Penetration Testing Framework for IoT

Geeta Yadav, Alaa Allakany, Vijay Kumar, Kolin Paul, Koji Okamura

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    5 Citations (Scopus)


    In the Internet of Things (IoT) environment, objects are connected on a network to share data. However, most of the IoT devices are developed and deployed with poor security consideration. As a result, these devices become a target of attacks. A solution for ensuring the safety and security of a network system is Penetration testing. In this study, we propose a framework for automated and flexible penetration testing for IoT network. Most of the available penetration testing methods are experts based, that select tool and process manually. This kind of Pen-test is a costly, time-consuming and inefficient. Also, the existing automated penetration testing doesn't consider the interaction between system components; it works by testing each component of a system separately. Individual component testing can lead to a security gap that makes the Pen-test inefficient since many low severity vulnerabilities on different inter-connected components can lead the system to an insecure state. Moreover, in some cases testing the individual components can claim that the particular component is secure, but if these individual components are connected in one system, it makes this system insecure. Due to such shortages, our framework will test the End-to-End target system (i.e., end devices, wireless communication, the control unit, then communication to the cloud server, and finally communication from the cloud to end user through mobile app or webpage). The proposed framework will automatically gather the information of the target IoT network and then perform various kinds of penetration testing through the network. Then it will summarize the results of Pentest and gives the recommendations to secure the system.

    Original languageEnglish
    Title of host publicationProceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Number of pages6
    ISBN (Electronic)9781728126272
    Publication statusPublished - Jul 2019
    Event8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019 - Toyama, Japan
    Duration: Jul 7 2019Jul 11 2019

    Publication series

    NameProceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019


    Conference8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019

    All Science Journal Classification (ASJC) codes

    • Computer Networks and Communications
    • Computer Science Applications
    • Information Systems
    • Information Systems and Management
    • Social Sciences (miscellaneous)


    Dive into the research topics of 'Penetration Testing Framework for IoT'. Together they form a unique fingerprint.

    Cite this