Internet of Things (IoT) Automatic Security Testbed
The IoT testbed, commissioned in March 2016, includes IoT communication infrastructure, equipment to facilitate specific environmental conditions for IoT devices, perform attacks and a suite of IoT devices. The testbed enable researchers to test existing IoT prototypes and products for security vulnerabilities, construct and validate their security prototypes and products experimentally.
A key feature of the IoT testbed is the Shielded Room, in which various IoT devices, including smart home devices, smart wearables and wireless sensor networks (WSNs), could be tested against a set of security requirements. The Shielded Room facilitates different types of testing environments, simulating various sensor activities (GPS, movement, Wi-Fi, etc.) and performing predefined and customised security tests. To this end, it provides the shielding attenuation for the wireless computer networking technologies such as WiFi, Bluetooth, ZigBee, Industrial, scientific and medical (ISM) radio bands, Femtocell, etc.
During construction, the following minimum shielding effectiveness were tested and achieved, in accordance with IEEE Standard 299:2006: 50dB @ 10kHz, 70dB @ 100kHz, 100dB @ 1MHz, 100dB @ 1GHz and 80dB @ 10GHz.
The testbed collects data during security testing which can be used for security forensic analysis. The resulting report includes information about the type of IoT device, connectivity, supported communication protocols and the status of security test cases.
Shielded Room Setup in the IoT Lab
Currently, the testbed is hosting a hybrid honeypot infrastructure which is scalable and allows easy integration of commercial off the shelf IoT devices. A smaller number of heterogeneous IoT devices that are physically at one location is exposed as many geographically distributed devices on the Internet using connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing 0-day vulnerabilities. The honeypot infrastructure incorporates (1) an anomaly detection system on network traffic data to classify malicious traffic to known or novel attacks and (2) a novel adaptive clustering technique that performs automated malware analysis to detect known malware families and zero-day malware.
Scalable Hybrid IoT Honeypot Infrastructure (left) and Live Malware Analysis System (right)
In line with the concept of Security by Design, the IoT testbed enables researchers and designers to incorporate security aspects into their design cycle at an early stage.
CyberX™
The IoT testbed is co-located with the CyberX™ room, serving as an operations control centre for international large-scale cyber exercises conducted and supported by iTrust. This is where cyber-exercise related activities can be monitored, coordinated and executed. The CyberX room is highly configurable and modular to meet the varying requirements of each cyber exercise. It offers remote access to iTrust’s OT testbeds, allowing real-time monitoring of the testbeds’ status during the exercise, including the testbeds’ SCADA, CCTVs, network traffic and even anomaly detectors that are installed on them.
Configurations in CyberX Room