PatrIoT: practical and agile threat research for IoT-Reference-Cited by-同舟云学术

PatrIoT: practical and agile threat research for IoT

Published:2022-11-18 Issue:1 Volume:22 Page:213-233
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Süren Emre^ORCID,Heiding Fredrik,Olegård Johannes,Lagerström Robert

Abstract

AbstractThe Internet of things (IoT) products, which have been widely adopted, still pose challenges in the modern cybersecurity landscape. Many IoT devices are resource-constrained and almost constantly online. Furthermore, the security features of these devices are less often of concern, and fewer methods, standards, and guidelines are available for testing them. Although a few approaches are available to assess the security posture of IoT products, the ones in use are mostly based on traditional non-IoT-focused techniques and generally lack the attackers’ perspective. This study provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. Our proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.

Funder

Royal Institute of Technology

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-022-00633-3.pdf

Reference32 articles.

1. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., et al.: Understanding the Mirai botnet. In: 26th USENIX security symposium USENIX Security 17), pp. 1093–1110 (2017)

2. Gupta, A.P: The IoT Hacker’s Handbook: A Practical Guide to Hacking the Internet of Things. Apress (2019)

3. PatrIoT artifacts. https://github.com/beyefendi/penbook/. Accessed: 06 Dec 2021 (2021)

4. Rathore, B., Brunner, M., Dilaj, M., Herrera, O., Brunati, P., Subramaniam, R., Raman, S., Chavan, U.: Information systems security assessment framework (ISSAF), Draft 0.2 B 1 2006 (2006)

5. Herzog, P.: Osstmm 3 the open source security testing methodology manual. Contemporary security testing and analysis, ISECOM-Institute for Security and Open Methodologies

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. IOT SECURITY AND SOFTWARE TESTING;Yalvaç Akademi Dergisi;2024-03-25

2. Detecting lateral movement: A systematic survey;Heliyon;2024-02

3. Vulnerability Analysis of an Electric Vehicle Charging Ecosystem;Lecture Notes in Computer Science;2024

4. Threat modeling of industrial control systems: A systematic literature review;Computers & Security;2024-01

5. Securing the Digital Supply Chain Cyber Threats and Vulnerabilities;Advances in Logistics, Operations, and Management Science;2023-12-29