Professor Doupé,
Thank you for your reply, and for your questions. We are excited to potentially have your guidance in our research, and hope we have provided clear explanations to your questions below:
1. SSL/TLS encryption secures data flowing between client and server. Using SSL during an authentication attempt could provide a secure way for a non malicious server to authenticate with the device, while blocking out sign in attempts from malware.
2. It seems that many drive by downloads are malicious code injected into legitimate websites. When the client connects to aforementioned website, an SSL/TLS connection may occur, and the malicious download may "piggyback" on the handshake between the client and legitimate server, thereby bypassing security measures. …show more content…
We also plan to test a couple other methods. Getting rid of debugging access could also be an effective method, since such components are often accessed through a hard-coded, default password (mirai can easily defeat this). Therefore, removing them is essentially "plugging a hole" in the devices security.
Another avenue of defense could be encryption of the device's data. While this encryption may not directly defend against the malware, it may prevent it from reading sensitive data and/or instigating a denial of service attack.
An idea we came up with after writing our white paper plays off the fact that mirai will not attack certain IP's, such as Government IP's, those of major corporations, or any devices on the local network. We were wondering if making the device spoof one of these IP's when communicating with a malware could cause the malware to "pass by" the device, not even attempting to infect it.
We hope we have been able to provide satisfactory answers to your questions. Again, we express our excitement at potentially working under your guidance on our project, and would love any feedback regarding our research.
Thank you for your reply, and for your questions. We are excited to potentially have your guidance in our research, and hope we have provided clear explanations to your questions below:
1. SSL/TLS encryption secures data flowing between client and server. Using SSL during an authentication attempt could provide a secure way for a non malicious server to authenticate with the device, while blocking out sign in attempts from malware.
2. It seems that many drive by downloads are malicious code injected into legitimate websites. When the client connects to aforementioned website, an SSL/TLS connection may occur, and the malicious download may "piggyback" on the handshake between the client and legitimate server, thereby bypassing security measures. …show more content…
We also plan to test a couple other methods. Getting rid of debugging access could also be an effective method, since such components are often accessed through a hard-coded, default password (mirai can easily defeat this). Therefore, removing them is essentially "plugging a hole" in the devices security.
Another avenue of defense could be encryption of the device's data. While this encryption may not directly defend against the malware, it may prevent it from reading sensitive data and/or instigating a denial of service attack.
An idea we came up with after writing our white paper plays off the fact that mirai will not attack certain IP's, such as Government IP's, those of major corporations, or any devices on the local network. We were wondering if making the device spoof one of these IP's when communicating with a malware could cause the malware to "pass by" the device, not even attempting to infect it.
We hope we have been able to provide satisfactory answers to your questions. Again, we express our excitement at potentially working under your guidance on our project, and would love any feedback regarding our research.