Penetration Testing Framework for IoT

Geeta Yadav; Alaa Allakany; Vijay Kumar; Kolin Paul; Koji Okamura

doi:10.1109/IIAI-AAI.2019.00104

Penetration Testing Framework for IoT

Geeta Yadav, Alaa Allakany, Vijay Kumar, Kolin Paul, Koji Okamura

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

In the Internet of Things (IoT) environment, objects are connected on a network to share data. However, most of the IoT devices are developed and deployed with poor security consideration. As a result, these devices become a target of attacks. A solution for ensuring the safety and security of a network system is Penetration testing. In this study, we propose a framework for automated and flexible penetration testing for IoT network. Most of the available penetration testing methods are experts based, that select tool and process manually. This kind of Pen-test is a costly, time-consuming and inefficient. Also, the existing automated penetration testing doesn't consider the interaction between system components; it works by testing each component of a system separately. Individual component testing can lead to a security gap that makes the Pen-test inefficient since many low severity vulnerabilities on different inter-connected components can lead the system to an insecure state. Moreover, in some cases testing the individual components can claim that the particular component is secure, but if these individual components are connected in one system, it makes this system insecure. Due to such shortages, our framework will test the End-to-End target system (i.e., end devices, wireless communication, the control unit, then communication to the cloud server, and finally communication from the cloud to end user through mobile app or webpage). The proposed framework will automatically gather the information of the target IoT network and then perform various kinds of penetration testing through the network. Then it will summarize the results of Pentest and gives the recommendations to secure the system.

Original language	English
Title of host publication	Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	477-482
Number of pages	6
ISBN (Electronic)	9781728126272
DOIs	https://doi.org/10.1109/IIAI-AAI.2019.00104
Publication status	Published - Jul 2019
Event	8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019 - Toyama, Japan Duration: Jul 7 2019 → Jul 11 2019

Publication series

Name	Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019

Conference

Conference	8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019
Country/Territory	Japan
City	Toyama
Period	7/7/19 → 7/11/19

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications
Information Systems
Information Systems and Management
Social Sciences (miscellaneous)

Access to Document

10.1109/IIAI-AAI.2019.00104

Cite this

Yadav, G., Allakany, A., Kumar, V., Paul, K., & Okamura, K. (2019). Penetration Testing Framework for IoT. In Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019 (pp. 477-482). Article 8992645 (Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IIAI-AAI.2019.00104

Penetration Testing Framework for IoT. / Yadav, Geeta; Allakany, Alaa; Kumar, Vijay et al.
Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 477-482 8992645 (Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yadav, G, Allakany, A, Kumar, V, Paul, K & Okamura, K 2019, Penetration Testing Framework for IoT. in Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019., 8992645, Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019, Institute of Electrical and Electronics Engineers Inc., pp. 477-482, 8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019, Toyama, Japan, 7/7/19. https://doi.org/10.1109/IIAI-AAI.2019.00104

Yadav G, Allakany A, Kumar V, Paul K, Okamura K. Penetration Testing Framework for IoT. In Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 477-482. 8992645. (Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019). doi: 10.1109/IIAI-AAI.2019.00104

@inproceedings{8c3041b1e8674a1ba13172b5b3806114,

title = "Penetration Testing Framework for IoT",

abstract = "In the Internet of Things (IoT) environment, objects are connected on a network to share data. However, most of the IoT devices are developed and deployed with poor security consideration. As a result, these devices become a target of attacks. A solution for ensuring the safety and security of a network system is Penetration testing. In this study, we propose a framework for automated and flexible penetration testing for IoT network. Most of the available penetration testing methods are experts based, that select tool and process manually. This kind of Pen-test is a costly, time-consuming and inefficient. Also, the existing automated penetration testing doesn't consider the interaction between system components; it works by testing each component of a system separately. Individual component testing can lead to a security gap that makes the Pen-test inefficient since many low severity vulnerabilities on different inter-connected components can lead the system to an insecure state. Moreover, in some cases testing the individual components can claim that the particular component is secure, but if these individual components are connected in one system, it makes this system insecure. Due to such shortages, our framework will test the End-to-End target system (i.e., end devices, wireless communication, the control unit, then communication to the cloud server, and finally communication from the cloud to end user through mobile app or webpage). The proposed framework will automatically gather the information of the target IoT network and then perform various kinds of penetration testing through the network. Then it will summarize the results of Pentest and gives the recommendations to secure the system.",

author = "Geeta Yadav and Alaa Allakany and Vijay Kumar and Kolin Paul and Koji Okamura",

year = "2019",

month = jul,

doi = "10.1109/IIAI-AAI.2019.00104",

language = "English",

series = "Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "477--482",

booktitle = "Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019",

address = "United States",

note = "8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019 ; Conference date: 07-07-2019 Through 11-07-2019",

}

TY - GEN

T1 - Penetration Testing Framework for IoT

AU - Yadav, Geeta

AU - Allakany, Alaa

AU - Kumar, Vijay

AU - Paul, Kolin

AU - Okamura, Koji

PY - 2019/7

Y1 - 2019/7

N2 - In the Internet of Things (IoT) environment, objects are connected on a network to share data. However, most of the IoT devices are developed and deployed with poor security consideration. As a result, these devices become a target of attacks. A solution for ensuring the safety and security of a network system is Penetration testing. In this study, we propose a framework for automated and flexible penetration testing for IoT network. Most of the available penetration testing methods are experts based, that select tool and process manually. This kind of Pen-test is a costly, time-consuming and inefficient. Also, the existing automated penetration testing doesn't consider the interaction between system components; it works by testing each component of a system separately. Individual component testing can lead to a security gap that makes the Pen-test inefficient since many low severity vulnerabilities on different inter-connected components can lead the system to an insecure state. Moreover, in some cases testing the individual components can claim that the particular component is secure, but if these individual components are connected in one system, it makes this system insecure. Due to such shortages, our framework will test the End-to-End target system (i.e., end devices, wireless communication, the control unit, then communication to the cloud server, and finally communication from the cloud to end user through mobile app or webpage). The proposed framework will automatically gather the information of the target IoT network and then perform various kinds of penetration testing through the network. Then it will summarize the results of Pentest and gives the recommendations to secure the system.

AB - In the Internet of Things (IoT) environment, objects are connected on a network to share data. However, most of the IoT devices are developed and deployed with poor security consideration. As a result, these devices become a target of attacks. A solution for ensuring the safety and security of a network system is Penetration testing. In this study, we propose a framework for automated and flexible penetration testing for IoT network. Most of the available penetration testing methods are experts based, that select tool and process manually. This kind of Pen-test is a costly, time-consuming and inefficient. Also, the existing automated penetration testing doesn't consider the interaction between system components; it works by testing each component of a system separately. Individual component testing can lead to a security gap that makes the Pen-test inefficient since many low severity vulnerabilities on different inter-connected components can lead the system to an insecure state. Moreover, in some cases testing the individual components can claim that the particular component is secure, but if these individual components are connected in one system, it makes this system insecure. Due to such shortages, our framework will test the End-to-End target system (i.e., end devices, wireless communication, the control unit, then communication to the cloud server, and finally communication from the cloud to end user through mobile app or webpage). The proposed framework will automatically gather the information of the target IoT network and then perform various kinds of penetration testing through the network. Then it will summarize the results of Pentest and gives the recommendations to secure the system.

UR - http://www.scopus.com/inward/record.url?scp=85080886589&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85080886589&partnerID=8YFLogxK

U2 - 10.1109/IIAI-AAI.2019.00104

DO - 10.1109/IIAI-AAI.2019.00104

M3 - Conference contribution

T3 - Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019

SP - 477

EP - 482

BT - Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019

Y2 - 7 July 2019 through 11 July 2019

ER -

Penetration Testing Framework for IoT

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this