Modern trends and methodology of personal data protection by Raspberry PI means
Research of aspects of information protection procedure development on the basis of software development. Characteristics of the Raspberry PI platform and the Raspbian system. Possibilities of influence of third-party means on management of object.
Рубрика | Программирование, компьютеры и кибернетика |
Вид | статья |
Язык | английский |
Дата добавления | 29.10.2020 |
Размер файла | 484,7 K |
Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже
Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.
Размещено на http://www.allbest.ru/
Modern trends and methodology of personal data protection by raspberry pi means
Lavrenchuk S., Kostiuchko S., Vozniak A., Bulik A.
Lutsk National Technical University
Анотація
Лавренчук С., Костючко С., Возник А., Булік А. Сучасні тенденції та методологія захисту персональних даних засобами RASPBERRY PI. У даній статті досліджено аспекти розвитку процедури захисту інформації на базі розробки програмного забезпечення. В процесі розробки за основу береться платформа RASPBERRY PI та система Raspbian. Розглянуто основні вразливі місця та можливості впливу сторонніми засобами на керування досліджуваного об'єкту, як приклад «розумний дім». Ключові слова: Raspberry PI, розумний дім, захист інформації, Raspbian.
Лавренчук С., Костючко С., Возник А., Булик А. Современные тенденции и методология защиты персональных данных средствами RASPBERRY PI. В данной статье исследованы аспекты развития процедуры защиты информации на базе разработки программного обеспечения. В процессе разработки за основу берется платформа RASPBERRY PI и система Raspbian. Рассмотрены основные уязвимые места и возможности влияния сторонними средствами управления исследуемого объекта, как пример «умный дом». Ключевые слова: Raspberry PI, умный дом, защита информации, Raspbian.
Lavrenchuk S., Kostiuchko S., Vozniak A., Bulik A. Modern trends and methodology of personal data protection by RASPBERRY PI means. In this article, the aspects of the development of information security procedures based on software development are investigated. The RASPBERRY PI platform and Raspbian system are based on the development process. The main vulnerable places and possibilities of external influence on the management of the investigated object, such as the "smart home", are considered.
Key words: Raspberry PI, Clever House, Information Protection, Raspbian.
Introduction
Modern IoT technologies are so rapidly integrated into our everyday lives that no one is surprised by the smart home system. However, not everything is as simple as it may seem at first glance: despite the widespread popularity of smart home systems, there was still no unified solution that would allow the management of devices (complex components) from different manufacturers.
One of these things is Raspberry PI, whose scope is wide enough. This device is not very powerful, but it is a fully-fledged computer. At home, the Raspberry PI device is used for various purposes: creating a home media server; as a storage server; as a "think tank" for automated machines or robots; as the home automation server "smart home".
information software platform raspberry
An analysis of current market trends
In the Ukrainian market for systems "smart home", mainly use foreign-development. Most of the major global IT developers offer consumers a wide range of products designed to create a "smart home" system. Basically it's the leading companies like ABB, MERTEN, GIRA, JUNG, SIEMENS (all-Germany), AMX Corporations, CRYDOM, DALLAS SEMICONDUCTOR, LUTRON, HONEYWEL (all-US), Philips (Holland) and many more. In particular, AMX and Crestron touch panels are used to control audio and video equipment.
The GlobalLogic developer team has developed its software, the Gateway SDK (software development kit), which provides the smart home complex components management. GL SmartHome Cloud Solution supports 55 devices and their number is constantly increasing. Among the local devices are Philips colored lamps, Honeywell thermostat, Nest camera and others. The article suggests using Amazon Web Services, an innovative hardware platform (ARM Cortex: Qualcomm Dragonboard 410, x86-64: Any) and IoT connection stacks. Remote access of the user to interconnected devices of a smart home is through such wireless interfaces as Z-Wave, Zigbee and Wi-Fi protocols.
Fundamentals of modeling and programming "smart home".
This article focuses on using Wi-Fi modules that are managed by MQTT:
Sonoff World On relay;
Wireless switch Sonoff Light;
Sonoff AM2301 temperature sensors.
These components connect to a special openHAB service that implements a single bus, thus allowing all devices with different protocols to be joined to a single network.
SV Relay
Figure 1 - Sonoff relay
Basic relay firmware does not allow to use all functions so it needs to be sewn. With the ESP32 Flash Download Tool and the USB-UART adapter, connect to the Serial-TTL contacts and install our own firmware. Below is a snippet of the relay re-connection function to the network.
The openHAB service installs a Cloud Connector extension that lets you connect an Android app to the home control panel.
Figure 2 - Android openHAB application
Personal data protection methodology
When using the system of "smart home" it is mandatory to use modern information and technical means. Unfortunately, the latest technology also needs new approaches in protecting personal data and ensuring the integrity of the system. In order to protect themselves from attacks from the side of the intruders, it is necessary to clearly imagine from which side to wait for the invasion and how they are happening. The next stage of the project is the development of a system that allows PCs remote control by Raspberry PI means.
The project uses the Raspberry PI Zero W single-board microcomputer, an Ethernet to USB adapter, an OTG cable, a microSD card and an adapter for a microSD card.
Figure 3 - Mini PC Raspberry PI Zero W
SoC - Broadcom BCM2837;
CPU - Single Core ARM11 @ 1Ghz;
GPU - Broadcom VedioCore IV;
RAM - 512MB LPDDR2;
ROM - MicroSD;
Wi-Fi - 802.11n (chip BCM43438);
Bluetooth - Bluetooth 4.1, Bluetooth LE;
Connectors - microUSB OTG x 1, GPIO (40-pin), mini-HDMI, CSI.
Installing and configuring software procedure.
As for the software part, Raspbian firmware will be needed. It can be downloaded from the official raspberrypi.org website.
The next step is installing the Raspbian firmware, using the win32diskimager program, as well as creating the ssh file at the root of the flash drive. After installing the firmware, a flash drive is inserted into the Raspberry itself. Next step, the Ethernet cable is inserted into the adapter, and the adapter itself connects through the OTG cable to the healed mini-computer.
Using the ip scanner, Raspberry is searched on the network. In next step opens Putty, connects to this ip address, and inputs data for authorization.
After authorization, Wi-Fi is configured:
sudo iwlist wlanO scan - scans Wi-Fi network;
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf - opens the configuration file wpa-supplicant in the nano editor;
at the bottom of the wpa-supplicant file is given:
network={
ssid="name_network"
psk="password"
}.
In next step the HID-Backdoor "P4wnP1" is installed and configured.
After installing Backdoor, the device restarts with the command "sudo shutdown now", as well as disconnects all cables currently connected to Raspberry. Then device connects to the computer using a USB cable, and the full load of Raspberry data takes about 2 minutes. From the attacking computer we connected to the newly created Wi-Fi network "P4wnP1". Through ssh the connection to the Raspberry itself is carried out and the authorization process is carried out. Next, the line "network_only" is commented on and the comment is taken from the line "hid_backdoor", the device restarts.
The functionality is virtually limitless, it is a remote Wi-Fi access from the Raspberry device. The computer with unauthorized access is connected to Raspberry via a USB cable. Through Wi-Fi, there is a connection between Raspberry and the attacking computer that sends the commands to Raspberry, which sends the commands to the attacked computer.
Conclusions
The system under consideration is widely used. It has high performance and different applications. The demonstrated penetration method allows the user to explore the possibilities of protection and to develop methods that will prevent them. It also provides an opportunity to explore the disadvantages of the Raspberry PI and optimize the «smart home» system, which will provide the comfort and security of the average user.
Literature
1. The Raspberry Pi is truly one of the greatest inventions today. With such a tiny device, great things can be achieved.
2. Upton, E. & Halfacree, G., 2012. Raspberry Pi: User Guide. Chichester, West Sussex, UK: John Wiley & Sons Ltd.
3. Hsu, J.Y., 2002. Computer Logic Design: Design Principles and Applications. New York, USA: Springer.
4. Pressman, R.S., 2010. Software Engineering - A Practioner's Approach. 7th ed. New York: McGraw-Hill.
5. Skrobanski, S. et al., 2012. Advances in Intelligent Data Analysis XI. In Hollmen, J., Klawonn, F. & Tucker, A., eds. 11th International Symposium, Intelligent Data Analysis. Helsinki, Finland, 2012. Springer-Verlag Berlin Heidelberg.
6. Olomon, C. & Breckon, T., 2011. Fundamentals of Digital Image Processing: APractical Approach with Examples in MATLAB. 1st ed. Chichester, West Sussex, UK: John Wiley & Sons Ltd.
7. Sommerville, I., 2001. Software Engineering. 6th ed. Essex, England: Pearson Education Limited.
8. Yager, R.R., 2008. Uncertainty and Intelligent Information Systems. 1st ed. Toh Tuck Link, Singapore: World Scientific Publishing Co. Pte. Ltd.
9. Agarwal, B.B. & Tayal, S.P., 2007. Software Engineering. 1st ed. New Delhi, India: Laxmi Publications Pvt. Ltd.
Размещено на Allbest.ru
...Подобные документы
Practical acquaintance with the capabilities and configuration of firewalls, their basic principles and types. Block specific IP-address. Files and Folders Integrity Protection firewalls. Development of information security of corporate policy system.
лабораторная работа [3,2 M], добавлен 09.04.2016IS management standards development. The national peculiarities of the IS management standards. The most integrated existent IS management solution. General description of the ISS model. Application of semi-Markov processes in ISS state description.
дипломная работа [2,2 M], добавлен 28.10.2011Распространение одноплатных компьютеров. Основные преимущества материнской платы ATX по сравнению с SBC. Поддержка ЖК-панелей. Оптимизированные свободные операционные системы. Технические характеристики Raspberry Pi, Oval Elephant, Waysmall Silverlode.
курсовая работа [1,9 M], добавлен 01.04.2013Модули, входящие в пакет программного обеспечения. Project Menagement, Methodology Management, Portfolio Analysis, Timesheets, myPrimavera, Software Development Kit, ProjectLink. Иерархическая структура Primavera и ее взаимосвязь с программой MS Project.
контрольная работа [9,5 K], добавлен 18.11.2009American multinational corporation that designs and markets consumer electronics, computer software, and personal computers. Business Strategy Apple Inc. Markets and Distribution. Research and Development. Emerging products – AppleTV, iPad, Ping.
курсовая работа [679,3 K], добавлен 03.01.2012Information security problems of modern computer companies networks. The levels of network security of the company. Methods of protection organization's computer network from unauthorized access from the Internet. Information Security in the Internet.
реферат [20,9 K], добавлен 19.12.2013Consideration of a systematic approach to the identification of the organization's processes for improving management efficiency. Approaches to the identification of business processes. Architecture of an Integrated Information Systems methodology.
реферат [195,5 K], добавлен 12.02.2016A database is a store where information is kept in an organized way. Data structures consist of pointers, strings, arrays, stacks, static and dynamic data structures. A list is a set of data items stored in some order. Methods of construction of a trees.
топик [19,0 K], добавлен 29.06.2009Data mining, developmental history of data mining and knowledge discovery. Technological elements and methods of data mining. Steps in knowledge discovery. Change and deviation detection. Related disciplines, information retrieval and text extraction.
доклад [25,3 K], добавлен 16.06.2012Technical and economic characteristics of medical institutions. Development of an automation project. Justification of the methods of calculating cost-effectiveness. General information about health and organization safety. Providing electrical safety.
дипломная работа [3,7 M], добавлен 14.05.2014The material and technological basis of the information society are all sorts of systems based on computers and computer networks, information technology, telecommunication. The task of Ukraine in area of information and communication technologies.
реферат [29,5 K], добавлен 10.05.2011Review of development of cloud computing. Service models of cloud computing. Deployment models of cloud computing. Technology of virtualization. Algorithm of "Cloudy". Safety and labor protection. Justification of the cost-effectiveness of the project.
дипломная работа [2,3 M], добавлен 13.05.2015Сущность, понятие баз данных. Краткая характеристика MS Access. Обеспечение сохраняемости объектов. Архитектура Object Data Management Group. Объектные расширения реляционных СУБД. Концептуальные особенности систем управления активными базами данных.
курсовая работа [48,1 K], добавлен 17.05.2013Overview history of company and structure of organization. Characterization of complex tasks and necessity of automation. Database specifications and system security. The calculation of economic efficiency of the project. Safety measures during work.
дипломная работа [1009,6 K], добавлен 09.03.2015Overview of social networks for citizens of the Republic of Kazakhstan. Evaluation of these popular means of communication. Research design, interface friendliness of the major social networks. Defining features of social networking for business.
реферат [1,1 M], добавлен 07.01.2016Архитектура операционной системы Android. Инструменты Android-разработчика. Установка Java Development Kit, Eclipse IDE, Android SDK. Настройка Android Development Tools. Разработка программы для работы с документами и для осуществления оперативной связи.
курсовая работа [2,0 M], добавлен 19.10.2014Основные алгоритмические структуры. Запись алгоритма в словесной форме, в виде блок-схемы. Система команд исполнителя. Язык высокого уровня. Создание программы и её отладка. Интегрированные среды разработки: Integrated Development Environment, IDE.
лекция [61,7 K], добавлен 09.10.2013Web Forum - class of applications for communication site visitors. Planning of such database that to contain all information about an user is the name, last name, address, number of reports and their content, information about an user and his friends.
отчет по практике [1,4 M], добавлен 19.03.2014Social network theory and network effect. Six degrees of separation. Three degrees of influence. Habit-forming mobile products. Geo-targeting trend technology. Concept of the financial bubble. Quantitative research method, qualitative research.
дипломная работа [3,0 M], добавлен 30.12.2015History of development. Building Automation System (BMS) and "smart house" systems. Multiroom: how it works and ways to establish. The price of smart house. Excursion to the most expensive smart house in the world. Smart House - friend of elders.
контрольная работа [26,8 K], добавлен 18.10.2011