Penetration and security of openssh remote secure shell service on raspberry Pi 2

Author First name, Last name, Institution

Hesham H. Alsaadi, Zayed University
Monther Aldwairi, Zayed University
May Al Taei, Zayed University
Mansoor Albuainain, Zayed University
Maktoom Alkubaisi, Zayed University

Document Type

Conference Proceeding

Source of Publication

2018 9th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2018 - Proceedings

Publication Date

3-29-2018

Abstract

© 2018 IEEE. This research presents a penetration testing approach to help secure OpenSSH service on Raspberry Pi 2. The study discusses a technique for penetrating Debian v7.1p2, installed on Raspberry Pi 2, using Kali Linux. We exploit the vulnerability found in SSH protocol exchange keys, which causes multiple CRLF injections in Raspberry Pi 2 Model B, allowing remote authenticated users to bypass intended shell-command restrictions via well crafted X11 data forwarding. We propose an innovative security model to solve the issues of allowing remote authentication access using SSH protocol exchange keys without affecting the encrypted protocols transmissions. We conclude with recommendations on how to securely mitigate MITM attacks using our secure proposed model.

DOI Link

10.1109/ntms.2018.8328710

ISBN

9781538636626

Publisher

Institute of Electrical and Electronics Engineers Inc.

Volume

2018-January

First Page

1

Last Page

5

Disciplines

Computer Sciences

Keywords

Man-in-the-middle attack, OpenSSH, Penetration testing, Raspberry Pi 2, Remote authentication, Vulnerability assessment

Scopus ID

85050911884

Recommended Citation

Alsaadi, Hesham H.; Aldwairi, Monther; Al Taei, May; Albuainain, Mansoor; and Alkubaisi, Maktoom, "Penetration and security of openssh remote secure shell service on raspberry Pi 2" (2018). All Works. 2652.
https://zuscholars.zu.ac.ae/works/2652

Indexed in Scopus

yes

Open Access

no