Close this search box.

We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE – World’s first Automatic Security Analysis Testbed for IoTs established at iTrust

EXCLUSIVE - World’s first Automatic Security Analysis Testbed for IoTs established at iTrust

Research and Security Innovation Lab for IoT at SUTD’s iTrust

(Photo credit: iTrust)

In February this year, OpenGov reported on iTrust’s ( Centre for Research in Cyber Security) water testbed -the Secure Water Treatment (SWaT)- at the Singapore University of Technology and Design (SUTD). During a recent visit in October to iTrust, OpenGov learned about a new ‘Automatic Security Analysis Testbed for IoTs’ for automatically detecting and analysing Internet-of-Things (IoT) devices in a network. It is the first testbed of its kind in the world.

iTrust Research Director Prof. Yuval Elovici, who leads the research into IoT security and previously shared his expert opinions on the field, gave us an exclusive tour of the laboratory.  

He explained that at iTrust they are building full-fledged testbeds, which incorporate all the physical and computational components, replicating real world systems. This allows them to test both attack and very advanced mitigation methods. Having such high quality and one-of-a-kind testbeds in a single location helps iTrust attract researchers and collaborators from all over the world.

Prof. Elovici also talked about knowledge transfer from research to government and industry and the shortage of trained professionals in the area of cyber security.

Can you please explain the purpose of the Automatic Security Analysis Testbed for IoTs?

Automatically identifying the existence of IoTs in your network is a challenge. Many organisations do not know what IoT devices they have in their networks.

If somebody is wearing smart glasses, it is a mobile camera inside the organisation. Usually the organisation would know about where all the IP cameras are on the campus. But do they know where all the smart glasses are? No.

We have developed an amazing technology in the automatic IoT security testbed here for automatically identifying IoT devices in an organisation’s network. This technology is the first one in the world, as far as I know. We are filing a patent for it. You can bring an IoT device here and have it investigated and analysed.

It’s a moving target. We are constantly improving it. When you bring in an IoT device, I am going to understand what is the type of IoT. 

Research and Security Innovation Lab for IoT at SUTD’s iTrust – interior/ (Photo credit: iTrust)

What are the functions of the testbed?

Firstly, we analyse what operating system the IoT is using. Then we go online and check for vulnerabilities that are still open for this operating system. This also means that an attacker can likewise do a search online to find these same vulnerabilities and get instructions on how to exploit them.

We give the user an analysis report, telling them how easy it is to attack this IoT, and the potential impact of every known vulnerability on this IoT device.

In addition, we want to develop technologies that are able to determine whether a specific IoT that is brought in is already compromised and under the control of an attacker.

We also want to be able to determine what information is the IoT collecting from its owner. The amount of information collected by IoT devices is staggering. If you put any such device in the testbed, we can tell you if it is collecting information about you that it is not supposed to, and what is the connection between the usage and sending of information to the manufacturer. However, the risk of potential hackers is a bigger concern than the manufacturer collecting the data.

We are also investigating the privacy aspects of IoT devices. For example, you open the fridge and it sends that information to the manufacturer that somebody has just opened the fridge. This is very valuable information, and divulging this may compromise your privacy. You might want to hide the fact that you are at home, yet because of this information someone at the manufacturer knows that you are at home.

How does the process work from research to adoption in the outside world?

It varies. Our research is funded by various governmental agencies. Usually the transfer of knowledge is to the government agencies. Later on, we hope that companies are going to adopt the research results.

The corporate lab with STE has a mechanism which aids in a smoother and faster transfer of results from universities to the company. STE also brings to us the specific users who can take the outcome of whatever we are developing in the laboratory to the industry.

On the other hand, open-ended research is also very important. It is important to have some flexibility for academia because sometimes the industry focuses on immediate problems that are hampering their operations. We sometimes need to think a little bit further, for the long term. At iTrust, we have the freedom to think about things for the future. Then we can transfer the knowledge to either start-up companies or companies who want to commercialise the technologies we develop.

Are there any other areas of focus for iTrust?

The role of iTrust and the corporate lab is not only in developing and transferring concrete technologies. It is also to train people and create the required skill set within the domain of cyber security. That in my opinion is the most important KPI (Key Performance Indicator) for the university.

That's why we are launching a Master of Science in Security by Design programme. The programme will equip students to deal with cybersecurity for critical networks and infrastructure such as water, electrical grids, transportation, manufacturing, banking, telco networks and IoT devices.

There is a huge lack of manpower in the domain of cybersecurity in Singapore and globally. There is a shortage of faculty across levels.

The Cyber Security Agency of Singapore (CSA) wants to open an operational unit with cybersecurity professionals. Companies also want people. The main task we have to focus on is training and creating experts in cybersecurity.

 In many domains, rapid changes render today’s technologies irrelevant tomorrow. That is not the case in cybersecurity. Not a single problem that ever emerged has disappeared. The first malware that surfaced is still here today. The number of years you are working in this area is a huge asset, as opposed to other domains where some of working experience is not relevant anymore. In cybersecurity, every year of experience spent honing expertise is relevant.

There are not enough experienced people in the market. If there are, the banks and other financial institutions will be the first in line to take them. As banks move more and more towards e-banking, they need more cybersecurity experts. They are also sought after for defending critical cyber-physical infrastructure, as they are getting more and more computerised and connected.

In fact, every domain that is becoming computerised needs cyber security professionals. If you are going to have autonomous driving, you are going to need cybersecurity people. We are not keeping pace in generating these graduates. There is a shortage of experts working in research too. That is the challenge we must surmount. 

Press release announcing the programme: SUTD Launches Singapore’s One-of-a-Kind Master of Science in Security by Design


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit