Design and implementation of automated IoT security testbed

Abstract The emergence of technology associated with the Internet of Things (IoT) is reshaping our lives, while simultaneously raising many issues due to their low level of security, which attackers can exploit for malicious purposes. This research paper conducts a comprehensive analysis of previous studies on IoT device security with a focus on the various tools used to test IoT devices and the vulnerabilities that were found. Additionally, the paper contains a survey of IoT-based security testbeds in the research literature. In this research study, we introduce an open source platform for identifying weaknesses in IoT networks and communications. The platform is easily modifiable and extendible to enable the addition of new security assessment tests and functionalities. It automates security evaluation, allowing for testing without human intervention. The testbed reports the security problems of the tested devices and can detect all attacks made against the devices. It is also designed to monitor communications within the testbed and with connected devices, enabling the system to abort if malicious activity is detected. To demonstrate the capabilities of the proposed IoT security testbed, it is used to examine the vulnerabilities of two IoT devices: a wireless camera and a smart bulb.

[1]  Ali Saman Tosun,et al.  A Testbed for Security and Privacy Analysis of IoT Devices , 2016, 2016 IEEE 13th International Conference on Mobile Ad Hoc and Sensor Systems (MASS).

[2]  Yuval Elovici,et al.  Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things , 2017, IoTPTS@AsiaCCS.

[3]  Blase Ur,et al.  Intruders versus intrusiveness: teens' and parents' perspectives on home-entryway surveillance , 2014, UbiComp.

[4]  Chao Gao,et al.  Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System , 2017, IEEE Internet of Things Journal.

[5]  Andrea Zanella,et al.  Internet of Things for Smart Cities , 2014, IEEE Internet of Things Journal.

[6]  Eman Salem Alashwali,et al.  What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS , 2018, SecureComm.

[7]  Anton O. Prokofiev,et al.  A method to detect Internet of Things botnets , 2018, 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).

[8]  Yuval Elovici,et al.  Leaking data from enterprise networks using a compromised smartwatch device , 2018, SAC.

[9]  Mahmoud Ammar,et al.  Journal of Information Security and Applications , 2022 .

[10]  Eduardo B. Fernández,et al.  Attack Patterns: A New Forensic and Design Tool , 2007, IFIP Int. Conf. Digital Forensics.

[11]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[12]  Kostas E. Psannis,et al.  Secure integration of IoT and Cloud Computing , 2018, Future Gener. Comput. Syst..

[13]  Shashank Gupta,et al.  Reviewing the Security Features in Contemporary Security Policies and Models for Multiple Platforms , 2016 .

[14]  Fadi Almasalha,et al.  Software Testing Techniques in IoT , 2018, 2018 8th International Conference on Computer Science and Information Technology (CSIT).

[15]  Yier Jin,et al.  Privacy and Security in Internet of Things and Wearable Devices , 2015, IEEE Transactions on Multi-Scale Computing Systems.

[16]  Marek Simon,et al.  IoT Measuring of UDP-Based Distributed Reflective DoS Attack , 2018, 2018 IEEE 16th International Symposium on Intelligent Systems and Informatics (SISY).

[17]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[18]  Yann Bachy,et al.  Smart-TV Security Analysis: Practical Experiments , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[19]  Brij B. Gupta,et al.  Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework , 2020, Future Gener. Comput. Syst..

[20]  Nan Jiang,et al.  Security analysis of Internet-of-Things: A case study of august smart lock , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[21]  Yutaka Ishibashi,et al.  An Efficient Algorithm for Media-based Surveillance System (EAMSuS) in IoT Smart City Framework , 2017, Future Gener. Comput. Syst..

[22]  B. B. Gupta,et al.  A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices , 2017, Int. J. Adv. Intell. Paradigms.

[23]  Karthik Pattabiraman,et al.  Formal security analysis of smart embedded systems , 2016, ACSAC.

[24]  Rose F. Gamble,et al.  Developing a platform to evaluate and assess the security of wearable devices , 2019, Digit. Commun. Networks.

[25]  Sherali Zeadally,et al.  Internet of Things (IoT): Research, Simulators, and Testbeds , 2018, IEEE Internet of Things Journal.

[26]  Ahmad-Reza Sadeghi,et al.  Security analysis on consumer and industrial IoT devices , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[27]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.

[28]  Yuval Elovici,et al.  Security Testbed for Internet-of-Things Devices , 2019, IEEE Transactions on Reliability.

[29]  Mohamed Hamdi,et al.  A testbed for adaptive security for IoT in eHealth , 2013, ASPI '13.

[30]  Eric Fleury,et al.  FIT IoT-LAB: A large scale open experimental IoT testbed , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[31]  Aboubaker Lasebae,et al.  Security analysis of the constrained application protocol in the Internet of Things , 2013, Second International Conference on Future Generation Communication Technologies (FGCT 2013).

[32]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[33]  Angelos D. Keromytis,et al.  From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television , 2014, USENIX Security Symposium.

[34]  Nan Zhang,et al.  Guardian of the HAN: Thwarting Mobile Attacks on Smart-Home Devices Using OS-level Situation Awareness , 2017, ArXiv.

[35]  Travis Atkison,et al.  Testing vulnerabilities in bluetooth low energy , 2018, ACM Southeast Regional Conference.

[36]  M. Chuah,et al.  IoTOne: Integrated platform for heterogeneous IoT devices , 2017, 2017 International Conference on Computing, Networking and Communications (ICNC).

[37]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[38]  Fengyuan Xu,et al.  Internet Protocol Cameras with No Password Protection: An Empirical Investigation , 2018, PAM.

[39]  Ravishankar K. Iyer,et al.  Towards an unified security testbed and security analytics framework , 2015, HotSoS.

[40]  James A. Jerkins Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[41]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[42]  Jaehoon Paul Jeong,et al.  IoT security vulnerability: A case study of a Web camera , 2018, 2018 20th International Conference on Advanced Communication Technology (ICACT).

[43]  Michael Gegick,et al.  Matching attack patterns to security vulnerabilities in software-intensive system designs , 2005, SESS@ICSE.

[44]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[45]  Matthias Hollick,et al.  Anatomy of a Vulnerable Fitness Tracking System , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[46]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[47]  Aaron Hunter,et al.  Exploiting known vulnerabilities of a smart thermostat , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[48]  Zhen Ling,et al.  An End-to-End View of IoT Security and Privacy , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[49]  Haoxiang Wang,et al.  Computer and Cyber Security , 2018 .

[50]  Dimitrios Tzovaras,et al.  Security for Internet of Things: The SerIoT Project , 2018, 2018 International Symposium on Networks, Computers and Communications (ISNCC).