Vulnerability Analysis of Smart Lock Using NIST SP 800-115 Method
DOI:
10.29303/jppipa.v11i8.12219Published:
2025-08-25Downloads
Abstract
Internet of Things (IoT)-based devices, such as smart locks, are becoming increasingly common in home security systems due to the convenience and efficiency they offer. However, without a strong security system, these devices can become potential targets for attacks. This study aims to evaluate and identify potential security vulnerabilities in the Dekkson ELC 9318 smart lock using the NIST SP 800-115 approach. Three authentication methods were tested in this study: PIN code, fingerprint (biometric), and RFID card. The tools used include Nmap for network scanning, Wireshark for traffic analysis, and Proxmark3 for the RFID card cloning process. The results showed several aspects that could still be improved, such as the PIN protection mechanism against brute-force attacks, the vulnerability of MIFARE Classic RFID cards that can still be replicated under certain conditions, and the need to strengthen authentication at the API endpoint to minimize the risk of unauthorized access. Meanwhile, biometric authentication proved to be more resistant to basic spoofing attempts. This research is expected to provide constructive input for the development of security systems in IoT devices, particularly smart locks.
Keywords:
Cybersecurity IoT NIST SP 800-115 Nmap Scanning Smart LockReferences
Allen, A., Mylonas, A., Vidalis, S., & Gritzalis, D. (2024). Smart homes under siege: Assessing the robustness of physical security against wireless network attacks. Computers & Security, 139, 103687. https://doi.org/10.1016/j.cose.2023.103687
Arsada, L., & Muslim, A. (2021). Penerapan Metode NIST untuk Analisis Serangan Denial of Service (DOS) pada Perangkat Internet of Things (IoT). Jurnal Ilmiah Komputasi, 20(2), 275–282. Retrieved from https://ejournal.jak-stik.ac.id/index.php/komputasi/article/view/2724
Astriani, T. (2021). Analisa Kerentanan Pada Vulnerable Docker Menggunakan Scanner Openvas Dan Docker Scan Dengan Acuan Standar Nist 800-115. JATISI (Jurnal Teknik Informatika Dan Sistem Informasi), 8(4), 2041–2050. Retrieved from https://jurnal.mdp.ac.id/index.php/jatisi/article/download/1232/506
Awal, S. M. S., & Darwis, M. (2024). State of the Art: Tantangan dan Pentingnya Standarisasi Keamanan IoT dalam Berbagai Implementasi. Jurnal Informatika & Teknologi Cerdas, 1(1), 6–11. Retrieved from https://journal.paramadina.ac.id/index.php/jitc/article/view/1015
Caballero-Gil, C., Alvarez, R., Hernández-Goya, C., & Molina-Gil, J. (2024). Research on smart-locks cybersecurity and vulnerabilities. Wireless Networks, 30(6), 5905–5917. https://doi.org/10.1007/s11276-023-03376-8
Christian S, R. (2018). Analisis Kerentanan Website Menggunakan Metode NIST SP 800-115 Dan Owasp di Diskominfo Kabupaten Bandung [Universitas Komputer Indonesia]. Retrieved from https://repository.unikom.ac.id/59554/
Darojat, E. Z., Sediyono, E., & Sembiring, I. (2022). Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner. Jurnal Sistem Informasi Bisnis, 12(1), 36–44. Retrieved from https://shorturl.asia/9LDO5
Erwan, A. N. M., Alfian, M. N. H. M., & Adenan, M. S. M. (2021). Smart door lock. International Journal of Recent Technology and Applied Science (IJORTAS), 3(1), 1–15. https://doi.org/10.36079/lamintang.ijortas-0301.194
Firmansyah, R. H., & Mukmin, C. (2023). Smart Lock Door System Basaed On Internet of Things (IoT) Using ESP32. Journal of Information Technology and Computer Science (INTECOMS), 6(2). Retrieved from https://core.ac.uk/download/pdf/587868317.pdf
Hazarah, A. (2017). Rancang Bangun Smart Door Lock Menggunakan Qr Code Dan Solenoid. Jurnal Teknologi Informatika Dan Terapan, 4(1), 5–10. Retrieved from https://shorturl.asia/Q9c7s
Lu, Y. (2021). Research on authentication encryption mechanism based on intelligent door lock vulnerability risk. MATEC Web of Conferences, 336, 8009. https://doi.org/10.1051/matecconf/202133608009
Maharani, D. E., Wicaksono, A., & Kurnianto, D. (2024). Rancangan Bangun Sistem Keamanan Pintu Menggunakan Voice Command Berbasis Internet Of Things (IOT). Retrieved from https://journals.telkomuniversity.ac.id/jett/article/download/7932/2646
Maherza, S. A., Hananto, B., & Pradnyana, I. W. W. (2023). Penetration testing terhadap website sekolah menengah atas ABC dengan metode NIST SP 800-115. Informatik: Jurnal Ilmu Komputer, 19(1), 11–27. https://doi.org/10.52958/iftk.v19i1.4697
Misailov, A. Y., Mishra, N., Lakhanpal, S., Prakash, A., & Sharma, N. (2024). Enhancing home security with IoT devices: A vulnerability analysis using the IoT security test. BIO Web of Conferences, 86, 1084. https://doi.org/10.1051/bioconf/20248601084
Nur, M., Sulistyowati, H. S., & Nurrohman, A. (2024). Penerapan Face Recognition Untuk Model Smart Lock Door Berbasis IoT. Jurnal Teknologi Informasi Dan Digital, 2(1), 152–166. Retrieved from https://banisalehjurnal.ubs.ac.id/index.php/tridi/article/view/64
Raazi, I. M., Malahayati, M., Basrul, B., Malia, R., & Fadhli, M. (2024). Analysis server security assessment of staffing management information system using the NIST SP 800-115 method at UIN Ar-Raniry Banda Aceh. Circuit: Jurnal Ilmiah Pendidikan Teknik Elektro, 8(1), 46–58. https://doi.org/10.22373/crc.v8i1.20808
Septiansyah, Q. N., & Yunianto, I. (2024). Perancangan Sistem Smart Door Lock Berbasis Internet of Things Menggunakan Aplikasi Blynk. Jurnal Komputer Dan Teknik Informatika, 1(1), 9–16. Retrieved from https://shorturl.asia/R4kNb
Silaban, R. C., & Wijaya, E. (2018). Analisis kerentanan website menggunakan metode NIST SP 800-115 dan OWASP di Diskominfo Kabupaten Bandung. Jurnal Ilmiah Komputer Dan Informatika. Retrieved from https://shorturl.asia/RYTFb
Subani, M., Ramadhan, I., Sumarno, S., & Putra, A. S. (2021). Perkembangan Internet of Think (IOT) dan Instalasi Komputer Terhadap Perkembangan Kota Pintar di Ibukota Dki Jakarta. IKRA-ITH INFORMATIKA: Jurnal Komputer Dan Informatika, 5(1), 88–93. Retrieved from https://journals.upi-yai.ac.id/index.php/ikraith-informatika/article/view/918
Utomo, I. C. (2024). Evaluasi Kerentanan Keamanan Pada Perangkat Iot: Studi Kasus Pada Smart home. The Indonesian Journal of Computer Science, 13(3). https://doi.org/0.33022/ijcs.v13i3.3994
Wardana, W., Almaarif, A., & Widjajarto, A. (2022). Vulnerability assessment and penetration testing on the xyz website using NIST 800-115 standard. Syntax Literate; Jurnal Ilmiah Indonesia, 7(1), 520–529. Retrieved from https://shorturl.asia/71GQm
Wong, S. H., & Sanudin, R. (2024). IoT-Based Smart Home Door Lock Security System Using ESP32. Evolution in Electrical and Electronic Engineering, 5(1), 195–203. Retrieved from https://publisher.uthm.edu.my/periodicals/index.php/eeee/article/view/11919
Zainuddin, A. A., Abd Rahman, A. D., Nor, R. M., Hussin, A. A. A., Mohd, N. N. M. S. N., Shamsudin, A. U., Sapuan, M. S., & others. (2024). Innovative IoT Smart Lock System: Enhancing Security with Fingerprint and RFID Technology. Malaysian Journal of Science and Advanced Technology, 360–365. https://doi.org/10.56532/mjsat.v4i4.335
Zhang, S., Man, H., Tian, L., Xu, S., & Zhao, Y.-B. (2025). Authentication of forged inked fingerprints utilizing silicone molds. Journal of Forensic Sciences. https://doi.org/10.1111/1556-4029.70111
Zúquete, A., Gomes, H., Amaral, J., & Oliveira, C. (2019). Security-Oriented Architecture for Managing IoT Deployments. Symmetry, 11(10), 1315. https://doi.org/10.3390/sym11101315
License
Copyright (c) 2025 Muhammad Abdul Aziz, Muhammad Abdul Aziz, Yusuf Eko Rohmadi, Donna Setiawati
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with Jurnal Penelitian Pendidikan IPA, agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 International License (CC-BY License). This license allows authors to use all articles, data sets, graphics, and appendices in data mining applications, search engines, web sites, blogs, and other platforms by providing an appropriate reference. The journal allows the author(s) to hold the copyright without restrictions and will retain publishing rights without restrictions.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in Jurnal Penelitian Pendidikan IPA.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
