Security Testbed for Internet-of-Things Devices

Shachar Siboni; Vinay Sachidananda; Yair Meidan; Michael Bohadana; Yael Mathov; Suhas Bhairav; Asaf Shabtai; Yuval Elovici

doi:https://doi.org/10.1109/TR.2018.2864536

Security Testbed for Internet-of-Things Devices

Shachar Siboni, Vinay Sachidananda, Yair Meidan, Michael Bohadana, Yael Mathov, Suhas Bhairav, Asaf Shabtai, Yuval Elovici

Department of Software and Information Systems Engineering

Ben-Gurion University of the Negev

Research output: Contribution to journal › Article › peer-review

Abstract

The Internet of Things (IoT) is a global ecosystem of information and communication technologies aimed at connecting any type of object (thing), at any time, and in any place, to each other and to the Internet. One of the major problems associated with the IoT is the heterogeneous nature of such deployments; this heterogeneity poses many challenges, particularly, in the areas of security and privacy. Specifically, security testing and analysis of IoT devices is considered a very complex task, as different security testing methodologies, including software and hardware security testing approaches, are needed. In this paper, we propose an innovative security testbed framework targeted at IoT devices. The security testbed is aimed at testing all types of IoT devices, with different software/hardware configurations, by performing standard and advanced security testing. Advanced analysis processes based on machine learning algorithms are employed in the testbed in order to monitor the overall operation of the IoT device under test. The architectural design of the proposed security testbed along with a detailed description of the testbed implementation is discussed. The testbed operation is demonstrated on different IoT devices using several specific IoT testing scenarios. The results obtained demonstrate that the testbed is effective at detecting vulnerabilities and compromised IoT devices.

Original language	English
Article number	8565917
Pages (from-to)	23-44
Number of pages	22
Journal	IEEE Transactions on Reliability
Volume	68
Issue number	1
DOIs	https://doi.org/10.1109/TR.2018.2864536
State	Published - 1 Mar 2019

Keywords

Internet of Things (IoT)
IoT devices
privacy
security
testbed framework

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Electrical and Electronic Engineering

Access to Document

https://doi.org/10.1109/TR.2018.2864536

Cite this

@article{018f39ab747847ad919cbf56505c738f,

title = "Security Testbed for Internet-of-Things Devices",

abstract = "The Internet of Things (IoT) is a global ecosystem of information and communication technologies aimed at connecting any type of object (thing), at any time, and in any place, to each other and to the Internet. One of the major problems associated with the IoT is the heterogeneous nature of such deployments; this heterogeneity poses many challenges, particularly, in the areas of security and privacy. Specifically, security testing and analysis of IoT devices is considered a very complex task, as different security testing methodologies, including software and hardware security testing approaches, are needed. In this paper, we propose an innovative security testbed framework targeted at IoT devices. The security testbed is aimed at testing all types of IoT devices, with different software/hardware configurations, by performing standard and advanced security testing. Advanced analysis processes based on machine learning algorithms are employed in the testbed in order to monitor the overall operation of the IoT device under test. The architectural design of the proposed security testbed along with a detailed description of the testbed implementation is discussed. The testbed operation is demonstrated on different IoT devices using several specific IoT testing scenarios. The results obtained demonstrate that the testbed is effective at detecting vulnerabilities and compromised IoT devices.",

keywords = "Internet of Things (IoT), IoT devices, privacy, security, testbed framework",

author = "Shachar Siboni and Vinay Sachidananda and Yair Meidan and Michael Bohadana and Yael Mathov and Suhas Bhairav and Asaf Shabtai and Yuval Elovici",

note = "Funding Information: This work was supported by the Singapore Ministry of Defense (MINDEF). Funding Information: Manuscript received August 14, 2017; revised November 15, 2017 and May 17, 2018; accepted August 2, 2018. Date of publication December 6, 2018; date of current version February 26, 2019. This work was supported by the Singapore Ministry of Defense (MINDEF). Associate Editor: Z. Chen. (Corresponding author: Shachar Siboni.) S. Siboni, Y. Meidan, M. Bohadana, Y. Mathov, A. Shabtai, and Y. Elovici are with the Department of Software and Information Systems Engineering, Cyber Security Research Center, Ben-Gurion University of the Negev, Beersheba 84105, Israel (e-mail:, sibonish@post.bgu.ac.il; yairme@post.bgu.ac.il; bohadana@post.bgu.ac.il; yaelmath@post.bgu.ac.il; shabtaia@bgu.ac.il; elovici@bgu.ac.il). Publisher Copyright: {\textcopyright} 2018 IEEE.",

year = "2019",

month = mar,

day = "1",

doi = "https://doi.org/10.1109/TR.2018.2864536",

language = "English",

volume = "68",

pages = "23--44",

journal = "IEEE Transactions on Reliability",

issn = "0018-9529",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "1",

}

TY - JOUR

T1 - Security Testbed for Internet-of-Things Devices

AU - Siboni, Shachar

AU - Sachidananda, Vinay

AU - Meidan, Yair

AU - Bohadana, Michael

AU - Mathov, Yael

AU - Bhairav, Suhas

AU - Shabtai, Asaf

AU - Elovici, Yuval

N1 - Funding Information: This work was supported by the Singapore Ministry of Defense (MINDEF). Funding Information: Manuscript received August 14, 2017; revised November 15, 2017 and May 17, 2018; accepted August 2, 2018. Date of publication December 6, 2018; date of current version February 26, 2019. This work was supported by the Singapore Ministry of Defense (MINDEF). Associate Editor: Z. Chen. (Corresponding author: Shachar Siboni.) S. Siboni, Y. Meidan, M. Bohadana, Y. Mathov, A. Shabtai, and Y. Elovici are with the Department of Software and Information Systems Engineering, Cyber Security Research Center, Ben-Gurion University of the Negev, Beersheba 84105, Israel (e-mail:, sibonish@post.bgu.ac.il; yairme@post.bgu.ac.il; bohadana@post.bgu.ac.il; yaelmath@post.bgu.ac.il; shabtaia@bgu.ac.il; elovici@bgu.ac.il). Publisher Copyright: © 2018 IEEE.

PY - 2019/3/1

Y1 - 2019/3/1

N2 - The Internet of Things (IoT) is a global ecosystem of information and communication technologies aimed at connecting any type of object (thing), at any time, and in any place, to each other and to the Internet. One of the major problems associated with the IoT is the heterogeneous nature of such deployments; this heterogeneity poses many challenges, particularly, in the areas of security and privacy. Specifically, security testing and analysis of IoT devices is considered a very complex task, as different security testing methodologies, including software and hardware security testing approaches, are needed. In this paper, we propose an innovative security testbed framework targeted at IoT devices. The security testbed is aimed at testing all types of IoT devices, with different software/hardware configurations, by performing standard and advanced security testing. Advanced analysis processes based on machine learning algorithms are employed in the testbed in order to monitor the overall operation of the IoT device under test. The architectural design of the proposed security testbed along with a detailed description of the testbed implementation is discussed. The testbed operation is demonstrated on different IoT devices using several specific IoT testing scenarios. The results obtained demonstrate that the testbed is effective at detecting vulnerabilities and compromised IoT devices.

AB - The Internet of Things (IoT) is a global ecosystem of information and communication technologies aimed at connecting any type of object (thing), at any time, and in any place, to each other and to the Internet. One of the major problems associated with the IoT is the heterogeneous nature of such deployments; this heterogeneity poses many challenges, particularly, in the areas of security and privacy. Specifically, security testing and analysis of IoT devices is considered a very complex task, as different security testing methodologies, including software and hardware security testing approaches, are needed. In this paper, we propose an innovative security testbed framework targeted at IoT devices. The security testbed is aimed at testing all types of IoT devices, with different software/hardware configurations, by performing standard and advanced security testing. Advanced analysis processes based on machine learning algorithms are employed in the testbed in order to monitor the overall operation of the IoT device under test. The architectural design of the proposed security testbed along with a detailed description of the testbed implementation is discussed. The testbed operation is demonstrated on different IoT devices using several specific IoT testing scenarios. The results obtained demonstrate that the testbed is effective at detecting vulnerabilities and compromised IoT devices.

KW - Internet of Things (IoT)

KW - IoT devices

KW - privacy

KW - security

KW - testbed framework

UR - http://www.scopus.com/inward/record.url?scp=85058125435&partnerID=8YFLogxK

U2 - https://doi.org/10.1109/TR.2018.2864536

DO - https://doi.org/10.1109/TR.2018.2864536

M3 - Article

SN - 0018-9529

VL - 68

SP - 23

EP - 44

JO - IEEE Transactions on Reliability

JF - IEEE Transactions on Reliability

IS - 1

M1 - 8565917

ER -

Security Testbed for Internet-of-Things Devices

Abstract

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this