Abstract
The heterogeneity of Internet of Things (IoT) systems has so far prevented the definition of adequate standards, hence making it difficult to compare meaningfully the security degree of diverse architectural choices. This task can be nonetheless achieved with formal methodologies. However, the dedicated IoT literature shows no evidence of a universal model allowing the security evaluation of any arbitrary system. Based on these considerations, we propose a new model that aims at being global and all-encompassing. Our model can be used to fairly analyse the security level of different IoT systems and compare them in a significant way. It is designed to be adaptive with realistic definitions of the adversary’s (1) actions of interacting with IoT systems; (2) capabilities of accessing the data generated by and exchanged in IoT systems with established rules; and (3) objectives of attacking IoT systems according to the four recognised security properties of confidentiality, integrity, availability and soundness. Such a design enables the straightforward characterization of new adversaries. It further helps in providing a fine-grained security evaluation of IoT systems by either accurately describing attacks against the analysed systems or formally proving their guaranteed level of security.
Highlights
In the domain of computer science and symmetry, the development of new types of sensors and actuators supported by network connectivity is shaping the concept of the Internet of Things (IoT).This technology is completely changing the users’ approach and use of the cyber-space
As our model aims at being lightweight and usable, we demonstrate its practicality with the security analysis of two different IoT systems
We proposed a new model able to analyse the security properties of IoT systems
Summary
In the domain of computer science and symmetry, the development of new types of sensors and actuators supported by network connectivity is shaping the concept of the Internet of Things (IoT) This technology is completely changing the users’ approach and use of the cyber-space. Lots of papers related to the security in IoT systems have been published recently They present models that are usually threat-based oriented (i.e., validating the resistance of a system to a finite set of known attacks), strongly linked to very specific application scenarios, or focused on the devices as individual entities rather than as a complete system. The model presented in [9] is able to compare RFID systems appropriately, considering various system architectures To cover this gap, we propose a formal model for evaluating whether or not fundamental security primitives are provided by IoT solutions.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
