Differences
This shows you the differences between two versions of the page.
|
iothings:laboratoare:2025:lab8 [2025/11/15 13:17] dan.tudose [Generate a CA] |
iothings:laboratoare:2025:lab8 [2025/11/15 13:31] (current) dan.tudose [Lab 8. Security in IoT] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Lab 8. Security in IoT ====== | + | ====== Lab 8. IoT Security and Attacks ====== |
| ===== Breaking an insecure IoT sensor over HTTP ===== | ===== Breaking an insecure IoT sensor over HTTP ===== | ||
| Line 418: | Line 418: | ||
| Now you have the following files: | Now you have the following files: | ||
| - | * ca.crt – trust anchor you’ll embed in the ESP32 | + | * ''ca.crt'' – trust anchor you’ll embed in the ESP32 |
| - | * server.key + server.crt – used by Flask | + | * ''server.key'' + ''server.crt'' – used by Flask |
| - | * CN of server cert is iot-lab.local (hostname you’ll use in the URL) | + | * CN of server cert is ''iot-lab.local'' (hostname you’ll use in the URL) |
| + | |||
| + | Run Flask again: | ||
| + | <code bash> | ||
| + | python secure_server.py # same as before, just point it to server.crt/server.key | ||
| + | </code> | ||
| + | |||
| + | ==== Modify the Firmware to Add the Certificate ==== | ||
| + | |||
| + | Get the new modified code from [[iothings:laboratoare:2025_code:lab8_3|here]] and paste the contents of the ''ca.crt'' file into the main.cpp file. | ||
| + | |||
| + | Notice we are using a domain name instead of an IP address for the server and we are not relying anymore on ''setInsecure()'', rather we're using HTTPS with CA cert verification. | ||
| + | |||
| + | ==== Replay the MITM Attack ==== | ||
| + | |||
| + | Try to repeat your ARP poisoning + mitmproxy trick with this setup. ARP poisoning still works: packets still flow ESP32 → attacker → server, but when mitmproxy shows its own cert to the ESP32, WiFiClientSecure aborts the handshake. That is because the cert is not signed by your lab CA. Your HTTP POST never happens; your code will see a connection / TLS error. | ||
| + | |||
| + | In brief: | ||
| + | * With ''setInsecure()'', MITM can see JSON + MAC and divert, alter or even drop packets entirely. | ||
| + | * With ''setCACert()'' + correct hostname, MITM can still route traffic (DoS is possible), but they cannot terminate TLS in the middle; they get reduced to a dumb packet forwarder or DoS attacker. | ||
