Reference no: EM133699008
Research Methods and Project Design
Purpose: Develop and apply research methods and analytical, technical, managerial, and time-management skills to the analysis and design of a capstone project.
Identify and evaluate project management concepts and apply them to a realistic business problem.
Research, adapt and apply the knowledge and skills acquired over the core units to plan a substantial capstone project.
Demonstrate effective communication skills in relation to client, ethical and professional behaviour.
Work effectively and efficiently in a team, and exercise coordination within a team.
Report - Project Requirements Analysis and Specification
Project Title: IoT Device Security Scanner
Project Description
In the ever-growing landscape of the Internet of Things (IoT), security remains a paramount concern. With a vast array of devices connecting to the internet, from smart thermostats to security cameras, the potential for vulnerabilities within a network has significantly increased. The IoT Device Security Scanner project aims to develop a tool that enables users to easily scan their home or office networks for connected IoT devices and assess them for known vulnerabilities. This tool will leverage existing vulnerability databases and scanning technologies to provide a user-friendly interface that guides non-technical users through the process of identifying potential security risks.
Objectives
1. Develop a Comprehensive Scanning Tool: Create a software application capable of detecting various IoT devices connected to a local network and identifying their make, model, and firmware version.
2. Vulnerability Assessment: Utilize existing vulnerability databases (such as the National Vulnerability Database) to check each detected device against known vulnerabilities and security flaws.
3. User-Friendly Reporting: Generate easy-to-understand reports for the user, highlighting potential security risks and providing recommendations for mitigating these vulnerabilities.
4. Guidance for Non-Technical Users: Offer straightforward advice on how to update device firmware, change default passwords, and implement other security measures.
5. Platform Compatibility: Ensure the tool is compatible with common operating systems, such as Windows, macOS, and Linux, to maximize its utility.
Deliverables
Software Application: A fully functional IoT security scanner that can be run on Windows, macOS, and Linux platforms. The application will offer graphical and command-line interfaces to cater to both non-technical and technical users.
Documentation: Comprehensive user documentation that includes installation instructions, user guides, and troubleshooting tips. Additionally, a technical report detailing the development process, architecture, and technologies used in the project.
Security Report Template: Templates for reports generated by the tool, including sections for detected devices, identified vulnerabilities, and recommended actions.
Presentation: A detailed presentation outlining the project's scope, development process, challenges encountered, and a demonstration of the tool in action.
Task Breakdown
Research Phase: Investigate existing network scanning tools (such as Nmap) and vulnerability databases. Understand the common characteristics of IoT devices that can be leveraged for detection.
Development Phase:
1. Implement network scanning functionality to detect devices.
2. Integrate with vulnerability databases to fetch real-time data on known vulnerabilities.
3. Develop the logic for matching detected devices with database entries.
4. Create a user interface for initiating scans, viewing results, and accessing recommendations.
Testing Phase:
Conduct thorough testing to ensure accuracy in device detection and vulnerability assessment. Test the application on different operating systems and networks with various IoT devices.
Documentation and Reporting:
Prepare user and technical documentation, develop security report templates, and finalize the presentation for project dissemination.
Project Resources
Development Tools: Programming languages (Python for backend logic, JavaScript for web-based interface), network scanning tools (e.g., Nmap), database integration (for accessing vulnerability databases).
Platforms: Access to Windows, macOS, and Linux machines for development and testing.
IoT Devices: A range of IoT devices for testing the scanner's detection capabilities. Note, these will need to be sourced by the student group. Examples of an IoT device can be as simple as the home router, or a smart bulb (see additional information below)
Vulnerability Databases: Access to public vulnerability databases like the National Vulnerability Database (NVD) for real-time vulnerability data.
Additional Information
All intellectual property generated from this project, including software, documentation, and reports, will be owned by AusDAIS. This project aims not only to enhance the security posture of IoT device users but also to raise awareness about the importance of IoT security in protecting against potential cyber threats.
Examples of IoT devices:
1. Smart Bulbs
Example: Older models of smart bulbs from less well-known brands can often be found at lower prices. These devices have been known for vulnerabilities in the past, such as weak encryption or the ability to be controlled outside of the intended network.
2. IP Cameras
Example: Inexpensive IP cameras, especially those from no-name or generic brands, are notorious for security vulnerabilities, including default passwords and unencrypted data transmission.
3. Smart Plugs
Example: Smart plugs from lesser-known manufacturers can be affordable and have been found to contain vulnerabilities like weak authentication mechanisms or firmware that can be easily tampered with.
4. Home Routers
Example: Older or used models of home routers can be very cheap and are often riddled with security issues if not updated regularly. They serve as an excellent test bed for network security practices.
5. Wearable Fitness Trackers
Example: Lower-end fitness trackers can be susceptible to security flaws, such as tracking data being intercepted or manipulated due to lack of encryption.
Please Note: When purchasing devices specifically for security testing, it's crucial to:
• Ensure that testing does not violate any laws or terms of service.
• Conduct tests in a controlled environment where you have permission to test the devices.
• Regularly check for and apply security updates to devices that you decide to keep in use, to protect against known vulnerabilities.
Introduction - Is the topic introduced appropriately, and is there a clear overview of what will be discussed in the report?
Problem domain - Has the student identified a research problem and described it clearly?
Are the research questions relevant to the problem being studied?
Background and Project Objective - Clear aim and objectives of the project.
Has the student conducted an in-depth literature review on the chosen topic (please check for quality of the papers, variety of research sources including journals and conference publications)?
Is the summary of the literature review clear, specific and does it capture the essence of the literature review being conducted? Does the summary of all papers reviewed conform to guidelines provided in Appendix II: Literature Review Summary? [Each student should refer to a minimum of 6 sources, including 2 literature reviews from assignment 1 (total of three peer reviewed journal papers & three peer reviewed conference papers)].
Does this section clearly specify objectives of the research project in a clear and concise manner?
Project
Requirements - Does this section include details about requirements specifications?
Does it include a list of project requirements: Are there clear project requirements such as hardware, software, etc?
References -
Group Report - Project Plan and Preliminary Design
5. Project Plan and Preliminary Design
Table of weekly activities.
Detailed description of roles and responsibilities of each team member.
Gantt chart appropriate to the project.
High Level Project Design with diagram
Project Individual Design Approaches: Project with block diagrams step by step (you can use UML/Use cases/flow charts). Negative marks will be given for inclusion of any software engineering or project management methodologies such as waterfall, agile, scrum, SDLC etc.
Design approaches should include technical specifics, such as technique, technology, algorithms, etc.
Budget with references (detailed budget with specifications) -include hardware, software, human resources, etc.
Designing an IoT device scanner involves considering various aspects such as connectivity, data processing, security, usability, and scalability. Here are five design approaches:
1. *Modular Design*:
- *Description*: Break down the IoT scanner into modular components such as sensors, data processors, communication modules, and user interfaces.
- *Advantages*: Enhances flexibility, allows for easier upgrades and maintenance, and enables customization based on specific use cases.
- *Implementation*: Use standardized interfaces and protocols to ensure compatibility between modules.
2. *Edge Computing Integration*:
- *Description*: Implement edge computing to process data locally on the device or near the data source rather than relying solely on cloud processing.
- *Advantages*: Reduces latency, improves response times, enhances data privacy, and decreases bandwidth usage.
- *Implementation*: Incorporate powerful processors and storage capabilities within the IoT device scanner to handle local data processing tasks.
3. *Security-First Approach*:
- *Description*: Prioritize security at every stage of the design process to protect against cyber threats.
- *Advantages*: Ensures data integrity, protects sensitive information, and builds user trust.
- *Implementation*: Use encryption, secure boot processes, regular firmware updates, and robust authentication mechanisms.
4. *User-Centric Design*:
- *Description*: Focus on creating an intuitive and user-friendly interface for both setup and operation.
- *Advantages*: Improves user adoption, reduces learning curve, and enhances overall user satisfaction.
- *Implementation*: Conduct user research to understand the needs and preferences of target users. Develop a simple, clean UI and provide clear documentation and support.
5. *Scalable Architecture*:
- *Description*: Design the IoT scanner with scalability in mind to handle increasing amounts of data and more connected devices over time.
- *Advantages*: Future-proofs the device, accommodates growth, and ensures consistent performance as usage scales.
- *Implementation*: Utilize cloud services, scalable databases, and microservices architecture. Design the system to easily integrate with other IoT devices and platforms.