Title: Extending MUD profiles through an Automated IoT Security Testing Methodology
Authors: MATHEU GARCIA SARA NIEVESHERNANDEZ RAMOS JOSE LUISPEREZ SALVADORSKARMETA ANTONIO
Citation: IEEE ACCESS vol. 7 p. 149444-149463
Publisher: IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Publication Year: 2019
JRC N°: JRC117730
ISSN: 2169-3536 (online)
URI: https://ieeexplore.ieee.org/document/8867876
https://publications.jrc.ec.europa.eu/repository/handle/JRC117730
DOI: 10.1109/ACCESS.2019.2947157
Type: Articles in periodicals and books
Abstract: Defining the intended behavior of IoT devices is considered as a key aspect to detect and mitigate potential security attacks. In this direction, the Manufacturer Usage Description (MUD) has been recently standardized to reduce the attack surface of a certain device through the definition of access control policies. However, the semantic model is only intended to provide network level restrictions for the communication of such device. In order to increase the expressivity of this approach, we propose the use of an automated IoT security testing methodology, so that testing results are used to generate augmented MUD profiles, in which additional security aspects are considered. Specifically, the methodology is based on the use of Model-Based Testing (MBT) techniques to automate the generation, design and implementation of security tests. Furthermore, we describe the application of the resulting approach to the Elliptic Curve Diffie- Hellman over COSE (EDHOC) protocol, which represent a standardization effort to build a lightweight authenticated key exchange protocol for IoT constrained scenarios.
JRC Directorate:Space, Security and Migration

Files in This Item:
There are no files associated with this item.


Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.