Skip to main content
SpringerLink
Log in

Categorizing IoT Services According to Security Risks

  • Conference paper
  • First Online:
Future Access Enablers for Ubiquitous and Intelligent Infrastructures (FABULOUS 2021)

  • 1017 Accesses

Abstract

Internet of things has been a part of our lives, both at home and in workplace, for several years now. However, due to its popularity, numerous security issues are emerging related to devices, network communication or Internet of things (IoT) acquired data storage and processing in the cloud. This paper presents a model for categorization of existing and novel IoT services based on estimated security risks. The goal is to develop security requirements for each service category in such a way that service creators are able to classify their services and follow the requirements in order to harden the services in development. The paper proposes a categorization model based on DREAD (Damage potential, Reproducibility, Exploitability, affected users, and Discoverability) and gives examples of existing services classification. A set of simple questions is proposed at the end of the paper that should be answered by service creators in order to categorize its service into one of the proposed categories.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Suresh, P., Daniel, J.V., Parthasarathy, V., Aswathy, R.: A state of the art review on the Internet of Things (ToT) history, technology and fields of deployment. In: 2014 International Conference on Science Engineering and Management Research (ICSEMR), pp. 1–8. IEEE (2014)

    Google Scholar 

  2. Antonakakis, M., et al.: Understanding the Mirai botnet. In: 26th Security Symposium (Security 17), pp. 1093–1110 (2017)

    Google Scholar 

  3. Davis, D.B.: ISTR 2019: Internet of Things cyber attacks grow more diverse (2019)

    Google Scholar 

  4. Hassan, W.U., Hussain, S., Bates, A.: Analysis of privacy protections in fitness tracking social networks-or-you can run, but can you hide? In: 27th Security Symposium (Security 18), pp. 497–512 (2018)

    Google Scholar 

  5. Hern, A.: Fitness tracking app Strava gives away location of secret us army bases, January 2018

    Google Scholar 

  6. Common vulnerability scoring system v3.0: Specification document

    Google Scholar 

  7. Pal, S., Hitchens, M., Rabehaja, T., Mukhopadhyay, S.: Security requirements for the Internet of Things: a systematic approach. Sensors 20(20), 5897 (2020)

    Article  Google Scholar 

  8. Abomhara, M., Køien, G.M.: Security and privacy in the Internet of Things: current status and open issues. In: 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8. IEEE (2014)

    Google Scholar 

  9. Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)

    Article  Google Scholar 

  10. Babar, S., Mahalle, P., Stango, A., Prasad, N., Prasad, R.: Proposed security model and threat taxonomy for the Internet of Things (IoT). In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds.) CNSA 2010. CCIS, vol. 89, pp. 420–429. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14478-3_42

    Chapter  MATH  Google Scholar 

  11. Sain, M., Kang, Y.J., Lee, H.J.: Survey on security in Internet of Things: state of the art and challenges. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), pp. 699–704. IEEE (2017)

    Google Scholar 

  12. Bastos, D., Shackleton, M., El-Moussa, F.: Internet of Things: a survey of technologies and security risks in smart home and city environments (2018)

    Google Scholar 

  13. Davoli, L., Veltri, L., Ferrari, G., Amadei, U.: Internet of Things on power line communications: an experimental performance analysis. In: Kabalci, E., Kabalci, Y. (eds.) Smart Grids and Their Communication Systems. ESIEE, pp. 465–498. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-1768-2_13

  14. Suryani, V., et al.: A survey on trust in Internet of Things. In: 2016 8th International Conference on Information Technology and Electrical Engineering (ICITEE), pp. 1–6. IEEE (2016)

    Google Scholar 

  15. Alqassem, I.: Privacy and security requirements framework for the Internet of Things (IoT). In: Companion Proceedings of the 36th International Conference on Software Engineering, pp. 739–741 (2014)

    Google Scholar 

  16. Cvitić, I., Vujić, M., et al.: Classification of security risks in the IoT environment. Ann. DAAAM Proc. 26(1) (2015)

    Google Scholar 

  17. Owasp: IoT security verification standard (2020)

    Google Scholar 

  18. Owasp: Application security verification standard (2020)

    Google Scholar 

  19. Researcher at Forescout Technologies Inc.: Discovering and defending against vulnerabilities in building automation systems (BAS), June 2020

    Google Scholar 

  20. Case, D.U.: Analysis of the cyber attack on the Ukrainian power grid. Electr. Inf. Shar. Anal. Cent. (E-ISAC) 388 (2016)

    Google Scholar 

  21. Holloway, M

    Google Scholar 

  22. Cimpanu, C.: Cyber-attack hits Utah wind and solar energy provider, October 2019

    Google Scholar 

  23. Huq, N., Vosseler, R., Swimmer, M.: Cyberattacks against intelligent transportation systems. TrendLabs Research Paper (2017)

    Google Scholar 

  24. Rodriguez, J.F.: ‘You hacked’ appears at muni stations as fare payment system crashes, November 2016

    Google Scholar 

  25. Williams, C.: Hackers hit d.c. police closed-circuit camera network, city officials disclose, January 2017

    Google Scholar 

  26. Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1625–1634 (2018)

    Google Scholar 

  27. Goldman, J.: Cyber attack causes physical damage at German iron plant (2014)

    Google Scholar 

  28. Kaspersky, I.: Threat landscape for industrial automation systems (2019)

    Google Scholar 

  29. Langston, J.: UW researchers hack a teleoperated surgical robot to reveal security flaws (2015)

    Google Scholar 

  30. Fu, K., Xu, W.: Risks of trusting the physics of sensors. Commun. ACM 61(2), 20–23 (2018)

    Article  Google Scholar 

  31. Li, C., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. In: 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, pp. 150–156. IEEE (2011)

    Google Scholar 

  32. Halperin, D., et al.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. In: 2008 IEEE Symposium on Security and Privacy (sp 2008), pp. 129–142. IEEE (2008)

    Google Scholar 

  33. Zhang, Q., Fitzek, F.H.P.: Mission critical IoT communication in 5G. In: Atanasovski, V., Leon-Garcia, A. (eds.) FABULOUS 2015. LNICST, vol. 159, pp. 35–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27072-2_5

    Chapter  Google Scholar 

  34. Loukas, G., Gan, D., Vuong, T.: A review of cyber threats and defence approaches in emergency management. Future Internet 5(2), 205–236 (2013)

    Article  Google Scholar 

  35. Gupta, M., Abdelsalam, M., Khorsandroo, S., Mittal, S.: Security and privacy in smart farming: challenges and opportunities. IEEE Access 8, 34564–34584 (2020)

    Article  Google Scholar 

  36. Bennett, C.: Russia tied to cyberattack on Ukrainian power grid, February 2016

    Google Scholar 

  37. Abomhara, M., Gerdes, M., Køien, G.M.: A stride-based threat model for telehealth systems. NISK J., 82–96 (2015)

    Google Scholar 

  38. Alhassan, J.K., Abba, E., Olaniyi, O., Waziri, V.O.: Threat modeling of electronic health systems and mitigating countermeasures. In: International Conference on Information and Communication Technology and Its Applications (ICTA 2016). Federal University of Technology, Minna, Nigeria (2016)

    Google Scholar 

  39. Amini, A., Jamil, N., Ahmad, A., Zaba, M.: Threat modeling approaches for securing cloud computin. JApSc 15(7), 953–967 (2015)

    Google Scholar 

  40. Lin, X., Zavarsky, P., Ruhl, R., Lindskog, D.: Threat modeling for CSRF attacks. In: 2009 International Conference on Computational Science and Engineering, vol. 3, pp. 486–491. IEEE (2009)

    Google Scholar 

  41. De Cock, D., Wouters, K., Schellekens, D., Singelee, D., Preneel, B.: Threat modelling for security tokens in web applications. In: Chadwick, D., Preneel, B. (eds.) CMS 2004. ITIFIP, vol. 175, pp. 183–193. Springer, Boston, MA (2005). https://doi.org/10.1007/0-387-24486-7_14

    Chapter  Google Scholar 

  42. Meier, J., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Muruka, A.: Threat modeling (2003)

    Google Scholar 

Download references

Acknowledgement

This work has been supported by Croatian Science Foundation under the project 1986 (IoT4us: Human-centric smart services in interoperable and decentralised IoT environments).

Author information

Authors and Affiliations

  1. Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia

    Ostroški Dominik, Mikuc Miljenko & Vuković Marin

Authors
  1. Ostroški Dominik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mikuc Miljenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vuković Marin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ostroški Dominik .

Editor information

Editors and Affiliations

  1. University of Zagreb, Zagreb, Croatia

    Dragan Perakovic

  2. Technical University of Košice, Prešov, Slovakia

    Lucia Knapcikova

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dominik, O., Miljenko, M., Marin, V. (2021). Categorizing IoT Services According to Security Risks. In: Perakovic, D., Knapcikova, L. (eds) Future Access Enablers for Ubiquitous and Intelligent Infrastructures. FABULOUS 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 382. Springer, Cham. https://doi.org/10.1007/978-3-030-78459-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78459-1_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78458-4

  • Online ISBN: 978-3-030-78459-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation