Over the years, there has been a computing paradigm shift towards smart devices. However, the security aspect of this type of device is questionable. In this research, the writer provides a design, implementation, and testing of a distributed MD5 brute-force attack method. Testing is performed using two systems. The first system is an ARM Cluster consisting of four single-board computers. The second system is a conventional server with two Xeon processors. From this research, the writer wants to answer the question of whether distributed brute-force attacks using IoT nodes can be realized in the real world by doing a comparison between increases of ARM Cluster performance with node addition to conventional server performance. From the test result, Xeon model performance is equivalent to 8 ARM Clusters and around 30 ARM nodes are required to match Xeon model performance.

Brute-force attack; MD5; Message Passing Interface; ARM

Sinung, S., & I Putu, A. E. (2015). Wireless Sensor Network. Bandung: Informatika

Vervier, P.-A. (2018). Before Toasters Rise Up: A View into the Emerging IoT Threat Landscape. Research in Attacks, Intrusions, and Defenses (pp. 556--576). Cham: Springer International Publishing.

Dave, M., Wei, G., & Charles, D. (2020, September 17). A New Botnet Attack Just Mozied Into Town. Retrieved from Security Intelligence - Cybersecurity Analysis & Insight: https://securityintelligence.com/posts/botnet-attack-mozi-mozied-into-town/

S. Salamatian, W. H. (2019). Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization. IEEE Transactions on Information Forensics and Security, 2288-2299.

Kaspersky Lab. (2018, April 26). Brute Force Attack: Definition and Examples. Retrieved from Kaspersky: https://www.kaspersky.com/resource-center/definitions/brute-force-attack

OWASP Foundation. (2021, May 8). Cryptanalysis | OWASP Foundation. Retrieved from OWASP Foundation: https://owasp.org/www-community/attacks/Cryptanalysis

Asmin Bhandari, M. B. (2017). Enhancement of MD5 Algorithm for Secured Web Development. Journal of Software.

S. Kr ¼ger, J. S. (2019). CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on Software Engineering, 1-1.

V. Chiriaco, A. F. (2016). Finding partial hash collisions by brute force parallel programming. 2016 IEEE 37th Sarnoff Symposium.

Ali, Z. M., & Ahmad, A. (2016). IMPLEMENTATION OF PARALLEL ALGORITHM FOR LUC CRYPTOSYSTEMS BASED ON ADDITION CHAIN BY A MESSAGE PASSING INTERFACE. Journal of Theoretical & Applied Information Technology, 92, 1.

Asmin Bhandari, M. B. (2017). Enhancement of MD5 Algorithm for Secured Web Development. Journal of Software.

Auth0 Inc. (2021, November 27). How to Hash Passwords: One-Way Road to Enhanced Security. Retrieved from Auth0 - Blog: https://auth0.com/blog/hashing-passwords-one-way-road-to-security/

Bruce, S. (2015). Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition. Wiley.

Dean, T. (2012). Network+ guide to networks. Cengage Learning.

Ghafouri, M. R. (2017). On a Novel Grid Computing-Based Distributed Brute-force Attack Scheme (GCDBF) By Exploiting Botnets. International Journal of Computer Network and Information Security, 21-29.