Proposta de identificação de ataques ao serviço SSH usando padrões no consumo de corrente em plataformas embarcadas

Galvan, Victor Gabriel

22 November 2016

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / This paper presents the obtaining of electric power consumption curves, from the responses generated by an embedded low-cost Raspberry Pi 2 Model B system running the Linux operating system Raspbian working as a remote access server SSH, which is assessed through different types of access and brute force attacks dictionaries through specialized tools Medusa and Hydra, as well as the tool Metasploit unspecialized. The energy behavior is interpreted by a current consumption measurement system developed by low embedded platform cost Arduino Uno that runs a current sensor based on ACS721ELC-5A Hall effect chip, which has the ability to collect the variations generated by the platform test in response to events produced by the proposed test scenarios, the data is processed by the framework Matlab that collects, parses and normalizes using the Welch method, the current signal which is interpreted by Arduino Uno subsequently presents a standard curve It features a particular event based on scenarios of evidence. The results show the different curves standard patterns, and contextualized on the types of scenarios evaluated subsequently presents a theoretical mathematical model of the proposed power consumption, as well as rules or signatures proposed to identify an attack using the detection method of standards used IDS Snort. These current curves facilitate understanding and obtaining a pattern of current consumption for each access and attack the embedded platform. / Este trabalho apresenta a obtenção de curvas de consumo de corrente elétrica, a partir das respostas geradas por um sistema embarcado de baixo custo Raspberry Pi 2 Model B executando o sistema operacional Linux Raspbian trabalhando como um servidor de acesso remoto SSH, que é avaliado através de diferentes tipos de acessos e ataques de força bruta com dicionários através das ferramentas especializadas Medusa e Hydra, como também a ferramenta não especializada Metasploit. O comportamento energético é interpretado por um sistema de medição de consumo de corrente desenvolvido pela plataforma embarcada de baixo custo Arduino Uno que administra um sensor de corrente baseado no chip ACS721ELC- 5A de efeito Hall, que possui a capacidade de coletar as variações geradas pela plataforma de teste em resposta aos eventos produzidos pelos cenários de provas propostos, os dados são processados pelo Framework Matlab que coleta, analisa e normaliza por meio do método de Welch o sinal de corrente que é interpretado pelo Arduino Uno, posteriormente apresentase uma curva padrão que caracteriza um determinado evento baseado nos cenários de provas. Os resultados apresentam as diferentes curvas padrões normalizadas, e contextualizadas nos tipos de cenários avaliados, seguidamente apresenta-se um modelo matemático teórico do consumo de corrente proposto, como também as regras ou assinaturas propostas para identificar um ataque através do método de detecção por padrões que utilizada o IDS Snort. Essas curvas de corrente facilitam o entendimento e obtenção de um padrão de consumo de corrente para cada acesso e ataque na plataforma embarcada.

Computação

Raspberry Pi

Sistemas embarcados

Arduino Uno

SSH

Medusa

Hydra

Metasploit

Detecting SSH identity theft in HPC cluster environments using Self-organizing maps

Leufvén, Claes

January 2006

Many of the attacks on computing clusters and grids have been performed by using stolen authentication passwords and unprotected SSH keys, therefore there is a need for a system that can detect intruders masquerading as ordinary users. Our assumption is that an attacker behaves significantly different compared to an ordinary user. Previous work in this area is for example statistical analysis of process accounting using Support Vector Machines. We can formalize this into a classification problem that we will solve with Self-organizing maps. The proposed system will work in a tier model that uses process accounting and SSH log messages as data sources.

SSH identity theft

cluster security

intrusion detection

Self organizing

Computer and Information Sciences

Data- och informationsvetenskap

Analysis of a Partial Expressed Sequence Tag (EST) Library and Differential Expression of Genes in Biochemical Morphotypes of the Marine Sponge Discodermia dissoluta

Waikel, Patricia A.

23 November 2010

A variety of secondary metabolites with promising antimicrobial and anti-tumor properties have been identified in marine organisms. Sponges, in particular, have been the source of several of these, including discodermolide from Discodermia dissoluta. While metagenomic studies have been undertaken to identify genes involved in discodermolide production, presently, a transcriptomic approach has not been taken to characterize the metagenome of D. dissoluta. Samples of D. dissoluta were collected from a site in the Bahamas and screened for secondary metabolite production. Some specimens of D. dissoluta were positive for discodermolide while others were not. In order to determine which genes are differentially expressed between the two specimens, suppression subtractive hybridization (SSH) was performed utilizing a chemistry negative and chemistry positive morphotype as the “driver” and “tester” populations respectively. Here we demonstrate the efficacy of SSH through the identification of transcripts related to symbiosis and secondary metabolite production by metatranscriptomic and bioinformatics analyses of the resulting subtracted library as well as a 16S rRNA library. Additionally, we have confirmed differential gene expression of selected sequences utilizing quantitative polymerase chain reaction (qPCR) with SYBR Green chemistry to screen and characterize genes, some of which appear to be related to novel metabolism and unknown functions related to symbiosis within the complex sponge-microbial community.

Bioinformatics

Discodermia dissoluta

qPCR

SSH

secondary metabolites

symbiosis

Marine Biology

Analysing the behaviour of a smart card based model for secure communication with remote computers over the internet

Bhatt, Deep Vardhan

12 July 2011

This dissertation presents the findings of a generic model aimed at providing secure communication with remote computers via the Internet, based on smart cards. The results and findings are analysed and presented in great detail, in particular the behaviour and performance of smart cards when used to provide the cryptographic functionality. Two implemented models are presented. The first model uses SSL to secure the communication channel over the Internet while using smart cards for user authentication and storage of cryptographic keys. The second model presents the SSH for channel security and smart cards for user authentication, key storage and actual encryption and decryption of data. The model presented is modular and generic by nature, meaning that it can easily be modified to accept the newer protocol by simply including the protocols in a library and with a minor or no modification to both server and client application software. For example, any new algorithm for encryption, key exchange, signature, or message digest, can be easily accommodated into the system, which proves that the model is generic and can easily be integrated into newer technologies. Similarly, smart cards are used for cryptography. Two options are presented: first the smart cards only store the algorithm keys and user authentication, and secondly, smart cards are used for storing the algorithm keys, user authentication, and actual data encryption or decryption, as the requirement may dictate. This is very useful, for example, if data to be transferred is limited to a few bytes, then actual data encryption and decryption is performed using smart cards. On the other hand, if a great deal of data is to be transferred, then only authentication and key storage are performed with smart cards. The model currently uses 3DES with smart card encryption and decryption, because this is faster and consumes fewer resources when compared to RSA. Once again, the model design is flexible to accommodate new algorithms such as AES or IDEA. Important aspects of the dissertation are the study and analysis of the security attacks on smart card use. Several smart card attack scenarios are presented in CHAPTER 3, and their possible prevention is also discussed in detail. AFRIKAANS : Hierdie verhandeling bied die bevindinge van 'n generiese model wat daarop gemik is om veilige kommunikasie te voorsien met 'n afstandsrekenaar via die Internet en op slimkaarte gebaseer. Die resultate en bevindings word ontleed en breedvoerig aangebied, veral die gedrag en werkverrigting van slimkaarte wanneer hulle gebruik word om die kriptografiese funksionaliteit te voorsien. Daar word twee geïmplementeerde modelle aangebied. Die eerste model gebruik SSL om die kommunikasiekanaal oor die Internet te beveilig terwyl slimkaarte vir gebruikerbekragtiging en stoor van kriptografiese sleutels gebruik word. Die tweede model bied die SSH vir kanaalsekuriteit en slimkaarte vir gebruikergeldigheidvasstelling, sleutelstoor en werklike kodering en dekodering van data. Die model wat aangebied word, is modulêr en generies van aard, wat beteken dat dit maklik gewysig kan word om die jongste protokolle te aanvaar deur bloot die protokolle by 'n programbiblioteek met geringe of geen wysiging van beide die bediener- en kliënttoepassingsagteware in te sluit. Byvoorbeeld, enige nuwe algoritme vir kodering, sleuteluitruiling, handtekening of boodskapbondeling kan maklik in die stelsel gehuisves word, wat bewys dat die model generies is en maklik in jonger tegnologieë geïntegreer kan word. Slimkaarte word op soortgelyke wyse vir kriptografie gebruik. Daar word twee keuses aangebied: eerstens stoor die slimkaarte slegs die algoritmesleutels en gebruikergeldigheidvasstelling en tweedens word slimkaarte gebruik om die algoritmesleutels, gebruikergeldigheidvasstelling en werklike datakodering en –dekodering te stoor na gelang van wat vereis word. Dit is baie nuttig, byvoorbeeld, wanneer data wat oorgedra moet word, tot 'n paar grepe beperk is, word die eintlike datakodering en – dekodering uitgevoer deur slimkaarte te gebruik. Andersyds, indien 'n groot hoeveelheid data oorgedra moet word, word slegs geldigheidvasstelling en stoor met slimkaarte uitgevoer. Die model gebruik tans 3DES met slimkaartkodering en –dekodering omdat dit vinniger is en minder hulpbronne gebruik vergeleke met RSA. Die modelontwerp is weer eens buigsaam om nuwe algoritmes soos AES of IDEA te huisves. Nog 'n belangrike aspek van die verhandeling is om die sekuriteitaanvalle op slimkaartgebruik te ondersoek en te ontleed. Verskeie slimkaartaanvalscenario's word in Hoofstuk 3 aangebied en die moontlike voorkoming daarvan word ook breedvoerig bespreek. / Dissertation (MEng)--University of Pretoria, 2011. / Electrical, Electronic and Computer Engineering / unrestricted

Cryptography

Security

Pki

Des

Ssl

Sim kaart

Ssh

Kriptografie

Des

Sekuriteit

Iso7816

Smart card

UCTD

Hantering av mät-filer från Wi-Fi fjärrkontroll / MANAGEMENT OF MEASUREMENT FILES FROM WI-FI REMOTE CONTROL

Kalo, Alexander

January 2021

A measuring system Striton has been developed at the department of biomedicalengineering, University Hospital of Umeå, for motion analysis using motion sensors whichattaches to the patient’s lower body to assess the risk for potential neurological andmusculoskeletal damage. The measuring system is comprised of two motion sensor unitsand a remote control where data is gathered based on step height, step width, theorientation of the calves and step frequency. The motion sensor units which attach to thecalves are comprised of a MCU with a built in Wi-Fi module, a IMU and and time-of-flightsensors. Data is transferred through Wi-Fi and stored on a SD-card as CSV-files on theremote control which is comprised of a Raspberry Pi Zero WH running a Linux operatingsystem (Raspbian). The remote control also has the functions to initiate and complete ameasurement as well as mark an event. The extraction of data from the remote control toanother unit for analysis occurs through SSH and SFTP using third-party programs whichmay require technical knowledge. A unique software was designed specifically for Stritonfor the operating system Windows 10 using Visual Studio (2019) which provides thefunctions to connect to a predefined Wi-Fi access point as well as automatically reconnectto previously connected access point at shutdown, connect through SFTP, list the savedfiles on the remote control, perform file operations, synchronize the date and time on theremote control as well as change settings in the software which is saved locally in a settingsfile. The user interface is minimalistic with the intention to reduce complexity and timerequirement to extract the data from the measuring system Striton. / Ett mätsystem Striton har utvecklats av CMTS, Medicinsk Teknik – FoU på NorrlandsUniversitetssjukhus för rörelseanalys med hjälp av rörelsesensorer som fästs på patientensunderben för att bedöma en potentiell neurologisk samt muskuloskeletal skada.Mätsystemet består av två sensorenheter samt en fjärrkontroll där data samlas in baseratpå höjd av steg, stegbredd, underbenens orientering samt stegfrekvens. Sensorenheternasom fästs på underbenen består av en MCU med inbyggd Wi-Fi modul, IMU och time-offlight sensorer. Data förs över via Wi-Fi och lagras på ett SD-kort i form av CSV-filer påfjärrkontrollen beståendes av en Raspberry Pi Zero WH som driver ett Linuxoperativsystem (Raspbian). Fjärrkontrollen har även funktionerna att kunna starta ochstoppa en mätning samt markera en händelse. Extrahering av data från fjärrkontrollen tillen annan enhet för analys sker via SSH och SFTP med hjälp av tredjepartsprogram som kankräva teknisk kunskap. En unik programvara designades specifikt för Striton tilloperativsystemet Windows 10 i miljön Visual Studio (2019) och tillhandahålleregenskaperna att kunna ansluta till en bestämd Wi-Fi åtkomstpunkt samt automatisktåteransluta till föregående åtkomstpunkt vid avslut, ansluta via SFTP, visa sparade filer frånfjärrkontrollen, utföra filoperationer, synkronisera datum och tid på fjärrkontrollen samtändra inställningar i programvaran som sparas i en lokal inställningsfil. Gränssnittet ärminimalistiskt med syfte att reducera komplexiteten samt tidsåtgången för extrahering avdata från mätsystemet Striton.

Wi-Fi

ssh

sftp

ftp

visual studios

C#

gånganalys

sensor

Striton

Computer Systems

Datorsystem

Aplikace pro monitorování sítí / Application for Monitoring of IP Networks

Šmalec, Ondřej

January 2019

Diplomová práce popisuje vytvoření aplikace pro monitorování síťových zařízení. Výsledky jsou zobrazené jako grafické uživatelské rozhraní společně s vykreslenou topologií. Aplikace je z velké části napsána v jazyce Python. Pro získávání informací z topologie jsou využity protokoly SNMP a SSH. Hlavní cíl je vytvořit aplikaci, která monitoruje síťová zařízení a vykresluje tuhle topologii do grafického uživatelského rozhraní. Tato aplikace reaguje dynamicky na změny v monitorovací topologii.

Virtuální servery s operačním systémem Fedora / Virtual servers with Fedora operating system

Gajdušek, Ondřej

January 2021

This thesis deals with the PlanetLab Server Manager application whose aim is to simplify application development within the experimental distributed network PlanetLab. Thesis presents the PlanetLab network and describes its infrastructure. Application PlanetLab Server Manager, shortly abbreviated as plbmng, is described, its current state is evaluated and the existing functionality is presented to the reader. Further work focuses mainly on the implementation of the new functionality that is a software distribution and job scheduling to run the software at the specified time. The last part of the work presents an experiment that demonstrates a real-life usage of the newly added functionality. Work results are published at the public repository on the GitLab platform. The application was published at the package index for Python Packages - PyPI.

Systém správy konfigurací páteřní sítě Cisco / Configuration management for Cisco backbone network

Bartoš, Jan

January 2010

The main aim of the master thesis was to create an application for backbone network configuration management. The priority of the application was to be effective and easy to take. Program has to be able to communicate with network devices by remote control and to download and upload configuration files. The program has enable also availability verification for remote control. For this purpose the ICMP protocol was used. The remote control is provided by telnet protocol and the protocol TFTP has been chosen for file tranfers providing. The application is a multithreading application based on the Java programming language. The Java graphic library Swing was used for GUI creation. The application supports file versioning, the configuration of the program can be saved as a text file, which can be easy changed by user. The program and its features are described in the second part of this thesis. The first part deals with theoretical facts about the IP networks and remote control of the Cisco backbone network devices.

Verifikace pozice serverů sítě PlanetLab / Verification of PlanetLab servers location

Pružinský, Ján

January 2014

The main objective of this thesis is to analyze the nodes of PlanetLab network. The analysis is focusing mainly on verifying the availability of nodes and on verifying the physical position of nodes. Individual nodes are tested for availability of ICMP protocol and SSH protocol. Availability of ICMP protocol is verified by using ping program. The main part of the thesis is devoted to verifying the addresses of nodes. Identified addresses are compared with entered addresses and the resulting conformity is evaluated at the level of the state, county, city and streets. Precision of specified address estimation is calculated based on given GPS coordinates. This thesis also deals with the dividing of nodes based on calculated usability index and accuracy index. The theoretical part contains a description of an experimental PlanetLab network and Google Geocoding API.

Detekce pomalých síťových útoků / Detection of Slow Network Attacks

Pacholík, Václav

January 2014

This master's thesis is aimed how can be network traffic monitored using IP flows. The description of NEMEA framework that can be used to build complex intrusion detection system. Following chapters describes port scanning methods and SSH protocol which can be used for remote login to the system, which can be exploited by an attacker. These two areas are intended to be detected in a slow attack manner, when attacker using low attack speed, which he can evade multiple detection methods. Proposed method for detection such attacks is using information from the last few connections. Finally, proposed detection method results are further described.