ABSTRACT
The Internet of Things (IoT) is defined by its connectivity between people, objects and complex systems. This is as vast as it sounds spanning all industries, enterprises, and consumers. The massive scale of recent Distributed Denial of Service (DDoS) attacks (October 2016) on DYN’s servers that brought down many popular online services in the US, gives us just a glimpse of what is possible when attackers are able to leverage up to 100,000 unsecured IoT devices as malicious endpoints. Thus, ensuring security is a key challenge. In order to thoroughly test the internet of things, traditional testing methods, where the System Under Test (SUT) tested pre-production, is not an option. Due to their heterogeneous communication protocol, complex architecture and insecure usage context, IoTs must be tested in their real use case environment: service based and large-scale deployments.
This article describes the challenges for IoT security testing and presents a Model Based Testing approach solution, which can be used to support and EU security certification framework at European level for IoT products.
