RESFIT: A Reputation and Security Monitoring Platform for IoT Applications

Arseni, Ștefan-Ciprian; Chifor, Bogdan-Cosmin; Coca, Mihai; Medvei, Mirabela Melinda; Bica, Ion; Matei, Ioana

doi:10.3390/electronics10151840

Cited by 4 publications

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Only a few solutions applied metrics to the transport/network layer (IV-B3)(IV-B3)(IV-B3) [39], [47]. Most solutions focused on the other two layers, perception and application [2], [20], [22], [24], [27], [41], [42], [48], [49], [50]. Security metrics in IoT must be considered for each layer to be reliable.…”

Section: Rq: Which Attack Types Can the Metric Detect?mentioning

confidence: 99%

Quantifying IoT Security Parameters: An Assessment Framework

Ebad

2023

IEEE Access

View full text Add to dashboard Cite

Several attempts have been made to propose metrics that quantify the parameters of existing solutions to improve the security of IoT systems. This paper presents a framework to classify and compare these metrics based on a set of attributes that can be used to answer the research questions. Forty-six metrics from the literature were analyzed, classified, and compared according to the developed framework. They were divided into two main categories according to the metric's source, i.e., internal and external sources. Then, they were further divided into seven sub-categories: size, time, numbering/scoring, checklist, blockchain, device integration effort, and legislation. There are eight widely used metrics among the existing IoT solutions: throughput, packet loss rate, jitter, password, security transmission rate, resilience, average energy consumption, and blockchain-related metrics (i.e., technical metrics). The simulation technique is the most common validation method among the current IoT solutions. Furthermore, the results revealed a gap in four aspects of proposing metrics for measuring security parameters. These aspects include the network/transport IoT layer, blockchain, legislation, and the use of data science in simulation research methodologies.

show abstract

Section: Rq: Which Attack Types Can the Metric Detect?mentioning

confidence: 99%

Quantifying IoT Security Parameters: An Assessment Framework

Ebad

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Analyzing the sources of the above table, we can say that in [69,78,80,83,85,86] the authors built schematic models to demonstrate their usefulness, and in [71,[73][74][75][76][77]81,82,84,[87][88][89][90] the authors cited models either existing, described in words or only mathematically. This approach may not be clear to everyone, and may also cause difficulties.…”

Section: Name Of the Property Publication A Brief Descriptionmentioning

confidence: 99%

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

et al. 2022

View full text Add to dashboard Cite

Information security is one of the most important attributes of distributed systems that often operate on unreliable networks. Enabling security features during the development of a distributed system requires the careful analysis of potential attacks or threats in different contexts, a process often referred to as «threat modeling». Information protection should be comprehensive, but it is also necessary to take into account the possibility of the emergence of threats specific to a certain information system. Many public and private organizations are still trying to implement system models and the threats directed at them on their own. The main reason for this is the lack of useful and high-quality methodologies that can help developers design system models. This review explores a variety of the literature on confidentiality- and integrity-aware system design methodologies, as well as threat classification methods, and identifies key issues that may be referenced by organizations to make design system processes easier. In particular, this article takes a look at the extent to which existing methodologies cover objects of protection and methods of classifying threats, as well as whether there are such models of systems in which the object itself and the threats directed at it are described. This includes whether the compiled models exhibit symmetry or asymmetry. This literature research shows that methodologies appear to be heterogeneous and versatile, since existing methodologies often only focus on one object of protection (a system). Based on the given analysis, it can be concluded that the existing methodologies only relate superficially to the description of system models and threats, and it is necessary to develop a more complete abstract model of the protected object and threats aimed at it in order to make this model suitable for any organization and protect it against most threats.

show abstract