*Please read the instruction*
Open the file(s) to see the assignment. You must have knowledge about Security!
Some questions have already been answered, and questions that have not yet been answered yet. I have put all the questions in it so that you get a better idea of what is expected of you.
For your information:
You don’t need to use the packet tracer file unless you think it’s useful.
This use case has been prototyped in Packet Tracer. You can find the packet tracer files needed for this assignment under the module IoT security at the Canvas course site.
Commonly ISPs deliver data and video over a single coaxial cable. Starting from the attic, a coaxial splitter is used to separate the video signal from the data signal.
Two coaxial cables leave the coaxial splitter in the topology shown. Which devices does the coaxial cable connect to?
cable modem & TV
The cable modem is the interface between the ISP’s network and the home’s network. To which devices does the cable modem connect to?
The Home Gateway acts as a concentrator and router to all internal home devices. It also provides a web-based interface that allows users to monitor and control various smart home devices. Notice that the home devices can connect to the Home Gateway through either a wireless and/or wired connection.
Note: Packet Tracer uses dashed beams to represent wireless connections. However, this can make a topology difficult to understand if too many devices are connected. Because of this, wireless connections have been hidden. To show wireless connections, go to Options > Preferences > Hide Tab > uncheck Hide Wireless/Cellular Connection.
List all home devices connected to the Home Gateway.
Smart Door, Temperature Meter, Smoke Detector, Smart Coffee Maker, Smart Fan, Smart Alarm,Smart Sprinkler, Smart Water Meter, Smart Window, Smart Lamp, Garage Door, Tablet, Smart Phone
The devices in the smart home can be monitored and controlled remotely through any computer in the home. Because all smart devices connect to the Home Gateway which hosts a web-based interface, tablets, smartphones, laptops or desktop computers can be used to interact with the smart devices.
Click the Tablet. (The tablet is located on the bed in the master bedroom).
Navigate to Desktop > Web Browser.
In the address bar, type in 192.168.25.1 and press Enter. This is the IP address of the Home Gateway.
Use admin/admin as username and password to log into the Home Gateway.
What is displayed?
De aangesloten devices die kunnen worden bediend (bevat alle home devices en hun huidge status)
The smart door is currently unlocked (represented by a green light on its door knob) but it can be locked remotely. Click the smart door in the browser to expand the option.
Click Lock to lock the door.
Was the door locked? How do you know?
Het was niet gesloten, want het licht op de deur was groen en veranderde in rood. Er is een lock symbol op de “Smart Door” icoon. Red betekent locked. Green betekent opened
Click Unlock to unlock the door.
Click the smoke detector in the browser to expand the section. What is the smoke level reading provided by the smoke detector?
I. Can the smoke detector be controlled?
Smart devices can also be controlled directly, representing physical interaction.
Within the Logical work area of Packet Tracer, hold down the ALT key and click the Smart Coffee Maker to turn it on or off.
The MCU added to the smart home is used to monitor the smoke levels read by the smoke sensor and decide if the house should be ventilated. If the carbon monoxide (CO) levels raises above 10.3 units, the MCU is programmed to automatically open the window, front door, garage door and start the fan in high speed. This action is only reverted (close doors and windows and stop the fan) when the CO levels drop below 1 unit.
The owner keeps a classic car in the garage and needs to be run occasionally. The classic car generates carbon monoxide which raises the levels within the premises.
a. Click the Tablet located on the bed in the master bedroom.
b. Navigate to Desktop > Web Browser.
c. In the address bar, type in 192.168.25.1. This is the IP address of the Home Gateway.
d. Use admin/admin as username and password to log into the Home Gateway.
e. Click on the Smoke Detector within the smart home; leave this window visible so you can monitor the smoke levels.
f. Start the car engine by holding the Alt key and clicking the classic car.
What happens to the air inside the house with the car running inside the garage? Smoke levels increased
What happens to air inside the house after the MCU opens the doors and window, and start the fan?
Smoke levels dropped
Does the MCU close the doors and window, and stop the fan?\
Ja, wanneer de smoke levels op 0 staan.
0. While still monitoring the levels, stop the classic car’s engine by holding the Alt key and clicking the classic car.
What happens to air quality inside the house after the engine is stopped?
Smoke levels dropped at 0
What happens to the doors, window and fan?
The windows and doors closed by MCU, also turn off the fan
What are the potential impacts if a hacker gained access to this system?
In your opinion, what is the most likely way that a hacker could get into the system?
How could the system be made more secure?
You will now complete an inventory of assets by identifying all the physical assets that are part of the home automation network and entering them into the asset table below.
Note: in the following steps, one or two examples are given in red for inspiration purposes. The rows of the tables can be extended as you wish.
|Device||Device Role(actuator/sensor/both)||Works With|
Now you will identify threats using the STRIDE methodology. Try to describe as many threats as possible based on your experience in the course, the OWASP IoT vulnerabilities page, and other information sources.
Complete table below with threats for each category in the STRIDE threat model. Add potential threats that could occur for each STRIDE category. Include the type of threat using the OWASP terminology where possible.
|Threat type||Asset type||Threats|
|(S)poofing – can an attacker pretend to be someone he is not, or falsify data?||Sensors||false sensors can be added to the sensor network|
|Actuators||Device can pretend to be actuator, intercept control code or issue false control messaging.|
|(T)ampering – can an attacker successfully inject falsified data into the system?||Sensors|
|(R)epudiation – can a user pretend that a transaction did not happen?||Sensors|
|(I)nformation Disclosure – can the device leak confidential data to unauthorized parties?||Sensors|
|(D)enial of Service – can the device be shut down or made unavailable maliciously?||Sensors|
|(E)scalation of Privilege – can users get access to privileged resources meant only for admins or superusers?||Sensors|
Another component of asset management is understanding the network protocols and infrastructure devices that are in use on the network. Fill-in the table that is provided below, which should include all the networks, protocols, and IP devices that are part of the home automation network system. Determine the communication relationships between assets. The network is a collection of things that uses the same protocol. It is not necessary to list each individual IoT device here. Instead, just refer to the wireless sensor-actuator network. This has been filled in for you.
|Network or Device||Protocol(s)||Communicates With|
|sensor-actuator network||Zigbee or Z-wave, etc.||IoT Gateway|
Similar with step 1, use the STRIDE model to create a list of potential threats.
|Threat type||Network or Device||Threats|
|(S)poofing – can an attacker pretend to be someone he’s not, or falsify data?||sensor-actuator network||man-in-the-middle attacksimplementation of weak in 802.1.5.4 security suites|
|IoT Gateway||weak or default credentials allow access to logs, locally stored sensor data|
|WIFI||Check WASAP if you don’t know!|
|(T)ampering – can an attacker successfully inject falsified data into the system?||sensor-actuator network|
|WIFI||Check WASAP if you don’t know|
|(R)epudiation – can a user pretend that a transaction didn’t happen?||sensor-actuator network|
|WIFI||Check WASAP if you don’t know|
|(D)enial of Service – can the device be shut down or made unavailable maliciously?||sensor-actuator network|
|(E)scalation of Privilege – can users get access to privileged resources meant only for admins or superusers?||sensor-actuator network|
You can create a basic data flow diagram of the system. This will help you to understand the system at a functional level and create trust boundaries that will help with understanding security risks.
You will use your STRIDE tables from the physical, communication, and application layers of the IoT attack surface and apply the DREAD model to create risk metrics for some of the threats. Normally, a threat model would include risk metrics for all of the relevant threats that have been identified, however, for the sake of time, you will work with only some of them.
After creating the risk metrics, you will decide how to respond to the risks using the four Ts risk response model.
You have completed your asset inventories in previous Packet Tracers. You have also completed diagrams of the physical network, including the connections between devices and the types of protocols in use. Now you need to create a high level data flow diagram. This process is adapted from the Microsoft IoT Security Architecture.
Follow the model data flow diagram and process provided in the course content and do the following:
a. Think about the possible zones in the system. Create a zone for the sensors and actuators, the communication infrastructure device, and the cloud application. Think about the data stores and processes that could exist as cloud services. Connect these zones with arrows to indicate the type of communication between them.
b. What external entities access the system? Add the entities and lines to connect them to the zones that they have access to and the system they access. Think of the types of applications and protocols that each use, as well as the functions described in previous Packet Tracers.
c. Draw trust boundaries. Follow the definition of trust boundaries provided in the course.
In the three previous threat modeling Packet Tracers, you created device inventories and identified vulnerabilities in them using the STRIDE model. The next step is to use a scoring mechanism that allows you to determine and prioritize risk. The DREAD system lets you do this by creating a composite risk metric that consists of scores for the five DREAD risk categories:
· Damage potential – What is the degree of impact on the organization’s assets? (1 = low impact, 3 = high impact)
· Reproducibility – How easily can a variety of threat actors reproduce the attack? (always 3 – easy)
· Exploitability – How easy is the attack to execute? (1 = difficult, 3 = easy)
· Affected Users – Who and how many users will be affected? (1 = few, 3 = many)
· Discoverability – How easily can the vulnerability be found? (always 3 – easy)
For the purposes of this Packet Tracer, make the following assumptions. First, because this is a home automation system, assume that all members of the family that live in the home will be affected by any exploit. In addition, it is recommended that the reproducibility and discoverability metrics always be rated as high. Therefore, the metrics Reproducibility, Affected Users, and Discoverability metrics have already been scored as 3 for all vulnerabilities.
In an actual risk assessment, the A metric would not be assumed to be 3. However, it is recommended that R and second D always be rated 3.
Use the following table to grade your previously discovered threats according to the scoring explanation shown above. Normally, every relevant identified threat would be rated. However, for the purposes of this Packet Tracer, you can choose several threats from each of the three elements of the IoT attack surface that we have discussed in this course. Further estimate the likelihood that the risk will occur; score the likelihood as 1 for unlikely and 3 for very likely.
|Attack Surface and Threat||D||R||E||A||D||Total||likelihood|
|physical device – power source can be disconnected,batteries run out||3||3||3||3||3||15||2|
Refer to the four risk treatments in the graphic below or in the PDF version of these Packet Tracer instructions. According to your risk ratings and likelihoods, decide how the risks should be handled.
|physical device – power source can bedisconnected, batteries run out||Treat|
Finally, any risks that have been identified with a “treat” response (in step 3) need to be mitigated.
|Threat||Risk Response||Mitigation Strategy|
|physical device – power source can bedisconnected, batteries run out||treat||because this is a home installation, everyone who lives in the home can be informed that the IoT devices should not be unplugged. For any devices that are on battery, establish a regular day to replace the batteries during the year.|
What is it about
Recently, a group of hackers from China has been using no less than 4 zero-day vulnerabilities in Exchange to steal data. This came to light at several US companies working for the US Department of Defense (Sharwood, 2021). This vulnerability is in both the on-premise variants of Exchange and the hosted variants. This vulnerability is only in the exchange versions from 2013 to 2019.Why interesting
The Chinese hackers who use this exploit operate from China but use American servers. The group is also known as ‘Hafnium’. (Burt, 2021). The way it works is quite professional. It is assumed that the hackers are sponsored or directed by the Chinese government.
The hack consists of 3 steps:
1. Access the exchange server.
2. Take control of the exchange server through a web shell.
3. Use the obtained remote access to extract internal data.At the time of writing, Microsoft has released an update that has patched this vulnerability. (Burt, 2021) Since this incident is spread over several CVEs, I will only discuss one (1) it concerns CVE-2021-26855.
9.1 (Critical)The vulnerable element is provided to the network stack. This vulnerability is possible to exploit completely remotely. This makes the Attack vector ‘network’. No special access is required. Also, the exploit can be run multiple times on a system. This gives him a score of ‘low’ for the attack complexity and ‘none’ for the privileges requirement. In addition, no interactions need to take place from users, so the user interaction is ‘none’.
IncidentA Chinese hacker group called “Hafnium” is currently the only known user of this exploit. Hafnium is not an unknown hacker group. They previously found vulnerabilities in other products, including the file-sharing site MEGA (Microsoft, 2021). This group may be sponsored or commissioned directly by the Chinese government.
Due to suspicious network activities, Microsoft discovered several 0-day exploits that were used on various on-premise variants of Exchange server (Office 365 was not vulnerable). This allows one to gain access to the exchange server that allowed them to access email accounts and install malware on the server itself.
CIAConfidentiality, integrity and availability together form the CIA triad. This model helps to determine policies for security within an organization. Confidentiality is about keeping data confidential. Given that this exploit ensures full data availability, it has a high score. Integrity is about keeping data consistent and not altering it during transit. Because this exploit is like a backdoor, this can ensure that every file can be modified. The score is therefore ‘high’. Availability is about keeping data available to its users. This will not change before or after the exploit. So it is set to ‘none’.
Because it is desirable that users can send mail, it is impossible to disconnect the mail server from the internet. The only advice for money is to make sure Exchange is a high priority when updating the systems. Microsoft released an official fix for this and some other CVEs that Hafnium used in early March. Microsoft’s Office 365 services were not vulnerable to this exploit. Companies that made use of this did not have to take any further actions.