Dynamic Intelligence Gathering on The Internet of Things

• Main Author: Leander, Andreas
• Format: Others
• Language: English
• Published: Uppsala universitet, Institutionen för informationsteknologi 2019
• Subjects: Engineering and Technology; Teknik och teknologier
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-393280

Society is connecting more and more devices to the internet. There are many benefits to using connected devices, such as continuous monitoring of critical systems, easy access from various locations and device data collection. The backside of all of these interconnected devices are cyber security vulnerabilities. Penetration testers are professionals working to secure the connected society from cyber attacks. An attempt at preparing penetration testers and facilitating their work of securing connected devices and systems using connected devices by compiling a list of popular communication protocols has been made. The analysed communication protocols are: Zigbee, MQTT, AMQP, LoraWAN, 6LoWPan, Bluetooth/Bluetooth low energy, ANT, Enhanced Shockburst, Long term evolution and Z-wave. The compilation includes the protocol architecture, known vulnerabilities and tools for penetration testing. The compiled information can be used to scope which knowledge and tools might be required to perform a security analysis of a device or setup running one of the analysed protocols. Cyber attacks and counter measures are constantly evolving therefore a method for continuous updating of this compilation has been proposed. If an information bank on vulnerabilities and tools is to be useful in the future, updating and reviewing needs to be incorporated in the work flow to ensure that the most recent vulnerabilities and tools are included. By keeping an updated information bank, knowledge can be shared between penetration testers and continuously expanded.