DOI QR코드

DOI QR Code

Research about Security Attack Methods to Arduino Boards Using Temporary Files Data Manipulation

임시파일 데이터 조작을 통한 아두이노 보드 공격 기법에 관한 연구

  • Lee, Woo Ho (Interdisciplinary Program of Information Security, Chonnam National University) ;
  • Jung, Hyun Mi (Center for Supercomputer Development, Korea Institute of Science and Technology Information) ;
  • Jeong, Kimoon (Center for Supercomputer Development, Korea Institute of Science and Technology Information)
  • 이우호 (전남대학교 정보보안협동과정) ;
  • 정현미 (한국과학기술정보연구원 슈퍼컴퓨터개발센터) ;
  • 정기문 (한국과학기술정보연구원 슈퍼컴퓨터개발센터)
  • Received : 2017.09.26
  • Accepted : 2017.11.20
  • Published : 2017.11.28

Abstract

Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.

Acknowledgement

Supported by : 한국과학기술정보연구원(KISTI)

References

  1. H. S. Ryu, "A Study on the Security Architecture for Secure Smart Home System in IoT", Department of Computer Engineering, Ajou University, 12. 2015.
  2. "The Internet of Things: The Next Growth Engine for the Semiconductor Industrt." PWC, 2015, 3. pp. 23,26.
  3. https://www.arduino.cc/en/Guide/Introduction..
  4. https://www.raspberrypi.org/.
  5. https://beagleboard.org/.
  6. Matthew Ahlmeyer, Alina M. Chircu, ,"SECURING THE INTERNET OF THINGS: A REVIEW", Issues in Information Systems, Volume 17, Issue IV, pp. 21-28, 2016
  7. https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/mirai-botnet/.
  8. Alexander Khalimonenko, Oleg Kupreev, "DDOS attacks in Q1 2017", Securelist, 05. 2017
  9. Javid Habibi, Aditi Gupa, Stephen Carlsony, Ajay Panicker, "MAVR : Code Reuse Stealthy Attacks and Mitigation on Unmanned Aerial Vehicles," 2015 IEEE 35th International Conference on Distributed Computing Systems, 2015.
  10. Massimo Banzi, "Arduino, Open Source Hardware Summit Speech", OSHW Summit, 09.2011.
  11. http://www.atmel.com/products/microcontrollers/avr/default.aspx
  12. Lucas Davi, Ahmad-Reza, "ROP defender: A detection tool to defend against return-oriented programming attacks", System Security Lab, Ruhr University Bochum, Germany, 03, 2010.
  13. Ralf Hund, Carsten Willems, "Practical Timing Side Channel Attacks against Kernel Space ASLR," 2013 IEEE Symposium on Security and Privacy, pp. 191-205, 2013.
  14. Martin Abadi, Mihai Budiu, "Control-Flow Integrity Principles, Implementations, and Applications," ACM Transactions on Information and System Security, Vol. 13, No. 1, Article 4, pp. 1-40, 2009.
  15. Sergio Pastrana, "AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices", DIMVA, 07.2016.
  16. W. H. Lee, S. M. Kang, C. S. Lim, B. N. Noh, "Research on Memory Initialization through Using Ardunio Temporary Files," KIPS 2016, Vol 23, No 2, 2016.