Visible to the public Security Modeling and Analysis of Cross-Protocol IoT Devices

TitleSecurity Modeling and Analysis of Cross-Protocol IoT Devices
Publication TypeConference Paper
Year of Publication2017
AuthorsGe, M., Hong, J. B., Alzaid, H., Kim, D. S.
Conference Name2017 IEEE Trustcom/BigDataSE/ICESS
Date Publishedaug
KeywordsAttack Graphs, Bridges, communication modules, communication protocols, composability, computer network security, Cross-protocol devices, cross-protocol IoT devices, graphical security model, Graphical security modeling, Internet of Things, IoT network, Metrics, Protocols, pubcrawl, resilience, Resiliency, security, security analysis, security modeling, smart devices, smart home, Smart homes, TV, Wireless fidelity, Zigbee

In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

Citation Keyge_security_2017