Threat-Based Security Analysis for the Internet of Things

The Internet of Things (IoT) is an emerging paradigm focusing on the inter-connection of things or devices to each other and to the users. This technology is anticipated to become an integral milestone in the development of smart homes and smart cities. For any technology to be successful and achieve widespread use, it needs to gain the trust of users by providing adequate security and privacy assurance. Despite the growing interest of the research community in IoT, and the emergence of several surveys and papers addressing its architecture and its elements, we are still lacking a thorough analysis of the security and privacy properties that are required for a system where the constituent devices vary in their capabilities. In this paper we provide a threat model based on use-cases of IoT, which can be used to determine where efforts should be invested in order to secure these systems. We conclude by recommending measures that will help in providing security and assuring privacy when using IoT.

[1]  Heng Xu,et al.  Information Privacy Concerns: Linking Individual Perceptions with Institutional Privacy Assurances , 2011, J. Assoc. Inf. Syst..

[2]  Ilangko Balasingham,et al.  Risk-based adaptive security for smart IoT in eHealth , 2012, BODYNETS.

[3]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[4]  Gang Gan,et al.  Internet of Things Security Analysis , 2011, 2011 International Conference on Internet Technology and Applications.

[5]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[6]  XuLi,et al.  The Internet of Things--A survey of topics and trends , 2015 .

[7]  Alois Knoll,et al.  Services to the Field: An Approach for Resource Constrained Sensor/Actor Networks , 2009, 2009 International Conference on Advanced Information Networking and Applications Workshops.

[8]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[9]  Pawel Rotter,et al.  A Framework for Assessing RFID System Security and Privacy Risks , 2008, IEEE Pervasive Computing.

[10]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[11]  Gerd Kortuem,et al.  Smart objects as building blocks for the Internet of things , 2010, IEEE Internet Computing.

[12]  Katrin Borcea-Pfitzmann,et al.  Privacy Implications of the Internet of Things , 2011, AmI Workshops.

[13]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[14]  Inhyok Cha,et al.  Trust in M2M communication , 2009, IEEE Vehicular Technology Magazine.

[15]  Carlo Maria Medaglia,et al.  Building Blocks of the Internet of Things: State of the Art and Beyond , 2011 .

[16]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[17]  William Yurcik,et al.  Threat Modeling as a Basis for Security Requirements , 2005 .

[18]  Cornelius Namiluko,et al.  Towards Enhancing Web Application Security Using Trusted Execution , 2013, WASH.

[19]  Mark Venables Smart meters make smart consumers [Analysis] , 2007 .

[20]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[21]  Ramjee Prasad,et al.  Proposed embedded security framework for Internet of Things (IoT) , 2011, 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE).

[22]  Justin W. Patchin,et al.  Bullying, Cyberbullying, and Suicide , 2010, Archives of suicide research : official journal of the International Academy for Suicide Research.

[23]  Florian Michahelles,et al.  Trust and Security in RFID-Based Product Authentication Systems , 2007, IEEE Systems Journal.

[24]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[25]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[26]  Yan Zhang,et al.  Vehicular Networks: Techniques, Standards, and Applications , 2009 .

[27]  Peter I. Corke,et al.  Toward trusted wireless sensor networks , 2010, TOSN.

[28]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[29]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[30]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[31]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.