TY - GEN
T1 - Penetration Testing Framework for IoT
AU - Yadav, Geeta
AU - Allakany, Alaa
AU - Kumar, Vijay
AU - Paul, Kolin
AU - Okamura, Koji
PY - 2019/7
Y1 - 2019/7
N2 - In the Internet of Things (IoT) environment, objects are connected on a network to share data. However, most of the IoT devices are developed and deployed with poor security consideration. As a result, these devices become a target of attacks. A solution for ensuring the safety and security of a network system is Penetration testing. In this study, we propose a framework for automated and flexible penetration testing for IoT network. Most of the available penetration testing methods are experts based, that select tool and process manually. This kind of Pen-test is a costly, time-consuming and inefficient. Also, the existing automated penetration testing doesn't consider the interaction between system components; it works by testing each component of a system separately. Individual component testing can lead to a security gap that makes the Pen-test inefficient since many low severity vulnerabilities on different inter-connected components can lead the system to an insecure state. Moreover, in some cases testing the individual components can claim that the particular component is secure, but if these individual components are connected in one system, it makes this system insecure. Due to such shortages, our framework will test the End-to-End target system (i.e., end devices, wireless communication, the control unit, then communication to the cloud server, and finally communication from the cloud to end user through mobile app or webpage). The proposed framework will automatically gather the information of the target IoT network and then perform various kinds of penetration testing through the network. Then it will summarize the results of Pentest and gives the recommendations to secure the system.
AB - In the Internet of Things (IoT) environment, objects are connected on a network to share data. However, most of the IoT devices are developed and deployed with poor security consideration. As a result, these devices become a target of attacks. A solution for ensuring the safety and security of a network system is Penetration testing. In this study, we propose a framework for automated and flexible penetration testing for IoT network. Most of the available penetration testing methods are experts based, that select tool and process manually. This kind of Pen-test is a costly, time-consuming and inefficient. Also, the existing automated penetration testing doesn't consider the interaction between system components; it works by testing each component of a system separately. Individual component testing can lead to a security gap that makes the Pen-test inefficient since many low severity vulnerabilities on different inter-connected components can lead the system to an insecure state. Moreover, in some cases testing the individual components can claim that the particular component is secure, but if these individual components are connected in one system, it makes this system insecure. Due to such shortages, our framework will test the End-to-End target system (i.e., end devices, wireless communication, the control unit, then communication to the cloud server, and finally communication from the cloud to end user through mobile app or webpage). The proposed framework will automatically gather the information of the target IoT network and then perform various kinds of penetration testing through the network. Then it will summarize the results of Pentest and gives the recommendations to secure the system.
UR - http://www.scopus.com/inward/record.url?scp=85080886589&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85080886589&partnerID=8YFLogxK
U2 - 10.1109/IIAI-AAI.2019.00104
DO - 10.1109/IIAI-AAI.2019.00104
M3 - Conference contribution
T3 - Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019
SP - 477
EP - 482
BT - Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019
Y2 - 7 July 2019 through 11 July 2019
ER -