Пожалуйста, используйте этот идентификатор, чтобы цитировать или ссылаться на этот ресурс:
https://r.donnu.edu.ua/handle/123456789/2820
Название: | ТЕСТУВАННЯ БЕЗПЕКИ ПРИСТРОЇВ ІНТЕРНЕТУ РЕЧЕЙ НА БАЗІ МІКРОКОНТРОЛЕРА ESP32 |
Другие названия: | TESTING THE SECURITY ESP32 INTERNET OF THINGS DEVICES |
Авторы: | Барибін, Олексій Ігорович |
Ключевые слова: | інтернет речей сценарій атаки ESP32 WiFi Internet of Things attack scenario |
Дата публикации: | 2019 |
Издательство: | Київ: Київський університет імені Бориса Гринченка |
Серия/номер: | Кібербезпека: освіта, наука, техніка;№ 2 (6), 2019, с. 71-81 |
Краткий осмотр (реферат): | In the paper analysis of current trends in IoT technologies enabled us to identify a segment for which information security assurance may encounter a lack of its level. These are IoT devices based on ESP32 microcontroller, that designed and implemented at home by non-professionals. The physical model of a handmade IoT system that includes device for measuring temperature based on ESP32 (small-sized ESP32-based development board ESP32 devKit V2 produced by Espressif and digital temperature sensor DS18B20), WiFi home network (based on router TL-WR841N) and web interface (based on node-red-dashboard) was proposed and implemented upon laboratory scale. The initial conditions of the experiment included the following: the use of the UDP protocol, authentication and data encryption based on WPA2-PSK specification, attacker skill level sufficient for use Aircrack-ng tools, Airmon-ng, Airodump-ng, Aireplay-ng, Besside-ng, Wireshark. The result of the experiment based on this model to attempt to gain unauthorized access to the transmitted data was successful. Attack scenario was formulated and consist of four stages: 1 – gaining unauthorized access to a network (network card transfers to monitor mode (Airmon-ng), view available access points (Airodump-ng), handshake interception, guessing the password (Besside-ng); 2 – network traffic interception and analysis (Wireshark); 3 – creating fake ESP32 client using the captured data (Arduino) and connect it to the network; 4 – disconnecting original ESP32 from a server (Aircrack-ng). It is shown that the attacker, who has the basic knowledge and skills in working with common wireless network hacking tools and a basic knowledge of ESP32 and ESP32 programming skills can access the system and send fake information to the web interface. To reduce the probability of the proposed scenario it is recommended to use TCP protocol, which is in contrast to UDP ensures data integrity and sender notification of transmission results. |
Описание: | Стаття у науковому виданні Кібербезпека: освіта, наука, техніка № 2 (6), 2019 Київського університету імені Бориса Гринченка |
URI (Унифицированный идентификатор ресурса): | https://r.donnu.edu.ua/handle/123456789/2820 |
ISSN: | ISSN 2663 - 4023 |
Располагается в коллекциях: | Бібліографічні матеріали |
Файлы этого ресурса:
Файл | Описание | Размер | Формат | |
---|---|---|---|---|
Барибін 11.pdf | Стаття у науковому виданні Кібербезпека: освіта, наука, техніка № 2 (6), 2019 Київського університету імені Бориса Гринченка | 1,43 MB | Adobe PDF | Просмотреть/Открыть |
Все ресурсы в архиве электронных ресурсов защищены авторским правом, все права сохранены.