UCC Library and UCC researchers have made this item openly available.
Please let us know how this has helped you. Thanks!
Title
Analyzing the vulnerability of wireless sensor networks to a malicious
matched protocol attack
Author(s)
O'Mahony, George D.; Harris, Philip J.; Murphy, Colin C.
Publication date
2018-10
Original citation
G. D. O' Mahony,P. J. Harris,C. C. Murphy (2018) Analyzing the
Vulnerability of Wireless Sensor Networks to a Malicious Matched
Protocol Attack 2018 International Carnahan Conference on Security
Technology (ICCST) Montreal, QC, Canada, 22-25 October. doi:
10.1109/CCST.2018.8585681
Type of publication
Conference item
Link to publisher's
version
https://ieeexplore.ieee.org/abstract/document/8585681
Rights
© 2018 IEEE. Personal use of this material is permitted. Permission
from IEEE must be obtained for all other uses, in any current or
future media, including reprinting/republishing this material for
advertising or promotional purposes, creating new collective works,
for resale or redistribution to servers or lists, or reuse of any
copyrighted component of this work in other works.
Item downloaded
from
http://hdl.handle.net/10468/9536
http://dx.doi.org/10.1109/CCST.2018.8585681
Access to the full text of the published version may require a
subscription.
Downloaded on 2021-11-27T09:26:08Z
Analyzing the Vulnerability of Wireless Sensor
Networks to a Malicious Matched Protocol Attack
George D. O’Mahony
Philip J. Harris
Colin C. Murphy
Dept. of Electrical and
Electronic Engineering,
University College Cork
Cork, Ireland
george.omahony@umail.ucc.ie
United Technologies Research
Center Ireland
(UTRC-I)
Cork, Ireland
harrispj@utrc.utc.com
Dept. of Electrical and
Electronic Engineering,
University College Cork
Cork, Ireland
colinmurphy@ucc.ie
Abstract—Safety critical, Internet of Things (IoT) and spacebased applications have recently begun to adopt wireless networks based on commercial off the shelf (COTS) devices and
standardized protocols, which inherently establishes the security
challenge of malicious intrusions. Malicious intrusions can cause
severe consequences if undetected, including, complete denial of
services. Particularly, any safety critical application requires all
services to operate correctly, as any loss can be detrimental
to safety and/or privacy. Therefore, in order for these safety
critical services to remain operational and available, any and all
intrusions need to be detected and mitigated. Whilst intrusion
detection is not a new research area, new vulnerabilities in
wireless networks, especially wireless sensor networks (WSNs),
can be identified. In this paper, a specific vulnerability of WSNs
is explored, termed here the matched protocol attack. This
malicious attack uses protocol-specific structures to compromise
a network using that protocol. Through attack exploration, this
paper provides evidence that traditional spectral techniques are
not sufficient to detect an intrusion using this style of attack.
Furthermore, a ZigBee cluster head network, which co-exists with
ISM band services, consisting of XBee COTS devices is utilized,
along with a real time spectrum analyzer, to experimentally
evaluate the effect of matched protocol interference on a realistic
network model. Results of this evaluation are provided in terms of
device errors and spectrum use. This malicious challenge is also
examined through Monte-Carlo simulations. A potential detection
technique, based on coarse inter-node distance measurements,
which can theoretically be used to detect matched protocol
interference and localize the origin of the source, is also suggested
as a future progression of this work. Insights into how this
attack style preys on some of the main security risks of any
WSN (interoperability, device limitations and operation in hostile
environments) are also provided.
Index Terms—Attack, Co-existence, Detection, Distance, InterNode, Interference, Intrusion, IoT, Matched, Mitigation, PHY,
Protocol, Security, Space, Spectrum, WSN and ZigBee.
I. I NTRODUCTION
As WSNs continue to become integrated in safety critical
applications, adding the benefits of wireless technology in the
process, new challenges in terms of security vulnerabilities and
threat identification emerge. Safety critical WSN applications
differ from traditional wireless networks (e.g. WiFi, Bluetooth)
This work was supported in part by the Irish Research Council and
United Technologies Research Center Ireland under the Enterprise Partnership
Scheme Postgraduate scholarship EPSPG/2016/66.
because of stricter security and availability requirements. The
diverse range of safety critical WSN applications is extensive
and includes space-based WSNs [1], the ever expanding IoT,
wireless networked control systems (WNCS) [2], aerospace
applications [3] and critical infrastructures [4]. Furthermore,
Low Earth Orbit (LEO) satellites [5] and Unmanned Aerial
Vehicles (UAVs) [6] can both use WSN components and act
as components in existing WSN infrastructures. Consequently,
network compromise, whether malicious or unintentional, in
any of these applications could have significant consequences
for privacy and/or safety. Therefore, the requirement for intrusion detection to allow countermeasures to be applied in a
timely and accurate manner is of high importance and, significantly, DARPA’s Wireless Network Defense project focuses
on identifying and mitigating such intrusions [7].
WSNs, which consist of light weight devices used to sense
the physical world, have unique security issues due to their
design and use. WSN deployments and applications inherently
require security levels higher than typical wireless networks,
but, the devices in use and their need for interoperability hinder
the use of complex or computationally intensive security
protocols. Also, any propriety protocol in use can typically be
reverse engineered by available tools, therefore, making the
security and availability of the communication link essential
for safety critical WSNs and requiring intrusion detection in
the process. However, intrusion detection has become more
difficult due to the expanding use of both the radio frequency
(RF) spectrum and WSN applications. This leads to service coexistence issues for each WSN and adds a layer of complexity
in the process. Intrusions/interference are the largest contributor to link and path problems in WSNs and resulting packet
losses can lead to avalanche effects and potential network
collapse [8]. Hence, the nature of WSNs and their expanding
applications inherently requires intrusion detection as the first
step in fixing a problem (intrusion) is knowing one exists.
This paper uses ZigBee [9] and a cluster head network
model to identify and analyze an interference vulnerability
in WSNs. The matched protocol attack uses a signal which
matches network operation to cause packet loss and denial of
service. Here, a ZigBee network of COTS XBee devices is
attacked using a ZigBee signal. The XBee devices are used in
experimental tests to analyze a working ZigBee network under
both normal and matched protocol attack conditions. The use
of COTS devices and standardized protocols is relevant given
the general trend towards the use of COTS components in
safety critical applications, for example, space applications
favoring high replenishment rates over custom built components [10]. WSNs are highly susceptible to attacks, especially
jamming attacks and as WSN operating environments become
more diverse and attacking hardware is enhanced and becomes
more available, the probability of new attacks being designed
and new detection strategies being required increases. This
work also shows that traditional spectral techniques require
advancements and a more rounded approach to identify certain
attacks, for example, the matched protocol attack, is essential.
The remainder of this paper is organized as follows: Section
II outlines the adopted network and signal models. Section III
describes general security vulnerabilities in WSNs. Section IV
describes the general strategy for new attack plans and the
matched protocol attack. Section V provides the experimental
setup and results. Section VI outlines future developments of
this work and Section VII concludes the paper.
II. N ETWORK AND SIGNAL MODEL
Network Model: The chosen network model is based on
WSN applications, outlined in Section I, which typically use
cluster-based networks as they can improve stability, reduce
energy consumption and compress the amount of transmitted
data. For example, cluster heads are used as relay nodes (RN)
which aggregate data and forward to Nanosatellites [5], which
act as the links between clusters. Furthermore, according to
studies and predictions by Gartner Inc., outlined in [11], the
IoT will likely include 26 billion installed units by 2020. It
is likely that the cluster head approach will be adopted in
many of these applications due to the advantages it brings
to large networks, clearly highlighting the importance of the
cluster approach to WSNs. A WSN contains cluster heads
(specific node or a sensor node given extra responsibility and
designation may be transferred between nodes), which are
deployed to collect and analyze data, multiple sensor nodes
and a sink. Here, all nodes are static and the cluster head
model is achieved using three specific ZigBee node types.
The responsibilities of the cluster head are carried out by
the coordinator (C) (only one of these nodes is used here),
relay nodes (RN ) relay data generated from neighboring
nodes to the coordinator, and the sensing end device (E)
nodes. The RN reduce the distance between an end device
and the corrdinator by introducing an additional hop, while
also trying to reduce any overloading of nodes.
Signal Model: ZigBee [9], is the chosen signal model as
is it based on the IEEE 802.15.4 protocol, currently the de
facto standard for WSNs and enables interoperability between
different device manufacturers. The versatility and future uses
of IEEE 802.15.4 are observed in its use on an In-orbit Demonstration (IoD) of a WSN on the International Space Station
(ISS) [10]. ZigBee’s relevant physical layer (PHY) parameters
and packet structure are shown in Tables I and II, respectively.
TABLE I
IEEE 802.15.4 (Z IG B EE ) PHY PARAMETERS
Parameter:
Data Rate
Symbol Rate
Chip Rate
Chip Modulation
Number of Channels
Channel Spacing
Channel Width
2.4 GHz PHY Value:
250 kb/s
62.5 ksymbols/s
2 M chips/s
O-QPSK with half sine pulse shaping
16
5 M Hz
2 M Hz
TABLE II
Z IG B EE F RAME USED IN S IGNAL G ENERATION
Synchronization
Header
(SHR)
Preamble
SFD
1 Byte
4 Bytes
PHY Header
(PHR)
Length
1 Byte
PHY Service Data Unit
(PSDU)
Payload
0-125 Bytes
CRC
2 Bytes
The 2.4 GHz band was selected and the 16 relevant channel
centre frequencies are provided in (1), where the frequency
range is 2.405 − 2483.5 GHz, Fc is the centre frequency
and i is the channel number. These frequencies operate in the
unlicensed industrial scientific medical (ISM) frequency band
and, consequently, coexist with various other protocols, for
example, WiFi and Bluetooth. ZigBee uses the PHY and MAC
layers from the IEEE802.15.4 protocol and adopts ZigBee
specific network and application layers. The MAC layer uses
carrier sense multiple access with collision avoidance (CSMACA) and the PHY layer uses direct sequence spread spectrum
(DSSS) and offset quadrature phase shift keying (O-QPSK).
Fc = 2405 + 5(i − 11)M Hz, f or i = 11, 12, ...26
(1)
III. WSN S ECURITY V ULNERABILITIES
All WSN applications require security, particularly when
the networks are designed for use in hostile environments
and/or in military/aerospace/commercial/IoT applications, as
WSNs are susceptible to various attacks. Securing WSNs to
an appropriate level is more difficult when compared to other
wireless/wired networks because WSNs have a number of
unavoidable unique security challenges, which are highlighted
in [12] and summarized below:
• Open Interface: Protocols are unavoidably known publicly
due to the requirement for interoperability between devices
and protocols. The wireless channel is open to anyone
with suitable equipment, resulting in vulnerabilities to radio
jamming, spoofing, eavesdropping etc.
• Device Resources: Typically devices are deployed and left
unattended, operate on a constrained energy supply and, for
reasons of cost, have low processing power, which all pose
significant challenges for security and reliability.
• Hostile Environments: WSNs are regularly deployed without
any fixed infrastructure, where it is difficult to have continued surveillance and operate under harsh environmental
conditions [13]. Legitimate nodes are potentially physically
susceptible to being captured by attackers. Thus, a high probability exists of node secrets being discovered and/or nodes
becoming malicious. Tamper proofing nodes is possible, but
may not be appropriate for all types of networks/nodes.
• Topology [13]: The network topology constantly changes
due to changes in the environment (e.g. people, weather,
objects), the natural dynamic nature of WSNs, damage, or
“death” of some network nodes.
• Hardware Availability: As hardware becomes increasingly
available at more cost effective prices, potential attackers can
prepare and develop attacks using real-world WSN hardware,
which provides an increased chance of attacker success.
1. Create new
Attack Plan
4. Examine cost
of attack
5. Refine attack
again
2. Try out
Attack Plan
3. Refine attack
6. Deploy attack
Fig. 1. Flowchart depicting a general attack creation strategy
Network Analysis
IV. ATTACK A PPROACH
In terms of design and application, attackers are generally
more agile, timely and less constrained (in terms of obeying
protocols and laws) when compared to their industrial counterparts. This allows attackers to focus on creating only what
they truly need and disregard all laws and rules relating to the
use of hardware, RF spectrum etc. In terms of WSNs, attackers
can take advantage of the security issues described in Section
III to develop new or modified attack plans. The general attack
strategy is provided in Fig. 1 [14], where the time-line is only
a few weeks and the cost of attack relates to (2). Scalability
refers to how deployable a specific attack is and the takeaway
quantifies the gain achieved by using the attack. This approach,
the availability of hardware and the extensive set of potential
techniques means attack styles are hard to predict and have
relatively short development time-lines.
This work focuses on the matched protocol attack, which
uses the attack plan shown in Fig. 2, where the identifier may
not necessarily need to identify the exact protocol in use but
recognize enough to match the spectral identity and cause
packet collisions. This learning based attack determines the
signal and frame structures based on monitoring the spectrum
and frequencies in use and eavesdropping on transmitted
packets, e.g. a 2 M Hz bandwidth at specific frequencies
near 2.4GHz highlights the use of the IEEE802.15.4 protocol
and the operating channel is determined using (1). Packet
eavesdropping, received power levels and moving around a
specific area where nodes are suspected to be located (higher
power levels are expected in areas enclosing network nodes)
can identify network operation. All of the acquired information
is used in the attack plan and a specific matched protocol attack
is implemented. The attack causes collisions by introducing
interference which mimics legitimate network signals and the
resulting packet loss can cause an avalanche of problems
which effect all levels of the communication stack [8]. For
example, extra traffic introduced by retransmissions and attack
packets, can lead to link prediction fluctuations, path changes
in routing protocols, applications buffering too many packets
and certain nodes becoming unreachable, leading to, in extreme circumstances, a complete collapse of the network [8].
Attack V alue = Scalability ∗ T akeaway
(2)
Frequency(ies)
in use
Spectral Shape
Packet
Transmissions
Nodal Hardware
being used
Identifier (Human or
algorithm based)
Implementation of
network specific
matched protocol attack
Fig. 2. Attack plan for the matched protocol attack.
V. M ATCHED P ROTOCOL ATTACK A NALYSIS
A. Experimental Setup and Results
The vulnerability of WSNs to the matched protocol attack
was experimentally tested using a ZigBee cluster head network of XBee COTS devices. The nodes were configured
using DIGI’s XCTU software, to form a network with one
coordinator and four receiving nodes (ZigBee Routers), as
shown in Fig. 3, which also supplies a snapshot of the hardware used. This self-organizing network operates a dynamic
topology which brings resilience to natural faults as well as
vulnerabilities to malicious attacks. The nodes were powered
and controlled remotely using Raspberry Pi 2 and 3 devices
utilizing the digi-xbee python library and dispersed sufficiently
to provide a realistic deployment scenario. Each node records
each of its transmitted packets in a .txt file and the coordinator
records and analyzes all received packets in a .txt file in terms
of received data, 64 bit source address and packet time-stamp.
A programmable software defined radio (SDR), which can
adapt to different protocols, was used as the attacking node
to transmit ZigBee signals with either pseudo-random data or
code words. A Tektronix real time spectrum analyzer (RTSA),
using a ZigBee stubby antenna, monitored both the RF spectrum and the transmitted packets and allowed the effectiveness
of the matched protocol attack to be verified. Both legitimate
packets and attack packets were monitored using the Tektronix
RTSA, visualized through the Tektronix Digital Phosphor
technology (DPX) and are shown in Fig. 5(a) and Fig. 5(b)
respectively. These spectral images are both OQPSK signals
with an ≈ 2 M Hz bandwidth at 2.465 GHz and have similar
power levels, which demonstrates the difficultly in detecting
100
Continuous Wave
ZigBee
PER
10-1
ZigBee (5 MHz)
10-2
10-3
10-4
-30
-20
-10
0
10
20
30
40
50
JSR (dB)
Fig. 3. XCTU produced network configuration, showing the coordinator and
receiving nodes, which can talk directly to the coordinator or route through
neighboring nodes. A snapshot of the actual hardware shows the real devices
used.
the matched protocol attack using traditional spectral methods,
without causing undesirable false positives. Therefore, packets
being lost and network services becoming unavailable cannot
be directly associated with an attacker because the signals all
appear to match normal network operations.
Theoretically, the attack focuses on creating packet collisions, resulting in packet loss and node links collapsing
causing nodes to become unreachable. Through network monitoring, attack packets can be transmitted when legitimate
packets are expected, causing the packets to collide and
increasing the probability of errors occurring and packets
being lost or being so erroneous that retransmissions are
necessary. The PER shown in (3) (NBytes denotes the number
of bytes in the packet), shows that increasing the probability
of error, Pe , increases the PER. Each consequential retransmission is costly and can have an avalanche effect in the
network, leading to routing changes, links being unusable
and certain nodes being unreachable. Clearly, this approach
targets exposed security holes, as explained in Section III, to
affect packets in the channel and to deny network services.
Through publicly available protocols, signals and packets can
be matched by the attack and are difficult to detect due to
a lack of complex security algorithms and techniques in use.
Additionally, suitable hardware is available at low cost and
the applications which use WSN are attractive to potential
attackers as they have a large takeaway, if successful, thus
giving rise to a positive attack value using (2).
To provide initial evidence, Monte-Carlo simulations, based
on a simple matched filter receiver, (Fig. 4) were executed
for both matched protocol interference and continuous wave
(CW) interference. The PER was calculated for a number
of jammer-signal-noise ratios (JSR) for a matched protocol
attack on the channel in use (ZigBee), on an adjacent channel
(ZigBee-5 MHz) and for a CW attack on the channel in
use (Continuous Wave). Fig. 4 shows the susceptibility of
WSNs to a matched protocol attack, even at low JSR, while
adjacent channels only have an effect at extremely high JSR.
Additionally, Fig. 4 provides evidence that this intelligent
attack is more effective compared to brute force jamming
attacks like, CW. Interestingly, the use of cyclic redundancy
codes in the ZigBee packet, Table II, would only identify errors
Fig. 4. Simulated PER for a ZigBee signal under both a matched protocol and
CW attack using a matched filter receiver. An attack on an adjacent channel
shows ZigBee’s resilience to cross channel interference.
(a) Legitimate Packet
(b) Attack Packet
Fig. 5. DPX images showing both (a) a legitimately transmitted packet and
(b) an attack packet on ZigBee channel no. 23 (2465 M Hz)
and require retransmissions, leading to a successful attack.
P acket Error Rate (P ER) = 1 − (1 − Pe )2∗NBytes
(3)
To verify the above, a real WSN, based on XBee nodes,
was set up and run under normal conditions and attack
conditions. The Tektronix RTSA identified the channel in use,
the spectral image of the legitimate signals/packets and the
packet transmission period (approx. every 60s). In this testbed,
which uses simple python code and XBee devices, a successful
attack requires the coordinator to become unreachable by the
individual nodes and in this case, using the digi-xbee library,
an “Address Not Found“ error occurs causing the python code
TABLE III
E XPERIMENTAL R ESULTS : N ORMAL O PERATION
Normal Operation
Test Length (Hours):
Total Packets Sent:
Packets Lost:
Test 1
≈ 17
4100
0
Test 2
≈ 17
4170
0
Test 3
≈ 17
4084
0
Test 4
≈ 17
4084
0
Test 5
≈ 17
4135
0
Test 6
≈ 26
6308
0
to throw an exception and fail. To validate this approach the
testbed was tested under normal conditions for 6 distinctive
periods as per Table III. The results in Table III show that the
network ran without error during the 6 separate tests, in which
over 26, 500 packets were transmitted, therefore, validating the
code and setup. During the attacking tests, the attacking SDR
ignored the CSMA/CA protocol in use and constantly injected
packets into the channel at specific times and effectively
became a learning based jammer with the spectral image of
legitimate packets. This resulted in packet collisions and the
coordinator (identified from network monitoring) becoming
unreachable by network nodes. This caused each network node
to throw an exception, resulting in code failure and a denial
of network services. This error only occurred when the SDR
attacker was present and caused the nodes to fail when trying
to transmit a packet. These experiments demonstrated WSNs
vulnerability to matched protocol interference, as the network
was jammed with indistinguishable signals.
VI. F UTURE W ORK
Future progressions of this work includes the analysis of
inter-node distances, packet security measures and packet manipulation. Inter-node distances, denoted Da−b , have potential
in terms of attack detection and Ultra Wide-band devices are
key for this concept to work as accurate distance measurements
can be achieved. Furthermore, this concept can be developed
to include the identification of channel properties due to the
existence of a unique channel between two distinct static
nodes. Therefore, these unique properties would be difficult
for an attacker to replicate and so a detection strategy for
matched protocol interference could emerge. The work can
be expanded by delving into indoor positioning and WSN
localization techniques. The analysis of security techniques
used in WSN protocols and packets, and especially why they
are used, will provide insights into how to improve WSN
protocols in terms of security and design methodologies and
allow for the best detection algorithm deployments. Finally,
an interesting future development is to explore whether the
matched protocol attack (and/or other attack techniques) can
cause packet manipulation or network spoofing.
VII. C ONCLUSION
This paper described a matched protocol attack and how
WSNs are vulnerable to it due to the use of network specific
packets and signals. The detection of such an attack requires
using information outside of the normal spectral and routing
layer techniques. This implies that traditional interference detection schemes might be inadequate, as intruder signals may
now be indistinguishable from legitimate signals. Therefore,
intrusion detection requires more than monitoring the spectrum
or routing layer as the whole WSN process requires attention.
This paper clearly highlighted the need for intrusion detection
and how WSN security is becoming critical. The attack style
was described and experimentally tested and simulated and
general WSN security vulnerabilities were identified. Therefore, a methodology is now required which designs protocols
with attackers in mind, leading to the entire protocol stack and
hardware used being designed to detect and mitigate attacks.
ACKNOWLEDGMENT
The authors would like to thank both Dr. James T. Curran
for his contribution in developing the signal model and MonteCarlo simulations and Dr. Kevin McCarthy for his guidance
and insight with respect to the experimental set up.
R EFERENCES
[1] T. Vladimirova, C. P. Bridges, J. R. Paul, S. A. Malik, and M. N.
Sweeting, “Space-based wireless sensor networks: Design issues,” IEEE
Aerospace Conference, pp. 1–14, 2010.
[2] P. Park, S. C. Ergen, C. Fischione, C. Lu, and K. H. Johansson, “Wireless
Network Design for Control Systems: A Survey,” IEEE Communiations
Surveys and Tutorials, vol. 20, no. 2, pp. 978–1013, 2018.
[3] R. K. Yedavalli and R. K. Belapurkar, “Application of wireless sensor
networks to aircraft control and health management systems,” Journal
of Control Theory and Applications, vol. 9, no. 1, pp. 28–33, 2011.
[4] L. Buttyán, D. Gessner, A. Hessler, and P. Langendoerfer, “Application
of wireless sensor networks in critical infrastructure protection: challenges and design options [Security and Privacy in Emerging Wireless
Networks],” IEEE Wireless Communications, vol. 17, no. 5, pp. 44–49,
2010.
[5] A. Addaim, A. Kherras, and Z. Guennoun, “Design of WSN with Relay
Nodes Connected Directly with a LEO Nanosatellite,” International
Journal of Computer and Communication Engineering, vol. 3, no. 5,
pp. 310–316, 2014.
[6] M. A. M. Marinho, E. P. De Freitas, J. P. C. Lustosa Da Costa,
A. L. F. De Almeida, and R. T. De Sousa, “Using cooperative MIMO
techniques and UAV relay networks to support connectivity in sparse
Wireless Sensor Networks,” International Conference on Computing,
Management and Telecommunications, ComManTel, pp. 49–54, 2013.
[7] T. Woodward, “DARPA - Wireless Network Defense.” [Online].
Available: https://www.darpa.mil/program/wireless-network-defense
[8] A. Förster, Introduction to wireless sensor networks, 2016.
[9] ZigBee Alliance, “ZigBee Specification. ZigBee document 053474r20,”
Tech. Rep., 2012. [Online]. Available: http://www.zigbee.org/
[10] H. J. Beestermöller, J. Sebald, M. C. Sinnreich, H. J. Borchers,
M. Schneider, H. Luttmann, and V. Schmid, “Wireless-Sensor Networks
in Space Technology Demonstration on ISS,” in Dresdner SensorSymposium, 2015, pp. 99–102.
[11] I. Gartner, “C. STAMFORD. (2016) Gartner says by 2020, more
than half of major new business processes and systems will
incorporate some element of the internet of things.” [Online]. Available:
https://www.gartner.com/newsroom/id/3185623
[12] Y. Zhou, Y. Fang, and Y. Zhang, “Securing Wireless Sensor Networks:
A Survey,” IEEE Communications Surveys, vol. 10, no. 3, pp. 6–28,
2008.
[13] A. P. Abidoye and I. C. Obagbuwa, “DDoS attacks in WSNs:
detection and countermeasures,” IET Wireless Sensor Systems,
vol. 8, no. 2, pp. 52–59, 2018. [Online]. Available: http://digitallibrary.theiet.org/content/journals/10.1049/iet-wss.2017.0029
[14] G. Bullard, “Securing the Digital EcoSytem – A war we’re losing.”
Public Lecture at: The Future of Security Seminar, Univeristy College
Cork, 09th May 2018.