Cybersecurity Risk of IoT on Smart Cities

Abstract: translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevan… Show more

“…For instance, Chehida et al [47] and Nakamura et al [64] propose that the impact of attacks on assets and users should be considered in threat analysis. In contrast, Andrade et al [44] highlight the importance of considering user interactions with real-world physical devices. By adopting these approaches, researchers can develop a more nuanced understanding of the complex relationship between assets, users, and threats in the context of IoT security.…”

“…The use of a neural network allows the authors to easily decide the types of assets used, tailored to be smart city specific. Alternatively, Andrade et al [44] focus on critical assets, rather than trying to identify them all. These assets may have a much higher priority due to a higher damage potential, which may propagate within a smart city network.…”

“…For example, in the case that an information asset relies on a server, and this server is within a building [78], if the building was to be destroyed, both the information asset and server would be lost [78]. Such dependencies can allow for easier threat propagation, where if a device is dependent on other IoT nodes, the exploitation of a vulnerability can be amplified [44]. Uncovering dependencies requires the interactions and dependencies of an IoT system to be described [51] .…”

“…It divides threats into six categories, namely spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege [80]. This model has been extensively referenced in recent research on IoT security, including studies on threat analysis [49,59,69,70], threat vectors [42], and attack surfaces [44]. Therefore, utilising the STRIDE threat model can provide a solid foundation for comprehensive IoT security risk assessment and management.…”

“…To overcome this, Shivraj et al [71] simulate their proposed framework using STRIDE, DREAD, and LINDDUN, using LINDDUN to focus on privacy risks. Tseng et al [73] use the STRIDE and DREAD models to find threats and attack potentials of wearable Internet of Medical Things devices, while Andrade et al [44] use both models in the context of smart cities.…”

A Survey on Cyber Risk Management for the Internet of Things

“…For instance, Chehida et al [47] and Nakamura et al [64] propose that the impact of attacks on assets and users should be considered in threat analysis. In contrast, Andrade et al [44] highlight the importance of considering user interactions with real-world physical devices. By adopting these approaches, researchers can develop a more nuanced understanding of the complex relationship between assets, users, and threats in the context of IoT security.…”

“…The use of a neural network allows the authors to easily decide the types of assets used, tailored to be smart city specific. Alternatively, Andrade et al [44] focus on critical assets, rather than trying to identify them all. These assets may have a much higher priority due to a higher damage potential, which may propagate within a smart city network.…”

“…For example, in the case that an information asset relies on a server, and this server is within a building [78], if the building was to be destroyed, both the information asset and server would be lost [78]. Such dependencies can allow for easier threat propagation, where if a device is dependent on other IoT nodes, the exploitation of a vulnerability can be amplified [44]. Uncovering dependencies requires the interactions and dependencies of an IoT system to be described [51] .…”

“…It divides threats into six categories, namely spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege [80]. This model has been extensively referenced in recent research on IoT security, including studies on threat analysis [49,59,69,70], threat vectors [42], and attack surfaces [44]. Therefore, utilising the STRIDE threat model can provide a solid foundation for comprehensive IoT security risk assessment and management.…”

“…To overcome this, Shivraj et al [71] simulate their proposed framework using STRIDE, DREAD, and LINDDUN, using LINDDUN to focus on privacy risks. Tseng et al [73] use the STRIDE and DREAD models to find threats and attack potentials of wearable Internet of Medical Things devices, while Andrade et al [44] use both models in the context of smart cities.…”

A Survey on Cyber Risk Management for the Internet of Things

A Survey on Cyber Risk Management for the Internet of Things

Threat models for vulnerability analysis of IoT devices for Manipulation of Demand attacks