Study of Security Requirement of Smart Home Hub through Threat Modeling Analysis and Common Criteria

In a smart home environment that integrates IoT technology into a residential environment, the smart home hub provides convenience functions to users by connecting various IoT devices to the network. The smart home hub plays a role as a gateway to and from various data in the process of connecting and using IoT devices. This data can be abused as personal information because it is closely related to the living environment of the user. Such abuse of personal information may cause damage such as exposure of the user's identity. Therefore, this thesis analyzed the threat by using LINDDUN, which is a threat modeling technique for personal information protection which was not used in domestic for Smart Home Hub. We present evaluation criteria for smart home hubs using the Common Criteria, which is an international standard, against threats analyzed and corresponding security requirements.

[1]  Tai-hoon Kim,et al.  Applications, Systems and Methods in Smart Home Technology: A Review , 2010 .

[2]  Kristian Beckers,et al.  Comparing Privacy Requirements Engineering Approaches , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[3]  Wouter Joosen,et al.  LIND(D)UN privacy threat tree catalog , 2014 .

[4]  Michael Schiefer Smart Home Definition and Security Threats , 2015, 2015 Ninth International Conference on IT Security Incident Management & IT Forensics.

[5]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[6]  Ali Saman Tosun,et al.  Investigating Security and Privacy of a Cloud-Based Wireless IP Camera: NetCam , 2015, 2015 24th International Conference on Computer Communication and Networks (ICCCN).

[7]  By Ciarán Morrison What is a ‘ Smart Home ’ ? , 2019 .

[8]  Jean-Noel Colin,et al.  Strengthening access control in case of compromised accounts in smart home , 2017, 2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[9]  Wouter Joosen,et al.  LINDDUN privacy threat modeling: a tutorial , 2015 .

[10]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[11]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[12]  Ricardo Neisse,et al.  Security and privacy issues for an IoT based smart home , 2017, 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[13]  Choung Hye-Uk,et al.  Personal Information Protection Act , 2011 .

[14]  Dae-Man Han,et al.  Smart home energy management system using IEEE 802.15.4 and zigbee , 2010, IEEE Transactions on Consumer Electronics.

[15]  Thomas Brandstetter,et al.  ( in ) security in building automation how to create dark buildings with light speed , 2017 .