Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

Aarón Echeverría,Ivan Ortiz-Garces,Roberto O Andrade,Cristhian Cevallos

doi:10.3390/app11073260

Aarón Echeverría, Ivan Ortiz-Garces + Show 2 more

Open Access

https://doi.org/10.3390/app11073260

Copy DOI

Abstract

The inclusion of Internet of Things (IoT) for building smart cities, smart health, smart grids, and other smart concepts has driven data-driven decision making by managers and automation in each domain. However, the hyper-connectivity generated by IoT networks coupled with limited default security in IoT devices increases security risks that can jeopardize the operations of cities, hospitals, and organizations. Strengthening the security aspects of IoT devices prior to their use in different systems can contribute to minimize the attack surface. This study aimed to model a sequence of seven steps to minimize the attack surface by executing hardening processes. Conducted a systematic literature review using Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) techniques. In this way, we were able to define a proposed methodology to evaluate the security level of an IoT solution by means of a checklist that considers the security aspects in the three layers of the IoT architecture. A risk matrix adapted to IoT is established to evaluate the attack surface. Finally, a process of hardening and vulnerability analysis is proposed to reduce the attack surface and improve the security level of the IoT solution.

Highlights

The Internet of Things (IoT) is a set of interrelated electronic devices, mechanical and digital machines, objects, animals, or people that have unique identifiers
Based on the qualitative analysis carried out using the systematic review tool Rayyan, we identified nine proposals based on Open Web Application Security Project (OWASP), International Organization for Standardization (ISO), risk analysis, among others, used in research conducted from 2016 to 2021; see Table 3
The aim of the analysis is to propose a methodology to determine the security level on IoT system based on seven steps that include: establish the purpose and requirements; perform a risk analysis to enable the correct operation of the IoT system; disable unnecessary protocols, services, and configurations; determine the attack surface; execute the vulnerability analysis; process hardening in the

Summary

Introduction

The Internet of Things (IoT) is a set of interrelated electronic devices, mechanical and digital machines, objects, animals, or people that have unique identifiers. IoT can transfer data over a network without requiring human-to-human interaction or the interposition of a human being with a computer [1]. With the emergence of IoT, there are multiple devices connected to a telecommunication network, from household appliances to industrial machines. All these devices can be controlled remotely without requiring human presence or interaction. IoT devices are expose to a series of threats. The most common threats are viruses and denial of service (DOS) attacks.

Objectives

Findings

Discussion

Conclusion