Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems
Jasmine Carson - North Carolina A&T State University
Co-Author(s): Oliver Nichols, Chris Bonham, Paul Bond, Wayne Simpson, and Michael Crow, University of Tennessee at Chattanooga, TN
With the growing popularity of the light weight yet efficient Raspberry Pi, users may lack the knowledge to properly secure a Raspberry Pi, leaving it and potentially the network it is attached to vulnerable to attacks. The purpose of this project is to explore system vulnerabilities as related to the Raspberry Pi, and implementations that are designed to withstand such vulnerabilities and/or decrease the potential for an exploit to result from such a vulnerability. The Raspberry Pi can be used in many fashions: (a) home automation, (b) an independent system designed to perform a limited number of tasks, or (c) as a device connected to a typical LAN supplying network services (i.e. DNS, Web server, email server, etc.). The following vulnerabilities and prevention methods in relation to Raspberry Pi are being explored: (1) Password cracking: This attack targets one of the main access points on the Raspberry Pi, Secure Shell (SSH). The software used to conduct the brute force attack is called THC-Hydra. The software used to mitigate the brute force attack is called fail2ban. Fail2ban is a very simple to setup program that can be set to watch log files and respond to suspicious activity by blocking the offender for a certain period of time. It is especially good at responding to brute force attacks where similar instances are continuously logged. With fail2ban installed the dictionary attack from THC-Hydra cannot succeed anymore. (2) Man in the Middle Attack: This attack will exploit ARP cache poisoning to intercept packets between two hosts. The attacker (a PC) will be the Man in the Middle between a Raspberry Pi and another PC. The data packets being sent between the targeted/communicating nodes/victims were intercepted by the attacking PC, and forwarded on to the intended receiver. A prevention method is to use a fixed set of IP-MAC address associations, i.e., a fixed ARP table. For a home with a few, finite number of MAC addresses accessing the network, the idea of a fixed ARP table is a reasonable approach to prevent ARP Cache Poisoning Attack. (3) Cross Site Scripting (XSS) Attack on openzwaveme: The attack targets the login screen for openzwaveme’s website and checks how well they filtered user inputs. The attack also targets the applications installed on the Raspberry Pi. WebScarab or Burp Suite, which can serve as a proxy between the webpage and client will be used to conduct XSS attacks. (4)Sniffing: Sniffing is a form of passive attack to learn about the communication between two computers. The software Wireshark will be used to sniff packets. The attacking machine using Wireshark should be on the same local network as the Raspberry Pi. First, an analysis of security is done on remote access and also the LAN on which the raspberry pi is connected. Using Wireshark, an attacker will sniff the packets on the network that the Raspberry Pi is receiving.
Funder Acknowledgement(s): NSF HBCU-UP project (HRD-1332504)
Faculty Advisor: Xiaohong Yuan, jacarson50@gmail.com
Role: The part of the research that I did was successfully implement each attack, and writing it up as a lab for undergraduate students in order to assess its effectiveness.