Skip to main content

Advertisement

Log in

IoT device security audit tools: a comprehensive analysis and a layered architecture approach for addressing expanded security requirements

  • Survey
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) has the potential to bring unprecedented accessibility and efficiency to a wide range of critical applications and access control services. With the advent of IoT technology, there is a surge in potential threats and challenges that engender the risk of IoT devices interconnected over the Internet infrastructure. The mitigation of potential threats and risks needs a comprehensive analysis of security threats and relevant attack vectors in IoT networks, especially in IoT devices. Auditing is crucial to ensure that all IoT devices in the ecosystem are operating accurately and securely. This research has examined several physical and remote IoT security auditing tools to identify their drawbacks. This paper has also explored possible security threats, audited these threats to prevent them proactively by using the proposed novel seven-layer architecture, and presented expanded security requirements for IoT devices. Even more, we have examined the existing audit tools using an IoT device (IP camera). The analysis has shown that audit features concerning security requirements are missing from the existing audit tools. Our proposed seven-layer IoT device architecture with expanded security requirements has the potential to be a security audit benchmark for all IoT devices at the manufacturing and end-user levels.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Clark M’Kaila, J., Rajabion, L.: A strategic approach to IoT security by working towards a secure IoT future. Int. J. Hyperconnect. Internet Things (IJHIoT) 7(1), 1–18 (2023)

    Google Scholar 

  2. Talal, H., Zagrouba, R.: Mads based on DL techniques on the internet of things (IoT) survey. Electronics 10, 2598 (2021)

    Article  MATH  Google Scholar 

  3. GÜVEN, E.Y., et al.: Mirai botnet attack detection in low-scale network traffic. Intell. Autom. Soft Comput. 37(1), 1–19 (2023)

  4. Pawlicka, A., Puchalski, D., Pawlicki, M., Kozik, R., Choraś, M.: How to secure the IoT-based surveillance systems in an elegant way. In: 2023 IEEE International Conference on Cyber Security and Resilience (CSR), pages 636–640 (2023)

  5. Rizvi, S., Zwerling, T., Thompson, B., Faiola, S., Campbell, S., Fisanick, S., Hutnick, C.: A modular framework for auditing IoT devices and networks. Comput. Secur. 132, 103327 (2023)

    Article  Google Scholar 

  6. Nadir, I., Ahmad, Z., Mahmood, H., Shah, G.A., Shahzad, F., Umair, M., Khan, H., Gulzar, U.: An auditing framework for vulnerability analysis of IoT system. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pages 39–47. IEEE (2019)

  7. Li, D., Zhang, Z., Liao, W., Xu, Z.: KLRA: A Kernel level resource auditing tool for IoT operating system security. In 2018 IEEE/ACM Symposium on Edge Computing (SEC), pages 427–432. IEEE (2018)

  8. Ursprung, L.: Analyse der sicherheit von IoT-geräten und methoden zur durchführung von penetrationstests für iot-geräte (2024)

  9. Dar, A.A., Reegu, F.A., Ahmed, S., Hussain, G.: Strategic security audit protocol: Safeguarding smart home iot devices against vulnerabilities. In: 2024 11th International Conference on Computing for Sustainable Global Development (INDIACom), pages 1386–1391 (2024)

  10. Mirzamohammadi, S., Chen, J.A., Sani, A.A., Mehrotra, S., Tsudik, G.: Ditio: trustworthy auditing of sensor activities in mobile & IoT devices. In: Proceedings of the 15th ACM conference on embedded network sensor systems, pages 1–14 (2017)

  11. Visoottiviseth, V., Akarasiriwong, P., Chaiyasart, S., Chotivatunyu, S.: Pentos: penetration testing tool for internet of thing devices. In: TENCON 2017 - 2017 IEEE Region 10 Conference, pages 2279–2284 (2017)

  12. Yiwen, X., Yin, Z., Hou, Y., Liu, J., Jiang, Yu.: Midas: safeguarding IoT devices against malware via real-time behavior auditing. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 41(11), 4373–4384 (2022)

    Article  Google Scholar 

  13. Kumar, A., Peshvani, B., Venkatesan, S., Kumar, M., Yadav, S., Shukla, S.K.: Automated security audit testbed for IP-based IoT devices without physical access. In: 2023 10th International Conference on Internet of hings: Systems, Management and Security (IOTSMS), pages 96–103 (2023)

  14. Waraga, O.A., Bettayeb, M., Nasir, Q., Talib, M.A.: Design and implementation of automated IoT security testbed. Comput. Secur. 88, 101648 (2020)

    Article  MATH  Google Scholar 

  15. Nordnes, K.: Iotective: automated penetration testing for smart home environments. Master’s thesis, NTNU (2023)

  16. Akhilesh, R., Bills, O., Chilamkurti, N., Chowdhury, M.J.M.: Automated penetration testing framework for smart-home-based IoT devices. Fut. Internet 14(10), 276 (2022)

    Article  Google Scholar 

  17. Siboni, S., Sachidananda, V., Meidan, Y., Bohadana, M., Mathov, Y., Bhairav, S., Shabtai, A., Elovici, Y.: Security testbed for internet-of-things devices. IEEE Trans. Reliab. 68(1), 23–44 (2018)

    Article  Google Scholar 

  18. Cayre, R., Nicomette, V., Auriol, G., Alata, E., Kaaniche, M., Marconato, G.: Mirage: towards a metasploit-like framework for IoT. In: 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE), pages 261–270. IEEE (2019)

  19. Andrews, A., Oikonomou, G., Armour, S., Thomas, P., Cattermole, T.: Reliable identification of IoT devices from passive network traffic analysis: Requirements and recommendations. In: 2023 IEEE 9th World Forum on Internet of Things (WF-IoT), pages 1–6. IEEE (2023)

  20. Mulero-Palencia, S., Monzon Baeza, V.: Detection of vulnerabilities in smart buildings using the Shodan tool. Electronics 12(23), 4815 (2023)

    Article  MATH  Google Scholar 

  21. Jian, Q., Ma, X., Liu, W., Sang, H., Li, J., Xue, L., Luo, X., Li, Z., Feng, L., Guan, X.: On smartly scanning of the internet of things. IEEE/ACM Trans. Netw. 32(2), 1019–1034 (2024)

    Article  MATH  Google Scholar 

  22. Broström, T., Zhu, J., Robucci, R., Younis, M.: IoT boot integrity measuring and reporting. ACM SIGBED Rev. 15(5), 14–21 (2018)

    Article  Google Scholar 

  23. Mishra, S., Ray, A., Singh, M., Venkatesan, S., Anand, A.S.: Automated hardware auditing testbed for uart and spi based iot devices. In: 2023 10th International Conference on Internet of Things: Systems, Management and Security (IOTSMS), pages 75–82 (2023)

  24. Bettayeb, M., Nasir, Q., Talib, M.A.: Firmware update attacks and security for IoT devices: Survey. In: Proceedings of the ArabWIC 6th Annual International Conference Research Track, pages 1–6 (2019)

  25. Visoottiviseth, V., Jutadhammakorn, P., Pongchanchai, N., Kosolyudhthasarn, P.: Firmaster: analysis tool for home router firmware. In: 2018 15th International Joint Conference on Computer Science and Software Engineering (JCSSE), pages 1–6 (2018)

  26. Jang, D., Kim, T., Kim, D.: Dynamic analysis tool for IoT device. In: 2020 International Conference on Information and Communication Technology Convergence (ICTC), pages 1864–1867 (2020)

  27. Ticu, M.: USB traffic analyzer-digusb. In: 2021 12th International Symposium on Advanced Topics in Electrical Engineering (ATEE), pages 1–5. IEEE (2021)

  28. Aarseth, H.: Identifying vulnerable services using non-intrusive techniques. Master’s thesis (2023)

  29. Landauer, M., Mayer, K., Skopik, F., Wurzenberger, M., Kern, M.: Red team redemption: a structured comparison of open-source tools for adversary emulation. arXiv preprint[SPACE]arXiv:2408.15645 (2024)

  30. Silva, R., Iqbal, R.: Ethical implications of social internet of vehicles systems. IEEE Internet Things J. 6(1), 517–531 (2019)

    Article  MATH  Google Scholar 

  31. MITRE. EMB3D: Mitigating embedded system threats. https://emb3d.mitre.org/. Accessed: 2024-10-03

  32. Montasari, R.: Internet of things and artificial intelligence in national security: Applications and issues. In: Countering Cyberterrorism: The Confluence of Artificial Intelligence, Cyber Forensics and Digital Policing in US and UK National Cybersecurity, pages 27–56. Springer (2023)

  33. Hammi, B., Zeadally, S., Khatoun, R., Nebhen, J.: Survey on smart homes: vulnerabilities, risks, and countermeasures. Comput. Secur. 117, 102677 (2022)

    Article  MATH  Google Scholar 

  34. Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, pages 1–7 (2015)

  35. Ahemd, M.M., Shah, M.A., Wahid, A.: IoT security: a layered approach for attacks & defenses. In: 2017 international conference on Communication Technologies (ComTech), pages 104–110. IEEE (2017)

  36. Bošnjak, L., Sreš, J., Bosnjak, B.: Brute-force and dictionary attack on hashed real-world passwords. In: 2018 41st international convention on information and communication technology, electronics and microelectronics (mipro), pages 1161–1166. IEEE (2018)

  37. Kaushik, K., Aggarwal, S., Mudgal, S., Saravgi, S., Mathur, V.: A novel approach to generate a reverse shell: Exploitation and prevention. International Journal of Intelligent Communication, Computing and Networks Open Access Journal, pages 2582–7707 (2021)

  38. Dongdi, W., Xiaofeng, Q.: Status-based detection of malicious code in internet of things (IoT) devices. In: 2018 IEEE Conference on Communications and Network Security (CNS), pages 1–7. IEEE (2018)

  39. Habibi, J., Panicker, A., Gupta, A., Bertino, E.: Disarm: mitigating buffer overflow attacks on embedded devices. In: Network and System Security: 9th International Conference, NSS 2015, New York, NY, USA, November 3-5, 2015, Proceedings 9, pages 112–129. Springer (2015)

  40. DANG, M.T., NGUYEN, D.T.: Development of an IoT system for traffic analysis purposes from capturing mac address based data. J. Eastern Asia Soc. Transp. Stud. 13, 60–69 (2019)

    MATH  Google Scholar 

  41. Nagy, R., Németh, K., Papp, D., Buttyán, L.: Rootkit detection on embedded IoT devices. Acta Cybernet. 25(2), 369–400 (2021)

    Article  Google Scholar 

  42. Dan, Yu., Zhang, L., Chen, Y., Ma, Y., Chen, J.: Large-scale IoT devices firmware identification based on weak password. IEEE Access 8, 7981–7992 (2020)

    Article  MATH  Google Scholar 

  43. Ahanger, T.A., Tariq, U., Dahan, F., Chaudhry, S.A., Malik, Y.: Securing IoT devices running Pureos from ransomware attacks: leveraging hybrid machine learning techniques. Mathematics 11(11), 2481 (2023)

    Article  Google Scholar 

  44. Gangolli, A., Mahmoud, Q.H., Azim, A.: A systematic review of fault injection attacks on IoT systems. Electronics 11(13), 2023 (2022)

    Article  MATH  Google Scholar 

  45. Lightbody, D., Ngo, D.-M., Temko, A., Murphy, C.C., Popovici, E.: Attacks on IoT: side-channel power acquisition framework for intrusion detection. Future Internet 15(5), 187 (2023)

    Article  Google Scholar 

  46. Li, C., Qin, Z., Novak, E., Li, Q.: Securing SDN infrastructure of IoT-fog networks from MITM attacks. IEEE Internet Things J. 4(5), 1156–1164 (2017)

    Article  MATH  Google Scholar 

  47. Pathak, A.K., Saguna, S., Mitra, K., Åhlund, C.: Anomaly detection using machine learning to discover sensor tampering in iot systems. In: ICC 2021-IEEE International Conference on Communications, pages 1–6. IEEE (2021)

  48. Hosenkhan, M.R., Pattanayak, B.K.: A framework for secure communication on internet of things (IoT). In: Progress in Advanced Computing and Intelligent Engineering: Proceedings of ICACIE 2020, pages 599–605. Springer (2021)

  49. Bada, M., von Solms, B.: A cybersecurity guide for using fitness devices. In: The Fifth International Conference on Safety and Security with IoT: SaSeIoT 2021, pages 35–45. Springer (2022)

  50. Boursalian, A., Stamp, M.: Bootbandit: A macos bootloader attack. Eng. Rep. 1(1), e12032 (2019)

    Article  Google Scholar 

  51. Stolojescu-Crisan, C., Crisan, C., Butunoi, B.-P.: An IoT-based smart home automation system. Sensors 21(11), 3784 (2021)

    Article  MATH  Google Scholar 

  52. Tsakalidis, S., Tsoulos, G., Kontaxis, D., Athanasiadou, G.: Design and implementation of a versatile openhab iot testbed with a variety of wireless interfaces and sensors. In: Telecom, volume 4. MDPI (2023)

  53. Triantafyllou, A., Sarigiannidis, P., Lagkas, T.D.: Network protocols, schemes, and mechanisms for internet of things (IoT): features, open challenges, and trends. Wirel. Commun. Mobile Comput. 2018(1), 5349894 (2018)

    Article  Google Scholar 

  54. Eleyan, A., Fallon, J.: IoT-based home automation using android application. In: 2020 International Symposium on Networks, Computers and Communications (ISNCC), pages 1–4 (2020)

  55. Kesswani, N., Agarwal, B.: Smartguard: an IoT-based intrusion detection system for smart homes. Int. J. Intell. Inf. Database Syst. 13(1), 61–71 (2020)

    MATH  Google Scholar 

  56. Linhares, T., Patel, A., Barros, A.L., Fernandez, M.: SDNTruth: innovative DDoS detection scheme for software-defined networks (SDN). J. Netw. Syst. Manage. 31(3), 55 (2023)

    Article  Google Scholar 

  57. Makda, T.J., Barros, A.L., Dilek, S.: A secure cloud-based infrastructure for virtual sensors in iot environments. In: 2023 Sixth International Conference of Women in Data Science at Prince Sultan University (WiDS PSU), pages 156–161. IEEE (2023)

  58. Neal, Z., Sha, K.: Analysis of evil twin, deauthentication, and disassociation attacks on wi-fi cameras. In: 2023 32nd International Conference on Computer Communications and Networks (ICCCN), pages 1–7 (2023)

  59. Bodhe, A., Dhanrao, P., Sangle, A., Narayana, J.: Design secure WSN with advancement in finding rouge access point with soft computing tools. 11 (2020)

  60. Calderon, P.: NMAP Network Exploration and Security Auditing Cookbook: Network discovery and security scanning at your fingertips. Packt Publishing Ltd (2021)

  61. González-Soto, M., Díaz-Redondo, R.P., Fernández-Veiga, M., Fernández-Castro, B., Fernández-Vilas, A.: Decentralized and collaborative machine learning framework for iot. Computer Networks, 239, 110137 (2024)

  62. Benson, K.: Enabling resilience in the internet of things. In: 2015 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops), pages 230–232 (2015)

  63. Baghsorkhi, S.S., Margiolas, C.: Automating efficient variable-grained resiliency for low-power IoT systems. In: Proceedings of the 2018 International Symposium on Code Generation and Optimization, pages 38–49 (2018)

  64. Ayoade, G., El-Ghamry, A., Karande, V., Khan, L., Alrahmawy, M., Rashad, M.Z.: Secure data processing for IoT middleware systems. J. Supercomput. 75, 4684–4709 (2019)

    Article  Google Scholar 

Download references

Acknowledgements

This work is part of the Project titled ‘Development of Security Audit Framework for secure IoT network’ funded by C3iHub, Indian Institute of Technology, Kanpur under the National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS) of the Department of Science and Technology, Government of India. The authors would like to thank the manufacturers of the devices used in this study.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ashutosh Kumar.

Ethics declarations

Conflict of interest

The authors declare that they have no Conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, A., Kavisankar, L., Venkatesan, S. et al. IoT device security audit tools: a comprehensive analysis and a layered architecture approach for addressing expanded security requirements. Int. J. Inf. Secur. 24, 13 (2025). https://doi.org/10.1007/s10207-024-00930-z

Download citation

  • Published:

  • DOI: https://doi.org/10.1007/s10207-024-00930-z

Keywords

Navigation