Security Awareness in the Internet of Everything

Our societal infrastructure is transforming into a connected cyber-physical system of systems, providing numerous opportunities and new capabilities, yet also posing new and reinforced risks that require explicit consideration. This chapter addresses risks specifically related to cyber-security. One contributing factor, often neglected, is the level of security education of the users. Another factor, often overlooked, concerns security-awareness of the engineers developing cyber-physical systems. Authors present results of interviews with developers and surveys showing that increase in security-awareness and understanding of security risks, evaluated as low, are the first steps to mitigate the risks. Authors also conducted practical evaluation investigating system connectivity and vulnerabilities in complex multi-step attack scenarios. This chapter advocates that security awareness of users and developers is the foundation to deployment of interconnected system of systems, and provides recommendations for steps forward highlighting the roles of people, organizations and authorities.

[1]  Nirwan Ansari,et al.  Security services in group communications over wireless infrastructure, mobile ad hoc, and wireless sensor networks , 2007, IEEE Wireless Communications.

[2]  David M. Nicol,et al.  Designed-in Security for Cyber-Physical Systems , 2014, IEEE Secur. Priv..

[3]  Mario Gerla,et al.  Physical layer security in wireless smart grid , 2012, IEEE Communications Magazine.

[4]  Eric Armengaud,et al.  SAHARA: A security-aware hazard and risk analysis method , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[5]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[6]  John Paul Dunning,et al.  Taming the Blue Beast: A Survey of Bluetooth Based Threats , 2010, IEEE Security & Privacy.

[7]  Yuguang Fang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Trans. Wirel. Commun..

[8]  Mahadev Satyanarayanan,et al.  The Role of Cloudlets in Hostile Environments , 2013, IEEE Pervasive Comput..

[9]  Zhu Han,et al.  Coordinated data-injection attack and detection in the smart grid: A detailed look at enriching detection solutions , 2012, IEEE Signal Processing Magazine.

[10]  Martin Törngren,et al.  Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things , 2016 .

[11]  Henrik Artman,et al.  The security awareness paradox: A case study , 2014, 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014).

[12]  C. Defiore,et al.  Computer Security and Networking Protocols: Technical Issues in Military Data Communications Networks , 1980, IEEE Trans. Commun..

[13]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[14]  Pan Hui,et al.  Optimal Distributed Malware Defense in Mobile Networks with Heterogeneous Devices , 2014, IEEE Transactions on Mobile Computing.

[15]  Martin Törngren,et al.  Security-aware development of cyber-physical systems illustrated with automotive case study , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[16]  Seon-Ho Park,et al.  Active Cyber Attack Model for Network System's Vulnerability Assessment , 2008, 2008 International Conference on Information Science and Security (ICISS 2008).

[17]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[18]  Stefano Zanero,et al.  Studying Bluetooth Malware Propagation: The BlueBag Project , 2007, IEEE Security & Privacy.

[19]  Pim Tuyls,et al.  Anti-counterfeiting with hardware intrinsic security , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[20]  Nektarios Georgios Tsoutsos,et al.  Fabrication Attacks: Zero-Overhead Malicious Modifications Enabling Modern Microprocessor Privilege Escalation , 2014, IEEE Transactions on Emerging Topics in Computing.

[21]  Gary McGraw,et al.  Interview: Software Security in the Real World , 2010, Computer.