The IoT security gap: a look down into the valley between threat models and their implementation

Aufner, Peter

doi:10.1007/s10207-019-00445-y

Cited by 41 publications

(19 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2018, Bakhshi et al surveyed numerous publications referencing differing reference models and focused mainly on data ingestion and abstraction [15]. Peter Aufner reviews various threat frameworks in light of the Cisco model and concludes that gaps exist between the frameworks, IoT and security research [16].…”

Section: The Cisco Seven-layer Iot Reference Modelmentioning

confidence: 99%

IoT Network Security: Threats, Risks, and a Data-Driven Defense Framework

Wheelus

Zhu

2020

IoT

View full text Add to dashboard Cite

The recent surge in Internet of Things (IoT) deployment has increased the pace of integration and extended the reach of the Internet from computers, tablets and phones to a myriad of devices in our physical world. Driven by the IoT, with each passing day, the Internet becomes more integrated with everyday life. While IoT devices provide endless new capabilities and make life more convenient, they also vastly increase the opportunity for nefarious individuals, criminal organizations and even state actors to spy on, and interfere with, unsuspecting users of IoT systems. As this looming crisis continues to grow, calls for data science approaches to address these problems have increased, and current research shows that predictive models trained with machine learning algorithms hold great potential to mitigate some of these issues. In this paper, we first carry out an analytics approach to review security risks associated with IoT systems, and then propose a machine learning-based solution to characterize and detect IoT attacks. We use a real-world IoT system with secured gate access as a platform, and introduce the IoT system in detail, including features to capture security threats/attacks to the system. By using data collected from a nine month period as our testbed, we evaluate the efficacy of predictive models trained by means of machine learning, and propose design principles and a loose framework for implementing secure IoT systems.

show abstract

Section: The Cisco Seven-layer Iot Reference Modelmentioning

confidence: 99%

IoT Network Security: Threats, Risks, and a Data-Driven Defense Framework

Wheelus

Zhu

2020

IoT

View full text Add to dashboard Cite

show abstract

“…Besides, the author also highlighted mitigation strategies against security attacks in Pervasive and Mobile Computing. Sybil, DoS, Hello and Sinkhole are layered network attacks in WSN that are still relevant in IoT environments ( Aufner, 2019 ). Thus, it is applicable to any IoT devices which uses the communication layer to communicate.…”

Section: Survey Methodologymentioning

confidence: 99%

A survey of Sybil attack countermeasures in IoT-based wireless sensor networks

Arshad

Hanapi

Subramaniam

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

Wireless sensor networks (WSN) have been among the most prevalent wireless innovations over the years exciting new Internet of Things (IoT) applications. IoT based WSN integrated with Internet Protocol IP allows any physical objects with sensors to be connected ubiquitously and send real-time data to the server connected to the Internet gate. Security in WSN remains an ongoing research trend that falls under the IoT paradigm. A WSN node deployed in a hostile environment is likely to open security attacks such as Sybil attack due to its distributed architecture and network contention implemented in the routing protocol. In a Sybil attack, an adversary illegally advertises several false identities or a single identity that may occur at several locations called Sybil nodes. Therefore, in this paper, we give a survey of the most up-to-date assured methods to defend from the Sybil attack. The Sybil attack countermeasures includes encryption, trust, received signal indicator (RSSI), encryption and artificial intelligence. Specifically, we survey different methods, along with their advantages and disadvantages, to mitigate the Sybil attack. We discussed the lesson learned and the future avenues of study and open issues in WSN security analysis.

show abstract

“…For another, investigating a single device over an assembled system allows for vulnerabilities to pass through undetected (J. R. C. Nurse, Creese, & Roure, 2017). While we accept that one must account for the entire IoT "ecosystem" (Aufner, 2020;Omotosho et al, 2019;Seeam, Ogbeh, Guness, & Bellekens, 2019), a broader investigation is beyond the scope of this chapter.…”

Section: Threat Modeling a Smart Internet-connected Lockmentioning

confidence: 99%

Threat Modeling Intimate Partner Violence: Tech Abuse as a Cybersecurity Challenge in the Internet of Things

Slupska¹,

Tanczer²

2021

The Emerald International Handbook of Technology-Facilitated Violence and Abuse

View full text Add to dashboard Cite

Technology-Facilitated abuse, so-called "tech abuse," through phones, trackers, and other emerging innovations, has a substantial impact on the nature of intimate partner violence (IPV). The current chapter examines the risks and harms posed to IPV victims/survivors from the burgeoning Internet of Things (IoT) environment. IoT systems are understood as "smart" devices such as conventional household appliances that are connected to the internet. Interdependencies between different products together with the devices' enhanced functionalities offer opportunities for coercion and control. Across the chapter, we use the example of IoT to showcase how and why tech abuse is a socio-technological issue and requires not only human-centered (i.e., societal) but also cybersecurity (i.e., technical) responses. We apply the method of "threat modeling," which is a process used to investigate potential cybersecurity attacks, to shift the conventional technical focus from the risks to systems toward risks to people. Through the analysis of a smart lock, we highlight insufficiently designed IoT privacy and security features and uncover how seemingly neutral design decisions can constrain, shape, and facilitate coercive and controlling behaviors.

show abstract

The IoT security gap: a look down into the valley between threat models and their implementation

Cited by 41 publications

References 41 publications

IoT Network Security: Threats, Risks, and a Data-Driven Defense Framework

IoT Network Security: Threats, Risks, and a Data-Driven Defense Framework

A survey of Sybil attack countermeasures in IoT-based wireless sensor networks

Threat Modeling Intimate Partner Violence: Tech Abuse as a Cybersecurity Challenge in the Internet of Things

Contact Info

Product

Resources

About