Threat Analysis in Dynamic Environments: The Case of the Smart Home

The rapid advancement of information and communication technologies has fostered the development and deployment of complex interrelated systems, many of which also present highly dynamic operational characteristics. These are further integrated within highly connected environments such as smart cities, smart homes, and smart cars, continuously adopting new technological developments. In this article, we focus on the smart home environment, as a case study for such ecosystems, where the integration of IoT devices increases the attack surface, evaluating whether existing risk assessment methods can be utilized for the identification and monitoring of risks, while also capturing the dynamic operational aspects. Accordingly, we review existing dynamic risk assessment methodologies and we leverage a smart home reference architecture to identify the security threats of a smart home's physical and communication viewpoints by leveraging the STRIDE methodology and Microsoft's threat modelling tool.

[1]  Shabir Ahmad,et al.  THREAT MODELLING METHODOLOGIES: A SURVEY , 2014 .

[2]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[3]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[4]  Andreas Jacobsson,et al.  A risk analysis of a smart home automation system , 2016, Future Gener. Comput. Syst..

[5]  Chih-Lin Hu,et al.  Home care with IoT support: Architecture design and functionality , 2017, 2017 10th International Conference on Ubi-media Computing and Workshops (Ubi-Media).

[6]  Ilya Kabanov,et al.  Dynamic framework for assessing cyber security risks in a changing environment , 2016, 2016 International Conference on Information Science and Communications Technologies (ICISCT).

[7]  Subhas Chandra Mukhopadhyay,et al.  Smart Homes: Design, Implementation and Issues , 2015 .

[8]  Jason R. W. Merrick,et al.  Modeling risk in the dynamic environment of maritime transportation , 2001, Proceeding of the 2001 Winter Simulation Conference (Cat. No.01CH37304).

[9]  Sachin Kumar,et al.  A Comparative Study on Information Security Risk Analysis Practices , 2012 .

[10]  Muhammad Ali Babar,et al.  Using Reference Architectures for Design and Evaluation of Web of Things Systems✶: A Case of Smart Homes Domain , 2017, Managing the Web of Things.

[11]  Georgios Kavallieratos,et al.  Cyber-Attacks Against the Autonomous Ship , 2018, CyberICPS/SECPRE@ESORICS.

[12]  Michael Schiefer Smart Home Definition and Security Threats , 2015, 2015 Ninth International Conference on IT Security Incident Management & IT Forensics.

[13]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[14]  Ali Ismail Awad,et al.  Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes , 2018, Sensors.

[15]  Syam Kumar Pasupuleti,et al.  Dynamic Security Risk Assessment in Cloud Computing Using IAG , 2018 .

[16]  Michael Weyrich,et al.  Reference Architectures for the Internet of Things , 2016, IEEE Software.

[17]  Heiner Stuckenschmidt Ontology-based information in dynamic environments , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[18]  The Industrial Internet of Things Volume G1: Reference Architecture , 2019 .

[19]  Stefano Paolo Corgnati,et al.  Insights on Smart Home Concept and Occupants’ Interaction with Building Controls , 2017 .

[20]  Paul Kearney,et al.  Cyber security of smart homes: development of a reference architecture for attack surface analysis , 2018, IoT 2018.

[21]  Dimitri Konstantas,et al.  Towards automated threat-based risk assessment for cyber security in smarthomes , 2019 .

[22]  Lingfeng Wang,et al.  An information flow security model for home area network of smart grid , 2013, 2013 IEEE International Conference on Cyber Technology in Automation, Control and Intelligent Systems.

[23]  Vivek Agrawal,et al.  A Comparative Study on Information Security Risk Analysis Methods , 2017, J. Comput..

[24]  Jinquan Zeng,et al.  Research on Dynamical Security Risk Assessment for the Internet of Things inspired by immunology , 2012, 2012 8th International Conference on Natural Computation.

[25]  Jason Edwin Stamp,et al.  A classification scheme for risk assessment methods. , 2004 .

[26]  Dimitrios Tzovaras,et al.  GHOST - Safe-Guarding Home IoT Environments with Personalised Real-Time Risk Control , 2018, Euro-CYBERSEC.