TY - GEN
T1 - Vulnerabilities analysis and security assessment framework for the Internet of Things
AU - Shokeen, Rahul
AU - Shanmugam, Bharanidharan
AU - Kannoorpatti, Krishnan
AU - Azam, Sami
AU - Jonkman, Mirjam
AU - Alazab, Mamoun
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/5/1
Y1 - 2019/5/1
N2 - The security of the Internet of Things (IoT) is increasingly recognized as a major concern. IoT technology has matured in recent years; however, the same cannot be said for the security of these devices. Despite their efficacy, IoT devices are not secure and are open to vulnerabilities that need to be addressed. The challenge here is to secure the data that IoT devices hold from the external objects or an attack within its network that can hinder the development and put the data at risk. The objective of this research is to investigate the architecture of various IoT systems and to use them to identify the common key components that need to be assessed to minimize the security gap in IoT systems. Based on the current literature a framework is proposed to assess the known vulnerabilities of IoT systems. Currently, there is no standard framework that can be used to assess the security of IoT devices, due to varied constraint in the interconnection of these devices. This research focuses on outlining the vulnerabilities that exist in IoT devices and how these can be assessed using the security assessment framework. It lays the foundation on how this framework evaluates each vulnerability of an IoT System and what can be done to reduce these existing vulnerabilities. The proposed framework provides accurate and realistic assessment outcomes by considering the threats and avoiding the involvement of external factors that can put the assessment process at risk. This framework is designed to combine with other frameworks such as ISO/IEC 27000, COBIT 5, ANSI/ISA 62443, and NIST SP 800-53.
AB - The security of the Internet of Things (IoT) is increasingly recognized as a major concern. IoT technology has matured in recent years; however, the same cannot be said for the security of these devices. Despite their efficacy, IoT devices are not secure and are open to vulnerabilities that need to be addressed. The challenge here is to secure the data that IoT devices hold from the external objects or an attack within its network that can hinder the development and put the data at risk. The objective of this research is to investigate the architecture of various IoT systems and to use them to identify the common key components that need to be assessed to minimize the security gap in IoT systems. Based on the current literature a framework is proposed to assess the known vulnerabilities of IoT systems. Currently, there is no standard framework that can be used to assess the security of IoT devices, due to varied constraint in the interconnection of these devices. This research focuses on outlining the vulnerabilities that exist in IoT devices and how these can be assessed using the security assessment framework. It lays the foundation on how this framework evaluates each vulnerability of an IoT System and what can be done to reduce these existing vulnerabilities. The proposed framework provides accurate and realistic assessment outcomes by considering the threats and avoiding the involvement of external factors that can put the assessment process at risk. This framework is designed to combine with other frameworks such as ISO/IEC 27000, COBIT 5, ANSI/ISA 62443, and NIST SP 800-53.
KW - Cyber Security
KW - IoT
KW - Risk Assessment
KW - Security Assessment
KW - Security Threats
KW - Vulnerabilities
UR - http://www.scopus.com/inward/record.url?scp=85073871043&partnerID=8YFLogxK
U2 - 10.1109/CCC.2019.00-14
DO - 10.1109/CCC.2019.00-14
M3 - Conference Paper published in Proceedings
AN - SCOPUS:85073871043
VL - 1
T3 - Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019
SP - 22
EP - 29
BT - Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019
PB - IEEE, Institute of Electrical and Electronics Engineers
CY - Piscataway, NJ
T2 - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019
Y2 - 7 May 2019 through 8 May 2019
ER -