Lionel Morgan - Poster - Texas Tech University Departments

advertisement
A Virtual Environment for Investigating Counter Measures for MITM
Attacks on Home Area Networks
Lionel
1
Morgan ,
Sindhuri
2
Juturu ,
Justin
3
Talavera ,
Susan D.
4
Urban
1. Department of Computer Science , Shaw University
2. Department of Computer Engineering, Texas Tech University
4. Department of Industrial Engineering, Texas Tech University
3. Department of Electrical and Computer Engineering, Texas Tech University
Texas Tech University 2014 NSF Research Experience for Undergraduates Site Program
Background / Motivation
Methodology
Results
Current Status
 The conventional electric grid technology provides us with
energy support to keep our businesses, schools, and homes
powered. The current technology is outdated and will eventually
be replaced by new innovation known as the Smart Grid.
1. The Process of Setting up a MITM attack (ARP Cache
Poisoning).
1. Systems that are in HANs can be exploited by MITM
attacks.
 A virtual environment has been developed implementing Kali
Linux, Windows XP, and Ubuntu operating systems.
 Intercept packets - Trick victim machine(s) and switch on
the network.
 RETRIEVE - MITM attacks managed to penetrate the
systems of Windows XP and Ubuntu Operating Systems
retrieving information and files that were essential.
 Windows XP and Ubuntu Operating Systems have been penetrated
by MITM attacks.
 Smart grid technology provides an efficient, reliable, and twoway transfer of energy and data throughout the grid.
 Poisoning the Arp table – Puts attacker in between the
targeted systems to where they will intercept the packets.
 The concept to smart grid technology is to allow us to better
manage and preserve energy.
 Cyber security is a main issue that needs to be addressed with the
development of smart grid technology.
 Technology is vulnerable, and there will be a need to keep HANs
(Home Area Networks) safe from a cyber-security perspective
once the smart grid is connected to homes.
 Capturing Information – Software including: Wireshark,
Ettercap, and Driftnet captures information once it is
intercepted.
2. Counter Measuring MITM Attack using XArp.
 XArp is an advanced Arp spoofing detection system that can
be installed on Windows and Linux Operating Systems.
 The application monitors incoming and outgoing Arp packets
that are being processed on the network that it is connected
to. It’s designed security algorithms determines if there is an
attack on a particular system on the network based on how
many Arp packets the system is receiving.
Statement of the Problem
 A vulnerable access point once HANs are connected to the smart
grid is the smart meter. A smart meter is an advanced electric
meter for communicating with devices inside of the home.
Figure 1
 Devices of the HAN.
 REPLACE - Once the attacker was able to penetrate the
system, it also made way for manipulating the files
retrieved and replace them.
2. Applying vulnerable systems with counter measures.
 When XArp was installed on these systems to prevent
MITM attacks. The XArp application detected every attack
that was processing through the networks.
 The user was able to see in real-time how many Arp
(Address Resolution Protocol) based MITM attacks were
targeting their system.
 XArp Professional detects the MITM attacks that are
targeting the user’s system, and it also provides a structure
of defense to secure the system from Arp based MITM
attacks.
Figure 2
 MITM attack (captured login credentials for FTP server).
 These attacks were processed to spoof and capture important
information using Kali Linux and Wireshark.
 A solution to stopping those attacks was installing XArp onto the
systems to detect the attacks.
 XArp has been valuable in detecting the MITM attacks processed
on the network.
Conclusion
 There will be an immediate need for advanced security technology
such as XArp to be factored into smart meters and HANs as the
smart grid evolves.
 Better Security technology will be significant in providing
detection, prevention, and safety from MITM attacks on HANs.
 An adversary could manipulate the data of the smart meter that it
is intended to receive or process.
Future Work
 An adversary who can penetrate the HAN system can performing
a MITM (Man-in-the-middle) attack on the smart meter.
 Create a HAN (Home Area Network) where a smart meter
simulation is implemented to get real-time results on how MITM
attacks can penetrate and affect the system.
 Protecting smart meters involves developing counter measures
that will prevent insidious attacks such as MITM.
 This process will use an advanced network simulator to model a
home area network and also need a program or code to be created to
run a smart meter simulation.
 An application such as XArp will be designed to detect and prevent
MITM attacks on the smart meter of the HAN system. XArp may
be potentially connected to the smart meter technology.
Objectives
Figure 3
 Arp Cache Poisoning (Arp Spoofing)
 Construct a virtual environment using VMWare in which three
operating systems will be installed to experiment with MITM
attacks.
Figure 4
 XArp detects MITM attack on network.
References
1. Smart Grid: A Beginner's Guide. (n.d.). Smart Gride: A Beginner's Guide. Retrieved June 26,
2014, from http://www.nist.gov/smartgrid/beginnersguide.cfm/
 Kali Linux, a penetration testing system will be used to create
MITM (Man-in-the-Middle) attacks.
2. "Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution." Kali Linux. N.p., n.d.
Web. 31 July 2014.
3. Chrismc. XArp – Advanced ARP Spoofing Detection. http://www.chrismc.de/development/xarp/
 XArp will be installed on the victim machines (Windows XP and
Ubuntu) to detect the Arp based MITM attacks.
4. Weidman, Georgia. "Arp Cache Poisoning." Penetration Testing: A Hands-on Introduction to
Hacking.
 The purpose is to evaluate how targeted HAN systems can be
penetrated by MITM attacks and develop a solution to preventing
these attacks efficiently.
DISCLAIMER: This material is based upon work supported by the National Science Foundation and the Department of Defense under Grant No. CNS-1263183. Any opinions, findings, and conclusions or
recommendation expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation or the Department of Defense.
5. Aloul, F., Al-Ali, A. R., Al-Dalky, R., Al-Mardini, M., & El-Hajj, W. (2012). Smart grid security:
Threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1),
1-6.
6. Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Im, E. G., Yao, Z. Q., ... & Wang, H. F. (2012).
Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid
SCADA systems.
Download