Threat model for securing internet of things (IoT) network at device-level

Abstract

The Internet of Things (IoT) creates a theoretical bridge between end-users and the digital world. The IoT embodies a massive group of interconnected computing devices embedded with software, processors, and sensors capable of exchanging and transmitting data over a network infrastructure. IoT technology has become prevalent among central domains such as healthcare, commerce, and home. However, the IoT can often be thought of as a double-edged sword, in that it both assists with advancements in the respective fields and poses a potential risk. The rapid expansion of the IoT raises concern, in many cases, security tends to lag behind innovation in the global marketplace. Moreover, the United States government has not established stringent regulations that oversee IoT devices. Our research analyzes critical devices and the associated vulnerabilities and highlights the need for implementation of rigorous security controls. Furthermore, our research evaluates attack vectors for IoT devices that encompass three central domains, including healthcare, commerce, and home. A synopsis of our contributions include identification of vulnerabilities at the device-level; investigation of security threats created due to known vulnerabilities; application of appropriate security controls to closeout vulnerabilities and minimize the possibility of a threat occurring. Finally, specifically tailored case studies, designed to illustrate how our recommendations can be used to mitigate threats.