Test Execution Infrastructure for IoT Quality analysis
?
2 likes?247 views
Recently IoT testing becomes a popular topic in the industry and academic context. New challenges have been identified and existing test methods and techniques need to be collected, optimized and applied. Furthermore, innovative software development approaches are under consideration and partly implemented. However automated test execution still need powerful means and infrastructure. Open source projects like the Eclipse IoT-Testware project can provide valuable tools for advanced testing in IoT. The presentation gives an overview and first results with our IoT test Infrastructure.
![9
? Wide portfolio of competences required
? Devices (sensors, HW, embedded SW)
? Platforms (Cloud, platform domain knowledge)
? Applications (SW, dashboard, business logic)
TECHNICAL SCOPE
? IoT platforms
? 360+ worldwide
? IoT protocols
? Rich selection
? IP-based
? non-IP based
Cellular
netw.
Cellular: 4G, NB-IoT, Cat-M1,EC-GSM´[5G];
non-cellular: Wifi, LoRa, Sigfox ,Zigbee, BLE, ´ connectivity
MQTT MQTT-SN CoAPAMQP3OPC
UA
XMPPHTTP1 Web
Socket21|2|3
applicationIoT application logic
TCP UDP
SMS
DTLSDTLS
IPv4/IPv6(6loWPAN)
transport
TLS/SSL
IoT services layer services´
? Connectivity
options
? Throughput
? Latency
? Power efficiency
? Packet size](https://image.slidesharecdn.com/iot-ttestwarevvass-180719203159/85/Test-Execution-Infrastructure-for-IoT-Quality-analysis-9-320.jpg)
![15
? TTCN-3 is the Testing and Test Control Notation
? Internationallystandardized testing language for formally defining test
scenarios.
? Designed purely for testing
CHALLENGE TEST AUTOMATION
testcase Hello_Bob () {
p.send(^How do you do?^);
alt {
[]p.receive(^Fine!^);
{setverdict( pass )};
[else]
{setverdict( inconc )} //Bob asleep!
}
}](https://image.slidesharecdn.com/iot-ttestwarevvass-180719203159/85/Test-Execution-Infrastructure-for-IoT-Quality-analysis-15-320.jpg)
Test Execution Infrastructure for IoT Quality analysis
- 1. Axel Rennoch, Sascha Hackel, Dorian Knoblauch 2nd Int. Workshop on Verification and Validation of Adaptive Software Systems, IEEE Int. Conference on Software Security and Reliability (QRS), 18th July 2018, Lisbon TEST EXECUTION INFRASTRUCTURE FOR IOT QUALITY ANALYSIS
- 2. 2 BERLIN CENTER FOR DIGITAL TRANSFORMATION
- 3. 3 ? IoT Testing ? Challenges and scope ? IoT test language: TTCN-3 ? Project IoT-T ? Eclipse IoT-Testware ? Standardization & Certification ? Summary and outlook AGENDA
- 4. 4 ? Mirai botnet, October 2016: ? botnet using insecure configured IoT-devices (~100.000) ? attack causes blackout and disruption (e.g. Amazon, Netflix, Twitter, Github) ? Wannacry, May 2017 ? ransomeware affecting the whole world (e.g. hospitals in the U.K.) ? KRACK: Key Reinstallation Attack, October 2017 ? Replay attack on Wi-Fi ProtectedAccess protocol ? Spectre and Meltdown, January 2018 ? Spectre: vulnerability that allows observable side effects from mispredicted speculative executions ? Meltdown: hardware vulnerability that allows to read all memory MOTIVATION FOR QUALITY
- 6. 6 IOT ARCHITECTURE The Three Software StacksRequired for IoTArchitectures,Eclipse IoTWorking Group,September 2016 telemetry commands telemetry commands
- 7. 7 ? IoT devices, ? Mikrocontroller (MCU), ? Gateways (Bosch XDK, IoT starterkits) ? IoT platforms ? RIOT, relayr, Thread, mbed´ ? service layer (oneM2M, FiWare) ? IoT protocols ? Constrained Application Protocol (CoAP) ? MQ Telemetry Transport (MQTT) IoT challenges: complexity, asynchronism, resource constraints, long operation phase STARTING: TEST OBJECTS LPWAN LoRa oneM2M
- 8. 8 After the acceptance and system tests there will be a long operation phase => new test phase ?operation^ LONG OPERATION LIFETIME
- 9. 9 ? Wide portfolio of competences required ? Devices (sensors, HW, embedded SW) ? Platforms (Cloud, platform domain knowledge) ? Applications (SW, dashboard, business logic) TECHNICAL SCOPE ? IoT platforms ? 360+ worldwide ? IoT protocols ? Rich selection ? IP-based ? non-IP based Cellular netw. Cellular: 4G, NB-IoT, Cat-M1,EC-GSM´[5G]; non-cellular: Wifi, LoRa, Sigfox ,Zigbee, BLE, ´ connectivity MQTT MQTT-SN CoAPAMQP3OPC UA XMPPHTTP1 Web Socket21|2|3 applicationIoT application logic TCP UDP SMS DTLSDTLS IPv4/IPv6(6loWPAN) transport TLS/SSL IoT services layer services´ ? Connectivity options ? Throughput ? Latency ? Power efficiency ? Packet size
- 10. 10 INTEGRATION OF SEVERAL TESTING APPROACHES IoT Testing Software Testing System Testing Security Testing Test Automation Protocol Testing
- 11. 11 ? Less resources needed (time and money) ? Avoid human mistakes due to manually testing ? During test development and execution ? Speed-up of regression tests and product time-to-market TEST AUTOMATION
- 12. 12 MULTIPLE TEST CONFIGURATION (SAMPLES)
- 13. 13 ? Toolset (selection of available means) Protocol tester/monitor (Eclipse Titan, Wireshark) Test devices (RFID kit, Bluetooth test device) GUI tester (Selenium, SikuliX, Chrome headless) Web services tester (soapUI) ´ ? Public Testsuites (in development) ? Application of a standardized notation ? Abstract and platform-independent TESTWARE
- 15. 15 ? TTCN-3 is the Testing and Test Control Notation ? Internationallystandardized testing language for formally defining test scenarios. ? Designed purely for testing CHALLENGE TEST AUTOMATION testcase Hello_Bob () { p.send(^How do you do?^); alt { []p.receive(^Fine!^); {setverdict( pass )}; [else] {setverdict( inconc )} //Bob asleep! } }
- 16. 16 ? One test technologyfor different tests ? Distributed, platform-independent testing ? Integrated graphical test development, documentation and analysis ? Adaptable, open test environment ? Areas of Testing ? Conformance and functional testing ? Interoperability and integration testing ? Real-time, performance, load and stress testing ? Security testing ? Regression testing ? Used for system and product qualification and certification DESIGN PRINCIPLES OF TTCN-3
- 17. Eclipse IoT-Testware THE IOT-T PROJECT
- 18. 18 Take available software and tools ´ ´ and adding public testuites as a result of insights from IoT testing: IOT-TESTWARE ´ https://projects.eclipse.org/projects/technology.iottestware
- 19. 19 ? Supplement to running and active Eclipse projects ? Paho, OM2M, Titan ? New project at Eclipse Foundation: https://projects.eclipse.org/projects/technology.iottestware ? TTCN-3 test suites for CoAP, MQTT, OPC-UA, LoRa? ? Assured licenses for users ? Currently in cooperation with relayr GmbH, Ericsson, LAAS/CNRS, itemis AG, Spirent Communications, Easy Global Market, Iskratel/Sintesio, ´ THE ECLIPSE PROJECT
- 20. 20 SAMPLE TESTSUITE STRUCTURE: MQTT ? Broker as SUT ? All mandatory message data fields ? Regular and illegal data (Fixed/variable header, payload) ? Protocol features ? General ? Connect/disconnect (session) ? Subscribe/unsubscribe ? Immediate publish ? Last will and Testament (LWT) ? Heartbeats keepAlive values ? Topic ? Error handling ? Client as SUT ? ´
- 21. 21 TEST DEVELOPMENT SAMPLE: MQTT TESTZIEL-KATALOG ? Test configurations ? Test Suite Structure ? Test purpose (catalogue) ? Test implementation (TTCN-3)
- 22. 22 MQTT BROKER EVALUATION (CONFORMANCE, APRIL 2018) Broker PASS FAIL INCONCLUSIVE # % # % # % HiveMQ ? 39 86,67% 4 8,89% 2 4,44% Mosquitto "1.4.15" 38 84,44% 5 11,11% 2 4,44% VerneMQ "1.3.1" 37 82,22% 5 11,11% 3 6,67% EMQ "2.2" 35 77,78% 8 17,78% 2 4,44% lannister ? 31 68,89% 12 26,67% 2 4,44% ActiveMQ "5.15.3" 29 64,44% 14 31,11% 2 4,44% aedes "v0.33.0" 26 57,78% 17 37,78% 2 4,44% RSMB ? 26 57,78% 17 37,78% 2 4,44% RabbitMQ "3.7.4" 19 42,22% 26 57,78% 0 0,00% Mosca "2.8.1" 19 42,22% 24 53,33% 2 4,44% HBMQTT 0.9 17 37,78% 28 62,22% 0 0,00% Moquette 0.10 16 35,56% 29 64,44% 0 0,00%
- 23. 23 ? Vulnerability scanner: ? in particular for web applications, zero-day/fuzzing, considerationof data bases, traffic/network analyser, program code scanner ? Penetration tester, e.g. ^SQL injection ̄ ? Intrusion detection tools ? Load test/Scalability ? Further utilities: Model-based testing (UML testing profile) and risk modelling TESTWARE: SECURITY
- 24. 24 FUZZING APPROACH CoAP ATS CoAP ETS Fuzzed Data SUT ATS: Abstract Test Suite ETS: Executable TS
- 25. 25 Results for CoAP: - Initially, 4421 fuzzed test data for CoAP were generated - After sending the data to a (local) CoAP server, it crashed after date ^1107 ̄ https://www.fokus.fraunhofer.de/de/sqc/security_testing https://github.com/fraunhoferfokus/Fuzzino/blob/master/doc/Fuzzino_XML_Description.pdf FUZZINO RESULTS AND RESOURCES
- 26. Standardization & Certification THE IOT-T PROJECT
- 27. 27 ? New Working Group (TST) will develop IoT test catalogues and specifications (not covered elsewhere) ? The types of testing include conformance, interoperability, security and performance testing ? The initial technical focus will be: ? IoT network layer (communication protocols, node connectivity, edge computing etc.), ? Basic security of IoT devices ETSI TC MTS
- 28. 28 ETSI ACTIVE WORKING ITEMS IEC 62443-4-2 CoAP MQTT LoRaWAN Vul. database
- 29. 29 BASE SECURITY CERTIFICATION SCOPE The Three Software Stacks Required for IoTArchitectures,Eclipse IoTWorking Group,September 2016 IoT-Testlab Scope (basic security level certification) telemetry commands telemetry commands
- 30. Putting everything together SUMMARY AND OUTLOOK
- 31. 31 ?Advanced testing technology: ? Open source IoT-Testware (code): ? External (open source) SW ?Standardized IoT test purposes: SUMMARY
- 33. 33 ? Adding more protocols to IoT-Testware AMQP, LWM2M, 6LoWPAN, LPWAN ? Increased security level for certification ? Cooperation/liaisons (in preparation) with ETSI TC Cyber/SmartM2M, oneM2M, OPC Foundation ... OUTLOOK
- 34. 34 Axel Rennoch, axel.rennoch@fokus.fraunhofer.de, phone +49 30 3463-7344 CONTACTS Thank you for your attention! https://www.fokus.fraunhofer.de/en/sqc