IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v14y2022i10p276-d926050.html
   My bibliography  Save this article

Automated Penetration Testing Framework for Smart-Home-Based IoT Devices

Author

Listed:
  • Rohit Akhilesh

    (Department of Cybersecurity, School of Engineering and Computer Sciences, University of Southampton, University Road, Southampton SO17 1BJ, UK)

  • Oliver Bills

    (Department of Cybersecurity, School of Engineering and Computer Sciences, University of Southampton, University Road, Southampton SO17 1BJ, UK)

  • Naveen Chilamkurti

    (Department of Computer Science and Engineering, La Trobe University, Bundoora VIC 3086, Australia)

  • Mohammad Jabed Morshed Chowdhury

    (Department of Computer Science and Engineering, La Trobe University, Bundoora VIC 3086, Australia)

Abstract

Security testing is fundamental to identifying security vulnerabilities on smart home-based IoT devices. For this, penetration testing is the most prominent and effective solution. However, testing the IoT manually is cumbersome and time-consuming. In addition, penetration testing requires a deep knowledge of the possible attacks and the available hacking tools. Therefore, this study emphasises building an automated penetration testing framework to discover the most common vulnerabilities in smart home-based IoT devices. This research involves exploring (studying) different IoT devices to select five devices for testing. Then, the common vulnerabilities for the five selected smart home-based IoT devices are examined, and the corresponding penetration testing tools required for the detection of these vulnerabilities are identified. The top five vulnerabilities are identified from the most common vulnerabilities, and accordingly, the corresponding tools for these vulnerabilities are discovered. These tools are combined using a script which is then implemented into a framework written in Python 3.6. The selected IoT devices are tested individually for known vulnerabilities using the proposed framework. For each vulnerability discovered in the device, the Common Vulnerability Scoring System (CVSS) Base score is calculated and the summation of these scores is taken to calculate the total score (for each device). In our experiment, we found that the Tp-Link Smart Bulb and the Tp-Link Smart Camera had the highest score and were the most vulnerable and the Google Home Mini had the least score and was the most secure device of all the devices. Finally, we conclude that our framework does not require technical expertise and thus can be used by common people. This will help improve the field of IoT security and ensure the security of smart homes to build a safe and secure future.

Suggested Citation

  • Rohit Akhilesh & Oliver Bills & Naveen Chilamkurti & Mohammad Jabed Morshed Chowdhury, 2022. "Automated Penetration Testing Framework for Smart-Home-Based IoT Devices," Future Internet, MDPI, vol. 14(10), pages 1-18, September.
    • Handle: RePEc:gam:jftint:v:14:y:2022:i:10:p:276-:d:926050
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/14/10/276/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/14/10/276/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Miao Yu & Jianwei Zhuge & Ming Cao & Zhiwei Shi & Lin Jiang, 2020. "A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices," Future Internet, MDPI, vol. 12(2), pages 1-23, February.
    2. Dimitrios Myridakis & Georgios Spathoulas & Athanasios Kakarountas & Dimitrios Schinianakis, 2020. "Smart Devices Security Enhancement via Power Supply Monitoring," Future Internet, MDPI, vol. 12(3), pages 1-12, March.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Nadir, Ibrahim & Mahmood, Haroon & Asadullah, Ghalib, 2022. "A taxonomy of IoT firmware security and principal firmware analysis techniques," International Journal of Critical Infrastructure Protection, Elsevier, vol. 38(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:14:y:2022:i:10:p:276-:d:926050. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.