Large Scale IoT Security Testing, Benchmarking and Certification

• Published in: Cognitive Hyperconnected Digital Transformation pp. 189 - 220
• Main Authors: Ahmad, Abbas, Baldini, Gianmarco, Cousin, Philippe, Matheu, Sara N., Skarmeta, Antonio, Fourneret, Elizabeta, Legeard, Bruno
• Format: Book Chapter
• Language: English
• Published: Denmark Routledge 2017; River Publishers
• Edition: 1
• Subjects: Privacy Certification; DoS; Benchmarking Methodology; ARMOUR Project; Model Based Security; Security Testing; Privacy Seal; IoT Product; IoT Security; Security Certification Process; IoT Environment; Security Certification; MBT; IoT Device; DSRC; MBT Approach; IoT System; SOG; IoT Deployment; IoT Platform; Test Patterns; Test Execution; DTLS; Protection Profiles; DoS Attack
• ISBN: 8793609116; 9788793609112
• DOI: 10.1201/9781003337584-7

The Internet of Things (IoT) is defined by its connectivity between people, objects and complex systems. This is as vast as it sounds spanning all industries, enterprises, and consumers. The massive scale of recent Distributed Denial of Service (DDoS) attacks (October 2016) on DYN's servers that brought down many popular online services in the US, gives us just a glimpse of what is possible when attackers are able to leverage up to 100,000 unsecured IoT devices as malicious endpoints. Thus, ensuring security is a key challenge. In order to thoroughly test the internet of things, traditional testing methods, where the System Under Test (SUT) tested pre-production, is not an option. Due to their heterogeneous communication protocol, complex architecture and insecure usage context, IoTs must be tested in their real use case environment: service based and large-scale deployments. This article describes the challenges for IoT security testing and presents a Model Based Testing approach solution, which can be used to support and EU security certification framework at European level for IoT products.