Date of Award
Spring 5-7-2018
Degree Type
Thesis
Degree Name
Master of Science in Information Technology (MSIT)
Department
Information Technology
Committee Chair/First Advisor
Lei Li
Second Advisor
Ming Yang
Third Advisor
Guangzhi Zheng
Abstract
Digital networked devices also known as Internet of Things (IoT) are ubiquitous today and are now a fundamental part of the functioning of the US digital economy and comprise a significant part of people’s daily activities. These devices have been shown to be insecure in general especially at categories that include any of the following: low-cost, home use, small business, and factory automation. There are continuing research and news reports showing Internet connected devices contain backdoors of various origins whether they be placed intentionally or are discovered as vulnerabilities. These types of devices are of concern because they are critical for Internet access, are deployed in mass numbers, and would have a significant impact to the US economy if a large percentage of these devices became disabled at the same time or were otherwise compromised and coordinated on a mass scale. People now use the Internet as a key part of their lifestyles today including for paying bills, shopping, and communication. Factories often use network-controlled devices as a part of automation and control. Should a mass number of these devices stop working, loss of these activities would represent a significant impact to the US economy and to people’s lives. In addition, given the fact that businesses have made technology a part of their business model, businesses no longer have the manual capabilities to accommodate manual processes on a mass scale. Given the widespread use, deployment, and dependency upon such devices, there exists the potential to disrupt the US economy and wreak havoc upon people’s lives.
Certification of digital internet devices is a relatively new development that is optional currently. Present certification methods use Blackbox testing methods that focus on input variability applied according to common vulnerabilities to provide assurance that devices are free from known vulnerabilities which can typically allow backdoor access among other things. Certification of digital Internet devices needs to include more comprehensive testing including design and source code analysis to even have a chance at detecting intentionally hidden backdoors and assuring trust. Intentionally hidden backdoors are a growing concern and current methods of certifications are ineffective in detecting this kind of backdoor. In addition, results are presented from a survey presented to attendees of 2 major security conferences supporting the notion that testing alone is insufficient and should include design and source-code review.