Edinburgh Napier University
A key strategy for improving IoT cybersecurity is for device manufacturers to build more robust security into the design of their devices so they come to market without security gaps that hackers can easily exploit. This project aims to make it easier to test if interconnected devices and networks are secure against hacking attacks.
Edinburgh Napier University, Keysight Technologies are using data analytics to identify vulnerabilities that could put IoT devices at risk. The project will focus on ‘side channels’ – the tell-tale signals that hackers can eavesdrop on and use to crack encryption codes on the device. Data will be used to develop a test framework that manufacturers and designers could use to evaluate the vulnerabilities of different devices. The development of automated vulnerability testing using Keysight’s PathWave platform will make it more feasible for manufacturers to rigorously test connected devices at every point in the design workflow from concept through production prototypes.
The collaboration builds on an earlier project to develop algorithms to identify leakage of cryptographic keys. This project develops this, putting together an IoT security ontology that defines the attack surface and tests that can be performed on it; defines measurements from the tests that should be recorded and how to interpret them; and packages those tests and analytics into an open test framework.
The outcomes of this project could be used to develop a formal industry framework for testing IoT devices for a range of risks and vulnerabilities, and even to develop minimum standards for different types of IoT devices and hardware. It means that rather than vulnerabilities being exposed once devices are already on the market or in use, manufacturers would identify and deal with security issues at, for example, prototype stage.
- Dr Owen Lo, Edinburgh Napier University presented this project at the International Conference on Big Data in Cyber Security, 31 May 2018
- Read the press release