Security risk management in IoT environment

Abstract

The internet of things (IoT) devices envision great usage in military, civilian contexts, smart grids to smart cities and internet of battlefields to internet of vehicles. The digitally connected devices sharing high volume data pervasively imbibe several security and privacy concerns. As various wireless technologies are growing, the IoT devices usage is also growing. The miniaturization revolution has resulted in smart objects era. The IoT devices are resource constrained which follow many challenges of data security. IoT technology utilizes embedded sensors for gathering personal information, which imposes privacy challenges. The research work deals with the identification and mitigation ofthesecurity vulnerabilities by an intelligent and smart software vendor, which enumerates common vulnerabilities in its database and provides the possible solution for mitigating the same. The research puts emphasis on various security and privacy risks, attacks, threats, vulnerabilities, IoT vision, and protocol stack, supporting technologies, architecture and applications areas. The CVE (common vulnerability enumeration) method is employed to identify and mitigate security vulnerabilities. A deep analytical study has been performed for describing IoT vision, protocols, technologies, architecture, applications and security/privacy risks, attacks and threats. The results indicate how the security vulnerability identification helps in prioritizing business decisions by vulnerabilities quantification. We posit the smart vendor potential for IoT software security vulnerability mitigation by querying with the database as per vulnerability identification and making the developers enable for quantification and prioritization of vulnerabilities by providing various levels to them.