A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3, Susan D. Urban 4 1. Department of Computer Science, Shaw University 2. Department of Computer Engineering, Texas Tech University 3. Department of Electrical and Computer Engineering, Texas Tech University 4. Department of Industrial Engineering, Texas Tech University A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3, Susan D. Urban 4 1. Department of Computer Science, Shaw University 2. Department of Computer Engineering, Texas Tech University 3. Department of Electrical and Computer Engineering, Texas Tech University 4. Department of Industrial Engineering, Texas Tech University Texas Tech University 2014 NSF Research Experience for Undergraduates Site Program Background / Motivation  The conventional electric grid technology provides us with energy support to keep our businesses, schools, and homes powered. The current technology is outdated and will eventually be replaced by new innovation known as the Smart Grid.  Smart grid technology provides an efficient, reliable, and two- way transfer of energy and data throughout the grid.  The concept to smart grid technology is to allow us to better manage and preserve energy.  Cyber security is a main issue that needs to be addressed with the development of smart grid technology.  Technology is vulnerable, and there will be a need to keep HANs (Home Area Networks) safe from a cyber-security perspective once the smart grid is connected to homes. Methodology 1. The Process of Setting up a MITM attack (ARP Cache Poisoning).  Intercept packets - Trick victim machine(s) and switch on the network.  Poisoning the Arp table – Puts attacker in between the targeted systems to where they will intercept the packets.  Capturing Information – Software including: Wireshark, Ettercap, and Driftnet captures information once it is intercepted. 2. Counter Measuring MITM Attack using XArp.  XArp is an advanced Arp spoofing detection system that can be installed on Windows and Linux Operating Systems.  The application monitors incoming and outgoing Arp packets that are being processed on the network that it is connected to. It’s designed security algorithms determines if there is an attack on a particular system on the network based on how many Arp packets the system is receiving. Current Status  A virtual environment has been developed implementing Kali Linux, Windows XP, and Ubuntu operating systems.  Windows XP and Ubuntu Operating Systems have been penetrated by MITM attacks.  These attacks were processed to spoof and capture important information using Kali Linux and Wireshark.  A solution to stopping those attacks was installing XArp onto the systems to detect the attacks.  XArp has been valuable in detecting the MITM attacks processed on the network. Conclusion  There will be an immediate need for advanced security technology such as XArp to be factored into smart meters and HANs as the smart grid evolves.  Better Security technology will be significant in providing detection, prevention, and safety from MITM attacks on HANs. References 1.Smart Grid: A Beginner's Guide. (n.d.). Smart Gride: A Beginner's Guide. Retrieved June 26, 2014, from 2."Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution." Kali Linux. N.p., n.d. Web. 31 July Chrismc. XArp – Advanced ARP Spoofing Detection. 4.Weidman, Georgia. "Arp Cache Poisoning." Penetration Testing: A Hands-on Introduction to Hacking. 5.Aloul, F., Al-Ali, A. R., Al-Dalky, R., Al-Mardini, M., & El-Hajj, W. (2012). Smart grid security: Threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1), Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Im, E. G., Yao, Z. Q.,... & Wang, H. F. (2012). Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems. DISCLAIMER: This material is based upon work supported by the National Science Foundation and the Department of Defense under Grant No. CNS Any opinions, findings, and conclusions or recommendation expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation or the Department of Defense. Statement of the Problem  A vulnerable access point once HANs are connected to the smart grid is the smart meter. A smart meter is an advanced electric meter for communicating with devices inside of the home.  An adversary could manipulate the data of the smart meter that it is intended to receive or process.  An adversary who can penetrate the HAN system can performing a MITM (Man-in-the-middle) attack on the smart meter.  Protecting smart meters involves developing counter measures that will prevent insidious attacks such as MITM. Objectives  Construct a virtual environment using VMWare in which three operating systems will be installed to experiment with MITM attacks.  Kali Linux, a penetration testing system will be used to create MITM (Man-in-the-Middle) attacks.  XArp will be installed on the victim machines (Windows XP and Ubuntu) to detect the Arp based MITM attacks.  The purpose is to evaluate how targeted HAN systems can be penetrated by MITM attacks and develop a solution to preventing these attacks efficiently. Future Work  Create a HAN (Home Area Network) where a smart meter simulation is implemented to get real-time results on how MITM attacks can penetrate and affect the system.  This process will use an advanced network simulator to model a home area network and also need a program or code to be created to run a smart meter simulation.  An application such as XArp will be designed to detect and prevent MITM attacks on the smart meter of the HAN system. XArp may be potentially connected to the smart meter technology. Figure 1  Devices of the HAN. Figure 2  MITM attack (captured login credentials for FTP server). Figure 4  XArp detects MITM attack on network. Results 1.Systems that are in HANs can be exploited by MITM attacks.  RETRIEVE - MITM attacks managed to penetrate the systems of Windows XP and Ubuntu Operating Systems retrieving information and files that were essential.  REPLACE - Once the attacker was able to penetrate the system, it also made way for manipulating the files retrieved and replace them. 2.Applying vulnerable systems with counter measures.  When XArp was installed on these systems to prevent MITM attacks. The XArp application detected every attack that was processing through the networks.  The user was able to see in real-time how many Arp (Address Resolution Protocol) based MITM attacks were targeting their system.  XArp Professional detects the MITM attacks that are targeting the user’s system, and it also provides a structure of defense to secure the system from Arp based MITM attacks. Figure 3  Arp Cache Poisoning (Arp Spoofing)