Penetration Testing in IoT Network

Johari, Rahul; Kaur, Ishveen; Tripathi, Rashmi; Gupta, Kanika

doi:10.1109/icccs49678.2020.9276853

Cited by 10 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There initial results were useful; however, they required experimental validation in real IoT environment. In 2020, researchers [ 25 ] performed a study in which they performed penetration testing on real IoT devices. They proposed a general methodology to develop test cases for penetration testing IoT devices and planned to automate the test cases in future studies.…”

Section: Discussionmentioning

confidence: 99%

“…The threat actors described in Section 2.1.2 are an important part of the threat modeling step, while the IoT architecture and security issues from Section 2.1.3 are essential when evaluating step 2, 3, and 5 of the PTES model. Other models and methodologies designed specifically for penetration testing within the domain of IoT have recently been proposed [ 16 , 24 , 25 , 26 ].…”

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Automatic Verification and Execution of Cyber Attack on IoT Devices

Færøy

Yamin

Shukla

et al. 2023

Sensors

View full text Add to dashboard Cite

Internet of Things (IoT) devices are becoming a part of our daily life; from health monitors to critical infrastructure, they are used everywhere. This makes them ideal targets for malicious actors to exploit for nefarious purposes. Recent attacks like the Mirai botnet are just examples in which default credentials were used to exploit thousands of devices. This raises major concerns about IoT device security. In this work, we aimed to investigate security of IoT devices through performing automatic penetration test on IoT devices. A penetration test is a way of detecting security problems, but manually testing billions of IoT devices is infeasible. This work has therefore examined autonomous penetration testing on IoT devices. In recent studies, automated attack execution models were developed for modeling automated attacks in cyber ranges. We have (1) investigated how such models can be applied for performing autonomous IoT penetration testing. Furthermore, we have (2) investigated if some well known and severe Wi-Fi related vulnerabilities still exist in IoT devices. Through a case study, we have shown that the such models can be used to model and design autonomous penetration testing agents for IoT devices. In addition, we have demonstrated that well-known vulnerabilities are present in deployed and currently sold products used in IoT devices, and that they can be both autonomously revealed through our developed system.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%

Automatic Verification and Execution of Cyber Attack on IoT Devices

Færøy

Yamin

Shukla

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Penetration testing, alternatively referred to as ethical hacking, encompasses the practice of emulating authentic attacks on a system with the aim of detecting vulnerabilities and evaluating the efficacy of security measures [124][125][126][127][128][129]. Proficient security practition-ers endeavor to exploit flaws within the system's defensive measures, such as software susceptibilities or misconfigurations, with the intention of attaining unauthorized entry or executing illegal activities.…”

Section: Penetration Testingmentioning

confidence: 99%

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Krichen

2023

Information

View full text Add to dashboard Cite

The increasing complexity and connectivity of automotive systems have raised concerns about their vulnerability to security breaches. As a result, the integration of formal methods and validation techniques has become crucial in ensuring the security of automotive systems. This survey research paper aims to provide a comprehensive overview of the current state-of-the-art formal methods and validation techniques employed in the automotive industry for system security. The paper begins by discussing the challenges associated with automotive system security and the potential consequences of security breaches. Then, it explores various formal methods, such as model checking, theorem proving, and abstract interpretation, which have been widely used to analyze and verify the security properties of automotive systems. Additionally, the survey highlights the validation techniques employed to ensure the effectiveness of security measures, including penetration testing, fault injection, and fuzz testing. Furthermore, the paper examines the integration of formal methods and validation techniques within the automotive development lifecycle, including requirements engineering, design, implementation, and testing phases. It discusses the benefits and limitations of these approaches, considering factors such as scalability, efficiency, and applicability to real-world automotive systems. Through an extensive review of relevant literature and case studies, this survey provides insights into the current research trends, challenges, and open research questions in the field of formal methods and validation techniques for automotive system security. The findings of this survey can serve as a valuable resource for researchers, practitioners, and policymakers involved in the design, development, and evaluation of secure automotive systems.

show abstract