Security Modeling and Analysis of Cross-Protocol IoT Devices
Title | Security Modeling and Analysis of Cross-Protocol IoT Devices |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Ge, M., Hong, J. B., Alzaid, H., Kim, D. S. |
Conference Name | 2017 IEEE Trustcom/BigDataSE/ICESS |
Date Published | aug |
Keywords | Attack Graphs, Bridges, communication modules, communication protocols, composability, computer network security, Cross-protocol devices, cross-protocol IoT devices, graphical security model, Graphical security modeling, Internet of Things, IoT network, Metrics, Protocols, pubcrawl, resilience, Resiliency, security, security analysis, security modeling, smart devices, smart home, Smart homes, TV, Wireless fidelity, Zigbee |
Abstract | In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures. |
URL | https://ieeexplore.ieee.org/document/8029553/ |
DOI | 10.1109/Trustcom/BigDataSE/ICESS.2017.350 |
Citation Key | ge_security_2017 |
- Protocols
- Zigbee
- Wireless fidelity
- TV
- Smart homes
- Smart Home
- smart devices
- Security modeling
- Security analysis
- security
- Resiliency
- resilience
- pubcrawl
- attack graphs
- Metrics
- IoT network
- Internet of Things
- Graphical security modeling
- graphical security model
- cross-protocol IoT devices
- Cross-protocol devices
- computer network security
- composability
- communication protocols
- communication modules
- Bridges