Penetration and Security of OpenSSH Remote Secure Shell Service on Raspberry Pi 2

Alsaadi, Hesham H.; Aldwairi, Monther; Taei, May Al; AlBuainain, Mansoor; AlKubaisi, Maktoom

doi:10.1109/ntms.2018.8328710

Cited by 7 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For OpenSSH vulnerabilities, Alsaadi et al [36] introduced a penetration testing approach to protect the OpenSSH on Raspberry Pi 2. There are particular restrictions that require additional investigation.…”

Section: ) Solutions For Information Collection Attacksmentioning

confidence: 99%

Survey: Cybersecurity Vulnerabilities, Attacks and Solutions in the Medical Domain

et al. 2019

View full text Add to dashboard Cite

Recently, an increasing number of cyber-attacks in the medical field has resulted in great losses in the health care industry, since medical information plays an essential role in human health. To introduce a comprehensive survey about possible cyber-attacks and solutions for these attacks, our paper first presents a brief overview of the necessary background of the dataflow in the medical domain and then identifies the vulnerabilities in each stage of the dataflow. Then, according to the weaknesses identified in the medical system, a classification of cyber-attacks is presented. Additionally, the paper presents research on previous work that focuses on solving these cyber-attacks and identifies the strengths and limitations of the solutions for each attack. More importantly, for data storage assurance, our paper discusses several cybersecurity architectures for the medical domain from the existing literature. The countermeasures from previous papers and architectures that are still weak in terms of resource depletion, attack reduction, applicability, etc. are addressed. Finally, the paper discusses and recommends solutions for future work to decrease cyber-attacks in the medical field so that human health can be guaranteed. INDEX TERMS Dataflow, medical field, cyber-attacks, architectures, cybersecurity, threats, vulnerabilities.

show abstract

Section: ) Solutions For Information Collection Attacksmentioning

confidence: 99%

Survey: Cybersecurity Vulnerabilities, Attacks and Solutions in the Medical Domain

et al. 2019

View full text Add to dashboard Cite

show abstract

“…H. Alsaadi & M. AlKubaisi [22] performed penetration testing on remote secure OpenSSH running on version 7.1p2 On Raspberry Pi 2 running Kali Linux version 3.2-4.4. Their study focused on the vulnerabilities discovered in exchange keys in SSH protocol which creates multiple CRLF injections and admits to conduct man in the middle attack to allow remote users bypass shell-command constraints via crafted X11 forwarding data.…”

Section: Literature Reviewmentioning

confidence: 99%

Assessment and Hardening of IoT Development Boards

Alfandi

Hasan²,

Balbahaith

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Internet of Things (IoT) products became recently an essential part of any home in conjunction with the great advancements in internet speeds and services. The invention of IoT based devices became an easy task that could be performed through the widely available IoT development boards. Raspberry Pi is considered one of the advanced development boards that have high hardware capabilities with a reasonable price. Unfortunately, the security aspect of such products is overlooked by the developers, revealing a huge amount of threats that result in invading the privacy and the security of the users. In this research, we directed our study to SSH due to its extensive adoption by the developers. It was found that due to the nature of the Raspberry Pi and development boards, the Raspberry Pi generates predictable and weak keys which make it easy to be utilized by MiTM attack. In this paper, Man in The Middle (MiTM) attack was conducted to examine the security of different variations provided by the SSH service, and various hardening approaches were proposed to resolve the issue of SSH weak implementation and weak keys.

show abstract