Virtual environments for penetration testing of IoT devices

Abstract

The aim of this thesis is to build a virtual penetration testing environment in order to test cyber security of IoT devices and provide material for teaching penetration testing in cyber security courses at the University of Turku. This thesis utilises the VMWare ESXI server rented by the University of Turku and also those Linux operating systems which have open-source code licences. In addition, this study exploits the Windows XP licence, held by the University of Turku, as the target machine in the attack. The IoT devices in this study have been coded from scratch by author of this thesis, and they work automatically when the virtual machine, where the device is installed, is switched on.

The virtual laboratory is built so that it is possible to install new devices if required. The beginning of the thesis is as comprehensive as possible so that the reader can comprehend the idea of cyber security in IoT devices and smart home system easily. This thesis covers the most common data transfer methods, their history, and the strength of their cyber security. In addition, the thesis covers the most used attack types and tools for implementing these attacks, and also example cases where these particular attacks have been used.

Thesis also presents an architecture model for a smart home in order for the reader to get a better view of the different possibilities of a smart home. Possible risk factors concerning cyber security are also considered with each device. This thesis also touches upon the role of smart cities and industry in the IoT market. The main focus is, however, on IoT devices used in smart home architecture and on researching their cyber security.