Learning from others’ mistakes: Penetration testing iot devices in the classroom

Tom Chothia, Joeri de Ruiter

Research output: Contribution to conference (unpublished)Paperpeer-review

7 Citations (Scopus)

Abstract

This paper shows how it is possible to use commercial off-the-shelf IoT devices in a taught cyber security course. We argue that the current level of IoT device security makes testing them an excellent exercise for students. We have developed a course based around this idea that teaches students basic penetration testing techniques and then sets two rounds of group assignments in which they get hands-on experience with performing a security analysis of an IoT device. In the first round, the students get devices which we know are vulnerable. In the second round, the groups are mixed and they get devices with no previously known vulnerabilities. This approach enables us to provide them enough guidance in the first round to get the experience needed to perform the analysis independently in the second round. This seems to have been successful because our student teams found previously unknown vulnerabilities in five devices in the second round of tests.

Original languageEnglish
Publication statusPublished - 2016
Event2016 USENIX Workshop on Advances in Security Education, ASE 2016, co-located with the 25th USENIX Security Symposium - Austin, United States
Duration: 9 Aug 2016 → …

Conference

Conference2016 USENIX Workshop on Advances in Security Education, ASE 2016, co-located with the 25th USENIX Security Symposium
Country/TerritoryUnited States
CityAustin
Period9/08/16 → …

Bibliographical note

Funding Information:
Acknowledgement Part of this work was supported by the grant GEN1214 from “The Higher Education Academy”. We thank the anonymous referees for their helpful comments that improved the paper.

Publisher Copyright:
© 2016 USENIX Workshop on Advances in Security Education, ASE 2016, co-located with the 25th USENIX Security Symposium. All rights reserved.

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Learning from others’ mistakes: Penetration testing iot devices in the classroom'. Together they form a unique fingerprint.

Cite this