Author
Listed:
- Rohit Akhilesh
(Department of Cybersecurity, School of Engineering and Computer Sciences, University of Southampton, University Road, Southampton SO17 1BJ, UK)
- Oliver Bills
(Department of Cybersecurity, School of Engineering and Computer Sciences, University of Southampton, University Road, Southampton SO17 1BJ, UK)
- Naveen Chilamkurti
(Department of Computer Science and Engineering, La Trobe University, Bundoora VIC 3086, Australia)
- Mohammad Jabed Morshed Chowdhury
(Department of Computer Science and Engineering, La Trobe University, Bundoora VIC 3086, Australia)
Abstract
Security testing is fundamental to identifying security vulnerabilities on smart home-based IoT devices. For this, penetration testing is the most prominent and effective solution. However, testing the IoT manually is cumbersome and time-consuming. In addition, penetration testing requires a deep knowledge of the possible attacks and the available hacking tools. Therefore, this study emphasises building an automated penetration testing framework to discover the most common vulnerabilities in smart home-based IoT devices. This research involves exploring (studying) different IoT devices to select five devices for testing. Then, the common vulnerabilities for the five selected smart home-based IoT devices are examined, and the corresponding penetration testing tools required for the detection of these vulnerabilities are identified. The top five vulnerabilities are identified from the most common vulnerabilities, and accordingly, the corresponding tools for these vulnerabilities are discovered. These tools are combined using a script which is then implemented into a framework written in Python 3.6. The selected IoT devices are tested individually for known vulnerabilities using the proposed framework. For each vulnerability discovered in the device, the Common Vulnerability Scoring System (CVSS) Base score is calculated and the summation of these scores is taken to calculate the total score (for each device). In our experiment, we found that the Tp-Link Smart Bulb and the Tp-Link Smart Camera had the highest score and were the most vulnerable and the Google Home Mini had the least score and was the most secure device of all the devices. Finally, we conclude that our framework does not require technical expertise and thus can be used by common people. This will help improve the field of IoT security and ensure the security of smart homes to build a safe and secure future.
Suggested Citation
Rohit Akhilesh & Oliver Bills & Naveen Chilamkurti & Mohammad Jabed Morshed Chowdhury, 2022.
"Automated Penetration Testing Framework for Smart-Home-Based IoT Devices,"
Future Internet, MDPI, vol. 14(10), pages 1-18, September.
Handle:
RePEc:gam:jftint:v:14:y:2022:i:10:p:276-:d:926050
Download full text from publisher
References listed on IDEAS
- Miao Yu & Jianwei Zhuge & Ming Cao & Zhiwei Shi & Lin Jiang, 2020.
"A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices,"
Future Internet, MDPI, vol. 12(2), pages 1-23, February.
- Dimitrios Myridakis & Georgios Spathoulas & Athanasios Kakarountas & Dimitrios Schinianakis, 2020.
"Smart Devices Security Enhancement via Power Supply Monitoring,"
Future Internet, MDPI, vol. 12(3), pages 1-12, March.
Full references (including those not matched with items on IDEAS)
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:14:y:2022:i:10:p:276-:d:926050. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.