert Altschaffel and Fan Zhang and Jianghai Li and Jonas Hielscher and Tamas Holczer and Wen Si and Kevin Lamshöft},
   title = {Enhancing Safety and Security of Digital Instrumentation and Control System by Event Aggregation},
   booktitle = {12th Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies},
   year = {2021}
}

Keywords

NPP Cybersecurity, I&C Security, SIEM, IDS, Anomaly Detection

Abstract

Nuclear power plants (NPPs) are implementing or transitioning to digital instrumentation and control (I&C) systems to control underlying physical processes. Such systems present an attack surface of obvious interest to various subsets of potential attackers and hence lead to a relevance of cybersecurity in a nuclear context. This prompts the need for measures aimed at detecting anomalous behavior or unwanted events in the I&C systems. This paper performs a survey on existing approaches to detect such behavior. This survey covers different perspectives and a broad range of different anomalous or unwanted behavior in the physical process and all aspects of the digital I&C systems. The perspective benefits from the inclusion of experts from the field of NPP cybersecurity, automation engineering and IT security. This interdisciplinary perspective allows for the identification of different sets of relevant data and events which might contribute to the understanding of an abnormal or unwanted situation (malfunction or a cyber-attack). This paper discusses how this data should be collected, how it can be aggregated and in which way it can enhance the safety and security of digital I&C systems.

Protocol State Machine Reverse Engineering with a Teaching-Learning Approach

G. Székely and G. Ládi and T. Holczer and L. Buttyán

Acta Cybernetica, 2021.

Bibtex | Abstract | PDF

@article {
   author = {Gábor Székely and Gergõ Ládi and Tamas Holczer and Levente Buttyán},
   title = {Protocol State Machine Reverse Engineering with a Teaching-Learning Approach},
   journal = {Acta Cybernetica},
   year = {2021}
}

Keywords

automated protocol reverse engineering, state machines, Mealy machines

Abstract

In this work, we propose a novel solution to the problem of inferring the state machine of an unknown protocol. We extend and improve prior results on inferring Mealy machines, and present a new algorithm that accesses and interacts with a networked system that runs the unknown protocol in order to infer the Mealy machine representing the protocol’s state machine. To demonstrate the viability of our approach, we provide an implementation and illustrate the operation of our algorithm on a simple example protocol, as well as on two real-world protocols, Modbus and MQTT.

2020

GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic

G. Ládi and L. Buttyán and T. Holczer

Infocommunications Journal, Vol. XII, No. 2, 2020.

Bibtex | Abstract | PDF

@article {
   author = {Gergõ Ládi and Levente Buttyán and Tamas Holczer},
   title = {GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic},
   journal = {Infocommunications Journal, Vol. XII, No. 2},
   year = {2020}
}

Keywords

protocol reverse engineering, message format, field semantics, inference, binary protocols, network traffic, graph analysis, Modbus, MQTT

Abstract

Protocol specifications describe the interaction be- tween different entities by defining message formats and message processing rules. Having access to such protocol specifications is highly desirable for many tasks, including the analysis of botnets, building honeypots, defining network intrusion detection rules, and fuzz testing protocol implementations. Unfortunately, many protocols of interest are proprietary, and their specifications are not publicly available. Protocol reverse engineering is an approach to reconstruct the specifications of such closed proto- cols. Protocol reverse engineering can be tedious work if done manually, so prior research focused on automating the reverse engineering process as much as possible. Some approaches rely on access to the protocol implementation, but in many cases, the protocol implementation itself is not available or its license does not permit its use for reverse engineering purposes. Hence, in this paper, we focus on reverse engineering protocol specifications relying solely on recorded network traffic. More specifically, we propose GrAMeFFSI, a method based on graph analysis that can infer protocol message formats as well as certain field semantics for binary protocols from network traces. We demonstrate the usability of our approach by running it on packet captures of two known protocols, Modbus and MQTT, then comparing the inferred specifications to the official specifications of these protocols.

Nuclear Power Plant in a Box

R. Altschaffel and T. Holczer and R. A. Busquim e Silva and J. Li and P. György and M. Hildebrandt and M. Hewes

International Conference on Nuclear Security: Sustaining and Strengthening Efforts, International Atomic Energy Agency (IAEA), 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Robert Altschaffel and Tamas Holczer and R. A. Busquim e Silva and Jianghai Li and Péter György and M. Hildebrandt and M. Hewes},
   title = {Nuclear Power Plant in a Box},
   booktitle = {International Conference on Nuclear Security: Sustaining and Strengthening Efforts},
   publisher = {International Atomic Energy Agency (IAEA)},
   year = {2020}
}

Abstract

The paper presents the development of an architecture to deploy a simulated nuclear power plant in order to support training and research. In contrast to other simulators, which focus on the underlying physical processes, this approach also covers the industrial control systems (ICS) supervising and controlling these processes. Additionally, the IT components required for the associated business processes are also included, allowing for training with regard to threats to these IT components, including cyber-attack scenarios.

Towards Reverse Engineering Protocol State Machines

G. Székely and G. Ládi and T. Holczer and L. Buttyán

The 12th Conference of PhD Students in Computer Science - Volume of short papers, 2020, pp. 70-73.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gábor Székely and Gergõ Ládi and Tamas Holczer and Levente Buttyán},
   title = {Towards Reverse Engineering Protocol State Machines},
   booktitle = {The 12th Conference of PhD Students in Computer Science - Volume of short papers},
   year = {2020},
   pages = {70-73}
}

Abstract

In this work, we are addressing the problem of inferring the state machine of an unknown protocol. Our method is based on prior work on inferring Mealy machines. We require access to and interaction with a system that runs the unknown protocol, and we serve a state-of-the-art Mealy machine inference algorithm with appropriate input obtained from the system at hand. We implemented our method and illustrate its operation on a simple example protocol.

Virtualization-assisted Testing of Network Security Systems for NPPs

T. Holczer and G. Berman and S. M. Darricades and P. György and G. Ládi

International Conference on Nuclear Security: Sustaining and Strengthening Efforts, International Atomic Energy Agency (IAEA), 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and G. Berman and S. M. Darricades and Péter György and Gergõ Ládi},
   title = {Virtualization-assisted Testing of Network Security Systems for NPPs},
   booktitle = {International Conference on Nuclear Security: Sustaining and Strengthening Efforts},
   publisher = {International Atomic Energy Agency (IAEA)},
   year = {2020}
}

Abstract

Nuclear power plants use different digital assets to control the processes. These assets are normally connected by computer networks, and are targets of potential cyber-attacks. To avoid or mitigate the effect of such an attack, different security controls are used in accordance with the guidelines. Before deploying a new cyber security control, it must be tested thoroughly. The paper proposes virtual testbeds made of virtual computers and networks for these tests and shows how three widely used open source firewalls perform in such a test.

2018

Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic

G. Ládi and L. Buttyán and T. Holczer

26th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings, FESB, University of Split, 2018, pp. 1-6, ISBN 978-9-5329-0087-3.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergõ Ládi and Levente Buttyán and Tamas Holczer},
   title = {Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic},
   booktitle = {26th International Conference on Software, Telecommunications and Computer Networks, Workshop on Information and Communication Technologies, Proceedings},
   publisher = {FESB, University of Split},
   year = {2018},
   pages = {1-6},
   note = {ISBN 978-9-5329-0087-3}
}

Keywords

protocol reverse engineering; message format; field semantics; inference; binary protocols; network traffic; Modbus; MQTT

Abstract

Protocol specifications describe the interaction between different entities by defining message formats and message processing rules. Having access to such protocol specifications is highly desirable for many tasks, including the analysis of botnets, building honeypots, defining network intrusion detection rules, and fuzz testing protocol implementations. Unfortunately, many protocols of interest are proprietary, and their specifications are not publicly available. Protocol reverse engineering is an approach to reconstruct the specifications of such closed protocols. Protocol reverse engineering can be tedious work if done manually, so prior research focused on automating the reverse engineering process as much as possible. Some approaches rely on access to the protocol implementation, but in many cases, the protocol implementation itself is not available or its license does not permit its use for reverse engineering purposes. Hence, in this paper, we focus on reverse engineering protocol specifications based solely on recorded network traffic. More specifically, we propose a method that can infer protocol message formats as well as certain field semantics for binary protocols from network traces. We demonstrate the usability of our approach by running it on packet captures of two known protocols, Modbus and MQTT, then comparing the inferred specifications to the known specifications of these protocols.

Vehicular Can Traffic Based Microtracking for Accident Reconstruction

A. Gazdag and T. Holczer and L. Buttyán and Zs. Szalay

Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering, University of Miskolc, Miskolc, Hungary, 2018.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag and Tamas Holczer and Levente Buttyán and Zsolt Szalay},
   title = {Vehicular Can Traffic Based Microtracking for Accident Reconstruction},
   booktitle = {Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering},
   publisher = {University of Miskolc, Miskolc, Hungary},
   year = {2018}
}

Keywords

Digital forensics, CAN network

Abstract

Accident reconstruction is the process of reliably discovering what has happened before a serious event. We show how the most widely used intra vehicular network (namely the Controller Area Network, CAN) can be used in this process. We show how the actual velocity and steering wheel position transmitted on the CAN network can be used to reconstruct the trajectory of a vehicle. This trajectory is an essential input in the reconstruction process. In this paper, we show how the CAN traffic of an actual vehicle can be used to recon- struct the trajectory of the vehicle, and we evaluate our approach in several real life experiments including normal and pre-accident situations.

2016

Intrusion detection in Cyber Physical Systems Based on Process Modelling

A. Gazdag and T. Holczer and Gy. Miru

Proceedings of 16th European Conference on Cyber Warfare & Security, Academic conferences, 2016.

Bibtex | Abstract

@inproceedings {
   author = {András Gazdag and Tamas Holczer and Gyorgy Miru},
   title = {Intrusion detection in Cyber Physical Systems Based on Process Modelling},
   booktitle = {Proceedings of 16th European Conference on Cyber Warfare & Security},
   publisher = {Academic conferences},
   year = {2016}
}

Abstract

Cyber physical systems (CPS) are used to control chemical processes, and can be found in manufacturing, civil infrastructure, energy industry, transportation and in many more places. There is one common characteristic in these areas, their operation is critical as a malfunction can potential be life-threatening. In the past, an attack against the cyber part of the systems can lead to physical consequences. The first well known attack against a CPS was Stuxnet in 2010. It is challenging to develop countermeasures in this field without endangering the normal operation of the underlying system. In our research, our goal was to detect attacks without interfering with the cyber physical systems in any way. This can be realized by an anomaly detection system using passive network monitoring. Our approach is based on analysing the state of the physical process by interpreting the communication between the control system and the supervisory system. This state can be compared to a model based prediction of the system, which can serve as a solid base for intrusion detection. In order to realize our intrusion detection system, a testbed was built based on widely used Siemens PLCs. Our implementation consists of three main parts. The first task is to understand the network communication in order to gain information about the controlled process. This was realized by analysing and deeply understanding the publicly undocumented Siemens management protocol. The resulting protocol parser was integrated into the widely-used Bro network security monitoring framework. Gathering information about the process state for a prolonged time creates time series. With these time series, as the second step, statistical models of the physical process can be built to predict future states. As the final step, the new states of the physical process can be compared with the predicted states. Significant differences can be considered as an indicator of compromise.

2015

ROSCO: Repository of signed code

B. Bencsáth and L. Buttyán and T. Holczer and B. Kócsó and D. Papp

Virus Bulletin, 2015.

Bibtex | PDF

@conference {
   author = {Boldizsár Bencsáth and Levente Buttyán and Tamas Holczer and Balázs Kócsó and Dorottya Papp},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract

The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems

L. Buttyán and M. Felegyhazi and T. Holczer

Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, IAEA, 2015.

Bibtex

@inproceedings {
   author = {Levente Buttyán and Mark Felegyhazi and Tamas Holczer},
   title = {The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems},
   booktitle = {Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange},
   publisher = {IAEA},
   year = {2015}
}

Abstract

2014

Adatbányászat az informatikai biztonságban

A. Kiss and T. Holczer and K Szücs

INFODIDACT konferencia, Webdidaktika Alapítvány, 2014, ISBN: 9789631206272.

Bibtex

@conference {
   author = {Attila Kiss and Tamas Holczer and Szücs Katalin},
   title = {Adatbányászat az informatikai biztonságban},
   booktitle = { INFODIDACT konferencia},
   publisher = {Webdidaktika Alapítvány},
   year = {2014},
   note = {ISBN: 9789631206272}
}

Abstract

CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp

T. Holczer and M. Felegyhazi and Gy. Miru and F. Juhasz and D. Buza

Kiss Natália Nagy Bálint Németh István Péter (Eds), Tudományos terek, pp. 9-20, DUF Press, 2014, ISBN: 9789632870755.

Bibtex

@inbook {
   author = {Tamas Holczer and Mark Felegyhazi and Gyorgy Miru and Ferenc Juhasz and Daniel Buza},
   editor = {Kiss Natália Nagy Bálint Németh István Péter (Eds)},
   title = {CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp},
   chapter = {Tudományos terek},
   pages = {9-20},
   publisher = {DUF Press},
   year = {2014},
   note = {ISBN: 9789632870755}
}

Abstract

CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot

D. Buza and F. Juhasz and Gy. Miru and M. Felegyhazi and T. Holczer

in Proceedings of SmartGridSec 2014, February 26, 2014.

Bibtex | Abstract | PDF

@article {
   author = {Daniel Buza and Ferenc Juhasz and Gyorgy Miru and Mark Felegyhazi and Tamas Holczer},
   title = {CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot},
   journal = {in Proceedings of SmartGridSec 2014},
   month = {February 26},
   year = {2014}
}

Keywords

PLC honeypot, critical infrastructures, advanced threat monitoring, industrial control systems security

Abstract

Smart grids consist of suppliers, consumers, and other parts. The main suppliers are normally supervised by industrial control sys- tems. These systems rely on programmable logic controllers (PLCs) to control industrial processes and communicate with the supervisory sys- tem. Until recently, industrial operators relied on the assumption that these PLCs are isolated from the online world and hence cannot be the target of attacks. Recent events, such as the infamous Stuxnet attack [15] directed the attention of the security and control system community to the vulnerabilities of control system elements, such as PLCs. In this paper, we design and implement the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems. This PLC honeypot can be implemented as part of a larger security monitoring system. Our honeypot implementation improves upon existing solutions in several aspects: most importantly in level of interaction and ease of configuration. Results of an evaluation show that our honeypot is largely indistinguishable from a real device from the attacker’s perspective. As a collateral of our analysis, we were able to identify some security issues in the real PLC device we tested and implemented specific firewall rules to protect the device from targeted attacks.

2012

Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey

P. Schaffer and K. Farkas and Á. Horváth and T. Holczer and L. Buttyán

accepted for publication in Elsevier Computer Networks, 2012.

Bibtex | Abstract

@article {
   author = {Peter Schaffer and Károly Farkas and Ádám Horváth and Tamas Holczer and Levente Buttyán},
   title = {Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey},
   journal = {accepted for publication in Elsevier Computer Networks},
   year = {2012}
}

Abstract

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols inWSNs with special emphasis on security and reliability issues. First, we define the taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols.

Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks

L. Buttyán and T. Holczer

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), IEEE, June, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and Tamas Holczer},
   title = {Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks},
   booktitle = {IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN)},
   publisher = {IEEE},
   month = {June},
   year = {2012}
}

Abstract

In this paper, we study the problem of traffic analysis attacks in wireless body area sensor networks. When these networks are used in health-care for remote patient monitoring, traffic analysis can reveal the type of medical sensors mounted on the patient, and this information may be used to infer the patient’s health problems. We show that simple signal processing methods can be used effectively for performing traffic analysis attacks and identifying the sensor types in a rather weak adversary model. We then investigate possible traffic obfuscation mechanisms aiming at hiding the regular patterns in the observable wireless traffic. Among the investigated countermeasures, traffic shaping, a mechanism that introduces carefully chosen delays for message transmissions, appears to be the best choice, as it achieves close to optimal protection and incurs no overhead.

2011

Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks

T. Holczer and L. Buttyán

International Journal of Distributed Sensor Networks, 2011, pp. 1-18, Article ID 828414.

Bibtex | Abstract | PDF

@article {
   author = {Tamas Holczer and Levente Buttyán},
   title = {Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   year = {2011},
   pages = {1-18},
   note = {Article ID 828414}
}

Abstract

In mission critical cyber-physical systems, dependability is an important requirement at all layers of the system architecture. In this paper, we propose protocols that increase the dependability of wireless sensor networks, which are potentially useful building blocks in cyber physical systems. More specifically, we propose two private aggregator node election protocols, a private data aggregation protocol, and a corresponding private query protocol for sensor networks that allow for secure in-network data aggregation by making it difficult for an adversary to identify and then physically disable the designated aggregator nodes. Our advanced protocols resist strong adversaries that can physically compromise some nodes.

VeRA - Version Number and Rank Authentication in RPL

L. Buttyán and T. Holczer and A. Dvir

7th IEEE International Workshop on Wireless and Sensor Networks Security, IEEE, Valencia, Spain, October 17-22, 2011, pp. 709 - 714.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente Buttyán and Tamas Holczer and Amit Dvir},
   title = {VeRA - Version Number and Rank Authentication in RPL},
   booktitle = {7th IEEE International Workshop on Wireless and Sensor Networks Security},
   publisher = {IEEE},
   address = {Valencia, Spain},
   month = {October 17-22},
   year = {2011},
   pages = {709 - 714}
}

Abstract

Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of con-strained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes’ batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.

2010

Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks

T. Holczer and L. Dóra

In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010, Pisa, Italy, February 22-23, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and László DÓRA},
   title = {Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks},
   booktitle = {In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010},
   address = {Pisa, Italy},
   month = {February 22-23},
   year = {2010}
}

Abstract

A delay-tolerant network is a mobile ad hoc network where the message dissemination is based on the store-carry-and-forward principle. This principle raises new aspects of the privacy problem. In particular, an attacker can build a user profile and trace the nodes based on this profile even if the message exchange protocol provides anonymity. In this paper, an attacker model is presented and some proposed attackers are implemented. We analyze the efficiency of both the attacks and the proposed defense mechanism, called Hide-and-Lie Strategy. We show that without any defense mechanism, the nodes are traceable, but with the Hide-and-Lie Strategy, the success probability of an attacker can be made equal to the success probability of the simple guessing. Furthermore, in some scenarios, the Hide-and-Lie Strategy increases the message delivery ratio. The number of downloaded messages and the maximal memory size required to apply the proposed privacy defense mechanism is also investigated.

Perfectly Anonymous Data Aggregation in Wireless Sensor Networks

T. Holczer and L. Buttyán

Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010), IEEE, San Francisco, November 8-12, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and Levente Buttyán},
   title = {Perfectly Anonymous Data Aggregation in Wireless Sensor Networks},
   booktitle = {Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010)},
   publisher = {IEEE},
   address = {San Francisco},
   month = {November 8-12},
   year = {2010}
}

Abstract

Clustering and data aggregation in wireless sensor networks improves scalability, and helps the efficient use of scarce resources. Yet, these mechanisms also introduce some security issues; in particular, aggregator nodes become attractive targets of physical destruction and jamming attacks. In order to mitigate this problem, we propose a new private aggregator node election protocol that hides the identity of the elected aggregator nodes both from external eavesdroppers and from compromised nodes participating in the protocol. We also propose a private data aggregation protocol and a corresponding private query protocol which allows the aggregators to collect sensor readings and respond to queries of the base station, respectively, without revealing any useful information about their identity to external eavesdroppers and to compromised nodes.

2009

Private Cluster Head Election in Wireless Sensor Networks

T. Holczer and L. Buttyán

Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09), IEEE, IEEE, Macau SAR, PRC, October 12 , 2009, pp. 1048-1053.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Tamas Holczer and Levente Buttyán},
   title = {Private Cluster Head Election in Wireless Sensor Networks},
   booktitle = {Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09)},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Macau SAR, PRC},
   month = {October 12 },
   year = {2009},
   pages = {1048-1053}
}

Abstract

Clustering is a useful mechanism in wireless sensor networks that helps to cope with scalability problems and, if combined with in-network data aggregation, may increase the energy efficiency of the network. At the same time, by assigning a special role to the cluster head nodes, clustering makes the network more vulnerable to attacks. In particular, disabling a cluster head by physical destruction or jamming may render the entire cluster inoperable temporarily until the problem is detected and a new cluster head is elected. Hence, the cluster head nodes may be attractive targets of attacks, and one would like to make it difficult for an adversary to identify them. The adversary can try to identify the cluster head nodes in various ways, including the observation of the cluster head election process itself and the analysis of the traffic patterns after the termination of the cluster head election. In this paper, we focus on the former problem, which we call the private cluster head election problem. This problem has been neglected so far, and as a consequence, existing cluster head election protocols leak too much information making the identification of the elected cluster head nodes easy even for a passive external observer. We propose the first private cluster head election protocol for wireless sensor networks that is designed to hide the identity of the elected cluster head nodes from an adversary that can observe the execution of the protocol.

Secure Vehicle Communication (SeVeCom)

D. D. Cock and P. Ardelean and N. Asaj and S. Cosenza and M. Müter and A. Held and B. Wiedersheim and P. Papadimitratos and F. Kargl and T. Holczer

Demonstration. Mobisys, June, 2009.

Bibtex | PDF

@misc {
   author = {Danny De Cock and Petra Ardelean and Naim Asaj and Stefano Cosenza and Michael Müter and Albert Held and Björn Wiedersheim and Panagiotis Papadimitratos and Frank Kargl and Tamas Holczer},
   title = {Secure Vehicle Communication (SeVeCom)},
   howpublished = {Demonstration. Mobisys},
   month = {June},
   year = {2009}
}

Keywords

vehicular ad hoc network, security, privacy

Abstract

SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs

W. Whyte and A. Weimerskirch and T. Holczer and L. Buttyán

Proceedings of the IEEE Vehicular Networking Conference, IEEE, IEEE, Tokyo, Japan, October 28-29, 2009, pp. 1-8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {William Whyte and Andre Weimerskirch and Tamas Holczer and Levente Buttyán},
   title = {SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs},
   booktitle = {Proceedings of the IEEE Vehicular Networking Conference},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Tokyo, Japan},
   month = {October 28-29},
   year = {2009},
   pages = {1-8}
}

Abstract

Untraceability of vehicles is an important requirement in future vehicle communications systems. Unfortunately, heartbeat messages used by many safety applications provide a constant stream of location data, and without any protection measures, they make tracking of vehicles easy even for a passive eavesdropper. One commonly known solution is to transmit heartbeats under pseudonyms that are changed regularly in order to obfuscate the trajectory of vehicles. However, this approach is effective only if some silent period is kept during the pseudonym change and several vehicles change their pseudonyms nearly at the same time and at the same location. Unlike previous works that proposed explicit synchronization between a group of vehicles and/or required pseudonym change in a designated physical area (i.e., a static mix zone), we propose a much simpler approach that does not need any explicit cooperation between vehicles and any infrastructure support. Our basic idea is that vehicles should not transmit heartbeat messages when their speed drops below a given threshold, say 30 km/h, and they should change pseudonym during each such silent period. This ensures that vehicles stopping at traffic lights or moving slowly in a traffic jam will all refrain from transmitting heartbeats and change their pseudonyms nearly at the same time and location. Thus, our scheme ensures both silent periods and synchronized pseudonym change in time and space, but it does so in an implicit way. We also argue that the risk of a fatal accident at a slow speed is low, and therefore, our scheme does not seriously impact safety-of- life. In addition, refraining from sending heartbeat messages when moving at low speed also relieves vehicles of the burden of verifying a potentially large amount of digital signatures, and thus, makes it possible to implement vehicle communications with less expensive equipments.

2008

Secure vehicular communication systems: design and architecture

J. P. Hubaux and A. Kung and F. Kargl and Z. Ma and M. Raya and J. Freudiger and E. Schoch and T. Holczer and L. Buttyán and P. Papadimitratos

IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 100-109.

Bibtex | Abstract | PDF

@article {
   author = {Jean-Pierre Hubaux and Antonio Kung and Frank Kargl and Zhendong Ma and Maxim Raya and Julien Freudiger and Elmar Schoch and Tamas Holczer and Levente Buttyán and Panagiotis Papadimitratos},
   title = {Secure vehicular communication systems: design and architecture},
   journal = {IEEE Communications Magazine},
   volume = {46},
   number = {11},
   month = {November},
   year = {2008},
   pages = {100-109}
}

Abstract

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.

2007

Group-Based Private Authentication

G. Avoine and L. Buttyán and T. Holczer and I. Vajda

In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007), IEEE, Helsinki, Finland, Jun 18 , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gildas Avoine and Levente Buttyán and Tamas Holczer and István VAJDA},
   title = {Group-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007)},
   publisher = {IEEE},
   address = {Helsinki, Finland},
   month = {Jun 18 },
   year = {2007}
}

Abstract

We propose a novel authentication scheme that ensures privacy of the provers. Our scheme is based on symmetric-key cryptography, and therefore, it is well-suited to resource constrained applications in large scale environments. A typical example for such an application is an RFID system, where the provers are low-cost RFID tags, and the number of the tags can potentially be very large. We analyze the proposed scheme and show that it is superior to the well-known key-tree based approach for private authentication both in terms of privacy and efficiency.

On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs

I. Vajda and T. Holczer and L. Buttyán

In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer, Cambridge, UK, July 2-3, , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA and Tamas Holczer and Levente Buttyán},
   title = {On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs},
   booktitle = {In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007)},
   publisher = {Springer},
   address = {Cambridge, UK},
   month = {July 2-3, },
   year = {2007}
}

Abstract

The promise of vehicular communications is to make road traffic safer and more efficient. However, besides the expected benefits, vehicular communications also introduce some privacy risk by making it easier to track the physical location of vehicles. One approach to solve this problem is that the vehicles use pseudonyms that they change with some frequency. In this paper, we study the effectiveness of this approach.We define a model based on the concept of the mix zone, characterize the tracking strategy of the adversary in this model, and introduce a metric to quantify the level of privacy enjoyed by the vehicles. We also report on the results of an extensive simulation where we used our model to determine the level of privacy achieved in realistic scenarios. In particular, in our simulation, we used a rather complex road map, generated traffic with realistic parameters, and varied the strength of the adversary by varying the number of her monitoring points. Our simulation results provide detailed information about the relationship between the strength of the adversary and the level of privacy achieved by changing pseudonyms.

2006

Optimal Key-Trees for Tree-Based Private Authentication

I. Vajda and T. Holczer and L. Buttyán

In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), June, 2006, Springer.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA and Tamas Holczer and Levente Buttyán},
   title = {Optimal Key-Trees for Tree-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET)},
   month = {June},
   year = {2006},
   note = {Springer}
}

Abstract

Key-tree based private authentication has been proposed by Molnar and Wagner as a neat way to efficiently solve the problem of privacy preserving authentication based on symmetric key cryptography. However, in the key-tree based approach, the level of privacy provided by the system to its members may decrease considerably if some members are compromised. In this paper, we analyze this problem, and show that careful design of the tree can help to minimize this loss of privacy. First, we introduce a benchmark metric for measuring the resistance of the system to a single compromised member. This metric is based on the well-known concept of anonymity sets. Then, we show how the parameters of the key-tree should be chosen in order to maximize the system's resistance to single member compromise under some constraints on the authentication delay. In the general case, when any member can be compromised, we give a lower bound on the level of privacy provided by the system. We also present some simulation results that show that this lower bound is quite sharp. The results of this paper can be directly used by system designers to construct optimal key-trees in practice; indeed, we consider this as the main contribution of our work.

Providing Location Privacy in Automated Fare Collection Systems

I. Vajda and T. Holczer and L. Buttyán

In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece, June, 2006.

Bibtex | PDF

@inproceedings {
   author = {István VAJDA and Tamas Holczer and Levente Buttyán},
   title = {Providing Location Privacy in Automated Fare Collection Systems},
   booktitle = {In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece},
   month = {June},
   year = {2006}
}

Abstract

2005

Spontaneous Cooperation in Multi-domain Sensor Networks

P. Schaffer and T. Holczer and L. Buttyán

In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS), Springer, Visegrád, Hungary, July, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Peter Schaffer and Tamas Holczer and Levente Buttyán},
   title = {Spontaneous Cooperation in Multi-domain Sensor Networks},
   booktitle = {In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS)},
   publisher = {Springer},
   address = {Visegrád, Hungary},
   month = {July},
   year = {2005}
}

Abstract

Sensor networks are large scale networks consisting of several nodes and some base stations. The nodes are monitoring the environment and send their measurement data towards the base stations possibly via multiple hops. Since the nodes are often battery powered, an important design criterion for sensor networks is the maximization of their lifetime. In this paper, we consider multi-domain sensor networks, by which we mean a set of sensor networks that co-exist at the same physical location but run by different authorities. In this setting, the lifetime of all networks can be increased if the nodes cooperate and also forward packets originating from foreign domains. There is a risk, however, that a selfish network takes advantage of the cooperativeness of the other networks and exploits them. We study this problem in a game theoretic setting, and show that, in most cases, there is a Nash equilibrium in the system, in which at least one of the strategies is cooperative, even without introducing any external incentives (e.g., payments).

2004

Incentives for Cooperation in Multi-hop Wireless Networks

L. Buttyán and T. Holczer and P. Schaffer

Híradástechnika, vol. LIX, no. 3, March, 2004, pp. 30--34, (in Hungarian).

Bibtex | Abstract | PDF

@article {
   author = {Levente Buttyán and Tamas Holczer and Peter Schaffer},
   title = {Incentives for Cooperation in Multi-hop Wireless Networks},
   journal = {Híradástechnika},
   volume = {LIX},
   number = {3},
   month = {March},
   year = {2004},
   pages = {30--34},
   note = {(in Hungarian)}
}

Abstract

Cikkünkben bevezetjük a kooperációra való ösztönzés problémáját, ami tipikus problémaként jelentkezik a többugrásos vezetéknélküli hálózatokban. Röviden áttekintjük a nem-kooperatív viselkedési fajtákat, és a kooperációra ösztönzõ mechanizmusok típusait. Végül összefoglaljuk két általunk javasolt ösztönzõ mechanizmus fõbb elemeit, ötleteit.