Initial commit

README.md

+![Logos](logos.png)
+# Security Testing of IoT Devices by Certification Authorities
+
+This repository holds all code and data associated with the bachelor thesis `Security Testing of IoT Devices by Certification Authorities` by Moritz Finke.
+
+The repository is split into three major segments.
+
+```text
+.
+├── plots
+├── sss
+└── testlink
+```
+
+1. plots: the [plots](plots/) folder holds the code that was used for rendering the plots present in the bachelor thesis
+2. sss: the [sss](sss/) folder holds the software implementation (program and library) of the Security Scoring System
+3. testlink: the [testlink](testlink/) folder holds both the TestLink data of the Testing Guide Model and the files (risk registers and test reports) produced during evaluation.

plots/README.md

+# Plots
+
+This folder holds the code for rendering the plots used in the bachelor thesis.
+
+First, head to [sss](../sss/) and install the `sss` module before rendering
+plots. Therafter, run `./render.sh` to render all plots.

plots/device_sec_scores.py

+#!/bin/python
+from sss import sss
+from devices import data_points
+
+s_s = sss.SSS()
+
+for data_point in data_points:
+    data_point['wrr'].co_max = 10.0
+    print('Device:  ', data_point['desc'])
+    print('DRS:', data_point['wrr'].risk_score())
+    print('RSSC:', data_point['wrr'].rssc())
+    print('RSVK:', data_point['wrr'].rsvk())
+#    print('Allowed RSVK: ', s_s.allowed_rsvk(2.5,
+#        s_s.base_risk(data_point['wrr'])))
+    print('Sum VK:', sum(data_point['wrr'].vk))
+    print('DBRS:', round(s_s.base_risk(data_point['wrr']),2))
+    print('SS:', round(s_s.score(data_point['wrr']),2))
+    print()

plots/devices.py

+wifi = 9.5
+#zigbee_vendor_independent = 8.5
+#zigbee = 7.5
+#app = 7.0
+#proprietary_wireless_communication = 6.1
+cellular = 6.0
+camera = 5.8
+mic = 5.6
+gps = 5.4
+bluetooth = 4.7
+ethernet = 4.3
+#usb = 4.0
+gas_detector = 3.3
+smoke_detector = 3.3
+motion_detector = 3.1
+thermometer = 3.0
+ecg = 2.4
+infrared_sensor = 2.4
+proximity_sensor = 2.3
+lighting = 1.1
+#loudspeaker = 1.0
+
+
+zigbee_vendor_independent = 0
+zigbee = 0
+app = 0
+proprietary_wireless_communication = 0
+loudspeaker = 0
+usb = 0
+
+from sss.sss import WRR
+from sss.sss import SSS
+
+data_points = []
+
+#-----------------------------------------------
+#Philips Hue Bridge v2 Lighting
+S_C = [
+        wifi,
+        zigbee_vendor_independent,
+        ethernet,
+        app,
+        ]
+C_O = [
+        7.5 # IT Department, Night
+        ]
+V_K = [
+        7.4, # Factory Reset
+#        7.9, #CVE-2020-6007 - CVSS v3.1
+        7.6  #CVSS v3.1 Base: 7.6 (AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
+             #https://colinoflynn.com/2016/07/getting-root-on-philips-hue-bridge-2-0/
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Philips Hue Bridge v2'
+    }]
+
+#-----------------------------------------------
+#Philips In.Sight B120/37 Baby Surveillance
+S_C = [
+        wifi,
+        camera,
+        mic,
+        motion_detector,
+        thermometer,
+        loudspeaker,
+        usb,
+        app,
+        ]
+C_O = [
+        4.9 #Internal, Night
+        ]
+V_K = [
+        7.5, #CVE-2015-2884 - CVSS v3.x Base
+        5.4, #CVE-2015-2883 - CVSS v3.x Base
+        9.8  #CVE-2015-2882 - CVSS v3.x Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Philips In.Sight B120/37'
+    }]
+
+#-----------------------------------------------
+#Siemens Gigaset se361
+S_C = [
+        wifi,
+        ethernet,
+        ]
+C_O = [
+        7.5 #IT-Department, Night
+        ]
+V_K = [
+        7.8, #CVE-2009-3322 - CVSS v2.0 Base
+        4.3, #CVE-2007-4488 - CVSS v2.0 Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Siemens Gigaset se361'
+    }]
+
+#-----------------------------------------------
+#Bosch Smart Home Controller SHC
+S_C = [
+        wifi,
+        usb,
+        ethernet,
+        ]
+C_O = [
+        7.5 #IT-Department, Night
+        ]
+V_K = [
+        7.1, #CVE-2019-11896 - CVSS v3.0 Base
+        5.3, #CVE-2019-11895 - CVSS v3.0 Base
+        5.7, #CVE-2019-11894 - CVSS v3.0 Base
+        4.9, #CVE-2019-11893 - CVSS v3.0 Base
+        6.8, #CVE-2019-11892 - CVSS v3.0 Base
+        5.4, #CVE-2019-11891 - CVSS v3.0 Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Bosch Smart Home Controller SHC'
+    }]
+
+#-----------------------------------------------
+#Osram Lightify Home
+S_C = [
+        wifi,
+        zigbee_vendor_independent,
+        app,
+        ]
+C_O = [
+        7.5 #IT-Department, Night
+        ]
+V_K = [
+        7.4, # IoT-6
+        7.4, # IoT-15
+#        5.0, #CVE-2016-5054 - CVSS v3.x Base
+        #7.5, #CVE-2016-5053 - CVSS v3.x Base
+#        5.0, #CVE-2016-5052 - CVSS v3.x Base
+#        5.0  #CVE-2015-5051 - CVSS v3.x Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Osram Lightify Home'
+    }]
+
+#-----------------------------------------------
+#Microsoft Wireless Keyboard 850
+S_C = [
+        proprietary_wireless_communication,
+        usb,
+        ]
+C_O = [
+        7.4 #IT-Department, Morning
+        ]
+V_K = [
+        6.8 #CVE-2018-8117 - CVSS v3.x Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Microsoft Wireless Keyboard 850'
+    }]
+
+#-----------------------------------------------
+#Bosch NBN-498 Dinion2X
+S_C = [
+        camera,
+        mic,
+        ethernet,
+        motion_detector,
+        ]
+C_O = [
+        8.2 #Server-Room, Night
+        ]
+V_K = [
+        9.8 #CVE-2015-6970 - CVSS 3.1 Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Bosch NBN-498 Dinion2X'
+    }]
+
+#-----------------------------------------------
+#TP-Link TL-SC 3130 IP Camera
+S_C = [
+        wifi,
+        camera,
+        mic,
+        ethernet,
+        motion_detector,
+        ]
+C_O = [
+        8.2 #Server Room, Night
+        ]
+V_K = [
+        9.8,  #CVE-2013-2573 - CVSS v3.1 Base
+        7.5,  #CVE-2013-2572 - CVSS v3.x Base
+        7.5,  #CVE-2018-18428 - CVSS v3.x Base
+        7.8,  #CVE-2013-2581 - CVSS v2.0 Base
+        7.1,  #CVE-2013-2580 - CVSS v2.0 Base
+        10.0, #CVE-2013-2579 - CVSS v2.0 Base
+        10.0, #CVE-2013-2578 - CVSS v2.0 Base
+        7.1   #CVE-2013-3688 - CVSS v2.0 Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'TP-Link TL-SC 3130'
+    }]
+
+#-----------------------------------------------
+#Logitech K360 Keyboard
+S_C = [
+        proprietary_wireless_communication,
+        usb,
+        ]
+C_O = [
+        7.4 #IT-Department, Morning
+        ]
+V_K = [
+        6.5 #CVE-2019-13055 - CVSS v3.x Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Logitech K360'
+    }]
+
+#-----------------------------------------------
+#Miele XGW 3000 (NVD) Gateway
+S_C = [
+        zigbee_vendor_independent,
+        usb,
+        ethernet,
+        app,
+        ]
+C_O = [
+        7.5 #IT-Department, Night
+        ]
+V_K = [
+        9.8, #CVE-2019-20481 - CVSS v3.x Base
+        8.8, #CVE-2019-20480 - CVSS v3.x Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Miele XGW 3000 (NVD)'
+    }]
+
+#-----------------------------------------------
+#Miele XGW 3000 (MITRE) Gateway
+S_C = [
+        zigbee_vendor_independent,
+        usb,
+        ethernet,
+        app,
+        ]
+C_O = [
+        7.5 #IT-Department, Night
+        ]
+V_K = [
+        4.6, #CVE-2019-20481 - CVSS v3.x Base
+        4.6, #CVE-2019-20480 - CVSS v3.x Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Miele XGW 3000 (MITRE)'
+    }]
+
+#-----------------------------------------------
+#Samsung XPress M288OFW Printer
+S_C = [
+        wifi,
+        usb,
+        ethernet,
+        ]
+C_O = [
+        7.5 #IT-Department, Night
+        ]
+V_K = [
+        9.8, #CVE-2015-5729 - CVSS v3.x Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Samsung M2880FW'
+    }]
+
+#-----------------------------------------------
+#Honeywell hswb2g1 IP Camera
+S_C = [
+        camera,
+        motion_detector,
+        ethernet,
+        ]
+C_O = [
+        8.2 #IT-Department, Night
+        ]
+V_K = [
+        9.8, #CVE-2019-18226 - CVSS v3.1 Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Honeywell hswb2g1'
+    }]
+
+#-----------------------------------------------
+#Honeywell Midas Gas Detector
+S_C = [
+        gas_detector,
+        ethernet,
+        ]
+C_O = [
+        8.1 #IT-Department, Night
+        ]
+V_K = [
+        9.3, # CVE-2015-7908 - CVSS v2.0 Base
+        ]
+
+wrr = WRR(V_K,S_C,C_O)
+
+data_points += [{
+    'wrr': wrr,
+    'desc': 'Honeywell Midas'
+    }]