Day 4: DoS attack mitigation. Authentication and Encryption

Simple strategies to mitigate DoS attacks. Ways to prevent people from accessing your robot.

 

  • DoS Mitigation.
    • Authentication and encryption. Simple strategies to mitigate DoS attacks. Ways to prevent people from accessing your robot.
    • Simple rate control. NetsBlox will provide an RPC to start rate control: the students will be able to set a rate for their own robots that controls the maximum frequency the server will send commands to it. This approach won't help much since the legitimate commands will still get lost at a high probability during a DoS attack.
    • Source-specific rate control. NetsBlox will provide an RPC to start source-specific rate control: the students will be able to set a rate for their own robots that controls the maximum frequency the server will accept requests from each client to send commands to the given robot. The RPC will have arguments for the rate and the timeout a given client will be locked out if the rate exceeds the limit. This approach will prevent the DoS attack, but students will learn about the implications: their own legitimate programs will have to be careful not to exceed the rate limit.     Video
  • Encryption. To counter this problem, the secret code will be used to encrypt all messages from to program to the robot and vice versa using Caesar’s cypher with the code being the shift amount.
  • Key Theft. When the key exchange occurs, other students will be still able to overhear the initial message when the code is sent to the robot and steal it. Implement the program that steals the code and attack the other robot. Prepare the program to keep doing this even after the victim notices the attack and changes the key.
  • Cyber-Security of UAVs. A general introduction to some of the kinds of attacks UAVs are susceptible to, focusing primarily on examples and touched on some ways to prevent those types of attacks.    Slides | Video
  • Hardware Keys. Within 2 seconds after turning the robot on, a button needs to be pushed on the robot and it'll generate a new key. The robot will play the binary key on two LEDs and the students will have to write it down. The robot will only accept commands encrypted with this key afterwards.