A threat-model for building and home automation

Meyer, Dominik; Haase, Jan; Eckert, Marcel; Klauer, Bernd

doi:10.1109/indin.2016.7819280

Cited by 20 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Through synthesising the literature [13,15,16,34,35,[43][44][45][46][47][48][49][50][51][52][55][56][57][58][59][60][61], we have identified a number of SHAuto scenarios. In this section, we analyse these scenarios from three aspects: device control modes, automation modes, and entity communications.…”

Section: Shauto Scenariosmentioning

confidence: 99%

A Problem Analysis of Smart Home Automation: Toward Secure and Usable Communication-Based Authorization

Tay,

Zhang,

AlJanah

2024

IEEE Access

View full text Add to dashboard Cite

The advent of the Internet of Things (IoT) and Artificial Intelligence (AI) have led to the rising popularity of Smart Home Automation (SHAuto). SHAuto uses a variety of interconnected smart devices to provide life-enhancing services such as smart energy control, smart entertainment, smart healthcare, and so on. If these devices are compromised, sensitive data may be disclosed and the compromised devices or other connected devices may be maliciously controlled, threatening the privacy and safety of home occupants. Therefore, controlling access to devices in SHAuto is of paramount importance. However, due to the characteristics of the SHAuto environment, this has become a challenging issue. As a first step towards addressing this challenging issue, this paper provides a comprehensive problem analysis of SHAuto. The problem analysis consists of two parts. The first part is an in-depth analysis of various SHAuto use case scenarios covering three aspects, i.e., device control modes, automation modes, and device communications. This analysis has led to the formulation of a generic model for SHAuto. Based on this model, the second part analyses potential vulnerabilities and threats in relation to authorisation. The comprehensive problem analysis has led to a hypothesis that access to the devices can be controlled by governing device communications and the specification of a set of requirements for the design of secure and usable communication-based access control solutions for SHAuto environments.

show abstract

Section: Shauto Scenariosmentioning

confidence: 99%

A Problem Analysis of Smart Home Automation: Toward Secure and Usable Communication-Based Authorization

Tay,

Zhang,

AlJanah

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…They connect and interwork (with each other) to form a platform that provides smart services [39]. This section presents a generic description of the SHome environment to cover different SHome scenarios discussed in [40][41][42][43][44][45][46].…”

Section: Use-case Scenariomentioning

confidence: 99%

A Survey on Smart Home Authentication: Toward Secure, Multi-Level and Interaction-Based Identification

2021

View full text Add to dashboard Cite

With the increased number and reduced cost of smart devices, Internet of Things (IoT) applications such as smart home (SHome) are increasingly popular. Owing to the characteristics of IoT environments such as resource constrained devices, existing authentication solutions may not be suitable to secure these environments. As a result, a number of authentication solutions specifically designed for IoT environments have been proposed. This paper provides a critical analysis of existing authentication solutions. The major contributions of the paper are as follows. First, it presents a generic model derived from an SHome use-case scenario. Secondly, based on the model, it performs a threat analysis to identify possible means of attacks. The analysis leads to the specification of a set of desirable security requirements for the design of authentication solutions for SHome. Thirdly, based on the requirements, existing authentication solutions are analysed and some ideas for achieving effective and efficient authentication in IoT environments are proposed.

show abstract

“…Meyer et al [28] proposed the use of an attack tree to develop the threat model of buildings and home automation systems, which allows identifying the security faults in the implementation and deployment of the studies system. Casola et al [29] produced a threat catalog of known threats affecting different components of IoT with classification based on assets and categorization based on STRIDE.…”

Section: Related Workmentioning

confidence: 99%

Towards Automated Threat Modeling of Cyber-Physical Systems

Jamil

Khan

Lee

et al. 2021

2021 International Conference on Software Engineering &Amp; Computer Systems and 4th International Conference on Computational

View full text Add to dashboard Cite

Cyber-Physical System (CPS) seamlessly integrates the computation, communication, and physical components of the system. Often, a CPS controls physical objects through computation and communication and uses of real-time feedback. Threat models of such systems must consider their hardware, network, infrastructure, software, and human aspects and the interactions of these aspects. Commonly, threat modeling of such systems is based on the given system's architecture. In terms of components and interactions among these components, the architecture of a given CPS may change over time, making the threat model of the CPS rapidly obsolete-i.e., incomplete and invalid threat model. This paper poses the question: Can we automate threat modeling of a given CPS? A positive answer to the question helps to implement continuous up-to-date security assessments of CPSs-for different versions of the given system. It presents an approach to maintain the threat model of given CPSs up-to-date and reports about applying the proposed approach on Apollo Auto 3.5, an autonomous vehicle software. Unfortunately, the scalability limitation of the used architecture recovery technique prevents the recovering the Apollo Auto architecture and, consequently, the automated identification of the system's threat model.

show abstract

A threat-model for building and home automation

Cited by 20 publications

References 5 publications

A Problem Analysis of Smart Home Automation: Toward Secure and Usable Communication-Based Authorization

A Problem Analysis of Smart Home Automation: Toward Secure and Usable Communication-Based Authorization

A Survey on Smart Home Authentication: Toward Secure, Multi-Level and Interaction-Based Identification

Towards Automated Threat Modeling of Cyber-Physical Systems

Contact Info

Product

Resources

About