TUI Model for data privacy assessment in IoT networks

Abstract

The development of the Internet of Things (IoT) has been at the forefront of progressing societal functionality. However, the addition of IoT devices in conventional information technology (IT) infrastructure has raised and prioritized the concern of information security and data privacy. The Common Vulnerability Scoring System (CVSS) is a framework for providing information to the public about the impact of vulnerabilities and exploits executed on a multitude of devices. While the CVSS addresses a plethora of conditions for vulnerabilities, it does not adequately make end-users aware of the impact data privacy can have on their devices. The primary objective of this research work is to extend the existing CVSS and propose a new model that acknowledges Transparency, Unlinkability, and Intervenability (TUI) to address the data privacy issues of IoT devices when scoring impacts of vulnerabilities. Our research has developed this model to provide a new sufficient score for analyzing the true impact of compromised data privacy. After the development of the new scoring for TUI, our research highlights case studies to emphasize the impact our TUI model will have on the CVSS. We strongly believe that our proposed model benefit both the individual users (consumers of IoT devices) and the industry to portray the possible vulnerabilities from a user standpoint as well as a manufacturer standpoint.