Skip to main content
SpringerLink
Log in

On the Automation of Security Testing for IoT Constrained Scenarios

  • Conference paper
  • First Online:
Book cover Information Security Applications (WISA 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11897))

Included in the following conference series:

  • 899 Accesses

Abstract

Due to the high increase of IoT technologies and devices, analyzing their security is crucial for their acceptance. Towards this end, an automated security testing approach should be considered as a cornerstone to cope with the business interests and the high fragmentation of new approaches. In particular, this work analyses the use of the Model-Based Testing (MBT) approach and specific technologies and tools to automate the generation of security tests. Then, we provide a detailed description of its application to the Elliptic Curve Diffie-Hellman over COSE (EDHOC) protocol, which is being defined within the scope of the Internet Engineering Task Force (IETF).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.omg.org/spec/OCL/2.4.

  2. 2.

    http://www.omg.org/spec/OCL/2.4.

  3. 3.

    http://people.inf.ethz.ch/mkovatsc/erbium.php.

References

  1. Arkin, B., Stender, S., McGraw, G.: Software penetration testing. IEEE Secur. Priv. 3(1), 84–87 (2005). https://doi.org/10.1109/MSP.2005.23

    Article  Google Scholar 

  2. Atapour, C., Agrafiotis, I., Creese, S.: Modeling advanced persistent threats to enhance anomaly detection techniques. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 9(4), 71–102 (2018). https://doi.org/10.22667/JOWUA.2018.12.31.071

    Article  Google Scholar 

  3. Bernabeu, G., Jaffuel, E., Legeard, B., Peureux, F.: MBT for global platform compliance testing: experience report and lessons learned. In: 25th IEEE International Symposium on Software Reliability Engineering Workshops, Naples, Italy (2014). https://doi.org/10.1109/ISSREW.2014.91

  4. Bormann, C., Hoffman, P.: Concise Binary Object Representation (CBOR) (RFC7049) (2013). https://tools.ietf.org/html/rfc7049

  5. Bouquet, F., Grandpierre, C., Legeard, B., Peureux, F., Vacelet, N., Utting, M.: A subset of precise UML for model-based testing. In: Proceedings of the 3rd International Workshop on Advances in Model-Based Testing - A-MOST 2007, pp. 95–104. ACM Press, London (2007). https://doi.org/10.1145/1291535.1291545. http://portal.acm.org/citation.cfm?doid=1291535.1291545

  6. Bruni, A., Sahl Jørgensen, T., Grønbech Petersen, T., Schürmann, C.: Formal verification of ephemeral Diffie-Hellman over COSE (EDHOC). In: Cremers, C., Lehmann, A. (eds.) SSR 2018. LNCS, vol. 11322, pp. 21–36. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04762-7_2

    Chapter  Google Scholar 

  7. Eric Rescorla: The Transport Layer Security (TLS) Protocol Version 1.3 (2018). https://tools.ietf.org/html/draft-ietf-tls-tls13-28

  8. Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., Pretschner, A.: Chapter one - security testing: a survey. In: Advances in Computers, vol. 101, pp. 1–51. Elsevier (2015). https://doi.org/10.1016/bs.adcom.2015.11.003. http://www.sciencedirect.com/science/article/pii/S0065245815000649

    Google Scholar 

  9. Godefroid, P., Levin, M.Y., Molnar, D.: SAGE - whitebox fuzzing for security testing. Queue 10(1), 20:20–20:27 (2012). https://doi.org/10.1145/2090147.2094081

    Article  Google Scholar 

  10. Jing, Q., Vasilakos, A.V., Wan, J., Lu, J., Qiu, D.: Security of the internet of things: perspectives and challenges. Wirel. Netw. 20(8), 2481–2501 (2014)

    Article  Google Scholar 

  11. Kammuller, F., Kerber, M., Probst, C.W., Kammueller, F., Kerber, M.: Insider threats and auctions: formalization, mechanized proof, and code generation. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 8(1), 44–78 (2017). https://doi.org/10.22667/JOWUA.2017.03.31.044

    Article  Google Scholar 

  12. Krawczyk, H.: Perfect forward secrecy. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security, pp. 457–458. Springer, Boston (2005). https://doi.org/10.1007/0-387-23483-7_298

    Chapter  Google Scholar 

  13. Krawczyk, H., Eronen, P.: HMAC-based Extract-and-Expand Key Derivation Function (HKDF) (RFC869) (2010). https://tools.ietf.org/html/rfc5869

  14. Li, W., Le Gall, F., Spaseski, N.: A survey on model-based testing tools for test case generation. In: Itsykson, V., Scedrov, A., Zakharov, V. (eds.) TMPA 2017. CCIS, vol. 779, pp. 77–89. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-71734-0_7

    Chapter  Google Scholar 

  15. Matheu-Garcia, S.N., Hernandez-Ramos, J.L., Skarmeta, A.F.: Test-based risk assessment and security certification proposal for the internet of things. In: 2018 IEEE 4th World Forum on Internet of Things (WF-IoT), pp. 641–646. IEEE, Singapore, February 2018. https://doi.org/10.1109/WF-IoT.2018.8355193. https://ieeexplore.ieee.org/document/8355193/

  16. Matheu-Garcia, S.N., Hernandez-Ramos, J.L., Skarmeta, A.F., Baldini, G.: Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices. Comput. Stand. Interfaces 62, 64–83 (2019). https://doi.org/10.1016/j.csi.2018.08.003. https://www.sciencedirect.com/science/article/abs/pii/S0920548918301375?via%3Dihub

    Article  Google Scholar 

  17. McGrew, D., Igoe, K., Salter, M.: Fundamental elliptic curve cryptography algorithms (2010). https://tools.ietf.org/id/draft-mcgrew-fundamental-ecc-04.html

  18. Palombini, F., Seitz, L., Selander, G., Mattsson, J.: Object security for constrained RESTful environments (OSCORE) (2018). https://tools.ietf.org/html/draft-ietf-core-object-security-15

  19. Rescorla, E., Modadugu, N.: Datagram transport layer security version 1.2 (2012). https://tools.ietf.org/html/rfc6347. Published: RFC 6347

  20. Schaad, J.: CBOR Object Signing and Encryption (COSE) (RFC8152), July 2017. https://doi.org/10.17487/RFC8152. https://www.rfc-editor.org/info/rfc8152

  21. Selander, G., Palombini, F., Hartke, K.: Requirements for CoAP end-to-end security (2017)

    Google Scholar 

  22. Selander, G., Mattsson, J., Palombini, F.: Ephemeral Diffie-Hellman Over COSE (EDHOC) (2019). https://tools.ietf.org/id/draft-selander-ace-cose-ecdhe-13.html

  23. Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP) (RFC7252) (2014). https://tools.ietf.org/html/rfc7252

  24. Yoo, S., Harman, M.: Regression testing minimization, selection and prioritization: a survey. Softw. Test. Verif. Reliab. 22(2), 67–120 (2012). https://doi.org/10.1002/stv.430. http://doi.wiley.com/10.1002/stv.430

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported in part by the Spanish Ministry of Economy and Competitiveness and the ERDF funds cofinantiation through the PERSEIDES project under GrantTIN2017-86885-R and the USEIT project under Grant PCIN-2016-010, in part by the H2020-780139 SerIoT project, and in part by the FPU-16/03305 Research Contract of the Ministry of Education and Professional Training of Spain.

Author information

Authors and Affiliations

  1. Department of Information and Communications Engineering (DIIC), University of Murcia, 30100, Murcia, Spain

    Sara N. Matheu, Salvador Pérez & Antonio Skarmeta

  2. European Commission, Joint Research Centre (JRC), 21027, Ispra, Italy

    José L. Hernández Ramos

Authors
  1. Sara N. Matheu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salvador Pérez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José L. Hernández Ramos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antonio Skarmeta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sara N. Matheu .

Editor information

Editors and Affiliations

  1. Soonchunhyang University, Asan, Korea (Republic of)

    Ilsun You

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Matheu, S.N., Pérez, S., Ramos, J.L.H., Skarmeta, A. (2020). On the Automation of Security Testing for IoT Constrained Scenarios. In: You, I. (eds) Information Security Applications. WISA 2019. Lecture Notes in Computer Science(), vol 11897. Springer, Cham. https://doi.org/10.1007/978-3-030-39303-8_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-39303-8_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-39302-1

  • Online ISBN: 978-3-030-39303-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation