Sustainable and practical firmware upgrade for wireless access point using password-based authentication

Sustainability (Switzerland)

Volumn 8, Issue 9, 2016, Pages

  Jang, Jaejin ^a   Jung, Im Y ^a  

^a Kyungpook National University   (South Korea)

Author keywords

Password based authentication; Practical firmware upgrade; Sustainable wireless access points

Indexed keywords

DATA ACQUISITION; ELECTRONIC EQUIPMENT; EXPERIMENTAL STUDY; HARDWARE; INTERNET; RESOURCE USE; VULNERABILITY;

EID: 84990923771     PISSN: None     EISSN: 20711050     Source Type: Journal    
DOI: 10.3390/su8090876     Document Type: Article

References (41)

1. Egevang, K.; Francis, P. The IP Netw ork Address Translator (NAT). Available online: http://www.rfc-editor. org/info/rfc1631 (accessed on 23 August 2016).
2. Gartner. Gartner Says 6.4 Billion Connected "Things" Will Be in Use in 2016, Up 30 Percent from 2015. Available online: http://www.gartner.com/newsroom/id/3165317 (accessed on 23 August 2016).
3. Proofpoint. Proofpoint Uncovers Internet of Things (IoT) Cyberattack; Proofpoint Release: Sunnyvale, CA, USA, 2014.
4. Stiawan, D.; Idris, M.Y.; Abdullah, A.H. Penetration Testing and Network Auditing: Linux. JIPS 2015, 11, 104-115.
5. Nohl, K.; Lell, J. BadUSB-On Accessories that Turn Evil. Available online: http://www.slideshare.net/cisoplatform7/sr-labs-badusbv2 (accessed on 23 August 2016).
6. Delugré, G. Closer to Metal: Reverse-Engineering the Broadcom NetExtreme's Firmware. Available online: http://esec-lab.sogeti.com/static/publications/10-hack.lu-nicreverse_slides.pdf (accessed on 23 August 2016).
7. Miller, C. Battery Firmware Hacking. Available online: http://www.hakim.ws/BHUS2011/materials/Miller/BH_US_11_Miller_Battery_Firmware_Public_WP.pdf (accessed on 23 August 2016).
8. Choi, B.C.; Lee, S.H.; Na, J.C.; Lee, J.H. Secure firmware validation and update for consumer devices in home networking. IEEE Trans. Consum. Electron. 2016, 62, 39-44.
9. Tom, S. The Hackers New Weapons Routers and Printers; MIT Technology Review: San Diego, CA, USA, 2015.
10. Dacosta, I.; Ahamad, M.; Traynor, P. Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties. In Computer Security-ESORICS 2012; Springer: Berlin, Germany, 2012; pp. 199-216.
11. Karapanos, N.; Capkun, S. On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14) 2014, San Diego, CA, USA, 20-22 August 2014; pp. 671-686.
12. Odat, H.A.; Nsour, A.; Ganesan, S. Firmware over the Air Ad-Hoc Network, FOTANET. In Proceedings of the 2015 IEEE International Conference on Electro/Information Technology (EIT), Dekalb, IL, USA, 21-23 May 2015; pp. 101-106.
13. Postel, J. RFC 793: Transmission Control Protocol. Available online: https://tools.ietf.org/html/rfc793 (accessed on 23 August 2016).
14. Tsague, H.D.; Van Der Merwe, J.; Moabalobelo, T. Secure Firmware Updates for Point of Sale Terminals. In Proceedings of the 10th International Conference on CyberWarfare and Security, Kruger National Park, South Africa, 24-25 March 2015; Academic Conferences Limited: Sonning Common, UK, 2015; p. 337.
15. Forouzan, B.A.; Mukhopadhyay, D. Cryptography and Network Security (Sie.); McGraw-Hill Education: New York, NY, USA, 2011; pp. 2-7, 507-548.
16. Steger, M.; Karner, M.; Hillebrand, J.; Rom, W.; Armengaud, E.; Hansson, M.; Boano, C.A.; Römer, K. Applicability of IEEE 802.11s for Automotive Wireless Software Updates. In Proceedings of the 13th International Conference on Telecommunications (ConTEL) 2015, Graz, Austria, 13-15 July 2015; pp. 1-8.
17. Cui, A.; Costello, M.; Stolfo, S.J. When Firmware Modifications Attack: A Case Study of Embedded Exploitation. Available online: http://ids.cs.columbia.edu/sites/default/files/ndss-2013.pdf (accessed on 23 August 2016).
18. Zaddach, J.; Costin, A. Embedded Devices Security and Firmware Reverse Engineering. Available online: https://media.blackhat.com/us-13/US-13-Zaddach-Workshop-on-Embedded-Devices-Securityand-Firmware-Reverse-Engineering-WP.pdf (accessed on 23 August 2016).
19. Dierks, T. The Transport Layer Security (TLS) Protocol Version 1.2. Available online: https://www.ietf.org/rfc/rfc5246.txt (accessed on 23 August 2016).
20. Stallings, W. Cryptography and Network Security, 4/E; Pearson Education India: Kormangala, India, 2006; pp. 22-24.
21. Newman, C.; Menon-Sen, A.; Melnikov, A.; Williams, N. RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms. Available online: https://tools.ietf. org/html/rfc5802 (accessed on 23 August 2016).
22. Turan, M.S.; Barker, E.; Burr, W.; Chen, L. Recommendation for Password-Based Key Derivation. Available online: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf (accessed on 23 August 2016).
23. Moein, S.; Gebali, F.; Traore, I. Analyzis of covert hardware attacks. J. Converg. 2014, 5, 26-30.
24. Cooper, D. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Available online: https://tools.ietf.org/html/rfc5280 (accessed on 23 August 2016).
25. Burkholder, P. SSL Man-in-the-Middle Attacks. Available online: http://www.windowsecurity.com/articlestutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html (accessed on 23 August 2016).
26. Ellison, C.; Schneier, B. Ten risks of PKI: What you're not being told about public key infrastructure. Comput. Secur. J. 2000, 16, 1-7.
27. Fagan, M.; Khan, M.M.H.; Nguyen, N. How does this message make you feel? A study of user perspectives on software update/warning message design. Hum. Centric Comput. Inf. Sci. 2015, 5, 1-26.
28. Sheffer, Y.; Holz, R.; Saint-Andre, P. Recommendations for Secure Use of Transport. Layer Security (TLS) and Datagram Transport. Layer Security (DTLS). Available online: https://tools.ietf.org/html/rfc7525 (accessed on 23 August 2016).
29. Rescorla, E. Diffie-Hellman Key Agreement Method. Available online: https://www.ietf.org/rfc/rfc2631.txt (accessed on 23 August 2016).
30. Top 20 RatedWireless Access Points Reviews 2016. Available online: https://www.vbestreviews.com/top-10-rated-wireless-access-point-reviews-2015/(accessed on 23 August 2016).
31. FIPS. 197: The official AES standard. Figure 2: Working scheme with four LFSRs and their IV generation LFSR1. LFSR 2001, 2, 1-3.
32. Bellare, M.; Rogaway, P. Entity Authentication and Key Distribution. In Proceedings of the Annual International Cryptology Conference, Barbara, CA, USA, 22-26 August 1993; Springer: Berlin, Germany, 1993; pp. 232-249.
33. Paar, C.; Pelzl, J. Understanding Cryptography: A Textbook for Students and Practitioners; Springer Science & Business Media: Berlin, Germany, 2009; pp. 319-329, pp. 331-353.
34. Stinson, D.R. Cryptography: Theory and Practice; CRC Press: Boca Raton, FL, USA, 2005; pp. 436-438.
35. Mitchell, C.J.; Ward, M.; Wilson, P. Key control in key agreement protocols. Electron. Lett. 1998, 34, 980-981.
36. Akram, R.N.; Markantonakis, K.; Mayes, K. A Privacy Preserving Application Acquisition Protocol. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, UK, 25-27 June 2012; pp. 383-392.
37. Blake-Wilson, S.; Menezes, A. Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol; Public Key Cryptography, Springer: Berlin, Germany, 1999; pp. 154-170.
38. Cremers, C.; Horvat, M. Improving the ISO/IEC 11770 Standard for Key Management Techniques. In Proceedings of the International Conference on Research in Security Standardisation, London, UK, 16-17 December 2014; pp. 215-235.
39. Chen, L.; Mitchell, C. Security Standardization Research. In Proceedings of the First International Conference SSR 2014, London, UK, 16-17 December 2014.
40. Hlauschek, C.; Gruber, M.; Fankhauser, F.; Schanes, C. Prying Open Pandora's Box: KCI Attacks against TLS. In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, DC, USA, 24 June 2015.
41. Holz, R.; Riedmaier, T.; Kammenhuber, N.; Carle, G. X.509 Forensics: Detecting and Localizing the SSL/TLS Men-in-the-Middle. In Computer Security-Esorics 2012; Springer: Berlin, Germany, 2012; pp. 217-234.