\documentclass[aspectratio=169,10pt]{beamer} \usetheme[progressbar=head,numbering=fraction,sectionpage=none]{metropolis} \usepackage{graphicx} \usepackage{ulem} \usepackage{xcolor} \usepackage[scale=2]{ccicons} \usepackage{pgfplots} \usepackage{numprint} \usepackage{booktabs} \usepgfplotslibrary{dateplot} \usepackage{hyperref} \usepackage{multirow} \usepackage{tcolorbox} \usepackage{array} \usepackage{xspace} \title{Side-channel Based Runtime Intrusion Detection for Network Equipment} \subtitle{} \date{} \author{Arthur Grisel-Davy} \institute{University of Waterloo, Canada} \begin{document} \maketitle \begin{frame}{Introduction} \begin{center} {\LARGE We cannot entrust machines to assess their own integrity.}\\ \vspace{1.5cm} {\LARGE Integrity assessement require access to relevant information.} \end{center} \end{frame} \begin{frame}{Common IDS Solution} \begin{center} \includegraphics[width=\textwidth]{images/main_illustration_1.pdf} \end{center} \end{frame} \begin{frame}{Common IDS Solution} \begin{center} \includegraphics[width=\textwidth]{images/main_illustration_2.pdf} \end{center} \end{frame} \begin{frame}{Common IDS Solution} \begin{center} \includegraphics[width=\textwidth]{images/main_illustration_3.pdf} \end{center} \end{frame} \begin{frame}{Common IDS Solution} \begin{center} \includegraphics[width=\textwidth]{images/main_illustration_4.pdf} \end{center} \end{frame} \begin{frame}{Threat Model} \only<1>{\begin{tcolorbox}[colback=yellow!5!white,colframe=yellow!50!black, colbacktitle=yellow!75!black,title=Firmware Manipulation] Change settings, upgrade/downgrade firmware, Replace firmware. \tcblower Machine takeover, Advanced Persistent Threats. \end{tcolorbox} \begin{tcolorbox}[colback=yellow!75!black,colframe=yellow!50!black, coltext=white] Runtime Monitoring \end{tcolorbox} \begin{tcolorbox}[colback=yellow!75!black,colframe=yellow!50!black, coltext=white] Hardware Tampering \end{tcolorbox} } \only<2>{ \begin{tcolorbox}[colback=yellow!75!black,colframe=yellow!50!black, coltext=white] Firmware Manipulation \end{tcolorbox} \begin{tcolorbox}[colback=yellow!5!white,colframe=yellow!50!black, colbacktitle=yellow!75!black,title=Runtime Monitoring] Log tampering, login (brute force/dictionary) attacks. \tcblower Intrusion, Covert operations. \end{tcolorbox} \begin{tcolorbox}[colback=yellow!75!black,colframe=yellow!50!black, coltext=white] Runtim Monitoring \end{tcolorbox} } \only<3>{ \begin{tcolorbox}[colback=yellow!75!black,colframe=yellow!50!black, coltext=white] Firmware Manipulation \end{tcolorbox} \begin{tcolorbox}[colback=yellow!75!black,colframe=yellow!50!black, coltext=white] Runtim Monitoring \end{tcolorbox} \begin{tcolorbox}[colback=yellow!5!white,colframe=yellow!50!black, colbacktitle=yellow!75!black,title=Hardware Tampering] Installation/removal of peripherals. \tcblower MAC Flooding attacks. \end{tcolorbox} } \end{frame} \begin{frame}{Experiment Family I - Firmware Manipulation} \begin{center} \includegraphics[height=0.9\textheight]{images/Firmware_Comparison_TD_direct.pdf} \end{center} \end{frame} \begin{frame}{Experiment Family II - Run-Time Monitoring} \begin{center} \includegraphics[height=0.9\textheight]{images/time_domain_ssh.pdf} \end{center} \end{frame} \begin{frame}{Experiment Family III - Hardware Tampering} \begin{center} \includegraphics[height=\textheight]{images/switch.jpg} \end{center} \end{frame} \begin{frame}{Experiment Family III - Hardware Tampering} \begin{center} \includegraphics[width=\textwidth]{images/detect_change.pdf} \end{center} \end{frame} \end{document}