Upload
prudence-hudson
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
A Virtual Environment for Investigating Counter Measures for MITM A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area NetworksAttacks on Home Area NetworksLionel MorganLionel Morgan11, Sindhuri Juturu, Sindhuri Juturu22, Justin Talavera, Justin Talavera33, Susan D. Urban, Susan D. Urban44
1. Department of Computer Science , Shaw University 2. Department of Computer Engineering, Texas Tech University 3. Department of Electrical and Computer Engineering, Texas Tech University 1. Department of Computer Science , Shaw University 2. Department of Computer Engineering, Texas Tech University 3. Department of Electrical and Computer Engineering, Texas Tech University 4. Department of Industrial Engineering, Texas Tech University4. Department of Industrial Engineering, Texas Tech University
Texas Tech University 2014 NSF Research Experience for Undergraduates Site Program
Background / MotivationBackground / MotivationThe conventional electric grid technology provides us with energy The conventional electric grid technology provides us with energy support to keep our businesses, schools, and homes powered. The support to keep our businesses, schools, and homes powered. The current technology is outdated and will eventually be replaced by current technology is outdated and will eventually be replaced by new innovation known as the Smart Grid. new innovation known as the Smart Grid.
Smart grid technology provides an efficient, reliable, and two-Smart grid technology provides an efficient, reliable, and two-way transfer of energy and data throughout the grid. way transfer of energy and data throughout the grid.
The concept to smart grid technology is to allow us to better The concept to smart grid technology is to allow us to better manage and preserve energy. manage and preserve energy.
Cyber security is a main issue that needs to be addressed with the Cyber security is a main issue that needs to be addressed with the development of smart grid technology. development of smart grid technology.
Technology is vulnerable, and there will be a need to keep HANs Technology is vulnerable, and there will be a need to keep HANs (Home Area Networks) safe from a cyber-security perspective once (Home Area Networks) safe from a cyber-security perspective once the smart grid is connected to homes. the smart grid is connected to homes.
MethodologyMethodology1. The Process of Setting up a MITM attack (ARP Cache 1. The Process of Setting up a MITM attack (ARP Cache Poisoning).Poisoning).
Intercept packets - Trick victim machine(s) and switch on the Intercept packets - Trick victim machine(s) and switch on the network.network.
Poisoning the Arp table – Puts attacker in between the Poisoning the Arp table – Puts attacker in between the targeted systems to where they will intercept the packets. targeted systems to where they will intercept the packets.
Capturing Information – Software including: Wireshark, Capturing Information – Software including: Wireshark, Ettercap, and Driftnet captures information once it is Ettercap, and Driftnet captures information once it is intercepted. intercepted.
2. Counter Measuring MITM Attack using XArp. 2. Counter Measuring MITM Attack using XArp.
XArp is an advanced Arp spoofing detection system that can XArp is an advanced Arp spoofing detection system that can be installed on Windows and Linux Operating Systems.be installed on Windows and Linux Operating Systems.
The application monitors incoming and outgoing Arp packets The application monitors incoming and outgoing Arp packets that are being processed on the network that it is connected to. that are being processed on the network that it is connected to. It’s designed security algorithms determines if there is an attack It’s designed security algorithms determines if there is an attack on a particular system on the network based on how many Arp on a particular system on the network based on how many Arp packets the system is receiving. packets the system is receiving.
Current StatusCurrent StatusA virtual environment has been developed implementing Kali A virtual environment has been developed implementing Kali Linux, Windows XP, and Ubuntu operating systems.Linux, Windows XP, and Ubuntu operating systems.
Windows XP and Ubuntu Operating Systems have been penetrated Windows XP and Ubuntu Operating Systems have been penetrated by MITM attacks. by MITM attacks.
These attacks were processed to spoof and capture important These attacks were processed to spoof and capture important information using Kali Linux and Wireshark.information using Kali Linux and Wireshark.
A solution to stopping those attacks was installing XArp onto the A solution to stopping those attacks was installing XArp onto the systems to detect the attacks.systems to detect the attacks.
XArp has been valuable in detecting the MITM attacks processed on XArp has been valuable in detecting the MITM attacks processed on the network. the network.
ConclusionConclusionThere will be an immediate need for advanced security technology There will be an immediate need for advanced security technology such as XArp to be factored into smart meters and HANs as the smart such as XArp to be factored into smart meters and HANs as the smart grid evolves. grid evolves.
Better Security technology will be significant in providing detection, Better Security technology will be significant in providing detection, prevention, and safety from MITM attacks on HANs. prevention, and safety from MITM attacks on HANs.
ReferencesReferences1.1.Smart Grid: A Beginner's Guide. (n.d.). Smart Grid: A Beginner's Guide. (n.d.). Smart Gride: A Beginner's GuideSmart Gride: A Beginner's Guide. Retrieved June 26, 2014, . Retrieved June 26, 2014, from http://www.nist.gov/smartgrid/beginnersguide.cfm/from http://www.nist.gov/smartgrid/beginnersguide.cfm/
2.2."Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution." Kali Linux. N.p., n.d. "Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution." Kali Linux. N.p., n.d. Web. 31 July 2014.Web. 31 July 2014.
3.3.Chrismc. XArp – Advanced ARP Spoofing Detection. http://www.chrismc.de/development/xarp/Chrismc. XArp – Advanced ARP Spoofing Detection. http://www.chrismc.de/development/xarp/
4.4.Weidman, Georgia. "Arp Cache Poisoning." Penetration Testing: A Hands-on Introduction to Weidman, Georgia. "Arp Cache Poisoning." Penetration Testing: A Hands-on Introduction to Hacking.Hacking.
5.5.Aloul, F., Al-Ali, A. R., Al-Dalky, R., Al-Mardini, M., & El-Hajj, W. (2012). Smart grid security: Aloul, F., Al-Ali, A. R., Al-Dalky, R., Al-Mardini, M., & El-Hajj, W. (2012). Smart grid security: Threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1), 1-Threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1), 1-6. 6.
6.6.Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Im, E. G., Yao, Z. Q., ... & Wang, H. F. (2012). Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Im, E. G., Yao, Z. Q., ... & Wang, H. F. (2012). Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems.SCADA systems.
DISCLAIMER: This material is based upon work supported by the National Science Foundation and the Department of Defense under Grant No. CNS-1263183. Any opinions, findings, and conclusions or recommendation expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation or the Department of Defense.
Statement of the ProblemStatement of the ProblemA vulnerable access point once HANs are connected to the smart A vulnerable access point once HANs are connected to the smart grid is the smart meter. A smart meter is an advanced electric meter grid is the smart meter. A smart meter is an advanced electric meter for communicating with devices inside of the home.for communicating with devices inside of the home.
An adversary could manipulate the data of the smart meter that it An adversary could manipulate the data of the smart meter that it is intended to receive or process.is intended to receive or process.
An adversary who can penetrate the HAN system can performing An adversary who can penetrate the HAN system can performing a MITM (Man-in-the-middle) attack on the smart meter. a MITM (Man-in-the-middle) attack on the smart meter.
Protecting smart meters involves developing counter measures Protecting smart meters involves developing counter measures that will prevent insidious attacks such as MITM.that will prevent insidious attacks such as MITM.
ObjectivesObjectivesConstruct a virtual environment using VMWare in which three Construct a virtual environment using VMWare in which three operating systems will be installed to experiment with MITM operating systems will be installed to experiment with MITM attacks.attacks.
Kali Linux, a penetration testing system will be used to create Kali Linux, a penetration testing system will be used to create MITM (Man-in-the-Middle) attacks. MITM (Man-in-the-Middle) attacks.
XArp will be installed on the victim machines (Windows XP and XArp will be installed on the victim machines (Windows XP and Ubuntu) to detect the Arp based MITM attacks.Ubuntu) to detect the Arp based MITM attacks.
The purpose is to evaluate how targeted HAN systems can be The purpose is to evaluate how targeted HAN systems can be penetrated by MITM attacks and develop a solution to preventing penetrated by MITM attacks and develop a solution to preventing these attacks efficiently. these attacks efficiently.
Future WorkFuture WorkCreate a HAN (Home Area Network) where a smart meter Create a HAN (Home Area Network) where a smart meter simulation is implemented to get real-time results on how MITM simulation is implemented to get real-time results on how MITM attacks can penetrate and affect the system. attacks can penetrate and affect the system.
This process will use an advanced network simulator to model a This process will use an advanced network simulator to model a home area network and also need a program or code to be created to home area network and also need a program or code to be created to run a smart meter simulation.run a smart meter simulation.
An application such as XArp will be designed to detect and prevent An application such as XArp will be designed to detect and prevent MITM attacks on the smart meter of the HAN system. XArp may be MITM attacks on the smart meter of the HAN system. XArp may be potentially connected to the smart meter technology. potentially connected to the smart meter technology.
Figure 1Devices of the HAN.Devices of the HAN.
Figure 2MITM attack (captured login credentials for FTP server).MITM attack (captured login credentials for FTP server).
Figure 4XArp detects MITM attack on networkXArp detects MITM attack on network..
ResultsResults1.1.Systems that are in HANs can be exploited by MITM Systems that are in HANs can be exploited by MITM attacks.attacks.
RETRIEVE - MITM attacks managed to penetrate the RETRIEVE - MITM attacks managed to penetrate the systems of Windows XP and Ubuntu Operating Systems systems of Windows XP and Ubuntu Operating Systems retrieving information and files that were essential. retrieving information and files that were essential.
REPLACE - Once the attacker was able to penetrate the REPLACE - Once the attacker was able to penetrate the system, it also made way for manipulating the files retrieved system, it also made way for manipulating the files retrieved and replace them.and replace them.
2.2.Applying vulnerable systems with counter measures.Applying vulnerable systems with counter measures.
When XArp was installed on these systems to prevent When XArp was installed on these systems to prevent MITM attacks. The XArp application detected every attack MITM attacks. The XArp application detected every attack that was processing through the networks. that was processing through the networks.
The user was able to see in real-time how many Arp The user was able to see in real-time how many Arp (Address Resolution Protocol) based MITM attacks were (Address Resolution Protocol) based MITM attacks were targeting their system. targeting their system.
XArp Professional detects the MITM attacks that are XArp Professional detects the MITM attacks that are targeting the user’s system, and it also provides a structure of targeting the user’s system, and it also provides a structure of defense to secure the system from Arp based MITM attacks. defense to secure the system from Arp based MITM attacks.
Figure 3Arp Cache Poisoning (Arp Spoofing)Arp Cache Poisoning (Arp Spoofing)