WO2021090047A1 - Iot penetration testing platform - Google Patents
Iot penetration testing platform Download PDFInfo
- Publication number
- WO2021090047A1 WO2021090047A1 PCT/IB2019/059548 IB2019059548W WO2021090047A1 WO 2021090047 A1 WO2021090047 A1 WO 2021090047A1 IB 2019059548 W IB2019059548 W IB 2019059548W WO 2021090047 A1 WO2021090047 A1 WO 2021090047A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- attack
- attacks
- lot
- penetration testing
- testing platform
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
Definitions
- the present invention relates to a penetration testing platform on an loT device.
- loT is a technology that gives ability to the different objects for connecting to the internet.
- Each device can have different sensors.
- loT devices may have an IP address for communicating and distinguish from other devices.
- loT The main goal of loT is to connect devices to the internet, so that devices can be controlled remotely or communicate with each other, which makes them a potential target to get hacked and taken control by the third parties. Assessing and patching each device's issues and security vulnerabilities are critical needs.
- an aspect of the present invention proposes an loT platform which implemented different security vulnerabilities.
- the present invention (loT penetration testing platform) is completely customizable which means the users can add additional issues and vulnerabilities (software, hardware, electronic, mechanical).
- the goal of the present invention is to practice and learn all of the security issues which may occur in the loT devices. By analyzing these vulnerabilities, future issues can be prevented. BRIEF DESCRIPTION OF THE DRAWINGS
- FIG. 1 illustrates the process of a traffic analysis attack.
- FIG. 2 illustrates the process of a denial of service attack.
- FIG. 3 illustrates the process of a man in the middle attack.
- FIG. 4 illustrates the process of a phishing attack.
- FIG. 5 illustrates the process of a malicious code injection attack.
- FIG. 6 illustrates the process of a malicious node injection attack.
- FIG. 7 illustrates the process of a sleeping deprivation attack.
- FIG. 8 illustrates the after a affected node of a sleeping deprivation attack.
- FIG. 9 illustrates the process of a sinkhole attack.
- FIG. 10 illustrates the process of a Sybil attack.
- FIG. 11 illustrates the process of a wormhole attack.
- FIG. 12 illustrates the process of a HELLO flood attack.
- FIG. 13 illustrates the process of a black hole attack.
- FIG. 14 illustrates the process of a selective forwarding attack.
- FIG. 15 illustrates the process of an acknowledgement spoofing attack.
- FIG. 16 illustrates the process of a node jamming attack.
- Network attacks are the ones which occur in the loT system network and an attacker does not need to be physically close to the network.
- Encryption attacks are based on breaking the encryption that a device is using.
- FIG. 1 illustrates the process of a traffic analyzing attack.
- such networks comprising of an loT device 1 which is connected to the internet 2 via a link 3 and transferring data, an intruder 4 sniffing, observing and storing transferred data 5.
- FIG. 2 illustrates the process of a Denial of Service attack.
- a party which in this case is a user 1 communicates with another party, which in this case is an loT device 2 via a link 3.
- An intruder 4 bombarded the loT device with more traffic than it can handle 5 which overloads the system and other legitimate requests cannot be fulfilled.
- FIG. 3 illustrates the process of a Man In the Middle attack.
- An loT device 1 is communicates with second party which could be either internet or other loT devices 2 via a link 3.
- An intruder 4 intercepts mentioned communication 5 and acts as relay which results to controlling the conversation 6, 7.
- an intruder copies data from the targeted RFID tag onto another RFID tag.
- FIG. 9 illustrates the process of a sinkhole attack.
- a compromised node 1 lures all the traffic by declaring fake routing update which can lead to attract surrounding nodes 2, then compromised node can observe, interfere, change and/or intercept the data flow 3 to the base station 4. This attack can have several impacts. Not affected nodes are in 5.
- FIG. 10 illustrates the process of a Sybil attack.
- a single node 1 which called sybil node operates several identities 2 simultaneously.
- the main goal of this attack is to gain the majority of influence in the network 2.
- Nodes 4 are not affected.
- FIG. 11 illustrates the process of a wormhole attack.
- An intruder creates a tunnel out of the normal links 6 which called wormhole tunnel 3 between node 1 and node 2.
- the packets sent from sender 4 to the receiver 5 can be lead to early arrival or delayed arrival or non-arrival.
- FIG. 12 illustrates the process of a HELLO flood attack.
- FIG. 13 illustrates the process of a black hole attack.
- This attack is a type of denial of service attack which is known as DoS attack.
- a node in this case a router 1 discards packets 2 instead of forward packets.
- a compromised node 3 advertises itself as an attractive node which can lead to attract surrounding nodes 4, and then this node can observe, interfere, change and/or intercept the data flow 5 to the base station 6. This attack can have several impacts.
- FIG. 14 illustrates the process of a selective forwarding attack. This attack behaves like blackhole attack which refuses to forward some of the packets or packets which initiated from a particular source. Malicious node 1 receives the main packets 3 from source node 2 and drops some of the packets 5 and (modifies and) forwards some of them 6 to the destination source 4.
- FIG. 15 illustrates the process of an acknowledgement spoofing attack.
- Many wireless sensor network algorithms depend on Acknowledgment. This attack affects protocols which is based on the next hops. Malicious node 1 spoofs this acknowledgment 4, 5 for its neighbors 2, 3 to convince the sender node 2 that the weak/dead node 6 is alive.
- One of the impacts is packet loss.
- FIG. 4 illustrates the process of a phishing attack.
- An attacker 1 attempts to make the targeted device 2 provide its credentials by masking oneself as a reliable source 3 which in fact spoofing the authentication. It is often carried out by fake emails.
- FIG. 16 illustrates the process of a node jamming attack.
- the attacker 1 interferes the communication link 4 between nodes 2 within a range 3, so that links 4 will be lost.
- the links 5 of nodes 6 which is not in the attack range will not be affected.
- Physical damage is any damage that an attacker could make to the device.
- Social engineering attacks are based on human interactions in which an attacker manipulates users to gain sensitive information or even perform actions which serves his/her goals.
- FIG. 5 illustrates the process of a malicious code injection attack.
- the attacker injects malicious code 1 onto the targeted node 2 which could be communicating with other nodes 4 via a link 3.
- the further actions can be taken via this malicious node 2.
- FIG. 6 illustrates the process of a malicious node injection attack.
- the attacker can add a new node 2 to the network 1 among the healthy nodes 3 which communicates via a link 4, therefore the attacker can control all the related operations through data.
- FIG. 7 illustrates the process of a sleeping deprivation attack.
- the goal of this attack is to maximize the power consumption of the targeted node; hence the node's lifetime reduces. Because some of the sensors in the loT system are powered by batteries and programmed in order to follow sleep routines to extend their battery life, this attack could affect them.
- An intruder focuses on keep targeted node awake until it runs out of battery. Among all the nodes 4 the intruder 1 sends several requests 2 to the targeted devices via a link 3, since the device kept busy so it cannot follow the sleeping routine.
- FIG. 8 illustrates the result of the FIG. 7. After the attack by the intruder 1, the targeted device 2 cannot communicate with the rest of the nodes 3 and it will lose the communicating channel 4.
- Malicious scripts are the ones that use exploits against software vulnerabilities. This could be either desktop applications or web applications.
- Virus, worm, Trojan horse, spyware and adware are malicious softwares which can have different results: stealing information, denial of service and etc.
- Cryptanalysis attack is recovers plaintext of the encrypted message without having the key.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
An IoT penetration testing platform comprising: a. Network attacks; b. Software attacks; c. Encryption attacks; d. Physical attacks. The platform is to help security specialists who intent to improve their skills on assessing security issues in a legal environment.
Description
loT Penetration Testing Platform
Technical Field
[0001] The present invention relates to a penetration testing platform on an loT device.
Description of the Related Art
[0002] loT is a technology that gives ability to the different objects for connecting to the internet. Each device can have different sensors.
[0003] loT devices may have an IP address for communicating and distinguish from other devices.
[0004] In the recent years, explosive growth of the loT is being seen that can be lead to the loT vulnerabilities.
[0005] The main goal of loT is to connect devices to the internet, so that devices can be controlled remotely or communicate with each other, which makes them a potential target to get hacked and taken control by the third parties. Assessing and patching each device's issues and security vulnerabilities are critical needs.
SUMMARY OF THE INVENTION
[0006] To resolve the problems of the related art described above, an aspect of the present invention proposes an loT platform which implemented different security vulnerabilities.
[0007] The present invention (loT penetration testing platform) is completely customizable which means the users can add additional issues and vulnerabilities (software, hardware, electronic, mechanical).
[0008] The goal of the present invention is to practice and learn all of the security issues which may occur in the loT devices. By analyzing these vulnerabilities, future issues can be prevented.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009]
FIG. 1 illustrates the process of a traffic analysis attack.
FIG. 2 illustrates the process of a denial of service attack.
FIG. 3 illustrates the process of a man in the middle attack.
FIG. 4 illustrates the process of a phishing attack.
FIG. 5 illustrates the process of a malicious code injection attack.
FIG. 6 illustrates the process of a malicious node injection attack.
FIG. 7 illustrates the process of a sleeping deprivation attack.
FIG. 8 illustrates the after a affected node of a sleeping deprivation attack.
FIG. 9 illustrates the process of a sinkhole attack.
FIG. 10 illustrates the process of a Sybil attack.
FIG. 11 illustrates the process of a wormhole attack.
FIG. 12 illustrates the process of a HELLO flood attack.
FIG. 13 illustrates the process of a black hole attack.
FIG. 14 illustrates the process of a selective forwarding attack.
FIG. 15 illustrates the process of an acknowledgement spoofing attack.
FIG. 16 illustrates the process of a node jamming attack.
DETAILED DESCRIPTION OF THE INVENTION
[0011] The various embodiments and variations thereof illustrated in the accompanying Figures and/or described herein are merely exemplary and are not meant to limit the scope of the invention. It is to be appreciated that numerous variations of the invention have been contemplated as would be obvious to one of ordinary skill in the art with the benefit of this disclosure. Rather, the scope and breadth afforded this document should only be limited by the claims provided herein while applying either the plain meaning to each of the terms and phrases in the claims or the meaning clearly and unambiguously provided in this specification.
[0012] The invention allows for penetration testing different issues in multiple categories, and also adding new vulnerabilities due to users' skills.
[0013] Embodiments of the present invention are described below in more detail with reference to the accompanying drawings.
[0014] Network attacks are the ones which occur in the loT system network and an attacker does not need to be physically close to the network.
[0015] Software attacks include any attempts to exploit any vulnerable software.
[0016] Encryption attacks are based on breaking the encryption that a device is using.
[0017] Physical attacks focuses on harming hardware components which mean an attacker should be physically close.
[0018] FIG. 1 illustrates the process of a traffic analyzing attack.
[0019] As illustrated in FIG. 1, such networks comprising of an loT device 1 which is connected to the internet 2 via a link 3 and transferring data, an intruder 4 sniffing, observing and storing transferred data 5.
[0020] FIG. 2 illustrates the process of a Denial of Service attack. A party, which in this case is a user 1 communicates with another party, which in this case is an loT device 2 via a link 3. An intruder 4 bombarded the loT device with more traffic than it can handle 5 which overloads the system and other legitimate requests cannot be fulfilled.
[0021] FIG. 3 illustrates the process of a Man In the Middle attack. An loT device 1 is communicates with second party which could be either internet or other loT devices 2 via a link 3. An intruder 4 intercepts mentioned communication 5 and acts as relay which results to controlling the conversation 6, 7.
[0022] In RFID spoofing an attacker tries to spoof a RFID communication between the reader and the tag and records the transmitted data. Further actions can be taken which can be sent recorded signals to gain full access.
[0023] In RFID cloning, an intruder copies data from the targeted RFID tag onto another RFID tag.
[0024] A routing information attacks happen in the network layer. Next common attacks are explained:
[0025] FIG. 9 illustrates the process of a sinkhole attack. A compromised node 1 lures all the traffic by declaring fake routing update which can lead to attract surrounding nodes 2, then compromised node can observe, interfere, change and/or intercept the data flow 3 to the base station 4. This attack can have several impacts. Not affected nodes are in 5.
[0026] FIG. 10 illustrates the process of a Sybil attack. A single node 1 which called sybil node operates several identities 2 simultaneously. The main goal of this attack is to gain the majority of influence in the network 2. Nodes 4 are not affected.
[0027] FIG. 11 illustrates the process of a wormhole attack. An intruder creates a tunnel out of the normal links 6 which called wormhole tunnel 3 between node 1 and node 2. The packets sent from sender 4 to the receiver 5 can be lead to early arrival or delayed arrival or non-arrival.
[0028] FIG. 12 illustrates the process of a HELLO flood attack. An intruder with a compromised node 1 in the network 3, flood hello requests 3 to the other legitimate nodes 4.
[0029] FIG. 13 illustrates the process of a black hole attack. This attack is a type of denial of service attack which is known as DoS attack. A node in this case a router 1 discards packets 2 instead of forward packets. A compromised node 3 advertises itself as an attractive node which can lead to attract surrounding nodes 4, and then this node can observe, interfere, change and/or intercept the data flow 5 to the base station 6. This attack can have several impacts.
[0030] FIG. 14 illustrates the process of a selective forwarding attack. This attack behaves like blackhole attack which refuses to forward some of the packets or packets which initiated from a particular source. Malicious node 1 receives the main packets 3 from source node 2 and drops some of the packets 5 and (modifies and) forwards some of them 6 to the destination source 4.
[0031] FIG. 15 illustrates the process of an acknowledgement spoofing attack. Many wireless sensor network algorithms depend on Acknowledgment. This attack affects protocols which is based on the next hops. Malicious node 1 spoofs this acknowledgment 4, 5 for its neighbors 2, 3 to convince the sender node 2 that the weak/dead node 6 is alive. One of the impacts is packet loss.
[0032] FIG. 4 illustrates the process of a phishing attack. An attacker 1 attempts to make the targeted device 2 provide its credentials by masking oneself as a reliable source 3 which in fact spoofing the authentication. It is often carried out by fake emails.
[0033] FIG. 16 illustrates the process of a node jamming attack. The attacker 1 interferes the communication link 4 between nodes 2 within a range 3, so that links 4 will be lost. The links 5 of nodes 6 which is not in the attack range will not be affected.
[0034] Physical damage is any damage that an attacker could make to the device.
[0035] Social engineering attacks are based on human interactions in which an attacker manipulates users to gain sensitive information or even perform actions which serves his/her goals.
[0036] FIG. 5 illustrates the process of a malicious code injection attack. The attacker injects malicious code 1 onto the targeted node 2 which could be communicating with other nodes 4 via a link 3. The further actions can be taken via this malicious node 2.
[0037] FIG. 6 illustrates the process of a malicious node injection attack. The attacker can add a new node 2 to the network 1 among the healthy nodes 3 which communicates via a link 4, therefore the attacker can control all the related operations through data.
[0038] FIG. 7 illustrates the process of a sleeping deprivation attack. The goal of this attack is to maximize the power consumption of the targeted node; hence the node's lifetime reduces. Because some of the sensors in the loT system are powered by batteries and programmed in order to follow sleep routines to extend their battery life, this attack could affect them. An intruder focuses on keep targeted node awake until it runs out of battery. Among all the nodes 4 the intruder 1 sends several requests 2 to the targeted devices via a link 3, since the device kept busy so it cannot follow the sleeping routine.
[0039] FIG. 8 illustrates the result of the FIG. 7. After the attack by the intruder 1, the targeted device 2 cannot communicate with the rest of the nodes 3 and it will lose the communicating channel 4.
[0040] Malicious scripts are the ones that use exploits against software vulnerabilities. This could be either desktop applications or web applications.
[0041] Virus, worm, Trojan horse, spyware and adware are malicious softwares which can have different results: stealing information, denial of service and etc.
[0042] Side channel attacks are techniques such as timing information, power consumption, electromagnetic leaks and sound for gaining information of an loT device which give an attacker the ability to retrieve the encryption key which being used.
[0043] Cryptanalysis attack is recovers plaintext of the encrypted message without having the key.
Claims
1. An loT penetration testing platform comprising: a. Network attacks b. Software attacks c. Encryption attacks d. Physical attacks
2. An loT penetration testing platform according to claim 1 wherein the network attacks are include: a. Traffic analysis b. DoS c. RFID Spoofing d. RFID Cloning e. Man In the Middle attack f. Routing Information attack
3. An loT penetration testing platform according to claim 1 wherein the software attacks are include: a. Malicious script b. Virus, worm, Trojan horse, spyware and adware c. DoS d. Phishing
4. An loT penetration testing platform according to claim 1 wherein the encryption attacks are include: a. Man In the Middle attack b. Side channel attack c. Cryptanalysis attack
5. An loT penetration testing platform according to claim 1 wherein the physical attacks are include: a. Node jamming b. Physical damage c. Social engineering d. Malicious code injection e. Malicious node injection f. Sleep deprivation attack
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2019/059548 WO2021090047A1 (en) | 2019-11-06 | 2019-11-06 | Iot penetration testing platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2019/059548 WO2021090047A1 (en) | 2019-11-06 | 2019-11-06 | Iot penetration testing platform |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021090047A1 true WO2021090047A1 (en) | 2021-05-14 |
Family
ID=75849792
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2019/059548 WO2021090047A1 (en) | 2019-11-06 | 2019-11-06 | Iot penetration testing platform |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2021090047A1 (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327032A (en) * | 2013-07-11 | 2013-09-25 | 中国科学院微电子研究所 | Detection method for internet of things packet discarding attack and internet of things tree system |
CN103763695A (en) * | 2014-02-19 | 2014-04-30 | 山东微分电子科技有限公司 | Method for evaluating safety of internet of things |
CN106603546A (en) * | 2016-12-22 | 2017-04-26 | 北京邮电大学 | IOT invasion monitoring method and device |
US20170163671A1 (en) * | 2015-12-08 | 2017-06-08 | Sudhir Pendse | System and method for Using Simulators in network security and useful in IoT Security |
CN108173832A (en) * | 2017-12-25 | 2018-06-15 | 四川长虹电器股份有限公司 | Family's Internet of Things application system penetration testing method based on end cloud translocation |
CN108989296A (en) * | 2018-06-29 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of Internet of things system safety comprehensive assessment system and method |
-
2019
- 2019-11-06 WO PCT/IB2019/059548 patent/WO2021090047A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327032A (en) * | 2013-07-11 | 2013-09-25 | 中国科学院微电子研究所 | Detection method for internet of things packet discarding attack and internet of things tree system |
CN103763695A (en) * | 2014-02-19 | 2014-04-30 | 山东微分电子科技有限公司 | Method for evaluating safety of internet of things |
US20170163671A1 (en) * | 2015-12-08 | 2017-06-08 | Sudhir Pendse | System and method for Using Simulators in network security and useful in IoT Security |
CN106603546A (en) * | 2016-12-22 | 2017-04-26 | 北京邮电大学 | IOT invasion monitoring method and device |
CN108173832A (en) * | 2017-12-25 | 2018-06-15 | 四川长虹电器股份有限公司 | Family's Internet of Things application system penetration testing method based on end cloud translocation |
CN108989296A (en) * | 2018-06-29 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of Internet of things system safety comprehensive assessment system and method |
Non-Patent Citations (1)
Title |
---|
LI, WEI; FENG, GANG; LIU, DONG; MIAO, YONG; TANG, YE-WEI; HU, BIN: "IOT System Safety and Reliability Testing Technology Research", COMPUTER TECHNOLOGY AND DEVELOPMENT, vol. 23, no. 4, 30 April 2013 (2013-04-30), pages 139 - 142, XP009527947, ISSN: 1673-629X * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Abdul-Ghani et al. | A comprehensive IoT attacks survey based on a building-blocked reference model | |
Deogirikar et al. | Security attacks in IoT: A survey | |
US20220060449A1 (en) | System and method for monitoring and securing communications networks and associated devices | |
US8561177B1 (en) | Systems and methods for detecting communication channels of bots | |
Gu et al. | Denial of service attacks | |
Polychronakis et al. | Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware. | |
Sastry et al. | Security threats in wireless sensor networks in each layer | |
Kaur Chahal et al. | Distributed denial of service attacks: a threat or challenge | |
Ahmed et al. | A taxonomy of internal attacks in wireless sensor network | |
Riaz et al. | Classification of attacks on wireless sensor networks: A survey | |
Soni et al. | A L-IDS against dropping attack to secure and improve RPL performance in WSN aided IoT | |
Sarma et al. | Internet of Things: attacks and defences | |
Somasundaram et al. | IOT–attacks and challenges | |
Gupta et al. | A co-operative approach to thwart selfish and black-hole attacks in DTN for post disaster scenario | |
Banerjee et al. | A brief overview of security attacks and protocols in MANET | |
Alanazi et al. | Analysis of denial of service impact on data routing in mobile eHealth wireless mesh network | |
Mishra et al. | Vulnerabilities and security for ad-hoc networks | |
Pareek et al. | Different type network security threats and solutions, a review | |
Devi et al. | Study on security protocols in wireless sensor networks | |
WO2021090047A1 (en) | Iot penetration testing platform | |
Naidu | Mitigation of energy depletion in wireless ad-hoc sensor networks through path optimization | |
Cvetković et al. | Internet of Things Security Aspects | |
Mapenduka | Methods for detecting attacks in mobile/wireless ad-hoc networks: A Survey | |
Faisal et al. | Attacks in MANET | |
Yadav et al. | Trust or reputation base encryption decryption technique for preventing network from DOS attack in MANET |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19951307 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19951307 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19951307 Country of ref document: EP Kind code of ref document: A1 |