A Multi-Tiered Defense Model for the Security Analysis of Critical Facilities in Smart Cities

The design and development of future smart city services will usher with unprecedented creativity, a plethora of functionalities and conveniences to the urban communities. The success of smart city services depends on the assurance that security is maintained and protected to meet community expectations. However, due to the variety of components involved in the design of smart city services and their complex interactions, it becomes challenging to properly assess the overall security of the system throughout the service life cycle. This paper presents a holistic approach to model the security of smart city service infrastructure at a higher level of abstraction. To match realistic security deployments, the proposed model is based on multiple tiers of defense that includes defense at component level, system level, and security operation center. For a given system configuration and component vulnerability vector, the model assesses key security parameters for a variety of attacks. The proposed model is generic and can be used for studying the security of various smart city infrastructures, deployment configurations, and attack vectors.

[1]  David R. Gilbert,et al.  Automatic validation of computational models using pseudo-3D spatio-temporal model checking , 2014, BMC Systems Biology.

[2]  Kyungho Lee,et al.  Security Risk Measurement for Information Leakage in IoT-Based Smart Homes from a Situational Awareness Perspective , 2019, Sensors.

[3]  Jin B. Hong,et al.  A framework for automating security analysis of the internet of things , 2017, J. Netw. Comput. Appl..

[4]  Samir Ouchani,et al.  Security analysis of socio-technical physical systems , 2015, Comput. Electr. Eng..

[5]  Andrew P. Martin,et al.  Threat-Based Security Analysis for the Internet of Things , 2014, 2014 International Workshop on Secure Internet of Things.

[6]  Yashwant K. Malaiya,et al.  Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics , 2011 .

[7]  Daniel Hoffman,et al.  Towards a foundation for a collaborative replicable smart cities IoT architecture , 2017, SCOPE@CPSWeek.

[8]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[9]  Amjad Ali,et al.  Data security and threat modeling for smart city infrastructure , 2015, 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC).

[10]  Qazi Mamoon Ashraf,et al.  Autonomic schemes for threat mitigation in Internet of Things , 2015, J. Netw. Comput. Appl..

[11]  Siddharth Sridhar,et al.  A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controllers , 2019, J. Comput. Inf. Sci. Eng..

[12]  Joerg Swetina,et al.  Toward a standardized common M2M service layer platform: Introduction to oneM2M , 2014, IEEE Wireless Communications.

[13]  Flemming Nielson,et al.  Quantitative Verification and Synthesis of Attack-Defence Scenarios , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[14]  Cleotilde González Decision Support for Real-Time, Dynamic Decision-Making Tasks , 2005 .

[15]  Jin-cui Yang,et al.  Security model and key technologies for the Internet of things , 2011 .

[16]  Dmitry P. Zegzhda,et al.  Applying Large-scale Adaptive Graphs to Modeling Internet of Things Security , 2014, SIN.

[17]  C. Levy-Bencheton,et al.  Cyber security and resilience of intelligent public transport: good practices and recommendations , 2015 .

[18]  Mohamed Elhoseny,et al.  Data Security and Challenges in Smart Cities , 2018, Security in Smart Cities: Models, Applications, and Challenges.

[19]  Zheng Yan,et al.  SecIoT: a security framework for the Internet of Things , 2016, Secur. Commun. Networks.

[20]  Atif Alamri,et al.  Privacy-Preserved, Provable Secure, Mutually Authenticated Key Agreement Protocol for Healthcare in a Smart City Environment , 2019, IEEE Access.

[21]  Suku Nair,et al.  A Predictive Framework for Cyber Security Analytics using Attack Graphs , 2015, ArXiv.

[22]  Jose L. Hernandez-Ramos,et al.  Toward a Cybersecurity Certification Framework for the Internet of Things , 2019, IEEE Security & Privacy.

[23]  Sokwoo Rhee Catalyzing the Internet of Things and smart cities: Global City Teams Challenge , 2016, 2016 1st International Workshop on Science of Smart City Operations and Platforms Engineering (SCOPE) in partnership with Global City Teams Challenge (GCTC) (SCOPE - GCTC).

[24]  Cleotilde Gonzalez,et al.  Effects of cyber security knowledge on attack detection , 2015, Comput. Hum. Behav..

[25]  Sabu M. Thampi,et al.  Vulnerability-based risk assessment and mitigation strategies for edge devices in the Internet of Things , 2019, Pervasive Mob. Comput..

[26]  Yuval Elovici,et al.  Piping Botnet - Turning Green Technology into a Water Disaster , 2018, ArXiv.

[27]  Tatjana Kapus Using PRISM model checker as a validation tool for an analytical model of IEEE 802.15.4 networks , 2017, Simul. Model. Pract. Theory.

[28]  Saša Radomirović,et al.  Towards a Model for Security and Privacy in the Internet of Things , 2010 .

[29]  Peter Dittrich,et al.  Formal Quantitative Analysis of Reaction Networks Using Chemical Organisation Theory , 2016, CMSB.

[30]  Budi Rahardjo,et al.  Attack scenarios and security analysis of MQTT communication protocol in IoT system , 2017, 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI).

[31]  Marta Z. Kwiatkowska,et al.  Automated Verification Techniques for Probabilistic Systems , 2011, SFM.

[32]  Christian von Essen,et al.  Synthesizing efficient systems in probabilistic environments , 2015, Acta Informatica.

[33]  Ashraf Darwish,et al.  Security and Privacy in Smart City Applications and Services: Opportunities and Challenges , 2019, Advanced Sciences and Technologies for Security Applications.

[34]  Ufuk Topcu,et al.  Synthesis of Human-in-the-Loop Control Protocols for Autonomous Systems , 2016, IEEE Transactions on Automation Science and Engineering.

[35]  Zahid Anwar,et al.  IoTRiskAnalyzer: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things , 2017, IEEE Access.

[36]  Mourad Debbabi,et al.  Transportation risk analysis using probabilistic model checking , 2015, Expert Syst. Appl..

[37]  John McHugh,et al.  A Human Capital Model for Mitigating Security Analyst Burnout , 2015, SOUPS.