Visible to the public Mitigation of hard-coded credentials related attacks using QR code and secured web service for IoT

TitleMitigation of hard-coded credentials related attacks using QR code and secured web service for IoT
Publication TypeConference Paper
Year of Publication2019
AuthorsVerma, Rajat Singh, Chandavarkar, B. R., Nazareth, Pradeep
Conference Name2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT)
Keywordsauthorisation, clear text log-in id, computer network security, cryptography, cyber physical systems, DDoS, GUI, Hard-coded credentials, hard-coded credentials related attacks, Internet of Things, invasive software, IoT devices, IoT manufacturers, lightweight security algorithm, password, pubcrawl, QR code, QR code based approach, QR codes, Resiliency, Response code, secured web service, security concerns, SSL, web services
AbstractHard-coded credentials such as clear text log-in id and password provided by the IoT manufacturers and unsecured ways of remotely accessing IoT devices are the major security concerns of industry and academia. Limited memory, power, and processing capabilities of IoT devices further worsen the situations in improving the security of IoT devices. In such scenarios, a lightweight security algorithm up to some extent can minimize the risk. This paper proposes one such approach using Quick Response (QR) code to mitigate hard-coded credentials related attacks such as Mirai malware, wreak havoc, etc. The QR code based approach provides non-clear text unpredictable login id and password. Further, this paper also proposes a secured way of remotely accessing IoT devices through modified https. The proposed algorithms are implemented and verified using Raspberry Pi 3 model B.
Citation Keyverma_mitigation_2019