| Title | A Dynamic Analysis Security Testing Infrastructure for Internet of Things |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Wang, Y., Kjerstad, E., Belisario, B. |
| Conference Name | 2020 Sixth International Conference on Mobile And Secure Services (MobiSecServ) |
| Keywords | Amazon devices, Amazon Echo, composability, computer network security, Data analysis, data privacy, dynamic analysis, dynamic analysis security testing infrastructure, dynamic networks, Google, Google devices, Google Home, Internet of Things, IoT, IoT devices, live traffic monitoring, Metrics, Monitoring, network traffic, offline data analysis, pubcrawl, reliability, resilience, Resiliency, security, security controls, security testing, software analysis, telecommunication traffic, Testing |
| Abstract | IoT devices such as Google Home and Amazon Echo provide great convenience to our lives. Many of these IoT devices collect data including Personal Identifiable Information such as names, phone numbers, and addresses and thus IoT security is important. However, conducting security analysis on IoT devices is challenging due to the variety, the volume of the devices, and the special skills required for hardware and software analysis. In this research, we create and demonstrate a dynamic analysis security testing infrastructure for capturing network traffic from IoT devices. The network traffic is automatically mirrored to a server for live traffic monitoring and offline data analysis. Using the dynamic analysis security testing infrastructure, we conduct extensive security analysis on network traffic from Google Home and Amazon Echo. Our testing results indicate that Google Home enforces tighter security controls than Amazon Echo while both Google and Amazon devices provide the desired security level to protect user data in general. The dynamic analysis security testing infrastructure presented in the paper can be utilized to conduct similar security analysis on any IoT devices. |
| DOI | 10.1109/MobiSecServ48690.2020.9042949 |
| Citation Key | wang_dynamic_2020 |
A Dynamic Analysis Security Testing Infrastructure for Internet of Things