A Novel Threat Modeling and Attack Analysis for IoT Applications

Abstract

At the current pace of technological advancement, it is evident that IoT (Internet of Things) devices are becoming an inevitable part of daily life. Since the growth rate is exceptional, this situation has led to an alarming rise in concern for security threats and issues in the IoT devices. The purpose of this study is to introduce a novel and well-structured threat-modeling approach which is specifically tailored for IoT devices. Traditional threat models like STRIDE, LINDDUN, CORAS, etc., are effective in software applications. However, these models do not cover every aspect of threats specific to IoT devices. The proposed approach consists of a seven-step threat-modeling process. This methodology also addresses aspects of IoT devices which directly affect the user: Privacy threats; Safety threats; and Malfunction threats (PSM). The mentioned threats cannot be addressed effectively with existing traditional threat-modeling approaches. The proposed threat modeling has been applied to three IoT applications: IoT-based smart home environments; IoT-based garment units; and IoT-based water quality management systems, in order to demonstrate the work’s effectiveness. It was seen that when coupling the proposed methodology with the PSM technique and existing threat modeling methods, threats directly affecting users were also identified. This method increases the performance and effectiveness of threat modeling, which leads to increased mitigation of the identified threats. This also leads to an increase in the security of the devices and environment. The final part of the study presents practical mitigation techniques to eliminate threats in IoT devices.