Abstract

The Internet of things (IoT) products, which have been widely adopted, still pose challenges in the modern cybersecurity landscape. Many IoT devices are resource-constrained and almost constantly online. Furthermore, the security features of these devices are less often of concern, and fewer methods, standards, and guidelines are available for testing them. Although a few approaches are available to assess the security posture of IoT products, the ones in use are mostly based on traditional non-IoT-focused techniques and generally lack the attackers’ perspective. This study provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. Our proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.

Details

Title
PatrIoT: practical and agile threat research for IoT
Author
Süren, Emre 1   VIAFID ORCID Logo  ; Heiding, Fredrik 1 ; Olegård, Johannes 1 ; Lagerström, Robert 1 

 KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science, Stockholm, Sweden (GRID:grid.5037.1) (ISNI:0000000121581746) 
Pages
213-233
Publication year
2023
Publication date
Feb 2023
Publisher
Springer Nature B.V.
ISSN
16155262
e-ISSN
16155270
Source type
Scholarly Journal
Language of publication
English
DOI
https://doi.org/10.1007/s10207-022-00633-3
ProQuest document ID
2766574009
Copyright
© The Author(s) 2022. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.