Modern trends and methodology of personal data protection by Raspberry PI means

Размещено на http://www.allbest.ru/

Modern trends and methodology of personal data protection by raspberry pi means

Lavrenchuk S., Kostiuchko S., Vozniak A., Bulik A.

Lutsk National Technical University

Анотація

Лавренчук С., Костючко С., Возник А., Булік А. Сучасні тенденції та методологія захисту персональних даних засобами RASPBERRY PI. У даній статті досліджено аспекти розвитку процедури захисту інформації на базі розробки програмного забезпечення. В процесі розробки за основу береться платформа RASPBERRY PI та система Raspbian. Розглянуто основні вразливі місця та можливості впливу сторонніми засобами на керування досліджуваного об'єкту, як приклад «розумний дім». Ключові слова: Raspberry PI, розумний дім, захист інформації, Raspbian.

Лавренчук С., Костючко С., Возник А., Булик А. Современные тенденции и методология защиты персональных данных средствами RASPBERRY PI. В данной статье исследованы аспекты развития процедуры защиты информации на базе разработки программного обеспечения. В процессе разработки за основу берется платформа RASPBERRY PI и система Raspbian. Рассмотрены основные уязвимые места и возможности влияния сторонними средствами управления исследуемого объекта, как пример «умный дом». Ключевые слова: Raspberry PI, умный дом, защита информации, Raspbian.

Lavrenchuk S., Kostiuchko S., Vozniak A., Bulik A. Modern trends and methodology of personal data protection by RASPBERRY PI means. In this article, the aspects of the development of information security procedures based on software development are investigated. The RASPBERRY PI platform and Raspbian system are based on the development process. The main vulnerable places and possibilities of external influence on the management of the investigated object, such as the "smart home", are considered.

Key words: Raspberry PI, Clever House, Information Protection, Raspbian.

Introduction

Modern IoT technologies are so rapidly integrated into our everyday lives that no one is surprised by the smart home system. However, not everything is as simple as it may seem at first glance: despite the widespread popularity of smart home systems, there was still no unified solution that would allow the management of devices (complex components) from different manufacturers.

One of these things is Raspberry PI, whose scope is wide enough. This device is not very powerful, but it is a fully-fledged computer. At home, the Raspberry PI device is used for various purposes: creating a home media server; as a storage server; as a "think tank" for automated machines or robots; as the home automation server "smart home".

information software platform raspberry

An analysis of current market trends

In the Ukrainian market for systems "smart home", mainly use foreign-development. Most of the major global IT developers offer consumers a wide range of products designed to create a "smart home" system. Basically it's the leading companies like ABB, MERTEN, GIRA, JUNG, SIEMENS (all-Germany), AMX Corporations, CRYDOM, DALLAS SEMICONDUCTOR, LUTRON, HONEYWEL (all-US), Philips (Holland) and many more. In particular, AMX and Crestron touch panels are used to control audio and video equipment.

The GlobalLogic developer team has developed its software, the Gateway SDK (software development kit), which provides the smart home complex components management. GL SmartHome Cloud Solution supports 55 devices and their number is constantly increasing. Among the local devices are Philips colored lamps, Honeywell thermostat, Nest camera and others. The article suggests using Amazon Web Services, an innovative hardware platform (ARM Cortex: Qualcomm Dragonboard 410, x86-64: Any) and IoT connection stacks. Remote access of the user to interconnected devices of a smart home is through such wireless interfaces as Z-Wave, Zigbee and Wi-Fi protocols.

Fundamentals of modeling and programming "smart home".

This article focuses on using Wi-Fi modules that are managed by MQTT:

Sonoff World On relay;

Wireless switch Sonoff Light;

Sonoff AM2301 temperature sensors.

These components connect to a special openHAB service that implements a single bus, thus allowing all devices with different protocols to be joined to a single network.

SV Relay

Figure 1 - Sonoff relay

Basic relay firmware does not allow to use all functions so it needs to be sewn. With the ESP32 Flash Download Tool and the USB-UART adapter, connect to the Serial-TTL contacts and install our own firmware. Below is a snippet of the relay re-connection function to the network.

The openHAB service installs a Cloud Connector extension that lets you connect an Android app to the home control panel.

Figure 2 - Android openHAB application

Personal data protection methodology

When using the system of "smart home" it is mandatory to use modern information and technical means. Unfortunately, the latest technology also needs new approaches in protecting personal data and ensuring the integrity of the system. In order to protect themselves from attacks from the side of the intruders, it is necessary to clearly imagine from which side to wait for the invasion and how they are happening. The next stage of the project is the development of a system that allows PCs remote control by Raspberry PI means.

The project uses the Raspberry PI Zero W single-board microcomputer, an Ethernet to USB adapter, an OTG cable, a microSD card and an adapter for a microSD card.

Figure 3 - Mini PC Raspberry PI Zero W

SoC - Broadcom BCM2837;

CPU - Single Core ARM11 @ 1Ghz;

GPU - Broadcom VedioCore IV;

RAM - 512MB LPDDR2;

ROM - MicroSD;

Wi-Fi - 802.11n (chip BCM43438);

Bluetooth - Bluetooth 4.1, Bluetooth LE;

Connectors - microUSB OTG x 1, GPIO (40-pin), mini-HDMI, CSI.

Installing and configuring software procedure.

As for the software part, Raspbian firmware will be needed. It can be downloaded from the official raspberrypi.org website.

The next step is installing the Raspbian firmware, using the win32diskimager program, as well as creating the ssh file at the root of the flash drive. After installing the firmware, a flash drive is inserted into the Raspberry itself. Next step, the Ethernet cable is inserted into the adapter, and the adapter itself connects through the OTG cable to the healed mini-computer.

Using the ip scanner, Raspberry is searched on the network. In next step opens Putty, connects to this ip address, and inputs data for authorization.

After authorization, Wi-Fi is configured:

sudo iwlist wlanO scan - scans Wi-Fi network;

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf - opens the configuration file wpa-supplicant in the nano editor;

at the bottom of the wpa-supplicant file is given:

network={

ssid="name_network"

psk="password"

}.

In next step the HID-Backdoor "P4wnP1" is installed and configured.

After installing Backdoor, the device restarts with the command "sudo shutdown now", as well as disconnects all cables currently connected to Raspberry. Then device connects to the computer using a USB cable, and the full load of Raspberry data takes about 2 minutes. From the attacking computer we connected to the newly created Wi-Fi network "P4wnP1". Through ssh the connection to the Raspberry itself is carried out and the authorization process is carried out. Next, the line "network_only" is commented on and the comment is taken from the line "hid_backdoor", the device restarts.

The functionality is virtually limitless, it is a remote Wi-Fi access from the Raspberry device. The computer with unauthorized access is connected to Raspberry via a USB cable. Through Wi-Fi, there is a connection between Raspberry and the attacking computer that sends the commands to Raspberry, which sends the commands to the attacked computer.

Conclusions

The system under consideration is widely used. It has high performance and different applications. The demonstrated penetration method allows the user to explore the possibilities of protection and to develop methods that will prevent them. It also provides an opportunity to explore the disadvantages of the Raspberry PI and optimize the «smart home» system, which will provide the comfort and security of the average user.

Literature

1. The Raspberry Pi is truly one of the greatest inventions today. With such a tiny device, great things can be achieved.

2. Upton, E. & Halfacree, G., 2012. Raspberry Pi: User Guide. Chichester, West Sussex, UK: John Wiley & Sons Ltd.

3. Hsu, J.Y., 2002. Computer Logic Design: Design Principles and Applications. New York, USA: Springer.

4. Pressman, R.S., 2010. Software Engineering - A Practioner's Approach. 7th ed. New York: McGraw-Hill.

5. Skrobanski, S. et al., 2012. Advances in Intelligent Data Analysis XI. In Hollmen, J., Klawonn, F. & Tucker, A., eds. 11th International Symposium, Intelligent Data Analysis. Helsinki, Finland, 2012. Springer-Verlag Berlin Heidelberg.

6. Olomon, C. & Breckon, T., 2011. Fundamentals of Digital Image Processing: APractical Approach with Examples in MATLAB. 1st ed. Chichester, West Sussex, UK: John Wiley & Sons Ltd.

7. Sommerville, I., 2001. Software Engineering. 6th ed. Essex, England: Pearson Education Limited.

8. Yager, R.R., 2008. Uncertainty and Intelligent Information Systems. 1st ed. Toh Tuck Link, Singapore: World Scientific Publishing Co. Pte. Ltd.

9. Agarwal, B.B. & Tayal, S.P., 2007. Software Engineering. 1st ed. New Delhi, India: Laxmi Publications Pvt. Ltd.

Размещено на Allbest.ru