IoT security training for system developers: Methodology and tools

Opportunities, as well as challenges, accompany the development of new technologies, and the Internet of Things (IoT) is no exception. While most companies tout the benefits of IoT, challenges are often overlooked. Thus, IoT devices come in a variety of shapes, from small sensors to home routers and factory equipment, each with specific characteristics. While many of us own IoT devices, some may not even recognize them as such, let alone be able to manage them. This lead to a series of significant security incidents, such as the much-publicized Mirai botnet distributed denial-of-service cyberattack. The solution is to develop safer and more secure IoT systems, and in this paper we discuss first the methodology needed to train the developers of such systems for this purpose. We then present two training platforms that we designed and implemented following this methodology: IoTrain-Sim, which is based on the Cooja network simulator, and IoTrain-Lab, which uses the FIT IoT-LAB testbed as infrastructure. The two platforms include training content in the form of tutorials and predefined scenarios, both for fundamental and security IoT training, that the trainees can follow to gain an in-depth understanding of IoT via hands-on practice. The evaluation we conducted from functionality, performance and user perspectives demonstrates that our systems have several advantages compared to other approaches in terms of learner support, availability, extensibility, flexibility and scalability.