A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel 1 Morgan , Sindhuri 2 Juturu , Justin 3 Talavera , Susan D. 4 Urban 1. Department of Computer Science , Shaw University 2. Department of Computer Engineering, Texas Tech University 4. Department of Industrial Engineering, Texas Tech University 3. Department of Electrical and Computer Engineering, Texas Tech University Texas Tech University 2014 NSF Research Experience for Undergraduates Site Program Background / Motivation Methodology Results Current Status The conventional electric grid technology provides us with energy support to keep our businesses, schools, and homes powered. The current technology is outdated and will eventually be replaced by new innovation known as the Smart Grid. 1. The Process of Setting up a MITM attack (ARP Cache Poisoning). 1. Systems that are in HANs can be exploited by MITM attacks. A virtual environment has been developed implementing Kali Linux, Windows XP, and Ubuntu operating systems. Intercept packets - Trick victim machine(s) and switch on the network. RETRIEVE - MITM attacks managed to penetrate the systems of Windows XP and Ubuntu Operating Systems retrieving information and files that were essential. Windows XP and Ubuntu Operating Systems have been penetrated by MITM attacks. Smart grid technology provides an efficient, reliable, and twoway transfer of energy and data throughout the grid. Poisoning the Arp table – Puts attacker in between the targeted systems to where they will intercept the packets. The concept to smart grid technology is to allow us to better manage and preserve energy. Cyber security is a main issue that needs to be addressed with the development of smart grid technology. Technology is vulnerable, and there will be a need to keep HANs (Home Area Networks) safe from a cyber-security perspective once the smart grid is connected to homes. Capturing Information – Software including: Wireshark, Ettercap, and Driftnet captures information once it is intercepted. 2. Counter Measuring MITM Attack using XArp. XArp is an advanced Arp spoofing detection system that can be installed on Windows and Linux Operating Systems. The application monitors incoming and outgoing Arp packets that are being processed on the network that it is connected to. It’s designed security algorithms determines if there is an attack on a particular system on the network based on how many Arp packets the system is receiving. Statement of the Problem A vulnerable access point once HANs are connected to the smart grid is the smart meter. A smart meter is an advanced electric meter for communicating with devices inside of the home. Figure 1 Devices of the HAN. REPLACE - Once the attacker was able to penetrate the system, it also made way for manipulating the files retrieved and replace them. 2. Applying vulnerable systems with counter measures. When XArp was installed on these systems to prevent MITM attacks. The XArp application detected every attack that was processing through the networks. The user was able to see in real-time how many Arp (Address Resolution Protocol) based MITM attacks were targeting their system. XArp Professional detects the MITM attacks that are targeting the user’s system, and it also provides a structure of defense to secure the system from Arp based MITM attacks. Figure 2 MITM attack (captured login credentials for FTP server). These attacks were processed to spoof and capture important information using Kali Linux and Wireshark. A solution to stopping those attacks was installing XArp onto the systems to detect the attacks. XArp has been valuable in detecting the MITM attacks processed on the network. Conclusion There will be an immediate need for advanced security technology such as XArp to be factored into smart meters and HANs as the smart grid evolves. Better Security technology will be significant in providing detection, prevention, and safety from MITM attacks on HANs. An adversary could manipulate the data of the smart meter that it is intended to receive or process. Future Work An adversary who can penetrate the HAN system can performing a MITM (Man-in-the-middle) attack on the smart meter. Create a HAN (Home Area Network) where a smart meter simulation is implemented to get real-time results on how MITM attacks can penetrate and affect the system. Protecting smart meters involves developing counter measures that will prevent insidious attacks such as MITM. This process will use an advanced network simulator to model a home area network and also need a program or code to be created to run a smart meter simulation. An application such as XArp will be designed to detect and prevent MITM attacks on the smart meter of the HAN system. XArp may be potentially connected to the smart meter technology. Objectives Figure 3 Arp Cache Poisoning (Arp Spoofing) Construct a virtual environment using VMWare in which three operating systems will be installed to experiment with MITM attacks. Figure 4 XArp detects MITM attack on network. References 1. Smart Grid: A Beginner's Guide. (n.d.). Smart Gride: A Beginner's Guide. Retrieved June 26, 2014, from http://www.nist.gov/smartgrid/beginnersguide.cfm/ Kali Linux, a penetration testing system will be used to create MITM (Man-in-the-Middle) attacks. 2. "Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution." Kali Linux. N.p., n.d. Web. 31 July 2014. 3. Chrismc. XArp – Advanced ARP Spoofing Detection. http://www.chrismc.de/development/xarp/ XArp will be installed on the victim machines (Windows XP and Ubuntu) to detect the Arp based MITM attacks. 4. Weidman, Georgia. "Arp Cache Poisoning." Penetration Testing: A Hands-on Introduction to Hacking. The purpose is to evaluate how targeted HAN systems can be penetrated by MITM attacks and develop a solution to preventing these attacks efficiently. DISCLAIMER: This material is based upon work supported by the National Science Foundation and the Department of Defense under Grant No. CNS-1263183. Any opinions, findings, and conclusions or recommendation expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation or the Department of Defense. 5. Aloul, F., Al-Ali, A. R., Al-Dalky, R., Al-Mardini, M., & El-Hajj, W. (2012). Smart grid security: Threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1), 1-6. 6. Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Im, E. G., Yao, Z. Q., ... & Wang, H. F. (2012). Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems.