In the Internet of Things (IoT), any physical object becomes localized, addressable and accessible in the virtual world [1, 2, 3]. In this paper, we propose a framework for modeling and assessing the security of IoT. The framework is used to construct a graphical security model and a security evaluator to automate the security analysis of IoT.
In the three-layer HARM, the complexity of the security evaluation is further reduced because. In their future work, they considered the implementation of the game-based model in the test bed [21]. Qualitative and probabilistic analysis can be performed using the ACT to evaluate the security of the network.
There has been no previous work on constructing a formal graphical security model to analyze security in IoT.
The Proposed Framework
Based on the extended HARM, we calculate all possible attack paths in the IoT network. In phase 3, the IoT network (including attack paths) is visualized in the form of an AG in the upper layer and the middle layer, respectively, and a set of ATs in the lower layer. Each attack path ap∈AP is a sequence of nodes, and each node in the path has one or more vulnerabilities.
The values of some metrics in higher levels are calculated from lower levels in the security analysis phase. For example, values in the network layer are calculated from values in the attack path, node, and vulnerability levels. At the network level, the metric is the maximum loss caused by an attacker to compromise the target among all potential paths.
In Algorithm 2, we use the fault tree model in the SHARPE to calculate the average time to compromise.
Evaluation
It can be used for multimedia applications of digital products in the home network (smartphones, smart TVs, tablets, etc.). It connects to both Wi-Fi network and ZigBee network and acts as a ZigBee router in ZigBee network. The attacker is able to compromise the Android tablet with a specific malware that exploits several bugs in the software and operating system [44].
For the Android tablet, the attacker can write a malware to gain root permission and change the transmission power of the ZigBee chip built into the device. In ZigBee network, we use 5 devices acting as routers and 3 end devices attached to each router. Based on the vulnerabilities described in Section 5.1.3, we make assumptions about the metric values of Android TV and tablet vulnerabilities and.
For the values of vulnerabilities in the TV, we use the impact values in Table 2 for the attack impact values and estimate the values of the other three security metrics from the exploit values in the same table. For the metric values of Android tablet vulnerabilities, we can estimate the values based on the descriptions since there are no CVSS scores available. We use two subnets in the top layer of the model to represent zigbee and swifi.
From the node-level metrics, we can see that attacking the TV has a higher probability of success, lower cost, lower average time to compromise, but lower impact than attacking the tablet. In the WBAN, communication can be divided into two parts: intra-body and extra-body [50]. We also assume that the compromise rate is once a week, because the attacker must be in the hospital to access the nodes.
Since every node has the same vulnerability, we only show onevsn in the lower layer. We calculate the values of security metrics at the node, attack path, and network levels. We change the vulnerability information in each sensor node in the attack path, reconstruct the IoT network using.
From the metric values at the network level shown in Table 8, we can evaluate the effectiveness of the strategy deployed at each node.
The sink is connected to the Internet and becomes the gateway. between the sensor network and the Internet. We assume the attacker's goal is to physically destroy the sink after finding its location. Since the sink is the central point of failure, its destruction will render the entire network unavailable to send data to the remote servers. model is based on [57] which describes the attacker's capabilities as follows:.
We assume that an attacker can intercept radio transmissions by deploying a wireless monitoring device in the area of interest. The attacker can physically move from one location to another on the network, but cannot monitor the entire network. Since the sink is in an open environment, the attacker can physically damage it after discovering its location.
Since all sensor nodes in the network are the same, we introduce one subnet for the entire network, denoted asswsn. Forvsink, because the sink is placed in an open field, can be easily damaged by an attacker. When the sink is damaged, the data collected from the sensor nodes cannot be delivered to the remote servers.
By exploiting the vulnerabilities, the attacker is able to move along the nodes at a higher speed of sending packets and discover the location of the sink. Since each node (ie, a sensor or sink) has only one vulnerability that can be exploited by an attacker, the metric values at the vulnerability level are equal at the node level. We only calculate the metric values at the network level, denoted as ASP3, AC3, AIM3 and M T T C3.
So the attacker needs more time to guess which path to follow to reach the sink. After the MPR scheme is deployed, the extended HARM captures multiple attack paths from a sensor node (i.e., the intrusion point) to the sink.
Extensions and Limitations
Defense strategies: When analyzing different defense strategies, we consider device-centric solutions (i.e. software patches) and only one network-level security solution. However, traditional solutions may not work well in securing IoT, as many IoT devices have limited hardware and poor security mechanisms [38]. Therefore, several network-level defense strategies should be considered to secure IoT deployments (e.g., adding monitoring devices, software-defined networking technologies [60]).
Recently, software-defined networking (SDN) has been seen as a key enabler for the IoT because SDN is capable of managing large-scale networks, establishing complex routing topologies, and simplifying user operations. In particular, it centralizes network control and ensures dynamic, flexible and automated reconfiguration of the networks. To address unpatchable vulnerabilities (e.g., perpetual vulnerabilities), we will change the attack surface of the IoT network to increase attack efforts.
With the support of the SDN capabilities, we will design proactive defense mechanisms that reconfigure the IoT topology. For example, if the network only has nodes with non-patchable vulnerabilities, we could maximize the number of nodes with "harder to exploit" vulnerabilities along the paths to the potential target. Then we will analyze how the security and performance of the software-defined IoT changes when the solutions are implemented using our framework.
Therefore, to provide cost-effective solutions, it is necessary to find minimal protection strategies for different IoT networks. Heterogeneity: To address the issue of heterogeneity in IoT, we introduce subnets in the top layer of extended HARM and classify devices into. Other classification methods should also be combined and used in the framework, as a good classification can be useful for security modeling, security analysis and the use of security mechanisms.
The movement of heterogeneous devices has a major impact on IoT security, as the attack surface changes with a dynamically changing network. We will examine current mobility models and modify them to capture the movement of IoT devices according to different real-world scenarios.
Conclusions
Kim, 'n raamwerk vir modellering en assessering van sekuriteit van die internet van dinge, in: Proceedings of the 2015 IEEE 21st International Conference on Parallel and Distributed Systems (ICPADS '15), IEEE Computer Society, 2015, pp. Zegzhda, Applying Large-scale Adaptive Graphs to Modeling Internet of Things Security, in: Proceedings of the 7th International Conference on Security of Information and Networks (SIN. Things for eHealth, in: Proceedings of the 2014 IEEE International Conference on Communications (ICC '14), IEEE, 2014 , pp.
Balasingham, Risk-based Adaptive Security for Smart IoT in eHealth, in: Proceedings of the 7th International Conference on Body Area Networks (BodyNets '12), IEEE, 2012, pp. Leister, Threats Identificatie voor het Smart Internet of Things in eHealth en Adaptive Security Countermeasures, in: Proceedings of the 7th International Conference on New Technologies, Mobility van 2015. Oostdijk, Foundations of Attack Trees, in: Proceedings of the 8th International Conference on Information Security and Cryptology (ICISC ’05), Springer-Verlag, 2005, pp.
Wing, Two Formal Analyzes of Attack Graphs, in: Proceedings of the 15th IEEE Workshop on Computer Security. Noel, Time-efficient and cost-effective network hardening using attack graphs, in: Proceedings of the IEEE/IFIP. Bascou, Using CVSS in attack graphs, in: Proceedings of the 6th International Conference on Availability, Reliability and Security.
Xu, Dealing with a Billion (Unsolvable) Errors on a Billion Devices: Rethinking Network Security for the Internet of Things, in: Proceedings of the 14th ACM Workshop. Proceedings of the 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '15), IEEE, 2015, pp. Demeester, A Low-delay Protocol for Multihop Wireless Body Area Networks, in: Proceedings of the 4th Annual International Conference on.
Mehani, Network-Level Security and Privacy Control for Smart-Home IoT-enheder, i: Proceedings of the 2015 IEEE 11th International Conference on Wireless. Architectures for the Internet-of-Things, i: Proceedings of the 2015 40th Annual IEEE Conference on Local Computer Networks (LCN ’15), IEEE Computer Society, 2015, pp.
