Architecture and Development of a Comprehensive Software-based IoT Security Auditing Framework: A Single System Simulation Model
Keywords:
Cybersecurity, IoT security, Password entropy, Python, Vulnerability scanningAbstract
IoT devices have become extensively utilized in the dynamic internet landscape. While there has been a rapid expansion in the deployment of IoT technology, proper security measures have failed to keep pace. This study intends to identify the security vulnerabilities in the IoT technology using a software-based auditing approach. This study seeks to analyze the effectiveness of real-time security scanning and password entropy auditing through the use of a single system simulation (SSS) model. In this research, a simulated environment will be established to test the security vulnerabilities of the IoT technology using a software tool based on Python and FastAPI for identifying vulnerable network services like FTP, SSH and HTTP. The results reveal that non-intrusive scanning proves highly effective in the detection of insecure network services and ports. Moreover, it can be observed that password entropy auditing, which includes password strength analysis, proves to be a useful method for detecting weak passwords that may be subject to dictionary attacks. It can also be noted that the extensive adoption of secure protocols and hard passwords must be ensured at all costs regarding IoT technology. This study not only highlights the importance of ethical hacking for education and network security but also sheds light on the IoT vulnerabilities.
References
OWASP Foundation. OWASP Top 10 IoT Vulnerabilities 2025.
C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and Other Botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.
S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead,” Computer Networks, vol. 76, no. 1, pp. 146–164, Jan. 2015.
R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, Jul. 2013.
C. E. Shannon, “A mathematical theory of communication,” Bell System Technical Journal, vol. 27, no. 3, pp. 379–423, 1948.
W. Stallings, Cryptography and Network Security: Principles and Practice, 7th ed. Pearson, 2017.
E. Zhou, Y. Peng, G. Shao, F. Deng, Y. Miao, and W. Fan, “Password cracking using chunk similarity,”, Future Gener. Comput. Syst., vol. 150, pp. 380–394, Jan. 2024.
P. W. Singer and A. Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know, Oxford, U.K.: Oxford University Press, 2014.
P. Kumari and A. K. Jain, “A comprehensive study of DDoS attacks over IoT network and their countermeasures,” Computers & Security, vol. 127, p. 103096, Jan. 2023.
A. M. Mahmood, A. Al-Yasiri, and O. Y. Alani, “Latency reduction by dynamic channel estimator selection in C-RAN networks using fuzzy logic,” Computer Networks, vol. 138, pp. 44–56, Jun. 2018.
O. Seiji, B. Admir, A. Phudit, S. Shinji, M. Keita, and B. Leonard, “A hybrid intelligent simulation system for constructing IoT networks: Performance evaluation of WMN-PSODGA simulation system considering different router replacement methods,” Internet of Things, vol. 11, p. 100215, Sep. 2020.
H. J. Felcia Bell and S. Sabeen, “A survey on IoT security: Attacks, challenges and countermeasures,” Webology, vol. 19, no. 1, pp. 3741–3763, Jan. 2022.
