Automating IoT Security Standard Testing by Common Security Tools

Rauli Kaksonen; Kimmo Halunen; Kimmo Halunen; Marko Laakso; Juha Röning

doi:10.5220/0012345900003648

Automating IoT Security Standard Testing by Common Security Tools

Rauli Kaksonen, Kimmo Halunen, Kimmo Halunen, Marko Laakso, Juha Röning

2024

Abstract

Cybersecurity standards play a vital role in safeguarding the Internet of Things (IoT). Currently, standard compliance is assessed through manual reviews by security experts, a process which cost and delay is often too high. This research delves into the potential of automating IoT security standard testing, focusing on the ETSI TS 103 701 test specification for the ETSI EN 303 645 standard. From the test specification, 56 tests are relevant for the network attack threat model and considered for automation. The results are promising: basic network security tools can automate 52% of these tests, and advanced tools can push that number up to 70%. For full test coverage, custom tooling is required. The approach is validated by creating a test verdict automation for a real-world IoT product. Test automation is an investment, but the results indicate it can streamline security standard verification, especially for product updates and variants. The automation can use data from other testing activities to reduce effort. Automating the security standard testing would enable the certification of a large number of IoT products for their lifetime.

Download

Paper Citation

in Harvard Style

Kaksonen R., Halunen K., Laakso M. and Röning J. (2024). Automating IoT Security Standard Testing by Common Security Tools. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 42-53. DOI: 10.5220/0012345900003648

in Bibtex Style

@conference{icissp24,
author={Rauli Kaksonen and Kimmo Halunen and Marko Laakso and Juha Röning},
title={Automating IoT Security Standard Testing by Common Security Tools},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={42-53},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012345900003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Automating IoT Security Standard Testing by Common Security Tools
SN - 978-989-758-683-5
AU - Kaksonen R.
AU - Halunen K.
AU - Laakso M.
AU - Röning J.
PY - 2024
SP - 42
EP - 53
DO - 10.5220/0012345900003648
PB - SciTePress