Victor Goeman, Dairo de Ruck, Ilse Bohé, Jorn Lapon, Vincent Naessens
{"title":"IoT Security Seminar: Raising Awareness and Sharing Critical Knowledge","authors":"Victor Goeman, Dairo de Ruck, Ilse Bohé, Jorn Lapon, Vincent Naessens","doi":"10.1145/3600160.3604986","DOIUrl":null,"url":null,"abstract":"The security of the Internet of Things (IoT) devices has become a major concern as the number of connected devices continues to increase. Despite this concern, there is a lack of training opportunities to educate IoT developers on security measures. While there are ample ICT and Network Management courses for developers, there is a lack of security courses scoped for this audience. One of the reasons is that raising cybersecurity awareness and increasing the security expertise of developers presents a significant challenge due to the complexity of IoT security. This work presents a cybersecurity seminar that tackles these challenges. It is aimed at various actors in the IoT device development cycle (e.g. software designers, developers and managers) to raise IoT security awareness and share critical knowledge. It cultivates the basics of both offensive and defensive security through a custom-built vulnerable IoT firmware image with vulnerabilities found in real-world IoT devices. This intentionally vulnerable image is accompanied by a detailed walkthrough explaining various exploitation and mitigation techniques. Our seminar has been held multiple times in both industry and academics and consistently received very positive feedback. It has been successful in educating participants about the importance of IoT security and providing them with additional knowledge and skills to take action in their own practices.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3604986","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The security of the Internet of Things (IoT) devices has become a major concern as the number of connected devices continues to increase. Despite this concern, there is a lack of training opportunities to educate IoT developers on security measures. While there are ample ICT and Network Management courses for developers, there is a lack of security courses scoped for this audience. One of the reasons is that raising cybersecurity awareness and increasing the security expertise of developers presents a significant challenge due to the complexity of IoT security. This work presents a cybersecurity seminar that tackles these challenges. It is aimed at various actors in the IoT device development cycle (e.g. software designers, developers and managers) to raise IoT security awareness and share critical knowledge. It cultivates the basics of both offensive and defensive security through a custom-built vulnerable IoT firmware image with vulnerabilities found in real-world IoT devices. This intentionally vulnerable image is accompanied by a detailed walkthrough explaining various exploitation and mitigation techniques. Our seminar has been held multiple times in both industry and academics and consistently received very positive feedback. It has been successful in educating participants about the importance of IoT security and providing them with additional knowledge and skills to take action in their own practices.