| dc.description.abstract | The study carried out in this dissertation proposes a security system for mobile intrusion, called Msis (Mobile Security Intrusion System). A prototype was developed to assist authorities in carrying out cyberattacks for investigative purposes, thus collaborating on matters involving scenarios that can be considered critical, such as police investigation, kidnappings and other types of risk situations to society. The Msis system acts scanning wireless networks (Wi-Fi), and capturing authentication password data packets during the handshake process between devices and routers. Among the subjects that are addressed, we highlight, Internet of Things, communication protocols, pentest, and information security. Several papers describe specific attacks, with IoT devices, using individual techniques and methods. Msis system differs by focusing on hash capture. Papers that describe protocols focus on data processing, performance, energy consumption, and bandwidth consumption, but there is a limited number of papers that focus on security, being this is a gap to be filled in the security literature. Msis aims to contribute to the literature in two ways. First, performing two attack techniques in parallel using Threads. Second, the development of a protocol, designed to be executed in an IoT device, that performs data communication prioritizing data security. Msis is divided into three modules, Msis-A, Msis-P, and Msis-C. Msis-A runs on a device with limited resources and aims to scan wireless networks (Wi-Fi) and execute attacks on them. The attacks are projected using two techniques, known as Brute Force and Evil-Twin. The Msis system is different in that it allows both attack techniques to be carried out, in parallel and simultaneously, with the use of Threads. Msis-P is in charge of comparing and breaking a password, a process that is performed after Msis-A has captured the hash of a given network. Msis-C is a communication protocol, developed to ensure safe communication between modules Msis-A and Msis-P. Msis-C is located in the application layer, applying encryption to data, and thus carrying out the communication between modules A and P. Another important component of this dissertation, is the use of a UAV (unmanned aerial vehicles) as a movement mechanism between certain areas to carry out the attacks. The results presented by the prototype validate the effectiveness and time savings in attacks using the techniques of Msis-A in a real environment. As well as the success in the operation of security and communication that Msis-C presented in the tests performed. | en |
