Automating IoT Security Standard Testing by Common Security Tools
Kaksonen, Rauli; Halunen, Kimmo; Laakso, Marko; Röning, Juha (2024-02-28)
Kaksonen, Rauli
Halunen, Kimmo
Laakso, Marko
Röning, Juha
SCITEPRESS Science And Technology Publications
28.02.2024
Kaksonen, R., Halunen, K., Laakso, M., & Röning, J. (2024). Automating iot security standard testing by common security tools: Proceedings of the 10th International Conference on Information Systems Security and Privacy, 42–53. https://doi.org/10.5220/0012345900003648
https://creativecommons.org/licenses/by-nc-nd/4.0/
© 2024 by SCITEPRESS – Science and Technology Publications, Lda. Paper published under CC license (CC BY-NC-ND 4.0).
https://creativecommons.org/licenses/by-nc-nd/4.0/
© 2024 by SCITEPRESS – Science and Technology Publications, Lda. Paper published under CC license (CC BY-NC-ND 4.0).
https://creativecommons.org/licenses/by-nc-nd/4.0/
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-202404293004
https://urn.fi/URN:NBN:fi:oulu-202404293004
Tiivistelmä
Abstract
Cybersecurity standards play a vital role in safeguarding the Internet of Things (IoT). Currently, standard compliance is assessed through manual reviews by security experts, a process which cost and delay is often too high. This research delves into the potential of automating IoT security standard testing, focusing on the ETSI TS 103 701 test specification for the ETSI EN 303 645 standard. From the test specification, 56 tests are relevant for the network attack threat model and considered for automation. The results are promising: basic network security tools can automate 52% of these tests, and advanced tools can push that number up to 70%. For full test coverage, custom tooling is required. The approach is validated by creating a test verdict automation for a real-world IoT product. Test automation is an investment, but the results indicate it can streamline security standard verification, especially for product updates and variants. The automation can use data from other testi (More)
Cybersecurity standards play a vital role in safeguarding the Internet of Things (IoT). Currently, standard compliance is assessed through manual reviews by security experts, a process which cost and delay is often too high. This research delves into the potential of automating IoT security standard testing, focusing on the ETSI TS 103 701 test specification for the ETSI EN 303 645 standard. From the test specification, 56 tests are relevant for the network attack threat model and considered for automation. The results are promising: basic network security tools can automate 52% of these tests, and advanced tools can push that number up to 70%. For full test coverage, custom tooling is required. The approach is validated by creating a test verdict automation for a real-world IoT product. Test automation is an investment, but the results indicate it can streamline security standard verification, especially for product updates and variants. The automation can use data from other testi (More)
Kokoelmat
- Avoin saatavuus [34357]