WO2021090047A1 - Iot penetration testing platform - Google Patents

Iot penetration testing platform Download PDF

Info

Publication number
WO2021090047A1
WO2021090047A1 PCT/IB2019/059548 IB2019059548W WO2021090047A1 WO 2021090047 A1 WO2021090047 A1 WO 2021090047A1 IB 2019059548 W IB2019059548 W IB 2019059548W WO 2021090047 A1 WO2021090047 A1 WO 2021090047A1
Authority
WO
WIPO (PCT)
Prior art keywords
attack
attacks
lot
penetration testing
testing platform
Prior art date
Application number
PCT/IB2019/059548
Other languages
French (fr)
Inventor
Armin MANSOURI
Original Assignee
Mansouri Armin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mansouri Armin filed Critical Mansouri Armin
Priority to PCT/IB2019/059548 priority Critical patent/WO2021090047A1/en
Publication of WO2021090047A1 publication Critical patent/WO2021090047A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware

Definitions

  • the present invention relates to a penetration testing platform on an loT device.
  • loT is a technology that gives ability to the different objects for connecting to the internet.
  • Each device can have different sensors.
  • loT devices may have an IP address for communicating and distinguish from other devices.
  • loT The main goal of loT is to connect devices to the internet, so that devices can be controlled remotely or communicate with each other, which makes them a potential target to get hacked and taken control by the third parties. Assessing and patching each device's issues and security vulnerabilities are critical needs.
  • an aspect of the present invention proposes an loT platform which implemented different security vulnerabilities.
  • the present invention (loT penetration testing platform) is completely customizable which means the users can add additional issues and vulnerabilities (software, hardware, electronic, mechanical).
  • the goal of the present invention is to practice and learn all of the security issues which may occur in the loT devices. By analyzing these vulnerabilities, future issues can be prevented. BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates the process of a traffic analysis attack.
  • FIG. 2 illustrates the process of a denial of service attack.
  • FIG. 3 illustrates the process of a man in the middle attack.
  • FIG. 4 illustrates the process of a phishing attack.
  • FIG. 5 illustrates the process of a malicious code injection attack.
  • FIG. 6 illustrates the process of a malicious node injection attack.
  • FIG. 7 illustrates the process of a sleeping deprivation attack.
  • FIG. 8 illustrates the after a affected node of a sleeping deprivation attack.
  • FIG. 9 illustrates the process of a sinkhole attack.
  • FIG. 10 illustrates the process of a Sybil attack.
  • FIG. 11 illustrates the process of a wormhole attack.
  • FIG. 12 illustrates the process of a HELLO flood attack.
  • FIG. 13 illustrates the process of a black hole attack.
  • FIG. 14 illustrates the process of a selective forwarding attack.
  • FIG. 15 illustrates the process of an acknowledgement spoofing attack.
  • FIG. 16 illustrates the process of a node jamming attack.
  • Network attacks are the ones which occur in the loT system network and an attacker does not need to be physically close to the network.
  • Encryption attacks are based on breaking the encryption that a device is using.
  • FIG. 1 illustrates the process of a traffic analyzing attack.
  • such networks comprising of an loT device 1 which is connected to the internet 2 via a link 3 and transferring data, an intruder 4 sniffing, observing and storing transferred data 5.
  • FIG. 2 illustrates the process of a Denial of Service attack.
  • a party which in this case is a user 1 communicates with another party, which in this case is an loT device 2 via a link 3.
  • An intruder 4 bombarded the loT device with more traffic than it can handle 5 which overloads the system and other legitimate requests cannot be fulfilled.
  • FIG. 3 illustrates the process of a Man In the Middle attack.
  • An loT device 1 is communicates with second party which could be either internet or other loT devices 2 via a link 3.
  • An intruder 4 intercepts mentioned communication 5 and acts as relay which results to controlling the conversation 6, 7.
  • an intruder copies data from the targeted RFID tag onto another RFID tag.
  • FIG. 9 illustrates the process of a sinkhole attack.
  • a compromised node 1 lures all the traffic by declaring fake routing update which can lead to attract surrounding nodes 2, then compromised node can observe, interfere, change and/or intercept the data flow 3 to the base station 4. This attack can have several impacts. Not affected nodes are in 5.
  • FIG. 10 illustrates the process of a Sybil attack.
  • a single node 1 which called sybil node operates several identities 2 simultaneously.
  • the main goal of this attack is to gain the majority of influence in the network 2.
  • Nodes 4 are not affected.
  • FIG. 11 illustrates the process of a wormhole attack.
  • An intruder creates a tunnel out of the normal links 6 which called wormhole tunnel 3 between node 1 and node 2.
  • the packets sent from sender 4 to the receiver 5 can be lead to early arrival or delayed arrival or non-arrival.
  • FIG. 12 illustrates the process of a HELLO flood attack.
  • FIG. 13 illustrates the process of a black hole attack.
  • This attack is a type of denial of service attack which is known as DoS attack.
  • a node in this case a router 1 discards packets 2 instead of forward packets.
  • a compromised node 3 advertises itself as an attractive node which can lead to attract surrounding nodes 4, and then this node can observe, interfere, change and/or intercept the data flow 5 to the base station 6. This attack can have several impacts.
  • FIG. 14 illustrates the process of a selective forwarding attack. This attack behaves like blackhole attack which refuses to forward some of the packets or packets which initiated from a particular source. Malicious node 1 receives the main packets 3 from source node 2 and drops some of the packets 5 and (modifies and) forwards some of them 6 to the destination source 4.
  • FIG. 15 illustrates the process of an acknowledgement spoofing attack.
  • Many wireless sensor network algorithms depend on Acknowledgment. This attack affects protocols which is based on the next hops. Malicious node 1 spoofs this acknowledgment 4, 5 for its neighbors 2, 3 to convince the sender node 2 that the weak/dead node 6 is alive.
  • One of the impacts is packet loss.
  • FIG. 4 illustrates the process of a phishing attack.
  • An attacker 1 attempts to make the targeted device 2 provide its credentials by masking oneself as a reliable source 3 which in fact spoofing the authentication. It is often carried out by fake emails.
  • FIG. 16 illustrates the process of a node jamming attack.
  • the attacker 1 interferes the communication link 4 between nodes 2 within a range 3, so that links 4 will be lost.
  • the links 5 of nodes 6 which is not in the attack range will not be affected.
  • Physical damage is any damage that an attacker could make to the device.
  • Social engineering attacks are based on human interactions in which an attacker manipulates users to gain sensitive information or even perform actions which serves his/her goals.
  • FIG. 5 illustrates the process of a malicious code injection attack.
  • the attacker injects malicious code 1 onto the targeted node 2 which could be communicating with other nodes 4 via a link 3.
  • the further actions can be taken via this malicious node 2.
  • FIG. 6 illustrates the process of a malicious node injection attack.
  • the attacker can add a new node 2 to the network 1 among the healthy nodes 3 which communicates via a link 4, therefore the attacker can control all the related operations through data.
  • FIG. 7 illustrates the process of a sleeping deprivation attack.
  • the goal of this attack is to maximize the power consumption of the targeted node; hence the node's lifetime reduces. Because some of the sensors in the loT system are powered by batteries and programmed in order to follow sleep routines to extend their battery life, this attack could affect them.
  • An intruder focuses on keep targeted node awake until it runs out of battery. Among all the nodes 4 the intruder 1 sends several requests 2 to the targeted devices via a link 3, since the device kept busy so it cannot follow the sleeping routine.
  • FIG. 8 illustrates the result of the FIG. 7. After the attack by the intruder 1, the targeted device 2 cannot communicate with the rest of the nodes 3 and it will lose the communicating channel 4.
  • Malicious scripts are the ones that use exploits against software vulnerabilities. This could be either desktop applications or web applications.
  • Virus, worm, Trojan horse, spyware and adware are malicious softwares which can have different results: stealing information, denial of service and etc.
  • Cryptanalysis attack is recovers plaintext of the encrypted message without having the key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

An IoT penetration testing platform comprising: a. Network attacks; b. Software attacks; c. Encryption attacks; d. Physical attacks. The platform is to help security specialists who intent to improve their skills on assessing security issues in a legal environment.

Description

loT Penetration Testing Platform
Technical Field
[0001] The present invention relates to a penetration testing platform on an loT device.
Description of the Related Art
[0002] loT is a technology that gives ability to the different objects for connecting to the internet. Each device can have different sensors.
[0003] loT devices may have an IP address for communicating and distinguish from other devices.
[0004] In the recent years, explosive growth of the loT is being seen that can be lead to the loT vulnerabilities.
[0005] The main goal of loT is to connect devices to the internet, so that devices can be controlled remotely or communicate with each other, which makes them a potential target to get hacked and taken control by the third parties. Assessing and patching each device's issues and security vulnerabilities are critical needs.
SUMMARY OF THE INVENTION
[0006] To resolve the problems of the related art described above, an aspect of the present invention proposes an loT platform which implemented different security vulnerabilities.
[0007] The present invention (loT penetration testing platform) is completely customizable which means the users can add additional issues and vulnerabilities (software, hardware, electronic, mechanical).
[0008] The goal of the present invention is to practice and learn all of the security issues which may occur in the loT devices. By analyzing these vulnerabilities, future issues can be prevented. BRIEF DESCRIPTION OF THE DRAWINGS
[0009]
FIG. 1 illustrates the process of a traffic analysis attack.
FIG. 2 illustrates the process of a denial of service attack.
FIG. 3 illustrates the process of a man in the middle attack.
FIG. 4 illustrates the process of a phishing attack.
FIG. 5 illustrates the process of a malicious code injection attack.
FIG. 6 illustrates the process of a malicious node injection attack.
FIG. 7 illustrates the process of a sleeping deprivation attack.
FIG. 8 illustrates the after a affected node of a sleeping deprivation attack.
FIG. 9 illustrates the process of a sinkhole attack.
FIG. 10 illustrates the process of a Sybil attack.
FIG. 11 illustrates the process of a wormhole attack.
FIG. 12 illustrates the process of a HELLO flood attack.
FIG. 13 illustrates the process of a black hole attack.
FIG. 14 illustrates the process of a selective forwarding attack.
FIG. 15 illustrates the process of an acknowledgement spoofing attack.
FIG. 16 illustrates the process of a node jamming attack.
DETAILED DESCRIPTION OF THE INVENTION
[0011] The various embodiments and variations thereof illustrated in the accompanying Figures and/or described herein are merely exemplary and are not meant to limit the scope of the invention. It is to be appreciated that numerous variations of the invention have been contemplated as would be obvious to one of ordinary skill in the art with the benefit of this disclosure. Rather, the scope and breadth afforded this document should only be limited by the claims provided herein while applying either the plain meaning to each of the terms and phrases in the claims or the meaning clearly and unambiguously provided in this specification. [0012] The invention allows for penetration testing different issues in multiple categories, and also adding new vulnerabilities due to users' skills.
[0013] Embodiments of the present invention are described below in more detail with reference to the accompanying drawings.
[0014] Network attacks are the ones which occur in the loT system network and an attacker does not need to be physically close to the network.
[0015] Software attacks include any attempts to exploit any vulnerable software.
[0016] Encryption attacks are based on breaking the encryption that a device is using.
[0017] Physical attacks focuses on harming hardware components which mean an attacker should be physically close.
[0018] FIG. 1 illustrates the process of a traffic analyzing attack.
[0019] As illustrated in FIG. 1, such networks comprising of an loT device 1 which is connected to the internet 2 via a link 3 and transferring data, an intruder 4 sniffing, observing and storing transferred data 5.
[0020] FIG. 2 illustrates the process of a Denial of Service attack. A party, which in this case is a user 1 communicates with another party, which in this case is an loT device 2 via a link 3. An intruder 4 bombarded the loT device with more traffic than it can handle 5 which overloads the system and other legitimate requests cannot be fulfilled.
[0021] FIG. 3 illustrates the process of a Man In the Middle attack. An loT device 1 is communicates with second party which could be either internet or other loT devices 2 via a link 3. An intruder 4 intercepts mentioned communication 5 and acts as relay which results to controlling the conversation 6, 7.
[0022] In RFID spoofing an attacker tries to spoof a RFID communication between the reader and the tag and records the transmitted data. Further actions can be taken which can be sent recorded signals to gain full access.
[0023] In RFID cloning, an intruder copies data from the targeted RFID tag onto another RFID tag.
[0024] A routing information attacks happen in the network layer. Next common attacks are explained: [0025] FIG. 9 illustrates the process of a sinkhole attack. A compromised node 1 lures all the traffic by declaring fake routing update which can lead to attract surrounding nodes 2, then compromised node can observe, interfere, change and/or intercept the data flow 3 to the base station 4. This attack can have several impacts. Not affected nodes are in 5.
[0026] FIG. 10 illustrates the process of a Sybil attack. A single node 1 which called sybil node operates several identities 2 simultaneously. The main goal of this attack is to gain the majority of influence in the network 2. Nodes 4 are not affected.
[0027] FIG. 11 illustrates the process of a wormhole attack. An intruder creates a tunnel out of the normal links 6 which called wormhole tunnel 3 between node 1 and node 2. The packets sent from sender 4 to the receiver 5 can be lead to early arrival or delayed arrival or non-arrival.
[0028] FIG. 12 illustrates the process of a HELLO flood attack. An intruder with a compromised node 1 in the network 3, flood hello requests 3 to the other legitimate nodes 4.
[0029] FIG. 13 illustrates the process of a black hole attack. This attack is a type of denial of service attack which is known as DoS attack. A node in this case a router 1 discards packets 2 instead of forward packets. A compromised node 3 advertises itself as an attractive node which can lead to attract surrounding nodes 4, and then this node can observe, interfere, change and/or intercept the data flow 5 to the base station 6. This attack can have several impacts.
[0030] FIG. 14 illustrates the process of a selective forwarding attack. This attack behaves like blackhole attack which refuses to forward some of the packets or packets which initiated from a particular source. Malicious node 1 receives the main packets 3 from source node 2 and drops some of the packets 5 and (modifies and) forwards some of them 6 to the destination source 4.
[0031] FIG. 15 illustrates the process of an acknowledgement spoofing attack. Many wireless sensor network algorithms depend on Acknowledgment. This attack affects protocols which is based on the next hops. Malicious node 1 spoofs this acknowledgment 4, 5 for its neighbors 2, 3 to convince the sender node 2 that the weak/dead node 6 is alive. One of the impacts is packet loss.
[0032] FIG. 4 illustrates the process of a phishing attack. An attacker 1 attempts to make the targeted device 2 provide its credentials by masking oneself as a reliable source 3 which in fact spoofing the authentication. It is often carried out by fake emails.
[0033] FIG. 16 illustrates the process of a node jamming attack. The attacker 1 interferes the communication link 4 between nodes 2 within a range 3, so that links 4 will be lost. The links 5 of nodes 6 which is not in the attack range will not be affected.
[0034] Physical damage is any damage that an attacker could make to the device. [0035] Social engineering attacks are based on human interactions in which an attacker manipulates users to gain sensitive information or even perform actions which serves his/her goals.
[0036] FIG. 5 illustrates the process of a malicious code injection attack. The attacker injects malicious code 1 onto the targeted node 2 which could be communicating with other nodes 4 via a link 3. The further actions can be taken via this malicious node 2.
[0037] FIG. 6 illustrates the process of a malicious node injection attack. The attacker can add a new node 2 to the network 1 among the healthy nodes 3 which communicates via a link 4, therefore the attacker can control all the related operations through data.
[0038] FIG. 7 illustrates the process of a sleeping deprivation attack. The goal of this attack is to maximize the power consumption of the targeted node; hence the node's lifetime reduces. Because some of the sensors in the loT system are powered by batteries and programmed in order to follow sleep routines to extend their battery life, this attack could affect them. An intruder focuses on keep targeted node awake until it runs out of battery. Among all the nodes 4 the intruder 1 sends several requests 2 to the targeted devices via a link 3, since the device kept busy so it cannot follow the sleeping routine.
[0039] FIG. 8 illustrates the result of the FIG. 7. After the attack by the intruder 1, the targeted device 2 cannot communicate with the rest of the nodes 3 and it will lose the communicating channel 4.
[0040] Malicious scripts are the ones that use exploits against software vulnerabilities. This could be either desktop applications or web applications.
[0041] Virus, worm, Trojan horse, spyware and adware are malicious softwares which can have different results: stealing information, denial of service and etc.
[0042] Side channel attacks are techniques such as timing information, power consumption, electromagnetic leaks and sound for gaining information of an loT device which give an attacker the ability to retrieve the encryption key which being used.
[0043] Cryptanalysis attack is recovers plaintext of the encrypted message without having the key.

Claims

1. An loT penetration testing platform comprising: a. Network attacks b. Software attacks c. Encryption attacks d. Physical attacks
2. An loT penetration testing platform according to claim 1 wherein the network attacks are include: a. Traffic analysis b. DoS c. RFID Spoofing d. RFID Cloning e. Man In the Middle attack f. Routing Information attack
3. An loT penetration testing platform according to claim 1 wherein the software attacks are include: a. Malicious script b. Virus, worm, Trojan horse, spyware and adware c. DoS d. Phishing
4. An loT penetration testing platform according to claim 1 wherein the encryption attacks are include: a. Man In the Middle attack b. Side channel attack c. Cryptanalysis attack
5. An loT penetration testing platform according to claim 1 wherein the physical attacks are include: a. Node jamming b. Physical damage c. Social engineering d. Malicious code injection e. Malicious node injection f. Sleep deprivation attack
PCT/IB2019/059548 2019-11-06 2019-11-06 Iot penetration testing platform WO2021090047A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2019/059548 WO2021090047A1 (en) 2019-11-06 2019-11-06 Iot penetration testing platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2019/059548 WO2021090047A1 (en) 2019-11-06 2019-11-06 Iot penetration testing platform

Publications (1)

Publication Number Publication Date
WO2021090047A1 true WO2021090047A1 (en) 2021-05-14

Family

ID=75849792

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/059548 WO2021090047A1 (en) 2019-11-06 2019-11-06 Iot penetration testing platform

Country Status (1)

Country Link
WO (1) WO2021090047A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327032A (en) * 2013-07-11 2013-09-25 中国科学院微电子研究所 Detection method for internet of things packet discarding attack and internet of things tree system
CN103763695A (en) * 2014-02-19 2014-04-30 山东微分电子科技有限公司 Method for evaluating safety of internet of things
CN106603546A (en) * 2016-12-22 2017-04-26 北京邮电大学 IOT invasion monitoring method and device
US20170163671A1 (en) * 2015-12-08 2017-06-08 Sudhir Pendse System and method for Using Simulators in network security and useful in IoT Security
CN108173832A (en) * 2017-12-25 2018-06-15 四川长虹电器股份有限公司 Family's Internet of Things application system penetration testing method based on end cloud translocation
CN108989296A (en) * 2018-06-29 2018-12-11 杭州安恒信息技术股份有限公司 A kind of Internet of things system safety comprehensive assessment system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327032A (en) * 2013-07-11 2013-09-25 中国科学院微电子研究所 Detection method for internet of things packet discarding attack and internet of things tree system
CN103763695A (en) * 2014-02-19 2014-04-30 山东微分电子科技有限公司 Method for evaluating safety of internet of things
US20170163671A1 (en) * 2015-12-08 2017-06-08 Sudhir Pendse System and method for Using Simulators in network security and useful in IoT Security
CN106603546A (en) * 2016-12-22 2017-04-26 北京邮电大学 IOT invasion monitoring method and device
CN108173832A (en) * 2017-12-25 2018-06-15 四川长虹电器股份有限公司 Family's Internet of Things application system penetration testing method based on end cloud translocation
CN108989296A (en) * 2018-06-29 2018-12-11 杭州安恒信息技术股份有限公司 A kind of Internet of things system safety comprehensive assessment system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LI, WEI; FENG, GANG; LIU, DONG; MIAO, YONG; TANG, YE-WEI; HU, BIN: "IOT System Safety and Reliability Testing Technology Research", COMPUTER TECHNOLOGY AND DEVELOPMENT, vol. 23, no. 4, 30 April 2013 (2013-04-30), pages 139 - 142, XP009527947, ISSN: 1673-629X *

Similar Documents

Publication Publication Date Title
Abdul-Ghani et al. A comprehensive IoT attacks survey based on a building-blocked reference model
Deogirikar et al. Security attacks in IoT: A survey
US20220060449A1 (en) System and method for monitoring and securing communications networks and associated devices
US8561177B1 (en) Systems and methods for detecting communication channels of bots
Gu et al. Denial of service attacks
Polychronakis et al. Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware.
Sastry et al. Security threats in wireless sensor networks in each layer
Kaur Chahal et al. Distributed denial of service attacks: a threat or challenge
Ahmed et al. A taxonomy of internal attacks in wireless sensor network
Riaz et al. Classification of attacks on wireless sensor networks: A survey
Soni et al. A L-IDS against dropping attack to secure and improve RPL performance in WSN aided IoT
Sarma et al. Internet of Things: attacks and defences
Somasundaram et al. IOT–attacks and challenges
Gupta et al. A co-operative approach to thwart selfish and black-hole attacks in DTN for post disaster scenario
Banerjee et al. A brief overview of security attacks and protocols in MANET
Alanazi et al. Analysis of denial of service impact on data routing in mobile eHealth wireless mesh network
Mishra et al. Vulnerabilities and security for ad-hoc networks
Pareek et al. Different type network security threats and solutions, a review
Devi et al. Study on security protocols in wireless sensor networks
WO2021090047A1 (en) Iot penetration testing platform
Naidu Mitigation of energy depletion in wireless ad-hoc sensor networks through path optimization
Cvetković et al. Internet of Things Security Aspects
Mapenduka Methods for detecting attacks in mobile/wireless ad-hoc networks: A Survey
Faisal et al. Attacks in MANET
Yadav et al. Trust or reputation base encryption decryption technique for preventing network from DOS attack in MANET

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19951307

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19951307

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 19951307

Country of ref document: EP

Kind code of ref document: A1