Journal of Information Security and Cryptography (Enigma)

The accelerated growth of Internet of Things (IoT) exposes many unsecured issues related to design and usage of devices leading to a new technological security paradigm. This paper presents an evaluation method and corrective actions to be carried out in order to make the usage of IoT devices safer. This method combines both the developer’s perspective and user’s perspective, thus differing from current guides. The proposed evaluation method is divided by categories, each one composed of security control clauses and their corresponding action recommendation. The user perspective of such evaluation method was applied into a service company, and the developer perspective into an IoT device manufacturer. These experiments produced useful perceptions on such view points. The evaluation provided an opportunity to enhance manufacturer security awareness and improve user experience with IoT devices.

Internet of Things; Information Security; Good Practices; Evaluation

Tully, Jim. “Analysts to Explore the Value and Impact of IoT on Business”, In: Gartner Symposium/Itxpo, November 10, 2015.

Riahi, A.; Challal, Y.; Natalizio, E.; Chtourou, Z. Chtourou; Bouabdallah, A. "A Systemic Approach for IoT Security," 2013 IEEE International Conference on Distributed Computing in Sensor Systems, Cambridge, MA, pp. 351-355, 2013. doi: 10.1109/DCOSS.2013.78

Roman, R.; Najara, P.; Lopez, J. "Securing the Internet of Things," In Computer, v. 44, n. 9, pp. 51-58, Sept. 2011. doi: 10.1109/MC.2011.291

Abomhara, M.; Køien, G. M. "Security and privacy in the Internet of Things: Current status and open issues", 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), Aalborg, pp. 1-8, 2014. doi: 10.1109/PRISMS.2014.6970594

Chamberlain, Roger D.; Chambers, Mike; Greenwalt, Darren; Steinbrueck, Brett; Steinbrueck, Todd. "Devices Can Be Secure and Easy to Install on the Internet of Things", In: Integration, Interconnection, and Interoperability of IoT Systems, Ed. Gravina, Raffaele; Palau, Carlos E.; Manso, Marco; Liotta, Antonio; Fortino, Giancarlo. Springer International Publishing, pp.59-76, 2017. doi: 10.1007/978-3-319-61300-0_4

Oh, S. R.; Kim, Y. G. "Security Requirements Analysis for the IoT," 2017 International Conference on Platform Technology and Service (PlatCon), Busan, pp. 1-6, 2017. doi: 10.1109/PlatCon.2017.7883727

Nawir, M.; Amir, A.; Yaakob, N.; Lynn, O. B. "Internet of Things (IoT): Taxonomy of security attacks," 2016 3rd International Conference on Electronic Design (ICED), Phuket, pp. 321-326, 2016. doi: 10.1109/ICED.2016.7804660

Wurm, J.; Hoang, K.; Aria, O.; Sadeghi, A. R.; Jin, Y. "Security analysis on consumer and industrial IoT devices," 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), Macau, pp. 519-524, 2016. doi: 10.1109/ASPDAC.2016.7428064

Abomhara, M.; Køien, G. M. "Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks", Journal of Cyber Security and Mobility, v.4, n.1, pp. 65-88, 2015. doi: 10.13052/jcsm2245-1439.414

Fan, Wenjun; Fernández, David; Du, Zhihui. "Versatile virtual honeynet management framework", IET Information Security, v.11, n.1 , pp.38-45, 2017. doi: 10.1049/iet-ifs.2015.0256

Kim, I. S.; Kim, M. H. "Agent-based honeynet framework for protecting servers in campus networks", IET Information Security, v.6, n.3, pp.202-211, 2012. doi: 10.1049/iet-ifs.2011.0154

Alagheband, M. R.; Aref, M. R. "Dynamic and secure key management model for hierarchical heterogeneous sensor networks," IET Information Security, v.6, n.4, pp.271-280, 2012. doi: 10.1049/iet-ifs.2012.0144

Bera, P., Ghosh, S. K.; Dasgupta, P. "Integrated security analysis framework for an enterprise network - a formal approach," IET Information Security, v.4, n.4, pp.283-300, 2010. doi: 10.1049/iet-ifs.2009.0174

Sonar, Krushang; Upadhyay, Hardik. "A Survey: DDOS Attack on Internet of Things", International Journal of Engineering Research and Development, v. 10, n. 11, pp.58-63, November 2014.

Pan, Yao; White, Jules; Schmidt, Douglas C.; Elhabashy, Ahmad; Sturm, Logan; Camelio, Jaime; Williams, Christopher. "Taxonomies for Reasoning About Cyber-physical Attacks in IoT-based Manufacturing Systems", International Journal of Interactive Multimedia & Artificial Intelligence, v.4, n.3, pp.45-54, 2017.

Koivu, A. et al., "Software Security Considerations for IoT," 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Chengdu, pp. 392-397, 2016. doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2016.93

Pérez, S.; Martínez, J. A.; Skameta, A. F.; Mateus, M.; Almeida, B.; Maló, P. "ARMOUR: Large-scale experiments for IoT security & trust," 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, pp. 553-558, 2016. doi: 10.1109/WF-IoT.2016.7845504

OTA. "IoT Trust Framework v2.5", Online Trust Alliance / Internet Society, 2017.

Ross, Ron; McEvilley, Michael; Oren, Carrier. “Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”, NIST Special Publication 800-160, National Institute of Standards and Technology, November, 2016. doi: 10.6028/NIST.SP.800-160

DHS. “Strategic Principles for Securing the Internet of Things”, U.S. Department of Homeland Security, version 1.0, November 2016.

OWASP. “Manufacturer IoT Security Guidance”, Open web application security project, 2016.

Carifio, Perla. "Ten Common Misunderstandings, Misconceptions, Persistent Myths and Urban Legends about Likert Scales and Likert Response Formats and their Antidotes", Journal of Social Sciences, v.3, n.3, pp.106–116, 2007. doi:10.3844/jssp.2007.106.116.

Bardach, Eugene. "A Practical Guide for Policy Analysis: The Eightfold Path to More Effective Problem Solving", Thousand Oaks, CA: Sage, 2011.