Skip to content
/ iot-security-vulnerability Public

Raspberry PI Vulnerability Study using Flask, PWA VueJS 2, Requests, Vue-Socket.io and Flask SocketIO

License

MIT license
25 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

davikawasaki/iot-security-vulnerability

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
data-sniffer
data-sniffer
 
 
docs/imgs
docs/imgs
 
 
pwa
pwa
 
 
raspberry_client
raspberry_client
 
 
raspberry_server
raspberry_server
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Tutorial.md
Tutorial.md
 
 

Repository files navigation

Raspberry PI IoT Security Vulnerability Final College Project for Security Class

Considering the increase of IoT devices, this work proposes a weakness evaluation in IoT network of devices and possible solutions. This security IoT project uses a DHT11 sensor with Raspberry Pi, showing real-time temperatures in VueJS PWA.

Project Model with Raspberry Pi 3, DHT11 and Mobile App

Demo - Loads VueJS PWA with socket connection.

⚠️ Due to Heroku Free One Dyno Plan, this demo can't run HTTP requests and websocket connection together. If you know a way to make this feasible in Heroku Cloud, send a PR or a message.

TECHNOLOGIES & LIBRARIES

  1. Python 2.7

  2. Flask 0.12

  3. Jinja 2.10

  4. Werkzeug 0.12

  5. Raspberry Pi 3 B

  6. DHT11

  7. Kali 2017.2

  8. VueJS v2

  9. PWA

  10. Requests 2.18.4

  11. Gunicorn 19.7.1 - Only for Heroku Deployment

  12. Vue-Socket.io

  13. Flask SocketIO

  14. Wireshark

  15. Arpspoof

  16. mitmproxy

IMPLEMENTATION

CHECK THE FULL TUTORIAL

This project covers an IoT devices network using HTTP transmission between two Raspberry Pi 3 B model, which one of the Rasps collects the sensor temperature and the other one acts like a webserver with Flask to provide the temperature data to a mobile device - developed with VueJS 2 and PWA boilerplate. This way, the user can check if there's a fire with his/her mobile device.

As security will be in check, network transmissions will always have a Darth reading and modifying the collected data. The proposed solution aims to fight Darth (not Vader, but as evil as him) to ensure data integrity and confidentiality through cryptography techniques. This will ensure to the server to identify if the received information was tampered or from a unknown source.

PWA SPA Layout Sequence

STEPS

1. Raspberry Client Sensor Server

2. Raspberry Flask Webserver

3. Progressive Web App with VueJS

4. Sniffering Data with Kali

REFERENCES

Flask Documentation

Flask Socket.io

Flask Deployment on the Heroku Cloud

How to setup the DHT11 Humidity Sensor on the Raspberry Pi

Process Types and the Procfile

Mitmproxy - Modes of Operation

Intercept, Analyze, and Modify Puzzle and Dragons Game Traffic

AUTHORS

This work was developed to System Security undergrad-subject final project. The people involved in the project are:

Student: POLETTO, André // polettoandre [at] gmail.com

Student: KAWASAKI, Davi // davishinjik [at] gmail.com

Student: ROZAN, Higor Augusto Bassi // higorb.rozan [at] gmail.com

Student: RODER, Nicholas Ribeiro // nilroder [at] gmail.com

Professor: YOKOYAMA, Roberto Sadao // yokoyama [at] utfpr.edu.br

CONTACT & FEEDBACKS

Feel free to contact or pull request me to any relevant updates you may enquire:

KAWASAKI, Davi // davishinjik [at] gmail.com

About

Raspberry PI Vulnerability Study using Flask, PWA VueJS 2, Requests, Vue-Socket.io and Flask SocketIO

Topics

python flask iot security vuejs pwa raspberry kali

Resources

Readme

License

MIT license
Activity

Stars

25 stars

Watchers

6 watching

Forks

7 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages