7026CEM Discuss and debate a wide range of current research and technological advances in network security.

Security Investigation -Home IoT System

Learning Outcome 1: Propose and implement effective `defence-in-depth` solutions to mitigate the key technical internet security vulnerabilities that organisations face.

Learning Outcome 2: Design and implement secure private networks for IoT and BYOD.

Learning Outcome 3: Discuss and debate a wide range of current research and technological advances in network security.

Task and Mark distribution:

Introduction
You are given access to an IoT environment, representing a home owned by early adopters in the current move to "smart homes". The devices are all from a single manufacturer and you are required to evaluate the security aspects of the system before marketing and sale of the devices.

You will be given access to a testbed network in order to perform a practical security audit as well as associated documentation for review.

Task Breakdown

Your work should include:

1. A security evaluation report on the test-bed system. This is a "white-box" analysis, so you should execute it as a security review rather than penetration test. You can examine any of the files and materials you are given, but any security vulnerability should be demonstrated with a prof-of-concept (PoC) attack that would work without the information gained through white-box testing. Make sure you consider more than just direct attacks on the devices. Also consider what information is exposed about the consumer.

2. A report to the manufacturer on your findings that includes a short review of each problem, along with a brief overview of how it could be solved. For each issue, you should have a more detailed description of the steps you took to discover it, showing enough detail for it to be repeated by the developers.