Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices

Matheu, Sara N.; Hernández-Ramos, José L.; Skarmeta, Antonio F.; Baldini, Gianmarco

doi:10.1016/j.csi.2018.08.003

Cited by 71 publications

(58 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, risk quantification was only indicative and of qualitative nature. Further work is needed in the direction of systematic risk quantification, including approaches for data- and evidence-driven risk quantification [91]. While this is highly important for IoT endpoint devices, overall IoT network security is only as good as its weakest link and a weak node may have scalable negative impacts to the whole IoT network.…”

Section: Discussion and Related Future Workmentioning

confidence: 99%

A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

Tedeschi

Emmanouilidis

Mehnen

et al. 2019

Sensors

View full text Add to dashboard Cite

The Internet of Things (IoT) has significant potential in upgrading legacy production machinery with monitoring capabilities to unlock new capabilities and bring economic benefits. However, the introduction of IoT at the shop floor layer exposes it to additional security risks with potentially significant adverse operational impact. This article addresses such fundamental new risks at their root by introducing a novel endpoint security-by-design approach. The approach is implemented on a widely applicable production-machinery-monitoring application by introducing real-time adaptation features for IoT device security through subsystem isolation and a dedicated lightweight authentication protocol. This paper establishes a novel viewpoint for the understanding of IoT endpoint security risks and relevant mitigation strategies and opens a new space of risk-averse designs that enable IoT benefits, while shielding operational integrity in industrial environments.

show abstract

Section: Discussion and Related Future Workmentioning

confidence: 99%

A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

Tedeschi

Emmanouilidis

Mehnen

et al. 2019

Sensors

View full text Add to dashboard Cite

show abstract

“…For example, this information could include results of testing processes carried out during the manufacturing process, as well as a model-based representation and description of the ICT artifact itself. 10 Furthermore, as described in the Section "Increasing Cybersecurity Awareness," the Cybersecurity Act mentions the need to provide additional information about an ICT artifact, including security guidelines and recommendations to help end users with configuration, installation, deployment, operation, and maintenance. For example, in the case of specific-purpose artifacts (i.e., IoT devices), the recent Manufacturer Usage Description (MUD) standard 14 could be used to foster a secure and automated deployment of a certain IoT device, as proposed by Neisse et al 11 An additional aspect is related to the software libraries that are part of the artifact.…”

Section: Use Case Scenariomentioning

confidence: 99%

“…To cope with these aspects, we propose to partition our platform in multiple interconnected (block)chains deployed across MS following a hierarchical approach based on interledger mechanisms. 9 In our proposed platform, an EU Cybersecurity Chain is maintained at EU level by a consortium of all MS to support the coordination and interconnection of different chains at MS level to manage manufacturer/provider information and the ICT artifact lifecyle (e.g., updates, and patches), cybersecurity certification information, 10 and responsible vulnerability disclosure. Unlike a simple network of national servers, the advantage of our blockchain-based approach is that it enables collaboration, cooperation, and ensures transparency and immutability of the cybersecurity information to be shared among stakeholders across sectors/ countries.…”

mentioning

confidence: 99%

An Interledger Blockchain Platform for Cross-Border Management of Cybersecurity Information

Neisse

Hernández-Ramos

Matheu

et al. 2020

IEEE Internet Comput.

Self Cite

View full text Add to dashboard Cite

Cybersecurity certification is a core notion to support the mitigation of cybersecurity risks of Information and Communication Technologies (ICT). At the European Union (EU) level, the Cybersecurity Act establishes a common cybersecurity certification framework supporting the coexistence of different certification schemes across Member States. However, its realization needs to be sustained by technical approaches to enable ICT stakeholders from different sectors or countries to exchange cybersecurity information and evaluate the up-to-date security level of an ICT system throughout their lifecycle. Toward this end, we propose a blockchain-based platform using a novel interledger design, where ledgers associated with ICT artifacts, cybersecurity certificates, and vulnerabilities are interconnected. The main purpose is to leverage the advantages of blockchain in terms of distributed trust, transparency, and accountability, while at the same time coping with scalability, performance, and interoperability requirements. We analyze the impact of our platform in the current EU legislation and provide insights for its deployment.

show abstract

“…Towards this end, the creator proposes a security certification the methodology implemented for IoT to empower different stakeholders with the power to realize security solutions for large-scale IoT services in an automatic system.. It also supports transparency on the IoT security level system to the consumers because the methodology able to provides a label together with the main results of the certification procedures [18].…”

Section: Related Workmentioning

confidence: 99%

Automatic Port Scanner

Mohammed¹

2020

IJISRT

View full text Add to dashboard Cite

In a computer network, an attack is an attempt to destroy or steal unauthorized information or make use of information as an asset. One of the attacks is a reconnaissance attack considered as the first step of a computer attack. This type of attack is mostly done by a black hat, an expert in the programmer, by scanning the internal network devices and gather vulnerability information. In this paper, shows the identification of open ports and services through the network and available IP on the network are possible to attack.

show abstract

Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices

Cited by 71 publications

References 27 publications

A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

An Interledger Blockchain Platform for Cross-Border Management of Cybersecurity Information

Automatic Port Scanner

Contact Info

Product

Resources

About