Exploiting virtual networks for CPS security analysis – The Smart Home Environment

Cyber-Physical Systems, also known as CPS, are nowadays widespread systems and consequently a widely researched topic. They are used to describe systems with decision making capacities integrated into the real world through a combination of sensors and actuators. Different types of CPS exist but we will focus on a particular one, the Smart Home, which is a fast growing application of CPSs. Smart Home systems and generally Smart Devices are used to increase the quality of life, comfort, and ability of remote controlling the home. The topic will be thoroughly researched and analysed in order to gain complete and extensive knowledge on the most common types of Smart Home systems and the devices and protocols that they typically use. Additionally, the cybersecurity aspect of these systems will be considered discussing the security needs and standards together with the Smart Home systems known problems, weak points, and potential vulnerabilities. Furthermore, some of the most notable and impactful past attacks will be discussed, analysing how they worked and what were the consequences. In this context, the aim of the thesis is to use virtual networks simulation tools to recreate some test environments since a real-world creation of testbeds for every case study would be very resource consuming and expensive. Instead, being able to adapt and use a simulation tool to this scope would allow us to set up multiple simulations based on the device or protocol we want to test. Then the simulation can be further developed to contain malicious device that implements various attacks, allowing us to study the feasibility of said attacks and their impact on the system. The available tools to simulate Smart Home CPSs will be discussed, moving then the focus on the ones most suitable for our scope, which will be used to simulate example networks and implement some attacks. The simulated attacks will be presented discussing how it was implemented and the context of the vulnerable environment in which it took place. To conclude the research the obtained results are analysed along with the reality of the limitations presented by simulation software. The positives and negatives of the tools used are discussed and some hypothesis on possible future research are made.