A Framework for Modeling and Assessing Security of the Internet of Things

Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide scale structure, it introduces many new security issues. To address the security problem, we propose a framework for security modeling and assessment of the IoT. The framework helps to construct graphical security models for the IoT. Generally, the framework involves five steps to find attack scenarios, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of defense strategies. The benefits of the framework are presented via a study of two example IoT networks. Through the analysis results, we show the capabilities of the proposed framework on mitigating impacts of potential attacks and evaluating the security of large-scale networks.

[1]  Jin-cui Yang,et al.  Security model and key technologies for the Internet of things , 2011 .

[2]  Dmitry P. Zegzhda,et al.  Applying Large-scale Adaptive Graphs to Modeling Internet of Things Security , 2014, SIN.

[3]  Mohamed Hamdi,et al.  Game-based adaptive security in the Internet of Things for eHealth , 2014, 2014 IEEE International Conference on Communications (ICC).

[4]  Ingrid Moerman,et al.  A Low-delay Protocol for Multihop Wireless Body Area Networks , 2007, 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services (MobiQuitous).

[5]  Shivakant Mishra,et al.  Countermeasures Against Traffic Analysis Attacks in Wireless Sensor Networks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[7]  David E. Culler,et al.  Taming the underlying challenges of reliable multihop routing in sensor networks , 2003, SenSys '03.

[8]  Ingrid Moerman,et al.  A survey on wireless body area networks , 2011, Wirel. Networks.

[9]  Emmanouil A. Panaousis,et al.  A game-theoretic approach for minimizing security risks in the Internet-of-Things , 2015, 2015 IEEE International Conference on Communication Workshop (ICCW).

[10]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[11]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[12]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[13]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[14]  Jin B. Hong,et al.  HARMs: Hierarchical Attack Representation Models for Network Security Analysis , 2012, AISM 2012.

[15]  Ingrid Moerman,et al.  A Secure Cross-Layer Protocol for Multi-hop Wireless Body Area Networks , 2008, ADHOC-NOW.

[16]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[17]  Saša Radomirović,et al.  Towards a Model for Security and Privacy in the Internet of Things , 2010 .

[18]  Ilangko Balasingham,et al.  Risk-based adaptive security for smart IoT in eHealth , 2012, BODYNETS.

[19]  Kwang-Cheng Chen,et al.  Information Fusion to Defend Intentional Attack in Internet of Things , 2014, IEEE Internet of Things Journal.

[20]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[21]  Boudewijn R. Haverkort,et al.  Performance and reliability analysis of computer systems: An example-based approach using the sharpe software package , 1998 .