{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T11:20:58Z","timestamp":1778152858171,"version":"3.51.4"},"reference-count":38,"publisher":"MDPI AG","issue":"18","license":[{"start":{"date-parts":[[2020,9,22]],"date-time":"2020-09-22T00:00:00Z","timestamp":1600732800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010669","name":"H2020 LEIT Information and Communication Technologies","doi-asserted-by":"publisher","award":["830943"],"award-info":[{"award-number":["830943"]}],"id":[{"id":"10.13039\/100010669","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The paradigm of Internet of Things has now reached a maturity level where the pertinent research goal is the successful application of IoT technologies in systems of high technological readiness level. However, while basic aspects of IoT connectivity and networking have been well studied and adequately addressed, this has not been the case for cyber security aspects of IoT. This is nicely demonstrated by the number of IoT testbeds focusing on networking aspects and the lack of IoT testbeds focusing on security aspects. Towards addressing the existing and growing skills-shortage in IoT cyber security, we present an IoT Cyber Range (IoT-CR); an IoT testbed designed for research and training in IoT security. The IoT-CR allows the user to specify and work on customisable IoT networks, both virtual and physical, and supports the concurrent execution of multiple scenarios in a scalable way following a modular architecture. We first provide an overview of existing, state of the art IoT testbeds and cyber security related initiatives. We then present the design and architecture of the IoT Cyber Range, also detailing the corresponding RESTful APIs that help de-associate the IoT-CR tiers and obfuscate underlying complexities. The design is focused around the end-user and is based on the four design principles for Cyber Range development discussed in the introduction. Finally, we demonstrate the use of the facility via a red\/blue team scenario involving a variant of man-in-the-middle attack using IoT devices. Future work includes the use of the IoT-CR by cohorts of trainees in order to evaluate the effectiveness of specific scenarios in acquiring IoT-related cyber-security knowledge and skills, as well as the IoT-CR integration with a pan-European cyber-security competence network.<\/jats:p>","DOI":"10.3390\/s20185439","type":"journal-article","created":{"date-parts":[[2020,9,22]],"date-time":"2020-09-22T09:40:56Z","timestamp":1600767656000},"page":"5439","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["Addressing the Security Gap in IoT: Towards an IoT Cyber Range"],"prefix":"10.3390","volume":"20","author":[{"given":"Oliver","family":"Nock","sequence":"first","affiliation":[{"name":"Faculty of Science and Technology, Department of Computing and Informatic, Bournemouth University, Poole, Dorset BH12 5BB, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jonathan","family":"Starkey","sequence":"additional","affiliation":[{"name":"Faculty of Science and Technology, Department of Computing and Informatic, Bournemouth University, Poole, Dorset BH12 5BB, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Constantinos Marios","family":"Angelopoulos","sequence":"additional","affiliation":[{"name":"Faculty of Science and Technology, Department of Computing and Informatic, Bournemouth University, Poole, Dorset BH12 5BB, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,9,22]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Marzano, A., Alexander, D., Fonseca, O., Fazzion, E., Hoepers, C., Steding-Jessen, K., Chaves, M.H., Cunha, \u00cd., Guedes, D., and Meira, W. (2018, January 25\u201328). The evolution of bashlite and mirai iot botnets. Proceedings of the 2018 IEEE Symposium on Computers and Communications (ISCC), Natal, Brazil.","DOI":"10.1109\/ISCC.2018.8538636"},{"key":"ref_2","unstructured":"BBC (2020, April 15). Mirai Botnet: Three Admit Creating and Running Attack Tool. Available online: https:\/\/www.bbc.co.uk\/news\/technology-42342221."},{"key":"ref_3","unstructured":"Solon, O. (2020, May 12). Team of Hackers Take Remote Control of Tesla Model S from 12 Miles Away. Available online: https:\/\/www.theguardian.com\/technology\/2016\/sep\/20\/tesla-model-s-chinese-hack-remote-control-brakes."},{"key":"ref_4","unstructured":"Vogel, R. (2016). Closing the Cybersecurity Skills Gap, Charles Sturt University. Available online: https:\/\/www.academia.edu\/25380112\/CLOSING_THE_CYBERSECURITY_SKILLS_GAP."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Schwab, S., and Kline, E. (20199, January 17\u201319). Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. Proceedings of the 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden.","DOI":"10.1109\/EuroSPW.2019.00017"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Yamin, M.M., Katt, B., and Gkioulos, V. (2020). Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Comput. Secur., 88.","DOI":"10.1016\/j.cose.2019.101636"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Kavallieratos, G., Katsikas, S.K., and Gkioulos, V. (2019, January 8). Towards a cyber-physical range. Proceedings of the 5th on Cyber-Physical System Security Workshop, Auckland, New Zealand.","DOI":"10.1145\/3327961.3329532"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1016\/j.sysarc.2019.04.004","article-title":"Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios","volume":"97","author":"Ficco","year":"2019","journal-title":"J. Syst. Archit."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1109\/MCOM.2011.6069710","article-title":"A survey on facilities for experimental internet of things research","volume":"49","author":"Gluhak","year":"2011","journal-title":"IEEE Commun. Mag."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Munoz, J., Rincon, F., Chang, T., Vilajosana, X., Vermeulen, B., Walcarius, T., Van de Meerssche, W., and Watteyne, T. (May, January 29). OpenTestBed: Poor Man\u2019s IoT Testbed. Proceedings of the IEEE INFOCOM 2019-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Paris, France.","DOI":"10.1109\/INFCOMW.2019.8845269"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"\u010celeda, P., Vykopal, J., \u0160v\u00e1bensk\u1ef3, V., and Slav\u00ed\u010dek, K. (2020, January 11\u201314). KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems. Proceedings of the 51st ACM Technical Symposium on Computer Science Education, Portland, OR, USA.","DOI":"10.1145\/3328778.3366908"},{"key":"ref_12","unstructured":"Technologies, R.B. (2020, February 24). What Is GENI. Available online: https:\/\/www.geni.net\/about-geni\/what-is-geni\/."},{"key":"ref_13","unstructured":"GENI-NSF (2020, February 26). GENI: Global Environment for Network Innovations. Available online: https:\/\/github.com\/GENI-NSF."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/j.bjp.2013.12.037","article-title":"GENI: A federated testbed for innovative network experiments","volume":"61","author":"Berman","year":"2014","journal-title":"Comput. Netw."},{"key":"ref_15","unstructured":"Union, E. (2020, February 24). Federated Interoperable Semantic IoT Testbeds and Applications. Available online: http:\/\/fiesta-iot.eu\/index.php\/iot-experiments-as-a-service\/."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Kalatzis, N., Routis, G., Roussaki, I., and Papavassiliou, S. (2018, January 4\u20137). Enabling data interoperability for federated IoT experimentation infrastructures. Proceedings of the 2018 Global Internet of Things Summit (GIoTS), Bilbao, Spain.","DOI":"10.1109\/GIOTS.2018.8534555"},{"key":"ref_17","unstructured":"Wauters, T., Vermeulen, B., Vandenberghe, W., Demeester, P., Taylor, S., Baron, L., Smirnov, M., Al-Hazmi, Y., Willner, A., and Sawyer, M. (2014, January 23\u201326). Federation of Internet experimentation facilities: Architecture and implementation. Proceedings of the IEEE European Conference on Networks and Communications 2014 (EuCNC\u20192014), Bologna, Italy."},{"key":"ref_18","unstructured":"Labs, I. (2020, May 20). Immersive Labs. Available online: https:\/\/www.immersivelabs.com\/."},{"key":"ref_19","unstructured":"Box, H.T. (2020, May 20). Hack The Box\u2014Penetration Testing Labs. Available online: https:\/\/www.hackthebox.eu\/."},{"key":"ref_20","unstructured":"TryHackMe (2020, May 20). TryHackMe | Hacking Training. Available online: https:\/\/tryhackme.com\/."},{"key":"ref_21","unstructured":"Union, E. (2020, July 06). Horizon 2020. Available online: https:\/\/ec.europa.eu\/programmes\/horizon2020\/en."},{"key":"ref_22","unstructured":"Network, E. (2020, July 06). ECHO Project Summary. Available online: https:\/\/echonetwork.eu\/project-summary\/."},{"key":"ref_23","unstructured":"Union, E. (2020, July 06). Concordia. Available online: https:\/\/www.concordia-h2020.eu\/."},{"key":"ref_24","unstructured":"ANSII (2020, July 06). SPARTA\u2014A Cybersecurity Competence Network to Coordinate Research, Innovation and Training within the European Union. Available online: https:\/\/www.ssi.gouv.fr\/en\/actualite\/sparta-a-cybersecurity-competence-network-to-coordinate-research-innovation-and-training-within-the-european-union\/."},{"key":"ref_25","unstructured":"Union, E. (2020, July 06). Cyber Security for Europe. Available online: https:\/\/cybersec4europe.eu\/about\/."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"European Union Agency For Network and Information Security (2017). Priorities for EU Research, Network and Security.","DOI":"10.1016\/S1353-4858(17)30090-9"},{"key":"ref_27","unstructured":"NIST (2020, August 25). The Cyber Range: A Guide, Available online: :https:\/\/www.nist.gov\/system\/files\/documents\/2020\/06\/25\/TheCyberRange-AGuide(NIST-NICE)(Draft)-062420_1315.pdf."},{"key":"ref_28","unstructured":"IBM (2020, March 11). RESTful API Design Methodology. Available online: https:\/\/www.ibm.com\/support\/knowledgecenter\/SSRASJ8.8.0\/com.ibm.ima.ugsoa\/soa\/InfoSphere\/restful\/restfulintro.html."},{"key":"ref_29","unstructured":"Lignan, A. (2016). Zolertia RE-Mote Platform, Github. Available online: https:\/\/github.com\/Zolertia\/Resources\/wiki\/RE-Mote."},{"key":"ref_30","unstructured":"Foundation, P.S. (2020, May 04). Welcome to Python.org. Available online: https:\/\/www.python.org\/."},{"key":"ref_31","unstructured":"Pallets (2020, May 04). Flask Project. Available online: https:\/\/palletsprojects.com\/p\/flask\/."},{"key":"ref_32","unstructured":"Group, W.H.A.T.W. (2020, May 04). Web Hypertext Application Technology Working Group. Available online: https:\/\/whatwg.org\/."},{"key":"ref_33","unstructured":"Cosortium, W.W.W. (2020, May 04). Cascading Style Sheets. Available online: https:\/\/www.w3.org\/Style\/CSS\/."},{"key":"ref_34","unstructured":"Stenberg, D. (2020, May 04). Curl. Available online: https:\/\/curl.haxx.se\/."},{"key":"ref_35","unstructured":"Torvalds, L. (2020, May 04). Git. Available online: https:\/\/git-scm.com\/."},{"key":"ref_36","unstructured":"Consortium, S. (2020, May 04). SQLIte Home Page. Available online: https:\/\/sqlite.org\/index.html\/."},{"key":"ref_37","unstructured":"Dunkels, A., Gronvall, B., and Voigt, T. (2004, January 16\u201318). Contiki-a lightweight and flexible operating system for tiny networked sensors. Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks, Tampa, FL, USA."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Noman, U.A., Negash, B., Rahmani, A.M., Liljeberg, P., and Tenhunen, H. (2017, January 8\u201311). From threads to events: Adapting a lightweight middleware for Contiki OS. Proceedings of the 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA.","DOI":"10.1109\/CCNC.2017.7983156"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/18\/5439\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:12:30Z","timestamp":1760177550000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/18\/5439"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,22]]},"references-count":38,"journal-issue":{"issue":"18","published-online":{"date-parts":[[2020,9]]}},"alternative-id":["s20185439"],"URL":"https:\/\/doi.org\/10.3390\/s20185439","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,9,22]]}}}