Threat Analysis for Wearable Health Devices and Environment Monitoring Internet of Things Integration System

Tzu Wei Tseng,Chia Tung Wu,Feipei Lai

doi:10.1109/access.2019.2946081

Tzu Wei Tseng, Chia Tung Wu + Show 1 more

Open Access

https://doi.org/10.1109/access.2019.2946081

Copy DOI

Journal: IEEE Access	Publication Date: Jan 1, 2019
Citations: 20	License type: CC BY 4.0

Affiliation: National Taiwan University

Abstract

With the rapid development of Internet of Things (IoT) applications, heterogeneous device management issues tend to arise in architecture security due to hardware computing power, types of software, data transmission interfaces, and networking protocols. Even during data exchange between devices and systems, traditional IoT devices are prone to the disclosure of personal information, which compromises privacy. Thus, planning an effective information security management strategy has become an essential part of application development. This paper presents a strategy to achieve information security verification and risk assessment for an IoT-based personal health information system. Using several interfaces of IoT devices, including Wi-Fi and Bluetooth, we simulate possible attack hypotheses and define test methods and evaluation methods suitable for each device. In our application systems for information security analysis, we also consider and integrate weaknesses of the system architecture to achieve a more complete information security threat analysis.

Highlights

The Internet of Things (IoT) is the concept of connecting devices to the Internet and each other to provide services
In medical services [3], [4], the IoT can assist the development of personal health care
In the STRIDE model-based risk assessment studies, either the DREAD model is used to calculate the risk ratio, a Data Flow Diagram (DFD) [30] is used to analyze more subtle risks, a custom risk assessment model is used [31]–[35], or risk analysis and protective measures are developed in the form of clauses

Summary

INTRODUCTION

The Internet of Things (IoT) is the concept of connecting devices to the Internet and each other to provide services. In medical services [3], [4], the IoT can assist the development of personal health care. Personal health care uses the application model of wearable devices to help process biological characteristics and ensure early detection and monitoring of some diseases [5]. Information security protection mechanisms for data and transmission processes are abandoned to achieve efficiency. Malware, the device continues to scan the IoT for Internet devices’ IP addresses and uses the default username and password to login to these devices. While the infected device will continue to work, it becomes a member of the Mirai botnet

RELATED WORK

USE CASE

THREAT MODELING

RISK ASSESSMENT FRAMEWORK

CONCLUSION