IoVT: Internet of Vulnerable Things? Threat Architecture, Attack Surfaces, and Vulnerabilities in Internet of Things and Its Applications towards Smart Grids

: In recent years, people have witnessed numerous Internet of Things (IoT)-based attacks with the exponential increase in the number of IoT devices. Alongside this, the means to secure IoT-based applications are maturing slower than our budding dependence on them. Moreover, the vulnerabilities in an IoT system are exploited in chains to penetrate deep into the network and yield more adverse aftere ﬀ ects. To mitigate these issues, this paper gives unique insights for handling the growing vulnerabilities in common IoT devices and proposes a threat architecture for IoT, addressing threats in the context of a three-layer IoT reference architecture. Furthermore, the vulnerabilities exploited at the several IoT attack surfaces and the challenges they exert are explored. Thereafter, the challenges in quantifying the IoT vulnerabilities with the existing framework are also analyzed. The study also covers a case study on the Intelligent Transportation System, covering road transport and tra ﬃ c control speciﬁcally in terms of threats and vulnerabilities. Another case study on secure energy management in the Smart Grid is also presented. This case study covers the applications of Internet of Vulnerable Things (IoVT) in Smart energy Grid solutions, as there will be tremendous use of IoT in future Smart Grids to save energy and improve overall distribution. The analysis shows that the integration of the proposed architecture in existing applications alarms the developers about the embedded threats in the system.


Introduction
In the near future, the Internet of Things (IoT) will engage billions of smart devices (their global increase is depicted in Figure 1). It works by connecting various kinds of things to the Internet, so as to harvest data bred by sensors, and remotely control and monitor environments [1]. This makes the IoT applicable in multiple domains, leveraging various monetary and personal benefits. Thus, weaving numerous threats in people's lives, broadly in terms of security and privacy. As commercial IoT products come with ill-designed and incomplete security mechanisms, these threats could be energy, computation, and communication prevents them to adopt standard security mechanisms benefitted by traditional Internet-connected devices [2]. Besides this, IoT stakeholders and users are less aware of the security risks complementary with connecting their day-to-day devices to a worldwide network. Thus, providing the much larger landscape of threats to the adversaries.
In general, the things we connect to the Internet to avail smart services are commonly the vulnerable things [3]. It is found that IoT devices are shipped with known vulnerabilities to the consumers. To name a few, with outdated operating system (OS) versions, poor support for firmware and OS updates, hard-coded passwords with no mechanisms to change, holes to inject malicious code, and open Telnet ports [4]. For instance, the Mirai botnet created its army of bots by exploring the Internet by trying different combinations of default usernames and passwords to get control of these vulnerable IoT devices [5]. This attack would not have been possible if default passwords of IoT devices were changed in a timely manner. Thus, intruders easily exploit weak IoT devices, as traditional networks are safeguarded with stable defensive mechanisms. In this paper, the main focus is on the "vulnerabilities in the IoT space", as these vulnerabilities of IoT devices serve as the doorway to launch numerous attacks. These vulnerabilities range from exploiting a single device to those that have enabled IoT-based botnets like Mirai. As an extension, they can even impact the well-being of human life. It is reported that 70 percent of smart devices are vulnerable to several cyberattacks [7]. Furthermore, these exploited devices are distributed worldwide with China hosting the maximum number of exploited IoT devices as depicted in Figure 2. Likewise, as per the reports by the end of 2020, compromised IoT devices will launch more than 25% of industrial attacks [8]. This rigorousness could be realized from the cyber-attacks like the Iran Nuclear System Stuxnet attack [9], a blast furnace attack at a German steel mill [10], the deadliest attack on oil facilities of Saudi Arabia, Mirai, Hajime botnet, and BrikerBot [5].
The main motivation for the given study is as follows: • As per the literature reviewed, only generic threat models like STRIDE, DREAD, OCTAVE, and PASTA are given, which mainly covers the threats; no threat model specific to IoT has been given. Therefore, there is a need to devise a generic threat model for IoT because the

Growth Of IoT Devices
IoT Devices Population In this paper, the main focus is on the "vulnerabilities in the IoT space", as these vulnerabilities of IoT devices serve as the doorway to launch numerous attacks. These vulnerabilities range from exploiting a single device to those that have enabled IoT-based botnets like Mirai. As an extension, they can even impact the well-being of human life. It is reported that 70 percent of smart devices are vulnerable to several cyberattacks [7]. Furthermore, these exploited devices are distributed world-wide with China hosting the maximum number of exploited IoT devices as depicted in Figure 2. Likewise, as per the reports by the end of 2020, compromised IoT devices will launch more than 25% of industrial attacks [8]. This rigorousness could be realized from the cyber-attacks like the Iran Nuclear System Stuxnet attack [9], a blast furnace attack at a German steel mill [10], the deadliest attack on oil facilities of Saudi Arabia, Mirai, Hajime botnet, and BrikerBot [5].

•
The major attack surfaces in IoT are highlighted in a bottom-up fashion.

•
The common vulnerabilities in IoT and their impact in terms of their exploitability as per the CVSS version 2 and CVSS version 3 by National Vulnerability Database (NVD) are illustrated. • Lastly, two case studies are presented which covers the Intelligent Transportation System and Secure Energy management. The second case study covers the applicability of IoT and Internet of Vulnerable Things (IoVT) for smart energy grids. This paper emphasizes the transition of the Internet of Things to the Internet of Vulnerable Things. The subsequent sections are organized as follows and depicted in Figure 3. In Section 2, we present the background for the proposed study and subsequently proposed the IoT Threat Architecture in Section 3. In Section 4, we talk about the attack surfaces in an IoT system. Thereafter, we discuss the security vulnerabilities and their impact as a whole in Section 5. Following this, we present a case study on the intelligent transportation system in Section 6, followed by a use case in Section 7 on secure energy management in Smart Grids. Finally, we conclude the article with a view towards recommendations to cope up with growing threats and vulnerabilities in IoT. The main motivation for the given study is as follows: • As per the literature reviewed, only generic threat models like STRIDE, DREAD, OCTAVE, and PASTA are given, which mainly covers the threats; no threat model specific to IoT has been given. Therefore, there is a need to devise a generic threat model for IoT because the aforementioned models have originally been devised for conventional IT systems, which are considerably different in terms of functionality and design. • Moreover, from the studied start of the art, we found that only few works have specifically focused on threat and vulnerability modelling. Consequently, in this article, we focused on the same.

•
We are also motivated to focus on the root cause of these nascent attacks and threats, namely the vulnerabilities in IoT devices taken care of by potential adversaries. The common vulnerabilities in IoT have been identified in the proposed threat architecture and few are illustrated in terms of their severity as per the Common Vulnerability Scoring System (CVSS).
The overpowering services of the IoT pervaded in our lives also empowers their consequential security flaws. For meeting their growing demands, they are flooded in the market with known vulnerabilities without giving an afterthought to their security considerations. The key contributions of this paper are as follows: • The proposed Threat Architecture of IoT, which demonstrates various threats to be taken care of while developing an IoT system.

•
The major attack surfaces in IoT are highlighted in a bottom-up fashion.

•
The common vulnerabilities in IoT and their impact in terms of their exploitability as per the CVSS version 2 and CVSS version 3 by National Vulnerability Database (NVD) are illustrated.

•
Lastly, two case studies are presented which covers the Intelligent Transportation System and Secure Energy management. The second case study covers the applicability of IoT and Internet of Vulnerable Things (IoVT) for smart energy grids.
This paper emphasizes the transition of the Internet of Things to the Internet of Vulnerable Things. The subsequent sections are organized as follows and depicted in Figure 3. In Section 2, we present the background for the proposed study and subsequently proposed the IoT Threat Architecture in Section 3. In Section 4, we talk about the attack surfaces in an IoT system. Thereafter, we discuss Energies 2020, 13, 4813 4 of 23 the security vulnerabilities and their impact as a whole in Section 5. Following this, we present a case study on the intelligent transportation system in Section 6, followed by a use case in Section 7 on secure energy management in Smart Grids. Finally, we conclude the article with a view towards recommendations to cope up with growing threats and vulnerabilities in IoT.

Related Work
To address different aspects of security in an IoT system, several works exist in the literature. The authors have adopted a methodical approach to direct this study in a systematic way to give a clear idea of vulnerabilities in the IoT system, the root cause questioning the sustenance of IoT. The relevant articles, technical reports, blogs, tutorial papers, and white papers have been identified to conduct this study. The identified data have also undergone quality checks to extract reliable information for the proposed work. The ones with a fair number of citations are generally the preferred one. This work mainly focused on state-of-the-art research on threats, vulnerabilities, and their modelling in general and in the context of smart grids, specifically. The peer-reviewed database journals with high-quality and trustworthy research, like IEEEXplore, Springer, MDPI, Wiley, ACM, Elsevier, etc., are explored to get the relevant literature. For the search criteria, keywords like IoT Vulnerabilities, Threats, Attack surfaces, Vulnerability Scoring, Smart Grid, etc., have been used. The authors have also analyzed, cited, and acknowledged the related works as per the discussed theme of the proposed survey.
In the studied literature, the number of threat models like OCTAVE, STRIDE, DREAD, PASTA have been given to identify the threats and vulnerabilities. Some of them, like CVSS and DREAD, also score them as per the risk associated with these threats. However, it is seen that all of them are generic, none encountering the same problem in terms of IoT. Being developed for conventional IT systems, it is not worthy to use the same for IoT systems. As IoT devices are different in terms of functionality, resources, communication, constraints, and design. Therefore, a specific model must be developed to identify the threats and vulnerabilities in IoT, and to quantify them as per the loss they can cause. The different IoT architectures, security threats, and vulnerabilities are considered with respect to different layers in the reviewed literature. But none of them address the discussed issue in the correct way. A brief review in terms of relative efforts is given in Table 1 to highlight the contribution of this work. For example, Babar et al. [12] have given a security model for IoT that covers three aspects: trust, security, and privacy. The given model explores threats for communication protocols, identity management, storage, and physical threats, though it does not cover IoT-attacks against interlinked systems. In [13], intrinsic and extrinsic attack models are studied in different IoT paradigms in the context of centralization and connectivity. The authors have also examined the fuzzy-based internal/external bad actors for threats such as DoS, eavesdropping, and physical threats.
In another work, Humayed et al. [14] design a framework for cyber-physical security. The proposed framework works in three modules. The security module works upon security controls, threats, and vulnerabilities. The cyber-physical module explores components comprising cyber, physical, and their combination. The system module examines several IoT application domains for analyzing threats specific to them. Additionally, Mosenia and Jha [15] cover the security aspect of IoT in three levels in the proposed security model. In the first level, Radio-frequency identification (RFID) and sensors, i.e., edge nodes are covered. Then, the threats, vulnerabilities, and remediations for communication follow edge computing.
Yaqoob et al. [16] discussed IoT architecture in terms of key requirements with future research directions. Several parameters, including applications, network topologies, and supporting technologies are covered concerning IoT architecture. The authors have also given the IoT

Related Work
To address different aspects of security in an IoT system, several works exist in the literature. The authors have adopted a methodical approach to direct this study in a systematic way to give a clear idea of vulnerabilities in the IoT system, the root cause questioning the sustenance of IoT. The relevant articles, technical reports, blogs, tutorial papers, and white papers have been identified to conduct this study. The identified data have also undergone quality checks to extract reliable information for the proposed work. The ones with a fair number of citations are generally the preferred one. This work mainly focused on state-of-the-art research on threats, vulnerabilities, and their modelling in general and in the context of smart grids, specifically. The peer-reviewed database journals with high-quality and trustworthy research, like IEEEXplore, Springer, MDPI, Wiley, ACM, Elsevier, etc., are explored to get the relevant literature. For the search criteria, keywords like IoT Vulnerabilities, Threats, Attack surfaces, Vulnerability Scoring, Smart Grid, etc., have been used. The authors have also analyzed, cited, and acknowledged the related works as per the discussed theme of the proposed survey.
In the studied literature, the number of threat models like OCTAVE, STRIDE, DREAD, PASTA have been given to identify the threats and vulnerabilities. Some of them, like CVSS and DREAD, also score them as per the risk associated with these threats. However, it is seen that all of them are generic, none encountering the same problem in terms of IoT. Being developed for conventional IT systems, it is not worthy to use the same for IoT systems. As IoT devices are different in terms of functionality, resources, communication, constraints, and design. Therefore, a specific model must be developed to identify the threats and vulnerabilities in IoT, and to quantify them as per the loss they can cause. The different IoT architectures, security threats, and vulnerabilities are considered with respect to different layers in the reviewed literature. But none of them address the discussed issue in the correct way. A brief review in terms of relative efforts is given in Table 1 to highlight the contribution of this work. For example, Babar et al. [12] have given a security model for IoT that covers three aspects: trust, security, and privacy. The given model explores threats for communication protocols, identity management, storage, and physical threats, though it does not cover IoT-attacks against interlinked systems. In [13], intrinsic and extrinsic attack models are studied in different IoT paradigms in the context of centralization and connectivity. The authors have also examined the fuzzy-based internal/external bad actors for threats such as DoS, eavesdropping, and physical threats.
In another work, Humayed et al. [14] design a framework for cyber-physical security. The proposed framework works in three modules. The security module works upon security controls, threats, and vulnerabilities. The cyber-physical module explores components comprising cyber, physical, and their combination. The system module examines several IoT application domains for analyzing threats specific to them. Additionally, Mosenia and Jha [15] cover the security aspect of IoT in three levels in the proposed security model. In the first level, Radio-frequency identification (RFID) and sensors, i.e., edge nodes are covered. Then, the threats, vulnerabilities, and remediations for communication follow edge computing. Yaqoob et al. [16] discussed IoT architecture in terms of key requirements with future research directions. Several parameters, including applications, network topologies, and supporting technologies are covered concerning IoT architecture. The authors have also given the IoT architectures in the context of real paradigms. In another notable work [17], IoT security is studied in multiple domains like RFid, smart home, sensor networks, smart health services, smart cities, and end-users. The threat taxonomy covering parameters like threats, IEEE standards, enabling technologies, and deployment levels are devised.
HaddadPajouh et al. [18] proposed a security architecture, called AI4SAFE-IoT, specifically focusing on the infrastructure of the edge layer of IoT. The proposed architecture comprised of AI-based security modules working on the edge layer to secure the IoT infrastructure. These modules included intelligent firewalls for web applications, threats, threat attributes, and threat hunting. On the basis of the kill chain model, the phase of the life-cycle of an attack is identified by the modules. Additionally, each module is designed to work against several threats in the context of IoT applications. In recent work, Gupta et al. [19] proposed a machine learning-based threat model covering different parameters like reliability, attacks, accuracy, and latency. The authors also designed a deep learning-based secure architecture classifying the normal data from attack data. Humayed et al. [14] 2017 The cyber-physical framework that covers threats, vulnerabilities, and action in the context of smart grid, smart cars, medical devices, and industrial control systems.
The application-specific solutions for the growing threats and vulnerabilities will be identified.

Mosenia and
Jha et al. [15] 2017 The threats, vulnerabilities, and countermeasures with respect to the edge layer of IoT.
To find solutions to proactively address the identified threats.
X X X X Yaqoob et al. [17] 2017 The general IoT security concerns with threats and ransomware attacks.
IoT vulnerabilities must be proactively mitigated as prevention to ransomwares. X X X X Alaba et al. [20] 2017 The different IoT security scenarios, security matrix, and remediation strategies. Koloveas et al. [24] 2019 Threat intelligence in IoT using crawler-based architecture.
To extract cyber-threat intelligence using Natural language understanding X X X Grammatikis et al. [25] 2019 Risk analysis of threats with respect to all the layers of IoT To detect cyber-attacks (high accuracy) with Software-defined networking (SDN).
Security goals, threats, vulnerabilities with respect to protocols with practical implementation.
To manage the shared cryptographic keys in various protocols.

X X
Haddadpajouh et al. [18] 2020 Edge layer-based a security architecture with threat hunting modules.
To be implemented in different practical scenarios.

X X
Yazdinejad et al. [27] 2020 Secure file transferring and access control with blockchain in IoT.
To be compared with few more architectures.
X X X X Butun et al. [28] 2020 IoT security attacks with their defense mechanisms.
De-facto security standards for IoT and WSNs X X X X The proposed one 2020 Threat Architecture of IoT, and secure energy management with Smart Grid.
To propose a framework for assessing and quantifying vulnerabilities in IoT.
Koloveas et al. [24] presented a crawler-based architecture working on data gathered from social, clear, and dark web to provide threat intelligence in IoT. The architecture worked in two phases, based on machine learning and statistical language. In another notable work [29], the authors proposed a security architecture based upon the mechanisms for trust evaluation and service template working on edge and cloud level. In the proposed architecture, the design of the edge network claimed a reduction in energy consumption. The cloud services for IoT are also improved with templates for service-parsing and service-parameter on the edge platform and cloud, respectively. On similar lines, Bakhshi et al. [30] focused on security issues and threats in the context of cloud computing in IoT covering abstraction levels for Microsoft Azure and Cisco reference architectures.
Dawoud et al. [31] proposed an SDN-based security architecture for IoT covering large IoT deployment, like smart cities, with huge network traffic and security concerns. The authors claimed that the enhanced security of SDN will boost the security of SDN-based architecture for IoT. The deep-learning-based approaches are used for intrusion detection in the network. On the similar lines, Sharma et al. [32] presented a distributed blockchain SDN-based architecture, DistBlockNet for securing the IoT. The proposed architecture combined the features of both blockchain and SDN to provide a trusted IoT environment. Moreover, no recommendations and reviews are needed by the administrator, as the architecture automatically get adapted to the new threat landscape. The authors claimed that the proposed architecture could detect real-time attacks in an IoT system with fewer overheads.
Additionally, Yazdinejad et al. [27] proposed a cluster architecture comprising of SDN controllers with blockchain for efficient network management in an IoT system. The proposed architecture worked with efficient blockchains in terms of energy consumption and computation. With blockchains, the given architecture provided secure file transferring and access control in IoT. In another notable work, Meneghello et al. [26] highlighted the security challenges related to security goals and threats in Energies 2020, 13, 4813 7 of 23 an IoT system. The authors also discussed the existing security mechanisms with their loopholes for IoT services. The attack surfaces for common communication technologies for IoT (BLE and LoRaWAN), and their practical implementation to analyze their security features, were also part of the study.

IoT: Threat Architecture
This section discusses the threats at various layers of generic IoT, as depicted in Figure 4. The components of an IoT System include different types of sensors and actuators, a smartphone with an associated application installed in it, the web interface for the smart environment, the servers the IoT devices interact with, and the requisite communications within the IoT system. Table 2 summarizes the threats (TH) imposed on various layers of IoT architecture along with their impact and successfully launched attacks. It is observed that the IoT devices are easy to get control of and thus leading to all the DoS attacks these days. Like the generic architecture, the proposed threat architecture also includes three layers: (i) perception layer, (ii) network layer, and (iii) application layer. The description of each layer is as follows.

Application Layer:
The application layer is the topmost layer in the IoT architecture which provides smart services to its users in the form of smart home autonomous services, health statistics,   Perception Layer: The perception layer works at the ground level. The basic function of this layer is to perceive the data from the surroundings like the humidity reading and video feeds. The devices for sensing, actuating, computation, identifying, and addressing the things work at this layer. It also performs some basic functions of the physical layer of the TCP/IP model like modulation-demodulation, frequency selection, and encryption-decryption of data [6]. The threats at the perception layer are as follows: • TH1. The Integrated Circuit (IC) can be maliciously modified to exploit its basic functionality or to access the data using hardware trojan that can be triggered accordingly. • TH2. An adversary can access the side channel information (e.g., power consumption, power dissipation, processing time) about the device, which can be used in multiple ways to launch various attacks. For example, they can generate secret keys using this information.
• TH3. An adversary can drain the battery of a sensor node by sending random packets such that the node gets exhausted at the time of actual functioning. For example, a depleted smoke detector node in a fire detection system will fail in reporting an emergency. • TH4. An adversary can physically access the smart device hardware and software. Thus, they can easily tamper with hardware, extract the cryptographic secrets, access the hard disk, change the OS, modify the integrated circuits, and can take control of the system. • TH5. An adversary can add a malicious node (a node clone) to an existing group of authorized nodes by replicating their identification number. For example, it can work in a passive mode to analyze the traffic or can also mislead the entire system.

Network Layer:
The Network layer is the middle layer, whose purpose is to receive data from the perception layer and then forward the same to the application layer for further processing, analysis, and smart services. The perception nodes can connect to a gateway through various means like Bluetooth low energy (BLE), Zigbee, 802.15.4, long range wide area network (LoRaWAN), SigFox, Wi-Fi, near-field communication (NFC), and RFID. These options/means have a trade-off in terms of bandwidth, range, and power consumption. The gateway device is further connected to a network server or an application via 3G/4G, LTE, OFC, and satellite [15]. The threats at the network layer are

•
TH6. An adversary can listen to the network traffic over the communication links. Thus, they can get access to control information (node configurations, shared network passwords, node identities) and extract usernames and passwords as well. • TH7. The fraudulent packets can be injected into the communication links to mislead the system. For example, adding a manipulated header, checksum, and packet data. • TH8. An adversary can jam the communication links. Thus, preventing the transmission of legitimate data. This could be achieved even by adding a malicious router that can refuse to route messages or can misdirect them. • TH9. The adversary can also exploit the routing of packets by dropping, spoofing, redirecting, and misdirecting the packets to launch various attacks. For example, they can change the routing information and can add routing loops.

Application Layer:
The application layer is the topmost layer in the IoT architecture which provides smart services to its users in the form of smart home autonomous services, health statistics, business intelligence, industrial automation, smart irrigation, environmental monitoring, and smart city sharing services. It provides an interface for the user to interact with the IoT system. The major concerns at this layer are in the context of security and privacy of user information, and storage and processing of raw data received from the sensors. The Application developers mainly focus on service delivery and efficiency and have less to do with security. Thus, they get more compromised, and more often their services are denied to the authentic users [23]. The threats at the application layer are • TH10. The malware can easily compromise the IoT enabled devices by using weak authentication /authorization process of applications. Thus, linking those infected devices to create a botnet to launch more severe attacks. • TH11. An adversary can run a random JavaScript code in the prey's browser. Thus, private data could be theft and even smartphone could be hacked. • TH12. An adversary can also escalate the privileges to access unauthorized data/functionality. For example, the threshold of health monitoring devices to give an alarm could be changed.

IoT: Attack Surfaces
The numerous cyber-security challenges [33] are imposed by the growing attack surfaces in IoT. Moreover, these challenges are the system's own intrinsic vulnerabilities exposing the system to several attacks. The attack surfaces may include device firmware, different interfaces (web, administrative, physical), hardware, device memory, system applications, and network services as shown in Figure 5. Additionally, the full-duplex communication links open the multiple paths for network attacks over the communication protocols. For example, most of the smart devices are receptive to IP misconfiguration leading to unusual behaviour and hence declines the system's overall performance. Furthermore, the amalgam of IoT with cloud computing increases IoT services with exposure to the global gateway as well as open networks. Along with IP spoofing, gateways are perfect points for malicious threats, intrusions, man-in-the-middle attacks, DDoS, and injection attacks. Additionally, most of the IoT applications being web or mobile-based, are developed using application programming interface (API) (PHP, XML, and Java) and an unpatched API leads to several malicious attacks. Thus, the challenges IoT Attack surfaces (AS) impose should be taken into consideration by those looking to implement IoT Technologies, developers, and security researchers [34]. • AS7. Mobile Applications: An attacker can take undue advantage by malicious use of mobile applications. The mobile applications are implicitly trusted by device/ cloud, and thus an attacker can find out usernames, weak passwords, known default credentials, can access insecure data storage, log file information, and unencrypted traffic. Furthermore, they can misuse an insecure password recovery mechanism, no two-factor authentication, and noaccount lockout mechanisms. • AS8. Administrative Interface: The intruder can exploit the administrative interface of an IoT system using SQL injection, can get the user's default credentials, their username, and weak passwords. Likewise, they can misuse poor account lockout mechanisms, logging details, no two-factor authentication, and the encryption process. They can also do cross-site scripting and cross-site forgery.

IoT: Security Vulnerabilities and Challenges
The zero-day vulnerabilities and hacking tools are in great demand for Internet-based crimes. IoT being an integral part of today's society is exploited more by adversaries for maximum damage. Moreover, their resource-constrained nature and poor security mechanisms make them more vulnerable. Significant research has been devoted to devising security mechanisms to address the growing security concerns in IoT. In this direction, IoT vulnerabilities must be handled seriously to slow down the pace of IoT attacks. Various tools such as Dojo [35], Nessus [36], and Shodan [37] have been developed to find out the vulnerabilities in an IoT system [38]. Further, for quantifying these vulnerabilities, the CVSS framework is used in vulnerability modelling. However, the unique features of IoT systems are not addressed even by the current version of CVSS, i.e., CVSSv3. This is because CVSS has originally been devised for conventional IT systems, which are considerably different in terms of functionality and design. Consequently, the method of scoring of attack vectors • AS1. Device Firmware: By getting access to this attack surface, the potential adversary can get hardcoded credentials, encryption keys, sensitive URL's, firmware version, and the last date when it got updated. They can also get vulnerable services like ssh, tftp, and web, and can even create backdoor accounts through firmware. • AS2. Device Memory/Information: This includes data gathered by different sensors, different security keys, security certificates, device information, and user information. Thus, the device should not store passwords and usernames in clear text, encryption keys, and third-party credentials in its memory. Though in most of the devices encryption keys and passwords are even hardcoded. • AS3. Device Physical Interface: Through device physical interface, the adversary can get the device id, escalate the privileges, reset the device to an insecure state, can extract the firmware and storage media. • AS4. Device/Cloud Web Interface: The intruder can exploit the web interface of the device/cloud using SQL injection, can get the user's default credentials, their username, and weak passwords. Furthermore, they can misuse an insecure password recovery mechanism, no two-factor authentication, can do cross-site scripting, and cross-site forgery. • AS5. Device Network services: The attacker can misuse the network services to launch attacks like DoS, buffer overflow, and replay attack. The attacker can block the Over-the-air (OTA) firmware update, can analyze and see the network traffic within the LAN/WAN, thus hindering the privacy and integrity of information flowing through the network. • AS6. Update Mechanism: A potential adversary can launch many attacks by exploiting the weak update mechanisms of IoT devices. The remote attacker could take advantage of loopholes like sending updates without encryption, unsigned updates, writable update location, no update verification, enabling malicious updates, missing adequate update mechanism, and no procedure for manual updates. • AS7. Mobile Applications: An attacker can take undue advantage by malicious use of mobile applications. The mobile applications are implicitly trusted by device/ cloud, and thus an attacker can find out usernames, weak passwords, known default credentials, can access insecure data storage, log file information, and unencrypted traffic. Furthermore, they can misuse an insecure password recovery mechanism, no two-factor authentication, and no-account lockout mechanisms. • AS8. Administrative Interface: The intruder can exploit the administrative interface of an IoT system using SQL injection, can get the user's default credentials, their username, and weak passwords. Likewise, they can misuse poor account lockout mechanisms, logging details, no twofactor authentication, and the encryption process. They can also do cross-site scripting and cross-site forgery.

IoT: Security Vulnerabilities and Challenges
The zero-day vulnerabilities and hacking tools are in great demand for Internet-based crimes. IoT being an integral part of today's society is exploited more by adversaries for maximum damage. Moreover, their resource-constrained nature and poor security mechanisms make them more vulnerable. Significant research has been devoted to devising security mechanisms to address the growing security concerns in IoT. In this direction, IoT vulnerabilities must be handled seriously to slow down the pace of IoT attacks. Various tools such as Dojo [35], Nessus [36], and Shodan [37] have been developed to find out the vulnerabilities in an IoT system [38]. Further, for quantifying these vulnerabilities, the CVSS framework is used in vulnerability modelling. However, the unique features of IoT systems are not addressed even by the current version of CVSS, i.e., CVSSv3. This is because CVSS has originally been devised for conventional IT systems, which are considerably different in terms of functionality and design. Consequently, the method of scoring of attack vectors and attack complexity must be different for an IoT system and IT system. For example, IoT sensors being in outer layers are more vulnerable than firewall-protected IT nodes.
Another factor found includes human safety, as we are having more dependence on IoT. As our routine life is merged with IoT, more risks are imposed on human lives. The decisions which were earlier made by humans are now taken by IoT systems. At times, incorrect decisions may lead to huge losses for humans. Hence, the criticality of IoT vulnerability is too dependant on the absence of human safety measures. Table 3 summarizes various factors based on which CVSS quantifies IoT vulnerabilities. It is found that CVSS considers only three security features namely confidentiality, integrity, and availability. As analyzed in Table 3, according to CVSS version 3.0, the poor cryptographic mechanisms for IoT devices are the most exploited one with the CVSS score 10.0 and it affects all the three in a Confidentiality, Integrity, and Availability (CIA) Triad. On similar lines, buffer overflow, improper access control, code injection, and escalated privileges do the same. Furthermore, most of these vulnerabilities used the network as the attack vector. But for IoT, more factors need to be explored to quantify IoT vulnerabilities in an efficient manner. Further research must be carried out to design a framework specifically for quantifying IoT vulnerabilities. Some of these vulnerabilities taken from the NVD database and summarized in Table 2 are described as follows [39,40]: The hardcoded GPG key in the Belkin WeMo Home Automation firmware (before 3949) allows remote attackers to easily spoof firmware updates and can also execute arbitrary code through crafted signed data.

Case Study 1: Smart Transportation
In this section, we discuss a use-case of the Intelligent Transportation System installed in various cities across the world.

Intelligent Transportation System
An intelligent transportation system (ITS) [41] is an advanced application that makes use of various technologies for sensing, communication, analysis, and controlling the entire transportation system to make better decisions for efficient traffic management. However, ITS is not only about connected cars and smart road infrastructures; smart air traffic systems, railways and maritime also come under this domain. In these systems, real-time data about the traffic conditions, video feeds, the location and speed of vehicles, and schedule delays are collected by widespread sensors across the city. The collected data is transmitted via the existing communication channels from sensors to a data analytic center. In the data analytic center, data undergo pre-processing for further analysis. The useful insights and predictions are made and then communicated to end-users.
As turned up in Figure 6, IoT devices are an integral part of the ITS system, relaying insightful information for numerous services. These services are provided by working on factors like improving traffic safety, traffic congestion, reducing air pollution, and increasing energy efficiency. The vehicles can choose their route in a better way by knowing real-time traffic conditions. It provides insights to the government like where the new mobility options are required, and maintenance is needed. Moreover, the traffic signals can automatically adjust their timer based on real-time traffic conditions. Thus, preventing traffic congestion and pollution. Additionally, it enriches the public with prior information about transportation, enhancing their comfort and safety. The pedestrians connect to the ITS with their mobile phones. While utilizing public transportation and smart parking system, they get the useful information, for example; parking space, traffic updates, hazards, weather conditions, bus schedules, the present location of the bus, the next destination, seat availability, delays, passenger density, and emergency events, collected using a bed of sensors [42]. • Sensors: Tesla Motors disclosed the first death in a self-driving car due to compromised sensors that were unable to make out 18-wheel truck on the highway [52]. These self-driving cars extensively rely on several sensors to feed the sub-systems for collision avoidance, lane In the discussed use case of ITS, the smart road transport system will be covered in terms of embedded threats and vulnerabilities [43] as depicted in Figure 7 and discussed in general in Section 3. Some real-time attacks hampering smart services and threatening human lives will also be seen. The automobiles today comprise a number of Electronic Control Units (ECU) for the better functioning of breaks, central locking systems, and airbags, along with emergency calls and infotainment [44]. These subcomponents are connected with each other and ECUs via the Controlled Area Network (CAN) bus. But these CAN buses are the most vulnerable part of the modular vehicles, as they are not integrated with any security mechanism until now. Furthermore, it is found that most of the modern vehicles are still working with insecure vulnerable CAN buses. The huge number of attacks are demonstrated in preliminary works [45]. To name a few, one can control the entire car, its speedometer, its brakes, engine everything by injecting the false command into the bus. Vulnerabilities in the smart transportation system can be identified and removed well in time before getting exploited, and thus preventing the system from several threats. The above use-case shows that the cyber-attacks could be life threatening in ITS systems. This becomes more serious as no cyber-security policies have been formed for smart transportation, as published in the European Network and Information Security Agency (ENISA) reports [56]. However, recently ENISA has published good practices for improving the security of connected cars [57]. These practices need to be incorporated into an intelligent transportation system to leverage the maximum benefits of their services. For this, both manufacturers and consumers must be informed about security practices. Presently, the users are unaware of the consequences they will face relying on vulnerable automobiles and insecure transportation systems. Additionally, with less bothered consumers, manufacturers do not spare the budget for integrating cyber-security mechanisms in ITS.

Case Study 2: Secure Energy Management
In this section, we discuss a use-case of the Smart Grid installed in various cities across the world for efficient energy management.

Smart Grid
Our lives have changed manifold with technological advancements in Information and communications technology (ICT). Smart Grids are one of those benefits of such technological shifts. The electric grids supply the energy received from power plants to the consumers. This supply of energy is not on the current energy requirements and thus leading to energy wastage or shortage at the user's end. The Smart Grid aids in efficient energy management by integrating sensors at various The CAN buses being the one thing, the other open attack surfaces comprise of sensors embedded in cars and roadside, communication protocols, and vehicular infotainment systems. The connected cars with cellular data SIM cards or Wi-Fi provide multiple services, for example, automated emergency calls, smart infotainment services, remotely updating of automobile's firmware, and real-time navigation system [46]. The on-board sensors also provide insightful services, such as avoiding collisions, smart notification systems, Autonomous Driving Systems (ADS), collision avoidance, and self-regulating speed enforcement [47]. However, it is not wise to overlook the trivial security challenges merged with useful services. This severity could be realized by the following attacks [48].

•
Communication medium: The adversary can manipulate different car operations as well as inject false commands just by exploiting the vulnerabilities of Wi-Fi. It is found that the user's mobile applications use the Wi-Fi access point of car for controlling its various operations. Thus, the adversary remotely enters the car with ease by just bypassing the weak authentication (password) system of the Wi-Fi [49]. Similar attacks are seen by manipulating the telematics system, Bluetooth, and radio transmitters. • Infotainment System: A lot much can be done against smart vehicles by exploiting the vulnerabilities of the infotainment system in connection with network vulnerabilities. In one such incident, 1.4 million vehicles [50] were recalled by the manufacturer to patch the similar Through the open ports and secure shell service, the remote attacker discovered as well as exploiting the vulnerabilities of several chips in the head unit and malfunction the infotainment system of Harman U-connect. Thus, they remotely controlled the car, by altering the CAN firmware connected with the infotainment [51]. • Sensors: Tesla Motors disclosed the first death in a self-driving car due to compromised sensors that were unable to make out 18-wheel truck on the highway [52]. These self-driving cars extensively rely on several sensors to feed the sub-systems for collision avoidance, lane assistance system, and adaptive cruise control. All these components being dependent on wireless connections for proper functioning provides a large landscape for remote attackers, and thus the system failures. • Traffic Systems: The remote attackers can hamper the crucial emergency services, cause accidents, and create traffic jams by compromising the traffic control systems using the on-road sensors.
For the same, the adversary exploits the data link layer vulnerabilities of radio communications [53]. Furthermore, self-propagating firmware patches could amplify such attacks, thus including numerous sensors and repeaters across the world. It is found that the traffic infrastructure also contributes to launching DoS attacks.
Thus, in general, ITS may fail in the following conditions [54,55]: ITS will be more efficient by integrating the threat architecture with the existing one. The use of the proposed threat architecture in smart transportation before its deployment offers various benefits such as

•
Stops leakage of data.

•
Lessens the compromising of smart nodes.

•
Prevents the misleading of the entire system.

•
Checks on the wrong information.

•
Alerts the developer for precautionary measures. • Vulnerabilities in the smart transportation system can be identified and removed well in time before getting exploited, and thus preventing the system from several threats.
The above use-case shows that the cyber-attacks could be life threatening in ITS systems. This becomes more serious as no cyber-security policies have been formed for smart transportation, as published in the European Network and Information Security Agency (ENISA) reports [56]. However, recently ENISA has published good practices for improving the security of connected cars [57]. These practices need to be incorporated into an intelligent transportation system to leverage the maximum benefits of their services. For this, both manufacturers and consumers must be informed about security practices. Presently, the users are unaware of the consequences they will face relying on vulnerable automobiles and insecure transportation systems. Additionally, with less bothered consumers, manufacturers do not spare the budget for integrating cyber-security mechanisms in ITS.

Case Study 2: Secure Energy Management
In this section, we discuss a use-case of the Smart Grid installed in various cities across the world for efficient energy management.

Smart Grid
Our lives have changed manifold with technological advancements in Information and communications technology (ICT). Smart Grids are one of those benefits of such technological shifts. The electric grids supply the energy received from power plants to the consumers. This supply of energy is not on the current energy requirements and thus leading to energy wastage or shortage at the user's end. The Smart Grid aids in efficient energy management by integrating sensors at various junctions and smart meters at the end nodes. The collected data are analyzed on the servers to infer insights for dynamic load balancing. It distributes the energy as per the current needs of users as smart meters feed the data regarding the daily energy usage of the consumer. All Smart Grids aim at meeting the demand for power at the minimum cost possible. The exponential increase in the number of power-based household/daily-need appliances raises the concern for efficient energy management. Until now, it is found that the number has reached 330 million power-based appliances in the U.S. [58]. Therefore, the optimization of daily-based energy consumption has become a prime concern.
In Smart Grid, the demand response management and load forecasting tackle the aforementioned concern efficiently. In this scheme, the user can change its power usage pattern concerning load and cost information. In peak hours, the load can also be reduced and shifted accordingly at different intervals with overall less power consumption. The two-way communication with the power-suppliers, allows the consumers to efficiently use and save the electric power. It has also increased resilience by efficiently merging with microgrids and other distributed energy sources [59]. Moreover, with energy trading in energy internet, the energy generated at power grids during non-peak hours could be transferred to power banks of electric vehicles and these vehicles can transmit the energy back to the grid during peak hours. Thus, in this way, connected electric vehicles aid efficient energy management in power grids. The blockchain technology with artificial intelligence and IoT also contributes in the same [60]. The microgrids have come across as the other way to increase the efficiency of the smart grids.
A microgrid is a power grid that comparatively works at a smaller scale and can meet the demand of a particular area. They can also merge with the main power grid as they have their own power source, generally the renewable one (solar panel, wind turbines) and called the hybrid microgrids. Generally, they serve as a back-up for the main power grid in case of heavy loads and outages. The infant technologies, power-grid complexity, their huge number, and regulatory requirements hinder the growth of the smart grid. In this context, microgrids could of great aid. Being a complete power grid with an energy source, storage, and distribution at a smaller scale, they can serve as a good alternative path for the development of a smart grid. It is comparatively easier and cheaper to deploy smart technologies in a microgrid. Moreover, initially smart technologies need to fulfil the specifications for a smaller grid as microgrid works with specific load requisites. Thus, microgrids can serve as a testbed for checking the performance of Smart Grid solutions. Furthermore, smart microgrids interconnected with one another will form a much bigger smart grid [61].
Transforming electric grids into Smart Grids with IoT and other prevalent technologies widen the attack surface for power grids. The adversaries could exploit the known vulnerabilities of network and IoT devices to remotely move into the smart grid. For example, the cyber-attack on the Ukraine power grid [62] has put thousands of people in the dark with power outages. They have remotely controlled the several power stations and further launched a DoS attack, thus preventing the power engineers to know about the blackout. In this attack, the BlackEnergy trojan horse has entered the vulnerable devices and corrupted their hard drives with spear phishing. Such attacks not only put the lives of people at risk but also badly affects the economy of a country like Stuxnet. Now the organized entities and countries have got involved in cyber-attacks to break down the electrical networks of other countries. In 2018, the American Electrical network has undergone infiltration by Russia and led to a huge number of cyber-attacks including French electrical networks [63]. Some of the significant consequences of these attacks on power grids could lead to demand-supply mismatch and thus cause load curtailment, partial/full power outage, and load shedding [64].
As turned up in Figure 8, IoT devices have become an integral part of Smart Grids relaying insightful information for reliable and efficient power services. The figure also depicts the several vulnerabilities embedded in the smart grid and getting easily exploited by the hackers for the malfunctioning of the electric power system. These vulnerabilities must be accessed and patched well in time to shrink the large landscape provided to the adversaries by interconnected electric grids. The common attack surfaces for the Smart Grid include communication protocols, customer data, grid databases, control centers, on-field components, software, and insecure smart meters, which can be seen in detail in Section 4. Some of the vulnerabilities in the smart grid system are as follows: • The common communication protocols with known vulnerabilities are used in Smart Grids. For example, buffer overflow vulnerability in Inter-Control Center Communications Protocol (ICCP), used for data exchange among utility control centers. • Smart Grids being in an unprotected environment put the great risk of physical damage to its interconnected components.

•
Smart meters could easily be used as a bot using malwares/insecure remote updates. Thus, providing a local easy access point for remote attackers to comparably unreachable power grids.

•
The privacy of the user can be hindered by inferring information like daily routines, consumer's presence or absence, the number of persons in a home from smart meters.
Energies 2020, 13, x FOR PEER REVIEW 19 of 24 • The common communication protocols with known vulnerabilities are used in Smart Grids. For example, buffer overflow vulnerability in Inter-Control Center Communications Protocol (ICCP), used for data exchange among utility control centers. • Smart Grids being in an unprotected environment put the great risk of physical damage to its interconnected components.

•
Smart meters could easily be used as a bot using malwares/insecure remote updates. Thus, providing a local easy access point for remote attackers to comparably unreachable power grids.

•
The privacy of the user can be hindered by inferring information like daily routines, consumer's presence or absence, the number of persons in a home from smart meters. A Smart Grid will be more efficient by integrating the threat architecture and vulnerability assessment module with the existing general architecture. In this use-case, the general vulnerability assessment method and threat architecture work on Smart Grids to find embedded threats and vulnerabilities. The vulnerability assessment works in four phases. The collector collects all the A Smart Grid will be more efficient by integrating the threat architecture and vulnerability assessment module with the existing general architecture. In this use-case, the general vulnerability assessment method and threat architecture work on Smart Grids to find embedded threats and vulnerabilities. The vulnerability assessment works in four phases. The collector collects all the information about the device and network and then feeds to the analyzer. The analyzer compares the given information with vulnerability databases, and predicts the known vulnerabilities. These vulnerabilities are then scored as per their severity using quantifier with CVSSv3. The mitigator mitigates these vulnerabilities as per their priority and communicates the same to the manufacturer, system administrator, and the specific user [58][59][60][61][62][63][64][65][66][67][68][69][70][71]. The advantages of the proposed approach are as follows: • Ensuring the privacy of smart meter's data and the two-way communication between utility providers and consumers; thus, preventing the leakage of private sensitive data of the users.

•
Closing the loopholes like open ports, hardcoded/weak passwords reduce the risk of compromising of smart grid nodes.

•
Prevents the malfunctioning of the entire system.

•
Checks on the wrong information, being modified by the bad malicious actors.

•
The developer of the components used in the Smart Grid will be communicated with the vulnerabilities and their severity, to prevent the new devices from the known vulnerabilities at the production level only. • Vulnerabilities in the Smart Grid system can be identified and removed well in time before getting exploited, and thus preventing the system from several threats.
The proposed framework only gives the general idea of assessing the vulnerabilities and threats with their scores. The phases of this framework need to be covered in detail with proper methodology, implementation, and results. Additionally, in the proposed framework CVSSv3 is used to quantify these vulnerabilities which do not provide the appropriate way of scoring IoT vulnerabilities as discussed in Section 5. Moreover, the proper working of the analyzer to find the vulnerabilities from the collected information will also be covered in future work.

Conclusions
The vulnerabilities in IoT devices are playing an increasingly essential role in making the growth of IoT stagnant. Evidently, vulnerabilities in the IoT system render smart applications like intelligent transportation systems to the number of cyber threats. Therefore, it is important to assess and mitigate these threats to avail the benefits of smart services (e.g., smart traffic signals, enhanced road safety, efficient traffic management). This paper mainly presents the threat architecture of IoT which provides insights to the readers about the threats IoT is facing today. The IoT attack surfaces and major IoT vulnerabilities with their impact in terms of their exploitability are also illustrated. Finally, we present a case study to demonstrate the suitability of the proposed threat architecture in the existing one. The case study for secure energy management in power grids is also presented. This paper may also be used as a milestone to understand the usages of IoT in Smart energy Grid solutions and other related areas using sensors and analytics as well along with the security concerns and their challenges [65][66][67][68][69][70][71]. In addition to this, based on case study 2, it also covers the challenges of IoVT in the context of smart energy management. In the future, machine learning techniques will be explored for threat and vulnerability modelling in IoT. With intelligence, the proposed approach will be more efficient in finding new vulnerabilities and threats. Additionally, the given threat architecture will be extended with the framework to quantify these vulnerabilities with mitigations and its practical implementation in different scenarios.