Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Student and Grants
    • Co-located Workshops
  • Program
    • Workshop Program
  • Sponsorship
  • Participate
    • Instructions for Authors and Speakers
    • Call for Papers
  • About
    • Workshop Organizers
    • Questions
    • Services
    • Past Workshops
  • Home
  • Attend
  • Program
  • Sponsorship
  • Participate
  • About

help promote

ASE '16 button

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Learning From Others’ Mistakes: Penetration Testing IoT Devices in the Classroom
Tweet

connect with us

Learning From Others’ Mistakes: Penetration Testing IoT Devices in the Classroom

Authors: 

Tom Chothia, University of Birmingham; Joeri de Ruiter, Radboud University Nijmegen

Abstract: 

This paper shows how it is possible to use commercial off-the-shelf IoT devices in a taught cyber security course. We argue that the current level of IoT device security makes testing them an excellent exercise for students. We have developed a course based around this idea that teaches students basic penetration testing techniques and then sets two rounds of group assignments in which they get hands-on experience with performing a security analysis of an IoT device. In the first round, the students get devices which we know are vulnerable. In the second round, the groups are mixed and they get devices with no previously known vulnerabilities. This approach enables us to provide them enough guidance in the first round to get the experience needed to perform the analysis independently in the second round. This seems to have been successful because our student teams found previously unknown vulnerabilities in five devices in the second round of tests.

Tom Chothia, University of Birmingham

Joeri de Ruiter, Radboud University Nijmegen

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Chothia PDF
View the slides
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us