SEPP 2.0—Advanced IoT Hacking Scenarios for Hands-On Security Education

James Alexander Gordon on 30th October 2025



Author Information

Dominic Hauser, Ostbayerische Technische Hochschule Regensburg, Germany
Julian Graf, Ostbayerische Technische Hochschule Regensburg, Germany
Sebastian Fischer, Ostbayerische Technische Hochschule Regensburg, Germany

Abstract

This paper presents SEPP 2.0 (Security Education and Penetration-Testing Platform), the second stage of a practical teaching platform designed to strengthen IoT security education through direct interaction with real devices. Building on the first SEPP version, which was successfully presented and published at IAFOR (Hauser et al., 2025), SEPP 2.0 extends the concept with a larger set of structured, course-aligned exercises within the IoT Security program at Ostbayerische Technische Hochschule Regensburg (OTH Regensburg). The platform integrates real IoT devices such as smart plugs, light bulbs, smart locks, and a Raspberry Pi into a portable suitcase environment. Each exercise is designed to make typical security weaknesses and attack steps tangible for students. The sequence of tasks reflects realistic phases of a security assessment—from information gathering and configuration review to network and communication analysis. Common tools are applied in a guided and safe context to observe network behavior, detect insecure communication, and understand reproducible attack patterns such as replay or denial-of-service. SEPP 2.0 connects these technical elements with reflective learning on current standards and regulations, including ETSI EN 303 645 and the EU Cyber Resilience Act. This combination helps students not only identify vulnerabilities but also translate them into technical and organizational protection requirements. Beyond its local use at OTH Regensburg, SEPP 2.0 was developed with transferability in mind. Its modular structure and detailed documentation allow other universities to adopt, adapt, and expand the platform to fit their own cybersecurity or engineering curricula, making SEPP 2.0 a sustainable model for practice-oriented security education.


Paper Information

Conference: ACEID2026
Stream: Design

This paper is part of the ACEID2026 Conference Proceedings (View)
Full Paper
View / Download the full paper in a new tab/window

To cite this article:
Hauser D., Graf J., & Fischer S. (2026) SEPP 2.0—Advanced IoT Hacking Scenarios for Hands-On Security Education ISSN: 2189-101X – The Asian Conference on Education & International Development 2026 Official Conference Proceedings (pp. 375-386) https://doi.org/10.22492/issn.2189-101X.2026.31
To link to this article: https://doi.org/10.22492/issn.2189-101X.2026.31

Comments & Feedback

Place a comment using your LinkedIn profile

Comments

Share on activity feed

Powered by WP LinkPress

Share this Research

Posted by James Alexander Gordon

All Posts