Browse > Article
http://dx.doi.org/10.15207/JKCS.2017.8.11.021

Research about Security Attack Methods to Arduino Boards Using Temporary Files Data Manipulation  

Lee, Woo Ho (Interdisciplinary Program of Information Security, Chonnam National University)
Jung, Hyun Mi (Center for Supercomputer Development, Korea Institute of Science and Technology Information)
Jeong, Kimoon (Center for Supercomputer Development, Korea Institute of Science and Technology Information)
Publication Information
Journal of the Korea Convergence Society / v.8, no.11, 2017 , pp. 21-27 More about this Journal
Abstract
Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.
Keywords
IoT security; Arduino; OSHW; Security attack; Hacking;
Citations & Related Records
연도 인용수 순위
  • Reference
1 https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/mirai-botnet/.
2 Alexander Khalimonenko, Oleg Kupreev, "DDOS attacks in Q1 2017", Securelist, 05. 2017
3 Javid Habibi, Aditi Gupa, Stephen Carlsony, Ajay Panicker, "MAVR : Code Reuse Stealthy Attacks and Mitigation on Unmanned Aerial Vehicles," 2015 IEEE 35th International Conference on Distributed Computing Systems, 2015.
4 Massimo Banzi, "Arduino, Open Source Hardware Summit Speech", OSHW Summit, 09.2011.
5 http://www.atmel.com/products/microcontrollers/avr/default.aspx
6 Lucas Davi, Ahmad-Reza, "ROP defender: A detection tool to defend against return-oriented programming attacks", System Security Lab, Ruhr University Bochum, Germany, 03, 2010.
7 Ralf Hund, Carsten Willems, "Practical Timing Side Channel Attacks against Kernel Space ASLR," 2013 IEEE Symposium on Security and Privacy, pp. 191-205, 2013.
8 Martin Abadi, Mihai Budiu, "Control-Flow Integrity Principles, Implementations, and Applications," ACM Transactions on Information and System Security, Vol. 13, No. 1, Article 4, pp. 1-40, 2009.
9 H. S. Ryu, "A Study on the Security Architecture for Secure Smart Home System in IoT", Department of Computer Engineering, Ajou University, 12. 2015.
10 "The Internet of Things: The Next Growth Engine for the Semiconductor Industrt." PWC, 2015, 3. pp. 23,26.
11 https://www.arduino.cc/en/Guide/Introduction..
12 https://www.raspberrypi.org/.
13 https://beagleboard.org/.
14 Matthew Ahlmeyer, Alina M. Chircu, ,"SECURING THE INTERNET OF THINGS: A REVIEW", Issues in Information Systems, Volume 17, Issue IV, pp. 21-28, 2016
15 W. H. Lee, S. M. Kang, C. S. Lim, B. N. Noh, "Research on Memory Initialization through Using Ardunio Temporary Files," KIPS 2016, Vol 23, No 2, 2016.
16 Sergio Pastrana, "AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices", DIMVA, 07.2016.