Large Scale IoT Security Testing, Benchmarking and Certification

Abbas Ahmad, Gianmarco Baldini, Philippe Cousin, Sara N. Matheu, Antonio Skarmeta, Elizabeta Fourneret and Bruno Legeard, Large Scale IoT Security Testing, Benchmarking and Certification, Chapter 7 in IERC Book 2017, Cognitive Hyperconnected Digital Transformation – Internet of Things Intelligence Evolution, River Publishers, June 2017

The Internet of Things (IoT) is defined by its connectivity between people, objects and complex systems. This is as vast as it sounds spanning all industries, enterprises, and consumers. The massive scale of recent Distributed Denial of Service (DDoS) attacks (October 2016) on DYN’s servers that brought down many popular online services in the US, gives us just a glimpse of what is possible when attackers are able to leverage up to 100,000 unsecured IoT devices as malicious endpoints. Thus, ensuring security is a key challenge. In order to thoroughly test the internet of  things, traditional testing methods, where the System Under Test (SUT) tested pre-production, is not an option. Due to their heterogeneous communication protocol, complex architecture and insecure usage context, IoTs must be tested in their real use case environment: service based and large-scale deployments.
This article describes the challenges for IoT security testing and presents a Model Based Testing approach solution, which can be used to support and EU security certification framework at European level for IoT products.