Accroding to Statista, the total installed base of connected devices is expected to reach 75.44 billion by 2025, which means that it will increase five-fold in ten years\cite{statista}. These massive and rapidly increasing devices connected through the Internet have created the Internet of Things (IoT). The IoT landscape includes Industrial Internet of Things (IIoT) and Industrial Control System (ICS) in the context of Information Technology (IT) and Operational Technologies (OTs). IoT devices are now ubiquitous and widely used in smart cities, homes, manufacturing, automotive, transportation and logistics, retail, public sector and healthcare.
However, most of IoT devices are vulnerable to intrusion and therefore have become the main targets of cybercriminals such as Mirai malware. A larger "surface area" would be introduced by these IoT devices to attack and expose systems connected to them\cite{hack}. Therefore, critical infrastructure systems such as water treatment or power plants as well as our daily lives will all be threatened by security vulnerabilities in IoT devices.
Against this worrying and challenging context, our project will first assess the IoT landscape from the perspective of cybersecurity. This activity includes a review of:
- IoT key technologies in the commercial and enterprise/industrial sectors;
- Review of major IoT vulnerabilities, threats and security issues documented in available online literature and papers, especially for webcams;
- Review of major IoT cyber-attacks in the last 5-10 years.
Then we will proceed to the R&D practical Lab work. There will be a cyber investigation and experiment utilising an IP (wi-fi) enabled camera as a significant example of IoT device. This R&D work would include:
- Utilise an IP webcam that supports a wide range of web connectivity protocols (port forwarding, UPnP, P2P, etc.). Then build a mini-test environment including a router with web access and IP camera which will support packet capture and sniffing of traffic generated by the camera;
- Investigate P2P communication protocols and potentially others by using open source packet capture tools Wireshark. Capture network traffic generated by the web camera, especially when the web camera is remotely accessed from a mobile web application; capture utilised protocols (e.g. HTTP/HTTPS), security level, exchanged, information;
- Assess, from a security viewpoint, utilised protocols and exchanged data during these interactions (e.g. P2P) by identifying any potential issues (e.g. unsecure use of protocols/HTTP, potential unprotected exposure of confidential data, etc.)