The article proposes an approach to information security vulnerability analysis and threat modeling in wireless Internet of Things networks for Smart City infrastructures. Currently, such infrastructures are becoming increasingly widespread in a variety of Smart City application areas, including industrial life support systems, pipelines, communication networks, and transportation systems. The wide coverage of end users, the critical nature of such infrastructures and the value of their inherent assets determine the increasing importance of solving problems of determining the security level of such infrastructures and the timely application of protective measures. The ultimate goal of the proposed approach is to assess the security of the infrastructure. This article analyses articles at the intersection of the subject area of vulnerability and attack analysis in information systems and networks and the area of Smart City infrastructure issues. The proposed approach includes the use of an analytical model of an intruder which, together with the analysis of the specification of a specific Smart City infrastructure, allows us to determine the current types of attacks. In order to obtain infrastructure security assessments, the CAPEC database of wireless network vulnerabilities and attack patterns is analysed. In this case, the main attributes of the attacks are identified, unified and transformed into a single format using the numerical values of the considered attributes. The feasibility of the proposed approach is also analysed and its main advantages and disadvantages are considered. In addition, the main areas of further activity and tasks related to testing and improving the proposed approach in practice are identified.
Read full abstract