Presentation is loading. Please wait.

Presentation is loading. Please wait.

Teaching Security of Internet of Things in Using RaspberryPi Oliver Nichols, Li Yang University of Tennessee at Chattanooga Xiaohong Yuan North Carolina.

Published byStephen Shepherd Modified over 7 years ago

Similar presentations

Presentation on theme: "Teaching Security of Internet of Things in Using RaspberryPi Oliver Nichols, Li Yang University of Tennessee at Chattanooga Xiaohong Yuan North Carolina."— Presentation transcript:

1 Teaching Security of Internet of Things in Using RaspberryPi Oliver Nichols, Li Yang University of Tennessee at Chattanooga Xiaohong Yuan North Carolina A& T State University 1

2 Introduction ❏ The Internet of Things (IoT) is becoming a reality in today’s society. ❏ The IoT can find its application in multiple domains including healthcare, critical infrastructure, transportation, and home and personal use. ❏ It is important to teach students importance and techniques that are essential in protecting IoT. 2

3 Importance of IoT Security Bruce Schneier said that while website security is a major issue, the Internet of Things will prove much more difficult to manage. “These are devices that are made cheaply with very low margins, and the companies that make them don’t have the expertise to secure them. 3

4 Setting up Experiment Environment We set up a Smart Home environment using a Raspberry Pi, Razberry Daughter Board, and Z-Wave sensors. 4

5 Lab 1: Sniffing of IoT and Its Countermeasures Sniffing is a form of passive attack to learn about the communication between two computers. Remote Access Analysis: Communication between the mobile device and find.zwave.me, and communication between find.zwave.me and Raspberry Pi. User will use find.zwave.me to log into his Raspberry Pi remotely. Observe difference when find.zwave.me is set to “Not a secure connection” or othewise. Local Access Analysis: 5

6 Students analyzed the web application hosted on the Raspberry Pi. 6 Lab 1: Sniffing of IoT and Its Countermeasures The connection from the Mobile device to the server used TLS 1.2. The certificate appears to be valid, and no issues were reported using Firefox, Internet Explorer, or Chrome. Traffic between the server and the Raspberry Pi also used TLS. Vulnerabilities for TLS were tested on the Raspberry Pi’s implementation using a test script which can be found at https://testssl.sh/testssl.sh.

7 Lab1: Access: find.zwave.me server ❏ Communication between Mobile Device and find.zwave.me is secure ❏ Communication between find.zwave.me and PI is secure (no serious vulnerabilities) ❏ Allows for Client-Initiated Renegotiation: Potential DoS threat ❏ Implements TLS_FALLBACK_SCSV ❏ Implements SSLv3 with RC4 (highly discouraged) 7

8 Lab 1: Local System Vulnerabilities ❏ Given access to local area network (LAN) where Raspberry Pi is connected with. ❏ No encryption between local computer and the PI ❏ Credentials exchanged in Plain Text 8

9 Lab1: Local System Vulnerabilities continued 9

10 Lab 2: Session Hijacking and Replay Attacks Session ID or cookie ID is a unique identifier used to determine communications between two parties. Session hijacking is to first acquire the session ID and then combine with replay attacks to impersonate one party of the communication. Students first discover Session ID between Rasberry Pi and Smart Switch: 10

11 Lab 2: Session Hijacking and Replay Attacks Students are then asked to use the same session ID to replay the control message from the Raspberry Pi to the smart switches. Students are able to change “on” and “off” easily by replaying the control message with its session ID. 11

12 Lab 3: ARP Cache Poisoning Attack Man-in-the-Middle (MitM) attacks can be achieved by using ARP cache poisoning on a local network. ARP cache poisoning is an achievable task due to the fact that no authentication mechanism exists for ARP. To begin the attack, the students will need to know the address of the Raspberry Pi and the machine attempting communication with the Raspberry Pi. This information can be given to the students or discovered using wireshark, nmap, or another tool. 12

13 Lab 3: ARP Cache Poisoning Attack Students are first instructed to modify ARP table so that Host-A’s IP address will be mapped to the MAC address of the attacking PC. Host A IP: 192.168.1.70. Attacking PC MAC: 00:14:22:30:a3:6d. 13 Before attack After attack

14 Students logged into the Raspberry Pi (Host-B) from the Host-A computer. As the password is sent in plaintext, sniffing shows Raspberry Pi’s login password again. 14 Lab 3: ARP Cache Poisoning Attack Password Revealed by an ARP Cache Poisoning Attack

15 Lab 4: ARM Stack Exploits and Security Measures The Raspberry Pi B+ uses an ARM11 processor which is based on the ARMv6 architecture. Most mobile devices use ARM because it dissipates less heat and uses less energy than its major competitors. A buffer overflow (BoF) attack is to supply enough data to overfill the buffer, and write malicious data into an area that can be directly called by address. 15

16 Lab 4: ARM Stack Exploits and Security Measures Students are first asked to write a program called “overflow_exploit” with a typical Buffer Overflow (BoF) program called “vulnerable_callee” that copies the user- supplied parameter into a buffer with fixed size. 16 Starting Memory Address of vulnerable_callee Success BoF attack

17 EVALUATION AND DISCUSSION These labs are designed to demonstrate attacks and security practices; and show the significance of security in the Internet of Things. The attacks are designed to work against TCP/IP and the Razberry software. These labs do not directly address Z-Wave because it is closed source and resources on Z-Wave are limited. 17

18 Future works Attacks against the IP camera Attacks on sensors Analyze other protocols such as ZigBee or Bluetooth Low Energy Acquiring a hub for a Smart Home, such as the SmartThings hub and analyze protocols, smartphone app, and hub software 18

19 Thank you! Questions? 19

Download ppt "Teaching Security of Internet of Things in Using RaspberryPi Oliver Nichols, Li Yang University of Tennessee at Chattanooga Xiaohong Yuan North Carolina."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
NETWORK SECURITY.

NETWORK SECURITY.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Session Hijacking & ARP Poisoning Why web security depends on communications security and how TLS everywhere is the only solution.

Session Hijacking & ARP Poisoning Why web security depends on communications security and how TLS everywhere is the only solution.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
JMU GenCyber Boot Camp Summer, 2015. Network Sniffing Sometimes it is possible observe/record traffic traveling on a network Network traffic may contain.

JMU GenCyber Boot Camp Summer, Network Sniffing Sometimes it is possible observe/record traffic traveling on a network Network traffic may contain.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
ARP Poisoning Rushad Shaikh CSCI 5931 Web Security Spring 2004.

ARP Poisoning Rushad Shaikh CSCI 5931 Web Security Spring 2004.
COEN 252 Computer Forensics Collecting Network-based Evidence.

COEN 252 Computer Forensics Collecting Network-based Evidence.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Similar presentations

Ads by Google