Visible to the public How Secure Is Your IoT Network?

TitleHow Secure Is Your IoT Network?
Publication TypeConference Paper
Year of Publication2019
AuthorsPayne, Josh, Budhraja, Karan, Kundu, Ashish
Conference Name2019 IEEE International Congress on Internet of Things (ICIOT)
Date PublishedJuly 2019
ISBN Number978-1-7281-2714-9
KeywordsAttack Circuit, attack graph, Attack Graphs, Computing Theory, Exploitability, graph theory, impact, Internet of Things, IoT device security, IoT network security, Metrics, Network, network flow, pubcrawl, risk, security, security assessment, security metrics, security of data, SIEM logs, Vulnerability

The proliferation of IoT devices in smart homes, hospitals, and enterprise networks is wide-spread and continuing to increase in a superlinear manner. The question is: how can one assess the security of an IoT network in a holistic manner? In this paper, we have explored two dimensions of security assessment- using vulnerability information and attack vectors of IoT devices and their underlying components (compositional security scores) and using SIEM logs captured from the communications and operations of such devices in a network (dynamic activity metrics). These measures are used to evaluate the security of IoT devices and the overall IoT network, demonstrating the effectiveness of attack circuits as practical tools for computing security metrics (exploitability, impact, and risk to confidentiality, integrity, and availability) of the network. We decided to approach threat modeling using attack graphs. To that end, we propose the notion of attack circuits, which are generated from input/output pairs constructed from CVEs using NLP, and an attack graph composed of these circuits. Our system provides insight into possible attack paths an adversary may utilize based on their exploitability, impact, or overall risk. We have performed experiments on IoT networks to demonstrate the efficacy of the proposed techniques.

Citation Keypayne_how_2019