9/11
直播連結:國際會議廳 R0
第一會議廳 R1
第二會議廳 R2
遠距會議室 R3
交誼廳 R4
報到時間
嘉賓致詞
總召致詞 & Opening
Industrial Cybersecurity Landscape in 2020: Trends, Challenges, and Opportunities
劉榮太
Break
[ HITCON 論壇 ] 金融業如何迎擊數位戰場的第一道烽火
翁浩正 蔡福隆 處長 郭建中 董事長 蘇清偉 資安長 劉培文 執行副總經理
A Million Boluses: Discovery and Disclosure of Vulnerabilities in an Insulin Pump
Julian Suleder
Lunch
[ HITCON 論壇 ] 主動式資安防禦策略,解決 OT 資安相依性風險
毛敬豪 所長 劉榮太 執行長 鄭嘉信 執行長 楊瑞祥 技術長 王仁甫 總監
APT Chimera - Operation targets Semiconductor Vendors
陳仲寬 Inndy Lin JohnThunder
人力徵才
Bug Bounty Competition
Break
[ HITCON 論壇 ] 如何兼顧疫情控制與隱私保護
李柏鋒 OCF 簡宏偉 處長 龐一鳴 處長 劉宇倫 醫師 Sherry Chung MyData Taiwan
網軍內網滲透之奇技淫巧 (Operation: I am Tom)
zha0 Tom Aragorn
Bug Bounty Competition
TDOH Village
Coffee Break
[ HITCON 論壇 ] 疫情後資安人才培育的挑戰與契機
Alan Lee 黃俊穎 博士 Tzong-Chen Wu Seungjoo Kim Kana Shinoda Yan Shoshitaishvili
Reversing In Wonderland: Neural Network Based Malware Detection Techniques
Sheng-Hao Ma Shin-Ming Cheng
Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
Joey Chen
5G Village Session
Break
A CTF-Style Escape Journey on VMware Workstation
Yanyu Zhang
5G Village Session
Closing
9/12
直播連結:國際會議廳 R0
第一會議廳 R1
第二會議廳 R2
遠距會議室 R3
交誼廳 R4
報到時間
Opening
Break
Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot
Cheng-Yu Chao
Bug hunting from zero to 0(day) to ($)0
Anthony Lai Byron Wai Ken Wong
CTI Village
Break
From LNK to RCE: Finding bugs in Windows Shell Link Parser
Lays
Potential Security and Privacy Issues in Novel Taiwanese National eID system
何明洋
First step in the quest for manufacturing cyber-resilient IoT devices
Jun Sato 張智翔
CTI Village
Break
RE: 從零開始的 OOO DEF CON CTF & DEFCON 28 準備與競賽分享
ddaa yuawn
LEAYA: Last Exploitation 絢 - An Embedded System Detection and Response
cp zet freetsubasa
Exploit (Almost) All Xiaomi Routers Using Logical Bugs
Aobo Wang Jihong Zheng
CTI Village
Lunch
協會時間
Break
Development of Signaling Spoofing Attacks Using Function Containerization of Rogue Base Stations
Shin-Ming Cheng Bing-Kai Hong
Guarding the Factory Floor: Catching Insecure Industrial Robot Programs
Federico Maggi Davide Quarta Marcello Pogliani Stefano Zanero Marco Balduzzi
CTI Village
Break
-
Bug Bounty X Router X IP Cam X 電子支付
The Great Hotel Hack: Adventures in attacking hospitality industry
Etizaz Mohsin
CTI Village
Coffee Break
Lightning Talk / 閉幕 / 花絮與展望 HITCON 2021
Development of Signaling Spoofing Attacks Using Function Containerization of Rogue Base Stations
議程摘要 Abstract
Development of Flexible Signaling Spoofing Attacks Using Function Containerization of Rogue Base Station
By applying Software-Defined Radio (SDR) technology, attackers could easily establish rogue Base Stations (BSs) to launch signaling spoofing, denial-of-service (DoS), or even Man-in-the-middle (MITM) attacks in 4G LTE or 5G NR networks. However, the antenna capability of the rogue BSs limits the attack range and the effective results, and determines the possibility of being detected. In this proposal, we leverage a lightweight virtualization innovation, docker, to enable the containerization of radio access networks (RANs) and core networks (CNs) of rogue BSs, thereby realizing a large-scale signaling spoofing attack. In particular, we focus on the forgery of the signaling information blocks (SIBs), which is regarded as an essential broadcasting messages carrying fundamental instructions for a normal operation in 4G LTE networks.
In the proposed attacks, the victim will receive fake emergency alerts for panics or scam spreading, manipulated GPS information for wrong time synchronization, malicious black-list for disconnection, or fallacious power control message for battery depletion. Furthermore, we introduce Kubernetes to manage the developed attacks in the containers and to launch a cooperative attack in different geographic locations. We will demonstrate the proposed attack and show the negative effects it caused to the public.
Since the SIBs will be exploited to deliver operational information in 5G NR, the proposed SIB spoofing attacks could be easily implemented and realized, which of course will introduce severe damage to the 5G applications such as IoT. We also discuss the possible detection and protection approaches for the proposed SIB spoofing attack in 5G networks.
Shin-Ming Cheng
Prof. Shin-Ming Cheng received his B.S. and Ph.D. degrees in computer science and information engineering from National Taiwan University, Taipei, Taiwan, in 2000 and 2007, respectively. He was a Post-Doctoral Research Fellow at the Graduate Institute of Communication Engineering, National Taiwan University, from 2007 to 2012. Since 2012, he has been on the faculty of the Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, where he is currently an associate professor. Since 2017, he has been with the Research Center for Information Technology Innovation, Academia Sinica, Taipei, where he is currently a joint associate research fellow.
His current interests are secure mechanism design and security-related platform development in 4G/5G networks and IoT networks. Recently he investigates the robustness issue in machine learning. He received 2014 K. T. Li Young Researcher Award from ACM Taipei/Taiwan Chapter and IEEE PIMRC 2013 Best Paper Award, Since 2015, he served as the PI of the largest security education camp, AIS3, in Taiwan and trained almost 1000 students in these years.
Bing-Kai Hong
Bing-Kai Hong (Jed Hung) is a Ph.D. student in the Computer Science and Information Engineering at the National Taiwan University of Science and Technology, with preparing his thesis on 5G network security. Since 2017, he started working at the Sentra Smart Technology Inc., where his position is the System Architect. Specialize in infrastructure deploy and security solutions at the networking, software, and cloud services in environments. In 2018, he is an intern member of the Communication Systems Department at EURECOM, who participated in many international group research and development open-source projects connected with a network protocol, security, virtualization, cloud computing, and programmable 5G network. The main contribution was done in the projects: “OpenAirInterface: The F1 CU-DU split”. As part of the project realization, he cooperated and coordinated work with other international EURECOM units, including France, the USA, China, Romania, Tunisia. Since 2019, he is a trainee member of the Cybersecurity Laboratory at the National Institute of Information and Communications Technology. He participated in Cybersecurity group research and development projects connected with IoT security, IoT Firmware, and Malware analysis, virtualization, and programmable networks.