IoT-PEN: An E2E penetration testing framework for IoT

Geeta Yadav, Kolin Paul, Alaa Allakany, Koji Okamura

研究成果: ジャーナルへの寄稿学術誌査読

13 被引用数 (Scopus)

抄録

The lack of inbuilt security protocols in cheap and resource-constrained Internet of Things (IoT) devices give privilege to an attacker to exploit these device’s vulnerabilities and break into the target device. Attacks like Mirai, Wannacry, Stuxnet, etc. show that a cyber-attack often comprises of a series of exploitations of victim device’s vulner-abilities. Timely detection and patching of these vulnerabilities can avoid future attacks. Penetration testing helps to identify such vulnerabilities. However, traditional penetration testing methods are not End-to-End, which fail to detect multi-hosts and multi-stages attacks. Even if an individual system is secure under some threat model, the attacker can use a kill-chain to reach the target system. In this paper, we introduced first-of-its-kind, IoT-PEN, a Penetration Testing Framework for IoT. The framework follows a client-server architecture wherein all IoT nodes act as clients and “a system with resources” as a server. IoT-PEN is an End-to-End, scalable, flexible and automatic penetration testing framework for discovering all possible ways an attacker can breach the target system using target-graphs. Finally, the paper recommends patch prioritization order by identifying critical nodes, critical paths for efficient patching. Our analysis shows that IoT-PEN is easily scalable to large and complex IoT networks.

本文言語英語
ページ(範囲)633-642
ページ数10
ジャーナルJournal of information processing
28
DOI
出版ステータス出版済み - 2020

!!!All Science Journal Classification (ASJC) codes

  • コンピュータサイエンス一般

フィンガープリント

「IoT-PEN: An E2E penetration testing framework for IoT」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル