An Experimental Framework for Investigating Security and Privacy of IoT Devices

With the rapid growth of Internet-of-Things (IoT) devices, security and privacy issues emerged as a potential roadblock for widespread adoption. Preliminary research indicates that many types of IoT devices have serious vulnerabilities. It is not easy to investigate security and privacy issues since each type of device is different and manual experiments need to be conducted on the device. In this paper, we propose a framework for investigation of security and privacy issues of IoT devices. The framework consists of four components, a testbed, set of topics to be investigated, a set of experiments for each topic investigated and a final report. Fundamental approach used in the framework is to capture layer 2 and layer 3 packets and to analyze the packets for various features. Proposed framework is low cost and is based on off-the-shelf hardware and open source software. Using the framework, we can investigate security and privacy issues of many IoT devices including HDMI sticks, IP cameras, activity trackers, smartwatches and drones. A large set of topics can be investigated on IoT devices using the framework including vulnerability issues, protocol security, firmware updates, authentication issues and privacy violations. Sample experimental results show the promise of the proposed framework. We believe this framework will serve as the foundation for a general automated framework to investigate security and privacy issues of most IoT devices.