Penetration Testing for Internet of Things and Its Automation

The Internet of Things (IoT) is an emerging technology, an extension of the traditional Internet which make everything is connected each other based on Radio Frequency Identification (RFID), Sensor, GPS or Machine to Machine technologies, etc. The security issues surrounding IoT have been of detrimental impact to its development and has consequently attracted research interest. However, there are very few approaches which assess the security of IoT from the perspective of an attacker. Penetration testing is widely used to evaluate traditional internet or systems security to date and it normally spends numerous cost and time. In this paper, we analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT.

[1]  Anand S. Rao,et al.  BDI Agents: From Theory to Practice , 1995, ICMAS.

[2]  Gang Gan,et al.  Internet of Things Security Analysis , 2011, 2011 International Conference on Internet Technology and Applications.

[3]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[4]  Po Yang,et al.  Improving the Validity of Lifelogging Physical Activity Measures in an Internet of Things Environment , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[5]  Po Yang,et al.  Ellipse fitting model for improving the effectiveness of life-logging physical activity measures in an Internet of Things environment , 2016, IET Networks.

[6]  Thaier Hayajneh,et al.  Penetration testing: Concepts, attack methods, and defense strategies , 2016, 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT).

[7]  Benjamin K. S. Khoo,et al.  RFID as an Enabler of the Internet of Things: Issues of Security and Privacy , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[8]  Geyong Min,et al.  Advanced internet of things for personalised healthcare systems: A survey , 2017, Pervasive Mob. Comput..

[9]  Po Yang,et al.  A Survey of Physical Activity Monitoring and Assessment Using Internet of Things Technology , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[10]  Po Yang,et al.  Multiple density maps information fusion for effectively assessing intensity pattern of lifelogging physical activity , 2017, Neurocomputing.

[11]  Michael Wooldridge,et al.  Programming Multi-Agent Systems in AgentSpeak using Jason (Wiley Series in Agent Technology) , 2007 .