Design of a Secure Transmission System for Secure Key Injection During Initialization Phase of IOT Devices

In the last decade society has experienced an exponential growth in the number of devices connected to the Internet. Recently, new gadgets called Internet of Things devices have appeared in our homes. Although they often lack a physical interface to directly interact with them, they are able to read information from sensors and autonomously communicate with servers, performing decisions accordingly. However, most of the domestic devices that are being commercialized do not implement strict security policies, potentially leading to security breaches that compromise the user’s privacy. The following work provides an alternative to the WPS technology in the initial setup phase of these devices, in which the gadget has to be loaded with the Wi-Fi key so it can connect to the Internet. The use of infrared technology implementing a Diffie-Hellman key exchange protocol to inject this key makes the process much safer, without compromising the cost of the device or the user experience

Contactless Vulnerability Analysis using Google and Shodan

The increasing number of attacks on internet-based systems calls for security measures on behalf those systems' operators. Beside classical methods and tools for penetration testing, there exist additional approaches using publicly available search engines. We present an alternative approach using contactless vulnerability analysis with both classical and subject-specific search engines. Based on an extension and combination of their functionality, this approach provides a method for obtaining promising results for audits of IT systems, both quantitatively and qualitatively. We evaluate our approach and confirm its suitability for a timely determination of vulnerabilities in large-scale networks. In addition, the approach can also be used to perform vulnerability analyses of network areas or domains in unclear legal situations