Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

IoTAG: An Open Standard for IoT Device IdentificAtion and RecoGnition

: Fischer, Sebastian; Neubauer, Katrin; Hinterberger, Lukas; Weber, Bernhard; Hackenberg, Rudolf

Fulltext (PDF; )

Rass, S. ; International Academy, Research, and Industry Association -IARIA-:
SECURWARE 2019, Thirteenth International Conference on Emerging Security Information, Systems and Technologies : October 27-31, 2019, Nice, France
Wilmington/Del.: IARIA, 2019
ISBN: 978-1-61208-746-7
International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) <13, 2019, Nice>
Conference Paper, Electronic Publication
Fraunhofer AISEC ()
Internet of Things; device identification; open standard; IoTAG; security rating

With the increasing amount of Internet of Things (IoT) devices in smart homes, insecure and old devices are leading to big security issues. A private network can be attacked over an insecure IoT device, to use it in a botnet or infect it with ransomware and compromise the whole network. Non-technical users do not know which devices in their homes are secure and how to keep track of all the old and new ones. We have built a typical smart home as a test environment to evaluate a scoring system for the security of the whole network. First, all devices are discovered with nmap and then all the possible information, like the open ports or the Wi-Fi technology, are retrieved. In the next step, all the information leads to an overall score for each device. Combined together, the final score for the whole network is created. A non-technical user can now determine, if the network is secure or not. We show the proof of concept of the scoring system with our test environment. However, some challenges exist. Not all information can be retrieved by just scanning the devices over the network. Some devices just return hostnames like ESP 6A786B. It is nearly impossible to tell the kind of device and the manufacturer. Additionally, no information about the running firmware is provided. To calculate a meaningful score, much more information has to be collected. To collect the missing data, we introduce the first version of a new, open standard for IoT Device IdentificAtion and RecoGnition (IoTAG). This JSON based model provides all the important information about t he device. Besides the device name, type and the manufacturer, it shows a list of the services, the firmware version and the supported encryption. IoTAG allows to create an overview of the whole IoT network and the development of an automated scoring system. In the future, additional information about security vulnerabilities can be collected from the Internet, to warn the user about insecure devices.