Conferences and supporting programme
Securing the IoT
IoT devices are widely used in almost all vertical domains like homes, factories or as wearables on the body. This diversity is reflected in a variety of implementations which creates challenges for security testing due to the lag of applicability of out-of-the-box security testing solutions, like existing in other areas. We're introducing a security testing suite that is capable of providing security tests. Our security test suite is part of the Eclipse IoT-Testware project and gets advanced there constantly. The formal test specification of the IoT-Testware test suite are becoming ETSI Technical documents by ETSI TC MTS. It is capable of creating fuzz test cases for devices automatically, regardless of the used protocols. Eclipse IoT-Testware reads into the communication between two devices, generates a model of the used protocol and generates fuzz data using the generation library Fuzzino. We've evaluated this security testing approach for devices using the IoT protocols MQTT and CoAP as well as with devices communicating via the ITS standard. The next iteration will include the OPC UA as an Industrie 4.0 use case. The focus of our presentation is how the Eclipse IoT-Testware, as an out-of-the-box solution, helps to save time and money in setting up and performing security testing, which ultimately improves the quality and confidence of the IoT device. We will explain how we achieved these goals via automation in security testing and via an easy adaptation of new protocols.
--- Date: 28.02.2019 Time: 15:30 - 16:00 Location: Conference Counter NCC Ost