Skip to main content
SpringerLink
Log in
Book cover

Workshops of the International Conference on Advanced Information Networking and Applications

WAINA 2020: Web, Artificial Intelligence and Network Applications pp 867–876Cite as

AppIoTTE: An Architecture for the Security Assessment of Mobile-IoT Ecosystems

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1150))

Abstract

Current computing paradigm like Mobile, Fog, and Cloud Computing are becoming far more interconnected, thereby moving from single, isolated, paradigms to complex ecosystems built on a fruitful integration among several computing paradigms. From a security standpoint, this leads to a novel and unprecedented attack surface. To deal with such threats, applying state-of-the-art security analysis techniques on each paradigm can be insufficient. We claim that novel analysis methodologies able to systematically analyze the ecosystem as a whole must be put forward. To this aim, in this paper, we introduce the idea of AppIoTTE, a novel approach to the security testing of Mobile-IoT hybrid ecosystems, as well as some notes on its implementation working on Android (Mobile) and Android Things (IoT) applications.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://www.android.com/.

  2. 2.

    https://developer.android.com/things/get-started/.

  3. 3.

    https://www.virtualbox.org/.

  4. 4.

    http://approver.talos-sec.com/.

  5. 5.

    https://fuchsia.dev/.

References

  1. Asus smarthome vulnerability. https://infosec.cert-pa.it/cve-2019-11063.html

  2. ilnkp2p flaws expose over 2 million iot devices to remote attacks. https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/ilnkp2p-flaws-expose-over-2-million-iot-devices-to-remote-attacks

  3. Iot edge computing challenges and functions. https://tools.ietf.org/html/draft-hong-t2trg-iot-edge-computing-01

  4. The mirai botnet explained: How teen scammers and CCTV cameras almost brought down the internet. https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html. Accessed 24 Feb 2020

  5. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. (2015)

    Google Scholar 

  6. Almorsy, M., Grundy, J., Müller, I.: An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107

  7. Armando, A., Costa, G., Merlo, A., Verderame, L.: Enabling BYOD through secure meta-market, pp. 219–230 (2014)

    Google Scholar 

  8. Baccelli, E., Hahm, O., Gunes, M., Wahlisch, M., Schmidt, T.C.: Riot OS: towards an OS for the internet of things. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE (2013)

    Google Scholar 

  9. Caputo, D., Verderame, L., Aonzo, S., Merlo, A.: Droids in disarray: detecting frame confusion in hybrid android apps. In: IFIP Annual Conference on Data and Applications Security and Privacy. Springer (2019)

    Google Scholar 

  10. Celik, Z.B., McDaniel, P., Tan, G.: Soteria: automated iot safety and security analysis. In: 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, July 2018

    Google Scholar 

  11. Celik, Z.B., Tan, G., McDaniel, P.D.: IoTGuard: dynamic enforcement of security and safety policy in commodity IoT. In: NDSS (2019)

    Google Scholar 

  12. Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. In: NDSS (2016)

    Google Scholar 

  13. Gobbo, N., Merlo, A., Migliardi, M.: A denial of service attack to GSM networks via attach procedure. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). LNCS, vol. 8128, pp. 361–376 (2013)

    Google Scholar 

  14. Gonzalez, N., et al.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput.: Adv. Syst. Appl. (2012)

    Google Scholar 

  15. Zhao, Q., Zuo, C., Lin, Z., Wang, X., Lau, W., Sun, M., Yang, R., Zhang, K., Chen, J., Diao, W.: Iotfuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)

    Google Scholar 

  16. Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: 2012 International Conference on Communication Systems and Network Technologies. IEEE (2012)

    Google Scholar 

  17. Lee, I., Lee, K.: The Internet of Things (IoT): Applications, Investments, and Challenges for Enterprises. Business Horizons (2015)

    Google Scholar 

  18. Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. Association for Computing Machinery, New York (2011)

    Google Scholar 

  19. Teixeira, F.A., et al.: SIoT: securing internet of things through distributed systems analysis. Future Gener. Comput. Syst. 92 (2019)

    Google Scholar 

  20. Tripp, O., Pistoia, M., Cousot, P., Cousot, R., Guarnieri, S.: Andromeda: accurate and scalable security analysis of web applications. In: International Conference on Fundamental Approaches to Software Engineering. Springer (2013)

    Google Scholar 

  21. Wang, X., Sun, Y., Nanda, S., Wang, X.: Looking from the mirror: evaluating IoT device security through mobile companion apps. In: 28th USENIX Security Symposium (USENIX Security 19). USENIX Association (2019)

    Google Scholar 

  22. Wei, F., Roy, S., Ou, X.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)

    Google Scholar 

  23. Zhu, L., Fu, X., Yao, Y., Zhang, Y., Wang, H.: FIoT: detecting the memory corruption in lightweight IoT device firmware. In: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DIBRIS, University of Genoa, Via Dodecaneso 35, 16146, Genoa, Italy

    Luca Verderame, Davide Caputo & Alessio Merlo

  2. DEI, University of Padua, Via Gradenigo, 6/b, 35131, Padua, Italy

    Mauro Migliardi

Authors
  1. Luca Verderame
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Davide Caputo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mauro Migliardi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alessio Merlo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessio Merlo .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Department of Electrical Engineering and Information Technology, University of Naples “Frederico II”, Naples, Italy

    Flora Amato

  3. Department of Political Science, University of Campania Luigi Vanvitelli, Caserta, Italy

    Francesco Moscato

  4. Faculty of Business Administration, Rissho University, Tokyo, Japan

    Tomoya Enokido

  5. Department of Advanced Sciences, Hosei University, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Verderame, L., Caputo, D., Migliardi, M., Merlo, A. (2020). AppIoTTE: An Architecture for the Security Assessment of Mobile-IoT Ecosystems. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2020. Advances in Intelligent Systems and Computing, vol 1150. Springer, Cham. https://doi.org/10.1007/978-3-030-44038-1_79

Download citation

Publish with us

Policies and ethics

Search

Navigation