IoT Information Security Evaluation for Developers and Users

— The accelerated growth of Internet of Things (IoT) exposes many unsecured issues related to design and usage of devices leading to a new technological security paradigm. This paper presents an evaluation method and corrective actions to be carried out in order to make the usage of IoT devices safer. This method combines both the developer’s perspective and user’s perspective, thus differing from current guides. The proposed evaluation method is divided by categories, each one composed of security control clauses and their corresponding action recommendation. The user perspective of such evaluation method was applied into a service company, and the developer perspective into an IoT device manufacturer. These experiments produced useful perceptions on such view points. The evaluation provided an opportunity to enhance manufacturer security awareness and improve user experience with IoT devices.

of network connected devices; usage of tampering devices for acquiring sensitive data; loss of consumer privacy; slowdown of Internet functionality through large-scale distributed denial of service attacks; and potential disruptions to critical infrastructure.It is expected that in 2020 there will be 50 billion of connected devices [1], and since 2008 there has been more of such devices than human beings.This must be perceived with severe concern since commonly used IoT devices contain serious security vulnerabilities.It is important to understand IoT devices security risk because of what such equipments have access to.However, there are many basic security controls which, once put in place, can raise the security posture of a device.There are several vulnerabilities considered trivial and also relatively easy to remediate without affecting the user's experience.
This paper proposes information security evaluation for developers, manufacturers and users of IoT devices.It aims to present not only the main features one must be aware of, but also what must be done.The proposed method evaluates devices in order to identify faults and mitigate risks that this kind of technology brings to the life of people and companies, improving the confidence level, privacy and sustainable growth.

II. RELATED WORK
ANY researches have been carried out on IoT security issues.Riahi et al. [2] explain that IoT calls for a new paradigm of security, which will have to consider the security problem from a holistic perspective, including new actors and their interactions, and thus propose a systemic approach tosecurity.Roman et al. [3] also call attention to the convenience and economy provided by IoT devices, and that this scenario will require novel approaches to ensure its safe and ethical use.Abomhara and Køien [4] discuss the existing security threats, and open challenges in the domain of IoT.Wenjun et al. [10] and Kim [11] studied honeynet management tools.Alagheband and Aref [12] analyzed key management models for heterogeneous networks.Bera et al. [13] presented an integrated security framework.Chamberlain et al. [5] evaluate the need for balancing security, reasonable installation and maintenance efforts.The authors explain that security is a crucial issue, but if the security infrastructure is not relatively easy to use, it will ultimately be compromised by users who are insufficiently motivated to deal with the complexity of ensuring security.Oh and Kim [6] state that current IoT security requirements are insufficient.Attacks and vulnerabilities are widely studied.Nawir et al. [7] report the eventual attacks to IoT devices during safetycritical operations causing them to be in the shutdown mode.They created a taxonomy of security attacks within IoT networks to assist IoT developers for better awareness of the risk of security flaws, so that new protections shall be incorporated.Wurm et al. [8] identify backdoors and analyze security of hardware, software, and networks from commercial/industrial IoT devices.They provide experimental proof that security vulnerabilities are a common problem for most devices, and indicate solutions to help IoT manufacturers secure their products.Abomhara and Køien [9] not only classify threat types, but also analyze and characterize intruders and attacks to IoT devices and services.Sonar and Upadhyay [14] discuss different Distributed Denial of Service attack and its effect on IoT.Pan et al. [15] identify andclassify possible cyberphysical attacks and connect such attacks with variations in manufacturing processes and quality inspection measures.Their taxonomies also provide a scheme for linking emerging IoT-based manufacturing system vulnerabilities to possible attacks and quality inspectionmeasures.
Consequently, there are many frameworks and methodologies concerning IoT security.Koivu et al. [16] analyze different security solutions for IoT devices and propose techniques for further analysis.Their study provides guidance on implementing security solutions for both existing and coming IoT devices, by providing analysis and defining the Complexity of Implementation score for each solution.Pérez et al. [17] present a research project in which is defined a methodology to experiment, validate and certify different technological solutions in large-scale conditions.The Online Trust Alliance [18] produced the IoT Trust Framework, serving as a product development and risk assessment guide for developers, purchasers and retailers of IoT devices.It includes forty principles, segmented into four key categories.
This framework includes instructions on how to approach design and implementation choices that produce quality, secure, and affordable products.NIST [19] published a standard report that contains an IoT Security Guidance designed to help preventing exploitation of vulnerabilities and facilitating the creation of a disciplined, structured systems security engineering activities.DHS [20] explains these risks concerning IoT and provides a set of non-binding principles.It suggests good practices to raise security levels of IoT devices and systems.OWASP [21] also published an IoT Security Guidance that focus on IoT manufacturers, developers and consumers and categorizes the IoT security in ten principles.

III. IOT SECURITY EVALUATION
HERE are two main agents that contribute to IOT security: (1) device manufacturers and developers; (2) device users.The former are pressured by the time to market, producing fast implementation that bypasses basic security principles.The latter are usually unaware of security issues, and sometimes are even negligent about such issues.For this reason, it is important to encourage the use of security knowledge to make smarter decisions and perform tasks in new situations.Good practices provide instructions that have shown to work well, succeeding in achieving objectives, and that are replicable.In this section, IoT security evaluation is described in order to supply a recommendation security model.
The proposed evaluation helps manufacturers and developers to design their devices according to security and privacy good practices, and also proposes safer usage of such devices.The scheme is based on several frameworks [18,19,21] but it offers a different approach.It provides a model evaluation for both users and manufacturers/developers.Moreover, it also provides recommendations to improve the information security ecosystem, according to the results obtained from the evaluation model.
Thus, this evaluation is divided into two perspectives: manufacturer/developer and user.Each perspective is composed of four categories containing good practices items, which aim to estimate compliance.These estimations result into a criticality evaluation.This is illustrated at Figure 1.The good practices items are mapped over categories such as: Information security; Access and credentials; Disclosure, privacy and transparency; User notification.These categories are analyzed in separate because each one of them evaluates the criticality under different visions.The overall criticality for the whole perspective is given by the higher category criticality.
Moreover, the criticality level for each category is classified as low, medium and high.This level is associated with a score value obtained by the sum of the good practices items ratings.This scaling method is based on Likert Scaling [Carifio07], that is, it reproduces a level of agreement or disagreement on a symmetric agree-disagree scale for a series of statements.
T Therefore, good practice items compliances are rated according to the following: − Total Compliance: one point to the item when the practice is completely adherent to the feature being rated; − Partial Compliance: two points if the featured being rated is not completely fulfilled; − No Compliance: three points when practice has no conformity to the rating feature.

A. Manufacturer/developer perspective
This perspective helps the manufacturer/developer to produce more secure IoT devices.Each good practice is associated with actions that must be triggered so that a better compliance is obtained.The criticality level is obtained according to the compliance with such practices.Tables I to IV present the set of good practices and actions for each category under manufacturer/developer perspective.

B. User perspective
This perspective aims to make users aware of IoT technology and to show them the main issues they must be concerned about.The user must be well informed about security issues and risks he is exposed to, so that this user consumes the technology consciously and reduce side effects.Tables V to VIII present the set of good practices evaluators and actions for each category under user's perspective.
IV. EVALUATION TEST HISsection illustrates how the design concept of IoT security evaluation is feasible.Note that, along this article, the term good practice was used instead of best practice.As observed by Bardach [23], the work necessary to guarantee a practice to be the best is rarely possible and hardly ever done.Most of the time, such practices may be called good or smart practices, offering insights into solutions that may work for most situations.Therefore, this paper presents evidences that the good practices evaluation proposed here produces reasonable results.In order to support its viability, the IoT security evaluation test was applied to an IoT device manufacturer and to a service company.Before assigning such test, both companies were interviewed about their autoevaluation on IoT devices security.
The manufacturer/developer perspective was tested into a 12 years' experience IoT developing company, which defines itself as being concerned about security and privacy.It says that several efforts have been implemented to improve security and privacy in its products, but there were still some course of actions to be performed, such as data encryption.Users can configure events notification, but logs must be analyzed Overall Criticality Medium Most categories evaluated were classified with medium criticality, and the majority of trouble spots are not hard to solve.Moreover, simple actions such as strong password requirement, salt and hash encryption, and an active notification system would improve categories conformity value, as well as reduce the overall criticality.This diagnose is compatible with a company described as concerned with IoT security.
Furthermore, the user perspective was tested into a service company which has IoT devices such as smart TVs, IP security cameras, smartphones and IP phones.The company is not worried about IoT security and does not have any policy concerning such devices.In fact, the low interest on such subject forced a scope reduction of this analysis, restricting it to IP security cameras.Manufacture provides notification reports but there is no evidence that such information were ever analyzed Overall Criticality High Good practices IS1, AC2, AC4 indicate features that cannot be improved, since cameras do not support such characteristics.This is a consequence of a bad decision made by the time devices were purchased, and the only mitigation available is substitution.Besides, devices may comply with other good practices if their corresponding mitigation actions are taken.Concerning DPT1, devices are in accordance with the good practice, but, it is important to understand that the access to internal company images, or even images of its day by day operation are sensible too.Solving the compliance issues from all other categories will mitigate this problem with peculiar sensible data.The high criticality obtained is compatible with a company that is not concerned with IoT security.
Both tests resulted into criticalities that are well-suited to companies' profile.They provide evidence that the IoT security evaluation was adequately assembled and implemented.The actions triggered helpful and contextualized recommendations, thus supporting process redesign.These allow the identification of improvements to be made in order to get a better information security ecosystem.
V. CONCLUSION Tis important that the process of developing IoT device be secure in order to supply confidence to users who adopt it.On the other hand, users are usually considered the weakest link in the information security chain since they lack knowledge on technology, and sometimes do not know risks concerning such technology.However, by taking into account the IOT security evaluation, these risks can be mitigated.This work described an information security IoT test for both manufacturers/developers and users.The proposed evaluation allows analyzing the compliance with each good practice, which triggers actions to mitigate problems.Therefore, the evaluation makes advises to prioritize the actions that are necessary to be implemented and configured.Moreover, the IoT security evaluation also enables a risk analysis of IoT device and makes explicit the eventual absence of important features.
As future works, it is suggested an increment on the number of validation tests to guarantee statistical results.It is also interesting to evolve the evaluation to a framework, and therefore, it is necessary to follow up the triggered action taken by companies, and then, analyze the enhancement of categories criticality.
Table IX abridge the conformity evaluation.
Table X resumes the conformity evaluation that was performed.