Journal of Information Security and Cryptography (Enigma)

Internet of Things (IoT) accelerating growth exposes many unsecured issues related to the design and the usage of network integrated devices. This paper presents a fuzzy evaluation method, based on both IOT hardware/software developers’ and users’ knowledge, creating an novel model to aid correctness actions over security procedures, in order to increase the IOT safeness usage. This method combines both the developer’s and user’s perspectives, creating an integrated adaptive evaluation attached to the Information Technology security standards and best practices guidelines. The proposed evaluation method is divided by categories, each one composed of security control clauses and their corresponding action recommendation. The user perspective of such evaluation method was applied into a service company, and the developer perspective was defined by an IoT device manufacturer. The obtained results have shown that the evaluation method enhances both the manufacturer security awareness and the IOT users experience in the improvement of security IoT issues.

Internet of Things; Information Security; Fuzzy Logic; Good Practices; Evaluation

Tully, Jim. “Analysts to Explore the Value and Impact of IoT on Business”, In: Gartner Symposium/Itxpo, November 10, 2015.

Medeiros, Lohana Santos ; Zuvanov, Fabio; Mello, Flávio Luis de; Strauss, Edilberto . IoT Information Security Evaluation for Developers and Users. Journal of Information Security and Cryptography (Enigma), v. 4, p. 16-22, 2018. doi: 10.17648/enigma.v4i1.63

Riahi, A.; Challal, Y.; Natalizio, E.; Chtourou, Z. Chtourou; Bouabdallah, A. "A Systemic Approach for IoT Security," 2013 IEEE International Conference on Distributed Computing in Sensor Systems, Cambridge, MA, pp. 351-355, 2013. doi: 10.1109/DCOSS.2013.78

Roman, R.; Najara, P.; Lopez, J. "Securing the Internet of Things," In Computer, vol. 44, no. 9, pp. 51-58, Sept. 2011. doi: 10.1109/MC.2011.291

Abomhara, M.; Køien, G. M. "Security and privacy in the Internet of Things: Current status and open issues", 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), Aalborg, pp. 1-8, 2014. doi: 10.1109/PRISMS.2014.6970594

Chamberlain, Roger D.; Chambers, Mike; Greenwalt, Darren; Steinbrueck, Brett; Steinbrueck, Todd. "Devices Can Be Secure and Easy to Install on the Internet of Things", In: Integration, Interconnection, and Interoperability of IoT Systems, Ed. Gravina, Raffaele; Palau, Carlos E.; Manso, Marco; Liotta, Antonio; Fortino, Giancarlo. Springer International Publishing, pp.59-76, 2017. doi: 10.1007/978-3-319-61300-0_4

Oh, S. R.; Kim, Y. G. "Security Requirements Analysis for the IoT," 2017 International Conference on Platform Technology and Service (PlatCon), Busan, pp. 1-6, 2017. doi: 10.1109/PlatCon.2017.7883727

Nawir, M.; Amir, A.; Yaakob, N.; Lynn, O. B. "Internet of Things (IoT): Taxonomy of security attacks," 2016 3rd International Conference on Electronic Design (ICED), Phuket, pp. 321-326, 2016. doi: 10.1109/ICED.2016.7804660

Wurm, J.; Hoang, K.; Aria, O.; Sadeghi, A. R.; Jin, Y. "Security analysis on consumer and industrial IoT devices," 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), Macau, pp. 519-524, 2016. doi: 10.1109/ASPDAC.2016.7428064

Abomhara, M.; Køien, G. M. "Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks", Journal of Cyber Security and Mobility, v.4, n.1, pp. 65-88, 2015. doi: 10.13052/jcsm2245-1439.414

Bera, P., Ghosh, S. K.; Dasgupta, P. "Integrated security analysis framework for an enterprise network - a formal approach," IET Information Security, v.4, n.4, pp.283-300, 2010. doi: 10.1049/iet-ifs.2009.0174

Sonar, Krushang; Upadhyay, Hardik. "A Survey: DDOS Attack on Internet of Things", International Journal of Engineering Research and Development, v. 10, n. 11, pp.58-63, November 2014.

Pan, Yao; White, Jules; Schmidt, Douglas C.; Elhabashy, Ahmad; Sturm, Logan; Camelio, Jaime; Williams, Christopher. "Taxonomies for Reasoning About Cyber-physical Attacks in IoT-based Manufacturing Systems", International Journal of Interactive Multimedia & Artificial Intelligence, v.4, n.3, pp.45-54, 2017.

Koivu, A. et al., "Software Security Considerations for IoT," 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Chengdu, pp. 392-397, 2016. doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2016.93

Pérez, S.; Martínez, J. A.; Skameta, A. F.; Mateus, M.; Almeida, B.; Maló, P. "ARMOUR: Large-scale experiments for IoT security & trust," 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, pp. 553-558, 2016. doi: 10.1109/WF-IoT.2016.7845504

OTA. "IoT Trust Framework v2.5", Online Trust Alliance / Internet Society, 2017.

Ross, Ron; McEvilley, Michael; Oren, Carrier. “Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”, NIST Special Publication 800-160, National Institute of Standards and Technology, November, 2016. doi: 10.6028/NIST.SP.800-160

DHS. “Strategic Principles for Securing the Internet of Things”, U.S. Department of Homeland Security, version 1.0, November 2016.

OWASP. “Manufacturer IoT Security Guidance”, Open web application security project, 2016.

Bardach, Eugene. "A Practical Guide for Policy Analysis: The Eightfold Path to More Effective Problem Solving", Thousand Oaks, CA: Sage, 2011.