Security requirements identification and prioritization for smart toys

Abstract

• We present a process for identifying issues, threats and requirements for the development of secure smart toys. • We outline security issues, threats and requirements identified by the proposed elicitation process. • We present two prioritization techniques for security requirements. • We compare the results obtained by different prioritization. techniques • We discuss how to tailor the results to specific scenarios. A smart toy is a traditional toy (e.g., car, doll and stuffed pet) that can use sensors and cloud-based services to leverage data collection to learn user’s preferences and provide them with more personalized experiences. The high connectivity and the “intelligent” nature of smart toys are indeed appealing for children. Nevertheless, connected devices are easy targets of hacking and personal data exchanged with cloud services raises many security concerns, especially when the main target audience are vulnerable users, i.e., children. Many security breaches have been found in bestseller smart toys, and several security incidents have been reported. Many organizations (e.g., FBI, Consumers International and Mozilla) have raised alerts to parents pointing to the risks associated with such products. Many studies have been published trying to solve or mitigate security problems in smart toys, but they usually focus on specific aspects of the toy architecture and usage. In this paper, we show how we used the Microsoft SDL method to identify a comprehensive list of security issues based on specific regulations (e.g., COPPA, PIPPEDA, GDPR), threats based on surface attack analysis, and security requirements that address security issues and threats. We also present a method we adopt to prioritize the security requirements based on risk assessment, the AHP method and generic scenarios. Although the security requirements we identify and prioritize may not be sufficient to all cases, they are comprehensive enough to cover most scenarios. Furthermore, the rationale we provide of how to use the SDL process to identify and prioritize security requirements may be useful to tailor the requirements and the priority list to specific contexts.