Cybersecurity of IoT systems : analyzing security vulnerabilities in a cloud supported embedded system environment
Obradovic, Dorde (2021)
Obradovic, Dorde
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202104195122
https://urn.fi/URN:NBN:fi:amk-202104195122
Tiivistelmä
Nowadays, the Internet of Things(IoT)industry is developing at a rate faster than ever. The projections state that the number of devices which are internet-connected will go up to as far as 43 billion, in only three years from the time of writing of this thesis. IoT israpidly adoptedin the enterprise sector as well asin thesmart-home consumer sector.The main objective of this thesis was to build a prototype of an internet and cloud-connected device, analyze itsvulnerabilities, and finally suggestsecurityimprovements forconsumer IoT devices.Literature research was conducted and used as a reference when assessing the prototype. Physical, communication and application security were the three main domains of vulnerabilities the thesis focused on. The prototype consisted of a Raspberry Pi model 3B+, which collected data through a sensor and uploaded it to the ThingSpeak cloud service. The DREAD and STRIDE threat rating models were used to identify theprototype’smost exploitable attack surfaces and attack types.The prototype was successfully built with an established cloud connection, its security was thoroughly analyzed, and suggestions were given on mitigating the most vulnerable parts of it.The suggestions included: keepingthefirmware up to date, using encryption wherever possible, limiting unused features, limiting data stored online when possible, and not using default configurations and credentials.Consideringthe rapid growth of the IoT industry, it is of great importance that current and future smart-homeusers gain awareness of the potential threats to their home networks, and to set up their devices accordingly.