A penetration testing project for a
Cloud-based IoT Architecture.
The project activity in question consists of carrying out the process of Penetration Testing on an asset regarding a Cloud-based IoT architecture; specifically, the following Penetration Testing activity is part of the second step of my master's thesis, within which a Cloud-based IoT architecture inspired by a real-life scenario was fully implemented.
For the project activity related to the Penetration Testing and Ethical Hacking course, a penetration testing process was carried out on an asset related to an IoT cloud-based architecture representing a smart home with a door configuration that allows access via a fingerprint reader and, through a proximity sensor, detects the presence of strangers. Due to the lack of specific information about the asset to be analyzed, a black box approach was used. To perform the analysis, an appropriate simulated environment was configured, allowing interaction with the asset to examine and detect its vulnerabilities.
In particular, the vulnerabilities detected could allow an attacker to obtain full control of the system by assuming the role of administrator. It is also possible for an attacker to steal sensitive data and manipulate it to gain access to the home automation port. At present, the overall level of risk associated with the asset appears to be critical. However, by implementing measures such as robust authentication mechanisms and some simple controls, it is possible to significantly lower the level of risk.
- The penetration testing report can be found in the
Penetration_Testing_Report.pdf
document at the following link: Penetration Testing Report - The narrative of penetration testing can be found in the
Penetration_Testing_Narrative.pdf
document at the following link: Penetration Testing Narrative - Additional documentation and references can be found in the repository.
The tested asset is an IoT Cloud-based architecture representing the configuration of a smart home door that allows access via a fingerprint reader and detects the presence of strangers through a proximity sensor. The devices involved in the architecture are as follows:
- End nodes: ESP32 with fingerprint sensor and Arduino Uno WiFi with proximity sensors and buzzer;
- Edge node: ESP8266 which receives the information sent by ESP32 and Arduino (via MQTT protocol), filters it and sends it to the Raspberry Pi;
- Fog nodes: the Raspberry Pi is networked via a wired connection to the modem, while, via WLAN, it performs the functions of a DHCP server (to provide IP addresses to the boards) and an MQTT broker. The WLAN interface is configured so that the Raspberry Pi acts as an access point to allow communication between all the boards. The WLAN network was configured by setting a static IP address to the Raspberry Pi on a network different from the Ethernet network, thus ensuring separation between the two networks and optimizing network traffic management. The Raspberry Pi also collects the information transmitted by the ESP8266 and updates a CSV file on Google Drive.
The following figure shows in detail the IoT architecture implemented:
By means of the special tool provided by VMware, a virtual network was set up with Bridge mode, so the Kali VM will be connected to the local network by obtaining an IP address from the same address pool as the router to which both the host and the asset are connected, as if it were another device on the network. This allows us to perform penetration testing in a more realistic way because the Kali VM will be able to interact directly with other devices on the network, including our IoT architecture that we are testing. The network infrastructure is shown in the following figure in a version that does not take into account the target architecture elements
Name | Description |
---|---|
Alberto Montefusco |
Developer - Alberto-00 Email - [email protected] LinkedIn - Alberto Montefusco My WebSite - alberto-00.github.io |