Visible to the public An Auditing Framework for Vulnerability Analysis of IoT System

TitleAn Auditing Framework for Vulnerability Analysis of IoT System
Publication TypeConference Paper
Year of Publication2019
AuthorsNadir, Ibrahim, Ahmad, Zafeer, Mahmood, Haroon, Asadullah Shah, Ghalib, Shahzad, Farrukh, Umair, Muhammad, Khan, Hassam, Gulzar, Usman
Conference Name2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW)
Keywordsauditing, auditing framework, communication vulnerabilities, firmware, Framework, Human Behavior, Internet of Things, Internet-of-Things, IoT, IoT device, IoT system, open-source framework, open-source tools, physical world, pubcrawl, public domain software, Resiliency, resource constraint nature, Scalability, security, Security Audits, security frameworks, security of data, virtual world, vulnerability analysis
AbstractIntroduction of IoT is a big step towards the convergence of physical and virtual world as everyday objects are connected to the internet nowadays. But due to its diversity and resource constraint nature, the security of these devices in the real world has become a major challenge. Although a number of security frameworks have been suggested to ensure the security of IoT devices, frameworks for auditing this security are rare. We propose an open-source framework to audit the security of IoT devices covering hardware, firmware and communication vulnerabilities. Using existing open-source tools, we formulate a modular approach towards the implementation of the proposed framework. Standout features in the suggested framework are its modular design, extensibility, scalability, tools integration and primarily autonomous nature. The principal focus of the framework is to automate the process of auditing. The paper further mentions some tools that can be incorporated in different modules of the framework. Finally, we validate the feasibility of our framework by auditing an IoT device using proposed toolchain.
Citation Keynadir_auditing_2019