Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Research about Security Attack Methods to Arduino Boards Using Temporary Files Data Manipulation

임시파일 데이터 조작을 통한 아두이노 보드 공격 기법에 관한 연구

  • Lee, Woo Ho (Interdisciplinary Program of Information Security, Chonnam National University) ;
  • Jung, Hyun Mi (Center for Supercomputer Development, Korea Institute of Science and Technology Information) ;
  • Jeong, Kimoon (Center for Supercomputer Development, Korea Institute of Science and Technology Information)
  • 이우호 (전남대학교 정보보안협동과정) ;
  • 정현미 (한국과학기술정보연구원 슈퍼컴퓨터개발센터) ;
  • 정기문 (한국과학기술정보연구원 슈퍼컴퓨터개발센터)
  • Received : 2017.09.26
  • Accepted : 2017.11.20
  • Published : 2017.11.28
Download PDF
⟨ Previous Next ⟩

Abstract

Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.

초연결사회를 지향하기 위해 발전하고 있는 사물인터넷(Internet of Things)은 아두이노 등의 OSHW(Open Source Hardware)를 기반으로 두고 있으며 다양한 소형 제품 등이 등장하고 있다. 이러한 사물인터넷은 저성능, 저메모리라는 한계로 인하여 강력한 보안 기술을 적용하기 어렵다는 심각한 정보보안 문제를 야기하고 있다. 본 논문에서는 사물인터넷 기기로 주로 사용되는 아두이노의 응용프로그램이 호스트컴퓨터에서 컴파일과 로딩이 수행됨에 따라 발생할 수 있는 취약성을 분석하여 아두이노 보드의 센서로부터 입력되는 값을 공격자가 임의로 변경할 수 있는 새로운 공격 방법을 제안한다. 이러한 방법을 통해 아두이노 보드가 환경정보를 오인식하여 정상적인 동작이 불가능하게 할 수 있다. 이러한 공격 기법의 이해를 통해 안전한 개발환경 구축방안을 고려할 수 있으며 이러한 공격으로부터 대응할 수 있다.

Keywords

References

  1. H. S. Ryu, "A Study on the Security Architecture for Secure Smart Home System in IoT", Department of Computer Engineering, Ajou University, 12. 2015.
  2. "The Internet of Things: The Next Growth Engine for the Semiconductor Industrt." PWC, 2015, 3. pp. 23,26.
  3. https://www.arduino.cc/en/Guide/Introduction..
  4. https://www.raspberrypi.org/.
  5. https://beagleboard.org/.
  6. Matthew Ahlmeyer, Alina M. Chircu, ,"SECURING THE INTERNET OF THINGS: A REVIEW", Issues in Information Systems, Volume 17, Issue IV, pp. 21-28, 2016
  7. https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/mirai-botnet/.
  8. Alexander Khalimonenko, Oleg Kupreev, "DDOS attacks in Q1 2017", Securelist, 05. 2017
  9. Javid Habibi, Aditi Gupa, Stephen Carlsony, Ajay Panicker, "MAVR : Code Reuse Stealthy Attacks and Mitigation on Unmanned Aerial Vehicles," 2015 IEEE 35th International Conference on Distributed Computing Systems, 2015.
  10. Massimo Banzi, "Arduino, Open Source Hardware Summit Speech", OSHW Summit, 09.2011.
  11. http://www.atmel.com/products/microcontrollers/avr/default.aspx
  12. Lucas Davi, Ahmad-Reza, "ROP defender: A detection tool to defend against return-oriented programming attacks", System Security Lab, Ruhr University Bochum, Germany, 03, 2010.
  13. Ralf Hund, Carsten Willems, "Practical Timing Side Channel Attacks against Kernel Space ASLR," 2013 IEEE Symposium on Security and Privacy, pp. 191-205, 2013.
  14. Martin Abadi, Mihai Budiu, "Control-Flow Integrity Principles, Implementations, and Applications," ACM Transactions on Information and System Security, Vol. 13, No. 1, Article 4, pp. 1-40, 2009.
  15. Sergio Pastrana, "AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices", DIMVA, 07.2016.
  16. W. H. Lee, S. M. Kang, C. S. Lim, B. N. Noh, "Research on Memory Initialization through Using Ardunio Temporary Files," KIPS 2016, Vol 23, No 2, 2016.