GithubHelp home page GithubHelp logo

iot_final's Introduction

IOT Final - OM2M Security Enhancement

Feature

  1. Information Leak Defense
    • Problem : When use http, the packet content will be leaked XXX
    • Solution : Enable HTTPS to encrypt packet content
  2. Brute Attack Defense
    • Problem : Attacker can guess the password endlessly until cracks it
    • Solution : Block user after 5 failed login attempts

Initialization

  1. Clone this project
  2. Re-build the project 
    $ mvn clean install -DskipTests=true
  3. Install wireshark and start wireshark 
    # Install wireshark
$ sudo apt install wireshark

# Start wireshark
$ sudo wireshark

Information Leak Defense : Enable HTTPS to encrypt packet content

Step 1 : Generate a self-signed certificate using java keytools

  1. Create a folder to place generated certicates and enter the folder

    $ mkdir ~/.SSLCA
$ cd ~/.SSLCA

  2. Generate a self-signed certificate for in-cse

    • Set password to '000000'
    $ keytool -genkey -dname "CN=127.0.0.1" -alias INCSE -keystore .keystore_incse -keyalg RSA -keysize 1024

  3. Generate a self-signed certificate for mn-cse

    • Set password to '000000'
    $ keytool -genkey -dname "CN=127.0.0.1" -alias MNCSE -keystore .keystore_mncse -keyalg RSA -keysize 1024

  4. The result will like below
    XXX

Step 2 : Modify 'config.ini' of in-cse and mn-cse

  1. Append the following code to the bottom of "config.ini" of in-cse

    • Enable HTTPS
    • Set HTTPS port to 8443
    • certificate password : 000000
    • Set the path of certificate : /home/[user_name]/.SSLCA/.keystore_incse
    • Use TLS protocal
    org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.https.port=8443
org.eclipse.equinox.http.jetty.ssl.password=000000
org.eclipse.equinox.http.jetty.ssl.keypassword=000000
org.eclipse.equinox.http.jetty.ssl.keystore=/home/om2m/.SSLCA/.keystore_incse
org.eclipse.equinox.http.jetty.ssl.protocol=TLS

  2. Append the following code to the bottom of "config.ini" of mn-cse

    • Enable HTTPS
    • Set HTTPS port to 8444
    • certificate password : 000000
    • Set the path of certificate : /home/[user_name]/.SSLCA/.keystore_mncse
    • Use TLS protocal
    org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.https.port=8444
org.eclipse.equinox.http.jetty.ssl.password=000000
org.eclipse.equinox.http.jetty.ssl.keypassword=000000
org.eclipse.equinox.http.jetty.ssl.keystore=/home/om2m/.SSLCA/.keystore_mncse
org.eclipse.equinox.http.jetty.ssl.protocol=TLS

Step 3 : Test

  1. Start in-cse and mn-cse

    $ sh start.sh

  2. Open browser and enter 'https://127.0.0.1:8443/webpage' for in-cse
    XXX

  3. Open browser and enter 'https://127.0.0.1:8444/webpage' for mn-cse
    XXX

  4. mn-cse can be linked from in-cse XXX

  5. Use wireshark to check whether the packet is encrypted after enabling https XXX

Brute Attack Defense : Block user after 5 failed login attempts

Work at org.eclipse.om2m/org.eclipse.om2m.webapp.resourcesbrowser.json/

Step 1 : Add a new block in ‘index.html’ to display fail counts

  • Add a failCount div in the login page
    XXX

  • Result
    XXX

Step 2 : Modify ‘om2m.js’ to accumulate fail counts and block user when fail counts > 5

graph LR
A[func login] -->B[func get]
    B -->|success| C(enter cse)
    B -->|error| D(print error mesage)
Loading

  1. Declare 3 additional variables and const

    • const tryCountMax : Maximum number of failed login attempts allowed for a user
    • var tryCount : Cumulative number of failed attempts
    • var isBlocked : If true, the user is banned

    XXX

  2. Modify func login

    • This function is triggered when user try to login
      • It collects the username:password pair and calls "func get" to determine if the pair is legal
    • I use isBlocked to determine if the user has permission to log in

    XXX

  3. Modify func get

    • func get has 2 parts (success and error)
      XXX

    • I modify the error part

      • Cumulate the fail count
      • Set isBlocked when fail count >= 5
      • print error message

      XXX

Step 3 : Test

Successfully ban the user with more than 5 failed login attempts
XXX

Reference

  1. Eclipse Community Forums - OM2M and security mechanism
  2. Eclipse Community Forums - Use TLS for IN-CSE and MN-CSE communication
  3. IBM - Configuring TLS/SSL communication and Connecting with SSH

iot_final's People

Contributors

bolleseb-pro avatar waynelinbo avatar gbonnardelol avatar sevengan avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.