Please use this identifier to cite or link to this item:
|Title:||Extending MUD profiles through an Automated IoT Security Testing Methodology|
|Authors:||MATHEU GARCIA SARA NIEVES; HERNANDEZ RAMOS JOSE LUIS; PEREZ SALVADOR; SKARMETA ANTONIO|
|Citation:||IEEE ACCESS vol. 7 p. 149444-149463|
|Publisher:||IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC|
|Type:||Articles in periodicals and books|
|Abstract:||Defining the intended behavior of IoT devices is considered as a key aspect to detect and mitigate potential security attacks. In this direction, the Manufacturer Usage Description (MUD) has been recently standardized to reduce the attack surface of a certain device through the definition of access control policies. However, the semantic model is only intended to provide network level restrictions for the communication of such device. In order to increase the expressivity of this approach, we propose the use of an automated IoT security testing methodology, so that testing results are used to generate augmented MUD profiles, in which additional security aspects are considered. Specifically, the methodology is based on the use of Model-Based Testing (MBT) techniques to automate the generation, design and implementation of security tests. Furthermore, we describe the application of the resulting approach to the Elliptic Curve Diffie- Hellman over COSE (EDHOC) protocol, which represent a standardization effort to build a lightweight authenticated key exchange protocol for IoT constrained scenarios.|
|JRC Directorate:||Space, Security and Migration|
Files in This Item:
There are no files associated with this item.
Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.