nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Assessment and Hardening of IoT Development Boards

verfasst von : Omar Alfandi, Musaab Hasan, Zayed Balbahaith

Erschienen in: Wired/Wireless Internet Communications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Internet of Things (IoT) products became recently an essential part of any home in conjunction with the great advancements in internet speeds and services. The invention of IoT based devices became an easy task that could be performed through the widely available IoT development boards. Raspberry Pi is considered one of the advanced development boards that have high hardware capabilities with a reasonable price. Unfortunately, the security aspect of such products is overlooked by the developers, revealing a huge amount of threats that result in invading the privacy and the security of the users. In this research, we directed our study to SSH due to its extensive adoption by the developers. It was found that due to the nature of the Raspberry Pi and development boards, the Raspberry Pi generates predictable and weak keys which make it easy to be utilized by MiTM attack. In this paper, Man in The Middle (MiTM) attack was conducted to examine the security of different variations provided by the SSH service, and various hardening approaches were proposed to resolve the issue of SSH weak implementation and weak keys.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Adaptive Guard Time for Energy-Efficient IEEE 802.15.4 TSCH Networks

Nächstes Kapitel IEEE 802.11 Latency Modeling with Non-IEEE 802.11 Interfering Source

Ramirez, J., Pedraza, C.: Performance analysis of communication protocols for internet of things platforms. In: 2017 IEEE Colombian Conference on Communications and Computing (COLCOM), pp. 1–7 (2017)

Junaid, M., Shah, M.A., Satti, I.A.: A survey of internet of things, enabling technologies and protocols. In: 2017 23rd International Conference on Automation and Computing (ICAC), pp. 1–5 (2017)

Pan, J., McElhannon, J.: Future edge cloud and edge computing for internet of things applications (2017)

Hassan, R., Jubair, A.M., Azmi, K., Bakar, A.: Adaptive congestion control mechanism in CoAP application protocol for internet of things (IoT). In: 2016 International Conference on Signal Processing and Communication (ICSC), pp. 121–125 (2016)

Lei, W., Xu, L.: Research and implementation of access control model of internet of things. In: 2016 5th International Conference on Computer Science and Network Technology (ICCSNT), pp. 102–106 (2016)

Ren, Z., Liu, X., Ye, R., Zhang, T.: Security and privacy on internet of things. In: 2017 7th IEEE International Conference on Electronics Information and Emergency Communication (ICEIEC), pp. 140–144 (2017)

Prabavathy, S., Sundarakantham, K., Shalinie, S.M.: Decentralized secure framework for social collaborative internet of things. In: 2017 Fourth International Conference on Signal Processing, Communication and Networking (ICSCN), pp. 1–6 (2017)

Marot, J., Bourennane, S.: Raspberry Pi for image processing education. 2017 25th European Signal Processing Conference (EUSIPCO), pp. 2364–2366 (2017)

Bhave, S., Tolentino, M., Zhu, H., Sheng, J.: Embedded middleware for distributed raspberry Pi device to enable big data applications. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), vol. 2. pp. 103–108 (2017)

10.

Sanada, A., Nogami, Y., Iokibe, K., Khandaker, M.A.A.: Security analysis of raspberry Pi against side-channel attack with RSA cryptography. In: 2017 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-TW), pp. 287–288 (2017)

11.

Tavade, T., Nasikkar, P.: Raspberry Pi: data logging IOT device. In: 2017 International Conference on Power and Embedded Drive Control (ICPEDC), pp. 275–279 (2017)

12.

Dowling, S., Schukat, M., Melvin, H.: A ZigBee honeypot to assess IoT cyberattack behaviour. In: 2017 28th Irish Signals and Systems Conference (ISSC), pp. 1–6 (2017)

13.

Eigner, O., Kreimel, P., Tavolato, P.: Detection of man-in-the-middle attacks on industrial control networks. In: 2016 International Conference on Software Security and Assurance (ICSSA), pp. 64–69 (2016)

14.

Dowling, S., Schukat, M., Melvin, H.: Using analysis of temporal variances within a honeypot dataset to better predict attack type probability. In: Proceedings of the IEEE World Congress on Internet Security, (WorldCIS 2016) (2017)

15.

Song, I.-A., Lee, Y.-S.: Improvement of key exchange protocol to prevent man-in-the-middle attack in the satellite environment. In: 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 408–413 (2016)

16.

Saqib, N.: Key exchange protocol for WSN resilient against man in the middle attack. In: 2016 IEEE International Conference on Advances in Computer Applications (ICACA), pp. 265–269 (2016)

17.

Li, X., Hao, J., Feng, Z., An, B.: Optimal personalized defense strategy against Man-In-The-Middle attack. vol. 2 (2017)

18.

Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutorials 18(3), 2027–2051 (2016)CrossRef

19.

Shubh, T., Sharma, S.: Man-In-The-Middle-Attack prevention using HTTPS and SSL, vol. 5, no. 6, pp. 569–579 (2015)

20.

Chen, Y., Dong, X., Saxena, P., Mao, J., Liang, Z.: Man-in-the-browser-cache: persisting HTTPS attacks via browser cache poisoning. Comput. Secur. 55, 62–80 (2015)CrossRef

21.

Kheirkhah, E., Amin, S., Sistani, H., Acharya, H.: An experimental study of SSH attacks by using Honeypot Decoys, vol. 612, pp. 5567–5578 (2013)

22.

Alsaadi, H., AlKubaisi, M.: Penetration Testing of Remote Secure OpenSSH On Raspberry Pi 2. Unpublished manuscript (2016)

23.

De Luca, G.E., Carnuccio, E.A., Garcia, G.G., Barillaro, S.: IoT fall detection system for the elderly using intel Galileo development boards generation I. In: 2016 IEEE Congreso Argentino De Ciencias De La Informática y Desarrollos De Investigación (CACIDI), pp. 1–6 (2016)

24.

Valverde, M.P., González, J.: A software controlled hardware acceleration architecture for image processing using an embedded development board. In: 2016 IEEE 36th Central American and Panama Convention (CONCAPAN XXXVI), pp. 1–5 (2016)

25.

Mischie, S., Muntean, A.: Distance estimation through stereoscopy using BeagleBoneBlack and RaspberryPi. In: 2017 International Symposium on Signals, Circuits and Systems (ISSCS), pp. 1–4 (2017)

26.

Sukvichai, K., Wongsuwan, K., Kaewnark, N., Wisanuvej, P.: Implementation of visual odometry estimation for underwater robot on ROS by using RaspberryPi 2. In: 2016 International Conference on Electronics, Information, and Communications (ICEIC), pp. 1–4 (2016)

27.

Coonjah, I., Catherine, P.C., Soyjaudah, K.M.S.: Performance evaluation and analysis of layer 3 tunneling between OpenSSH and OpenVPN in a wide area network environment. In: 2015 International Conference on Computing, Communication and Security (ICCCS), pp. 1–4 (2015)

28.

Coonjah, I., Catherine, P.C., Soyjaudah, K.M.S.: A VPN framework through multi-layer tunnels based on OpenSSH. In: International Conference on Computing, Communication & Automation, pp. 1395–1401 (2015)

29.

Studiawan, H., Pratomo, B.A., Anggoro, R.: Clustering of SSH brute-force attack logs using k-clique percolation. In: 2016 International Conference on Information & Communication Technology and Systems (ICTS), pp. 39–42 (2016)

30.

Sadasivam, G.K., Hota, C., Anand, B.: Classification of SSH attacks using machine learning algorithms. In: 2016 6th International Conference on IT Convergence and Security (2016)

Titel: Assessment and Hardening of IoT Development Boards
verfasst von: Omar Alfandi
Musaab Hasan
Zayed Balbahaith
Verlag: Springer International Publishing
Buch: Wired/Wireless Internet Communications
Print ISBN: 978-3-030-30522-2

Electronic ISBN: 978-3-030-30523-9

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-30523-9_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"