4.3.1.6 Packet Tracer – Threat Modeling at the IoT Communication Layer Answers

4.3.1.6 Packet Tracer – Threat Modeling at the IoT Communication Layer (Instructor Version)

Topology

The topology is a home IoT system that has been prototyped in Packet Tracer. It shows a cutaway view of a home with different sensors, actuators, and connections shown.

Objectives

In this Packet Tracer, you will begin the threat modeling process for the device layer of the IoT attack surface.

  • Part 1: Diagraming the Communication Layer
  • Part 2: Creating an Inventory of Assets of the Communication Layer Attack Surface
  • Part 3: Identifying Potential Threats with the STRIDE Model

Background / Scenario

In this Packet Tracer, you will continue creating a threat model for the home automation IoT system that was started in the Chapter 3 Packet Tracer – Threat Modeling at the IoT Device Layer. You may want to review the description of the system and Packet Tracer file from that Packet Tracer.

You will be working with the communication layer of the IoT attack surface. Remember that the home automation network differs somewhat from the PT network. The home automation network that you are working with does not use Wi-Fi as the wireless protocol for the sensors and actuators. Instead, you will choose another protocol for the IoT sensor-actuator-controller network, such as Zigbee or Z-Wave. The controller handles local communication with the various wireless networks in the house and the Internet. It serves as the IP gateway for the IoT sensor-actuator network. It also functions as a router that enables communication between the local wireless LAN and the Internet.

Required Resources

  • Packet Tracer 7.1 or later

Part 1: Diagraming the Communication Layer

Step 1: Choose a protocol for the sensor network.

Focus on the IoT communication layer protocols and infrastructure. Although the PT model uses Wi-Fi for communication between sensors, actuators and the IoT gateway, you will use another protocol for your analysis.

Choose a protocol that is commonly used in home automation networks for communication between sensors, actuators and the home IoT gateway. Keep security in mind.

What protocol did you choose and why did you choose it?
Zigbee is the popular choice for this one as it is efficient in power consuming and it is a two way data transfers between devices.

Step 2: Diagram the network.

Use your completed floorplan diagrams from the Threat Modeling at the IoT Device Layer Packet Tracer from Chapter 3. Additionally, you will complete the attic floorplan.

a. Complete the floorplan for the attic that is included in Appendix A of the PDF version of these Packet Tracer instructions. Add the network infrastructure devices and their connections as they are shown in the Packet Tracer network.

b. Add the network clients that are not IoT devices but are still connect to the IoT gateway.

c. Add data flows. It is not necessary to draw flows for every device, just a few representative devices is fine. In addition, when indicating connections between floors, it is fine to just write “Connected to…” at the top of a floorplan. Include several sensors and actuators, the smart phone and tablet, and the MCU.

Draw lines between the IoT devices, the IoT gateway, and the other network infrastructure components which are connected to one another. Use different colors for connections that use different protocols. Remember that some sensors and actuators may not be able to communicate directly with the IoT gateway due to power constraints. Label or color code the data flows according to the protocols in use.

What would allow any sensors and actuators that are out of range of the IoT gateway to communicate with it?
Using Zigbee the sensors and actuators can be still connected to the gateway if the Zigbee is within its range.

What other protocols are in use in the network? How could the tablet and the smart phone communicate?
Bluetooth protocols can be used, they are of low range, but it will fulfill the function

d. Add arrows to indicate the predominate direction of data flow. In some cases the flows will be mostly in one direction. In others they will be in two directions.

Which devices in the home automation network connect to the IoT Gateway?
The smart devices that is present in the home automation such as tablets, smart doors and windows and etc.
The smart devices that is present in the home automation such as tablets, smart doors and windows and etc.

Part 2: Creating an Inventory of Assets of the Communication Attack Surface

Another component of asset management is understanding the network protocols and infrastructure devices that are in use on the network. In this part of the Packet Tracer, you will compete a table for the all of the communication attack surface assets.

Step 1: List the communication networks and protocols.

Open the Packet Tracer activity and fill-in the table that is provided below. The table should include all the networks, protocols, and IP devices that are part of the home automation network system. Determine the communication relationships between assets. The network is a collection of things that uses the same protocol. It is not necessary to list every IoT device here. Instead, just refer to the wireless sensor-actuator network. This has been filled in for you.

Follow the instructions in the Packet Tracer activity to show the wireless network connections between devices if necessary. Feel free to move devices around to understand the wireless connections better. Pay attention to the color coding of the wireless connections.

Network or Device Protocol(s) Communicates With
Part 2: Communications
Smart Solar Panel GigaEthernet Home Gateway
Smart Window Wireless MCU
TV Coaxial Coaxial Splitter
Temperatura medidor Wireless MCU
Smart Coffe Maker Wireless MCU

Part 3: Identifying Potential Threats

In this part, you will identify threats using the STRIDE methodology. Try to describe as many threats as possible based on your experience in the course, the OWASP IoT vulnerabilities page, and other information sources.

Use the STRIDE model to create a list of potential threats.

Fill in the following table with threats for each category in the STRIDE threat model. Add potential threats that could occur for each STRIDE category. Include the type of threat using the OWASP terminology where possible. An extra STRIDE table is provided in Appendix B of the PDF version of these Packet Tracer instructions.

Threat type Network or Device Threats
(S)poofing – can an attacker pretend to be someone he’s not, or falsify data? sensor-actuator network
Wireless In a wireless network, sure, because it is in the air and any attacker could hack it.
WSN This network is the most common, therefore it would be the one that the attacker would have more success to falsify data in it.
IPv6 In this I think not since they are too small networks
Wireless Probably since this is used for small programs that only cover some functionality
(T)ampering – can an attacker successfully inject falsified data into the system? sensor-actuator network
Wireless In a wireless network, sure, because it is in the air and any attacker could hack it.
IPv6 This network is the most common, therefore it would be the one that the attacker would have more success to falsify data in it.
WSN In this I think not since they are too small networks
Zolertia Probably since this is used for small programs that only cover some functionality
(R)epudiation – can a user pretend that a transaction didn’t happen? sensor-actuator network
IPv6 Very sure yes, because IPv6 is a very common
WSN Yes, since this network specifies for actuators and sensors and can fake an action, without actually executing it
Wireless If you can manage to do that, therefore this network is not secure.
Zolertia Zolertia does not contain this type of functionalities
(D)enial of Service – can the device be shut down or made unavailable maliciously? sensor-actuator network
WSN Sure, it can hurt the actuators and damage them.
Wireless They can clearly “play” with the devices
Zolertia Yes, since it enters into the functionalities that this network has.
IPv6 It can damage the devices, to the point of short circuit.
(E)scalation of Privilege – can users get access to privileged resources meant only for admins or superusers? sensor-actuator network
Wireless Of course, this does not contain large firewalls and security services
IPv6 Does not have high security
WSN Yes, I could, but this one does not have reserved resources
Domotica Yes, because the home automation network is capable of automating a home by itself.

Appendix A: Floor Plans

Attic: 

Ground Floor Legend: 

Number Room
13 attic

Appendix B: STRIDE Table

Threat type Network or Device Threats
(S)poofing – can an attacker pretend to be someone he’s not or falsify data sensor-actuator network
Wireless Does not have high security
IPv6 This is low consumption which makes it easy to attack.
WSN This can be easily falsified data by accessing the firmware since this has antivirus or protection
Wireless It may become the easiest network to access.
(T)ampering – can an attacker successfully inject tampered data into the system? sensor-actuator network
IPv6 This network is the most common, therefore it would be the one that the attacker would have more success to falsify data in it.
Wireless In a wireless network, sure, because it is in the air and any attacker could hack it.
WSN In this I think not since they are too small networks
Zolertia Probably since this is used for small programs that only cover some functionality
(R)epudiation – can a user pretend that a transaction didn’t happen? sensor-actuator network
IPv6 Very sure yes, because IPv6 is a very common and without much security
Wireless Yes, since this network specifies for actuators and sensors and can fake an action, without actually executing it
Zolertia Zolertia does not contain this type of functionalities
WSN If you can manage to do that, therefore this network is not secure.
(D)enial of Service – can the device be shut down or made unavailable maliciously? sensor-actuator network
Wireless They can clearly “play” with the device
Zolertia Yes, since it enters into the functionalities that this network has.
WSN Sure, it can hurt the actuators and damage them.
IPv6 It can damage the devices, to the point of short circuit.
(E)scalation of Privilege – can users get access to privileged resources meant only for admins or superusers? sensor-actuator network
Wireless Of course, this does not contain large firewalls and security services
IPv6 It does not have high security, with which it has privileged data because it could not defend them
WSN Yes, I could, but this one does not have reserved resources
Domotica Yes, because the home automation network is capable of automating a home by itself.

Download 4.3.1.6 Packet Tracer – Threat Modeling at the IoT Communication Layer

 


guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x