Internet of Things (IoT) Automatic Security Testbed

The Internet of Things (IoT) automatic security testbed is one of the main tracks of the Research and Security Innovation Lab for Internet of Things. The goal of the automatic security testbed is to test for security and privacy of various state of the art IoT devices existing in the market. The testbed setup consists of a shielded room, three different stand-alone machines to perform the tests, access point within the shielded room and various state of the art IoT devices. Currently the testbed can perform various tests to show how vulnerable the IoT devices are. The testbed is also focusing on developing a system architecture that can allow various testing modules to be called for any kinds of tests. The testbed can support various communication protocols such as Wi-Fi, ZigBee, and Bluetooth etc.


Shielded Room Setup in the IoT Lab

We propose a fully functional IoT testbed for security analysis in which various IoT devices such as smart home devices and smart wearables, as well as wireless sensor networks (WSNs) are tested against a set of security requirements. The IoT testbed emulates different types of testing environments which simulates various sensors activity (GPS, movement, Wi-Fi, etc.) and performs predefined and customized security tests. The testbed also collects data while performing the security test, used to conduct security forensic analysis. Furthermore, the report produced contains the type of IoT device, connectivity, communication protocols supported, and security test cases executed and their status (PASS or FAIL).

The testbed consists of hardware and software components for experiments of wide-scale testing deployments. A variety of test cases are provided by the proposed testbed such as standard, contextual, data, and side channel tests. Thus, the security testbed must support a range of security tests, each aimed at different aspect of security. Standard security testing will be performed based on vulnerability scans and penetration test methodology, in order to assess and verify the security level of IoT devices under test. In addition, advanced security testing will be performed by the security testbed using different arrays of simulators.


The IoT testbed is also co-located with the CyberX™ room. With the increased number of international large-scale cyber exercises that iTrust is conducting and supporting, the CyberX room will serve as an operation control centre, where all cyber exercise related activities can be monitored, coordinated and executed. The setup in CyberX room is highly configurable and modular so as to meet the varying needs of each cyber exercise. It also has remote access to iTrust’s OT testbeds so that the organisers can have real-time overview of the testbeds’ status.