IoT-PEN: A Penetration Testing Framework for IoT

Geeta Yadav, Kolin Paul, Alaa Allakany, Koji Okamura

    研究成果: 書籍/レポート タイプへの寄稿会議への寄与

    8 被引用数 (Scopus)

    抄録

    With the horizon of 5th generation wireless systems (5G), Internet of Things (IoT) is expected to take the major portion of computing. The lack of inbuilt security and security protocols in cheap IoT devices give privilege to an attacker to exploit these device's vulnerabilities and break into the target device. IoT network security was initially perceived from the perspective of a single, or a few attacks surface only. However, attacks like Mirai, Wannacry, Stuxnet, etc. show that a cyber attack often comprises of a series of attacks on vulnerabilities of victim devices to reach the target device. Penetration testing is generally used to identify the vulnerabilities/ possible attacks on traditional systems periodically. A timely fix of these vulnerabilities can avoid future attacks. Traditional penetration testing methods focus on isolated and manual testing of a host that fails to detect attacks involving multi-hosts and multi-stages.In this paper, we introduced first-of-its-kind, IoT-PEN, a Penetration Testing Framework for IoT. The framework consists of server-client architecture with "a system with resources" as server and all "IoT nodes" as clients. IoT-PEN is an end-to-end, scalable, flexible, and automatic penetration testing framework for IoT. IoT-PEN seeks to discover all possible ways an attacker can breach the target system using target-graphs. It constructs prerequisite and postconditions for each vulnerability using the National Vulnerability Database (NVD). We also demonstrated that even if an individual system is secure under some threat model, the attacker can use a kill-chain (a sequence of exploitation of multiple vulnerabilities on different hosts) to reach the target system.

    本文言語英語
    ホスト出版物のタイトル34th International Conference on Information Networking, ICOIN 2020
    出版社IEEE Computer Society
    ページ196-201
    ページ数6
    ISBN(電子版)9781728141985
    DOI
    出版ステータス出版済み - 1月 2020
    イベント34th International Conference on Information Networking, ICOIN 2020 - Barcelona, スペイン
    継続期間: 1月 7 20201月 10 2020

    出版物シリーズ

    名前International Conference on Information Networking
    2020-January
    ISSN(印刷版)1976-7684

    会議

    会議34th International Conference on Information Networking, ICOIN 2020
    国/地域スペイン
    CityBarcelona
    Period1/7/201/10/20

    !!!All Science Journal Classification (ASJC) codes

    • コンピュータ ネットワークおよび通信
    • 情報システム

    フィンガープリント

    「IoT-PEN: A Penetration Testing Framework for IoT」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

    引用スタイル