Abstract
Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.
Highlights
Internet of Things (IoT) has inaugurated the concept of enabling our daily life objects to communicate with one another with minimal human intervention to lavish human life [1]
As discussed earlier that both the STRIDE [12] and VAST [13] methodologies identify and map the use case threats into different categories
The rampant emergence of IoT devices caused the ignorance of security threats to a large extent
Summary
Internet of Things (IoT) has inaugurated the concept of enabling our daily life objects to communicate with one another with minimal human intervention to lavish human life [1]. A recent study [3] revealed that thousands of consumer IoT devices exposed over the internet are potentially vulnerable and most of them are webcams. The OWASP IoT project recently reported [5] the top ten security flaws in IoT devices that an attacker can exploit to take over the IoT devices. These flaws include weak, hardcoded, or guessable passwords, lack of security updates, etc. The attackers first exploit these vulnerabilities, bypass the user’s privacy and information and use the victim IoT device to perform different malicious activities ranging from shutting down service to control over end devices [6]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
