45 lines
4.9 KiB
TeX
45 lines
4.9 KiB
TeX
% !TEX root = ../Thesis.tex
|
|
\chapter{Introduction}\label{introduction}
|
|
\iot devices are becoming increasingly prevalent in modern homes, offering a range of benefits such as controlling home lighting, remote video monitoring, and automated cleaning \citep{iothome2019}.
|
|
These conveniences are made possible by the sensors and networked communication capabilities embedded within these devices.
|
|
However, these features also pose significant privacy and security risks \citep{islamiot2023}.
|
|
IoT devices are often integrated into home networks and communicate over the internet with external servers, potentially enabling surveillance or unauthorized data sharing without the user's knowledge or consent \citep{infoexpiot}. Moreover, even in the absence of malicious intent by the manufacturer, these devices are still vulnerable to programming bugs and other security failures \citep{peekaboo2020}.
|
|
\medskip
|
|
|
|
Security researchers focused on the security and privacy of such \iot devices rely on various utilities and tools for conducting research.
|
|
These tools are often glued together in scripts with arbitrary decisions about file naming and data structuring.
|
|
Such impromptu scripts typically have a narrow range of application, making them difficult to reuse across different projects. Consequently, useful parts are manually extracted and incorporated into new scripts for each project, exacerbating the problem.
|
|
\medskip
|
|
|
|
This approach leads to scattered data, highly tailored scripts, and a lack of standardized methods for sharing or reproducing experiments. The absence of standardized tools and practices results in inconsistencies in data collection and storage, making it difficult to maintain compatibility across projects.
|
|
Furthermore, the lack of conventions about file naming and data structuring leads to issues in finding and accessing the data.
|
|
For research groups, these issues are further compounded during the onboarding of new members, who must navigate this fragmented landscape and often create their own ad-hoc solutions, perpetuating the cycle of inefficiency and inconsistency.
|
|
\medskip
|
|
|
|
To systematically and reproducibly study the privacy and security of IoT devices, an easy-to-use testbed that automates and standardizes various aspects of experimenting with IoT devices is needed.
|
|
|
|
\section{Motivation}\label{sec:motivation}
|
|
The primary motivation behind this project is to address the challenges faced by security researchers in the field of IoT device security and privacy.
|
|
The scattered nature of data, the lack of standardized tools, and the ad-hoc methods used for data collection or processing, are an obstacle for researchers who want to produce valid and reproducible results \citep{fursinckorg2021}.
|
|
A standardized testbed, enabling a more systematic approach to collecting and analyzing network data from \iot devices, can help make tedious and error-prone aspects of conducting experiments on \iot devices more bearable, while at the same time enhancing the quality of the data, by adhering to interoperability standards by establishing data collection and storage standards.
|
|
This bachelor project is specifically informed by the needs of the PET research group at the University of Basel, who will utilize it to run IoT device experiments, and as a foundation to build more extensive tooling.
|
|
|
|
\section{Goal}\label{sec:goal}
|
|
The goal of this project is to design and implement a testbed for IoT device experiments. To aid reproducibility, there are two main objectives:
|
|
|
|
First, the testbed should automate key aspects of running experiments with IoT devices, particularly the setup and initialization of data collection processes as well as some basic post-collection data processing.
|
|
|
|
Secondly, the testbed should standardize how data from experiments is stored. This includes standardizing data and metadata organization, establishing a naming scheme, and defining necessary data formats.
|
|
A more detailed description to how this is adapted for this project follows in \cref{ch:adaptation}.
|
|
|
|
|
|
\section{Outline}
|
|
This report documents the design and implementation of an \iot testbed.
|
|
In the remainder of the text, the typographically formatted string "\iottbsc" refers to this projects' conception of testbed, whereas "\iottb" specifically denotes the Python package which is the implementation artifact from this project.
|
|
|
|
This report outlines the general goals of a testbed, details the specific functionalities of \iottbsc, and explains how the principles of automation and standardization are implemented.
|
|
We begin by giving some background on the most immediately useful concepts.
|
|
\cref{ch:adaptation} derives requirements for \iottbsc starting from first principles and concludes by delineating the scope considered for implementation, which is described in \cref{ch4}.
|
|
In \cref{ch:5-eval} we evaluate \iottbsc, and more specifically, the \iottb software package against the requirements stated in \cref{ch:adaptation}.
|
|
We conclude in \cref{ch:conclusion} with an outlook on further development for \iottbsc.
|