IoTMap: Research project on heterogeneous IoT protocols modelling

by do son · September 29, 2020

IoTMap

IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is a work in progress, as a part of a Ph.D. thesis on Internet Of Things security. This repository is regularly updated as new results are obtained. This project supports 3 protocols at this time: BLE, ZigBee, and OS4I. More are coming.

How to use iotmap

More detailed documentation on how to use IoTMap with an example is available here

Start the framework:

python3 iotmap.py

IoTMap will start the neo4j database before running, however, the database is not immediately available. Sometimes the sleep of 10 seconds is enough for the database to be available, sometimes not and you need to rerun iotmap.

IoTMap provides 3 modules: Database, Modelling, and Sniffing. The sniffing module is a work in progress and not fully operational. To switch between modules, simply type the name of the module.

IoTMap > help



Core commands

=============



 Commands  Description

------------------------------

 database  Use database mode.

 sniffing  Use sniffing mode.

 exploit   Use exploit mode.





IoTMap >

Each module and functions provide a help menu to list the functions available and how to use them.

Database module

This module manages and interacts with the neo4j database.

IoTMap > database

IoTMap database > help



Core commands

=============



 Commands  Description

------------------------------

 database  Use database mode.

 sniffing  Use sniffing mode.

 exploit   Use exploit mode.





Database commands

=================



        Interact with the neo4j database.



List of available commands :

        addNodes

        clearDatabase

        exportDB

        getNodes

        help

        importDB

        importPcaps

        mergeNodes

        removeNode



For more information about any commands hit :

        <command name> -h



IoTMap database >

To populate the database you can import an existing database or Pcaps files. ImportPcaps converts Pcaps to our unified format used to generate the modeling. This module uses different extractors according to the protocol given in argument that you can find in the extractors folder. The main program chooses the appropriate extractor then runs the packets generator (gen_packets.py) in a multithreading way to generate the pcap with the unified format.

Modeling module

IoTMap modelling > help



Core commands

=============



 Commands  Description

------------------------------

 database  Use database mode.

 sniffing  Use sniffing mode.

 exploit   Use exploit mode.





Modelling commands

==================



        Map the network of IoT devices detected by sniffing.



List of available commands :

        appGraph

        compareTo

        dlGraph

        help

        nwkGraph

        option

        run

        set

        transGraph



For more information about any commands hit :

        <command name> -h



IoTMap modelling >

This program starts the Neo4J database before creating the modeling. Once the database is up, the modeling begins. It starts with the analysis of the pcap given in input to extract and create nodes then edges those link nodes. After the 4 graphs created, the result can be viewed on the web application provided by Neo4J available at http://localhost:7474/

You can also request the database directly from the web application by using a cipher request in the input box.