Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Effectiveness of Mobile Wiping Applications Kapitel lesen Erstes Kapitel lesen

2021 | OriginalPaper | Buchkapitel

Categorizing IoT Services According to Security Risks

verfasst von : Ostroški Dominik, Mikuc Miljenko, Vuković Marin

Erschienen in: Future Access Enablers for Ubiquitous and Intelligent Infrastructures

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Internet of things has been a part of our lives, both at home and in workplace, for several years now. However, due to its popularity, numerous security issues are emerging related to devices, network communication or Internet of things (IoT) acquired data storage and processing in the cloud. This paper presents a model for categorization of existing and novel IoT services based on estimated security risks. The goal is to develop security requirements for each service category in such a way that service creators are able to classify their services and follow the requirements in order to harden the services in development. The paper proposes a categorization model based on DREAD (Damage potential, Reproducibility, Exploitability, affected users, and Discoverability) and gives examples of existing services classification. A set of simple questions is proposed at the end of the paper that should be answered by service creators in order to categorize its service into one of the proposed categories.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Enhanced European Internet of Things (IoT) Platform Assessment Key Performance Indicators (KPIs)
Nächstes Kapitel Analysis of IoT Concept Applications: Smart Home Perspective
Literatur
1.
Suresh, P., Daniel, J.V., Parthasarathy, V., Aswathy, R.: A state of the art review on the Internet of Things (ToT) history, technology and fields of deployment. In: 2014 International Conference on Science Engineering and Management Research (ICSEMR), pp. 1–8. IEEE (2014)
2.
Antonakakis, M., et al.: Understanding the Mirai botnet. In: 26th Security Symposium (Security 17), pp. 1093–1110 (2017)
3.
Davis, D.B.: ISTR 2019: Internet of Things cyber attacks grow more diverse (2019)
4.
Hassan, W.U., Hussain, S., Bates, A.: Analysis of privacy protections in fitness tracking social networks-or-you can run, but can you hide? In: 27th Security Symposium (Security 18), pp. 497–512 (2018)
5.
Hern, A.: Fitness tracking app Strava gives away location of secret us army bases, January 2018
6.
Common vulnerability scoring system v3.0: Specification document
7.
Pal, S., Hitchens, M., Rabehaja, T., Mukhopadhyay, S.: Security requirements for the Internet of Things: a systematic approach. Sensors 20(20), 5897 (2020)CrossRef
8.
Abomhara, M., Køien, G.M.: Security and privacy in the Internet of Things: current status and open issues. In: 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8. IEEE (2014)
9.
Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)CrossRef
10.
11.
Sain, M., Kang, Y.J., Lee, H.J.: Survey on security in Internet of Things: state of the art and challenges. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), pp. 699–704. IEEE (2017)
12.
Bastos, D., Shackleton, M., El-Moussa, F.: Internet of Things: a survey of technologies and security risks in smart home and city environments (2018)
13.
Davoli, L., Veltri, L., Ferrari, G., Amadei, U.: Internet of Things on power line communications: an experimental performance analysis. In: Kabalci, E., Kabalci, Y. (eds.) Smart Grids and Their Communication Systems. ESIEE, pp. 465–498. Springer, Singapore (2019). https://​doi.​org/​10.​1007/​978-981-13-1768-2_​13
14.
Suryani, V., et al.: A survey on trust in Internet of Things. In: 2016 8th International Conference on Information Technology and Electrical Engineering (ICITEE), pp. 1–6. IEEE (2016)
15.
Alqassem, I.: Privacy and security requirements framework for the Internet of Things (IoT). In: Companion Proceedings of the 36th International Conference on Software Engineering, pp. 739–741 (2014)
16.
Cvitić, I., Vujić, M., et al.: Classification of security risks in the IoT environment. Ann. DAAAM Proc. 26(1) (2015)
17.
Owasp: IoT security verification standard (2020)
18.
Owasp: Application security verification standard (2020)
19.
Researcher at Forescout Technologies Inc.: Discovering and defending against vulnerabilities in building automation systems (BAS), June 2020
20.
Case, D.U.: Analysis of the cyber attack on the Ukrainian power grid. Electr. Inf. Shar. Anal. Cent. (E-ISAC) 388 (2016)
21.
22.
Cimpanu, C.: Cyber-attack hits Utah wind and solar energy provider, October 2019
23.
Huq, N., Vosseler, R., Swimmer, M.: Cyberattacks against intelligent transportation systems. TrendLabs Research Paper (2017)
24.
Rodriguez, J.F.: ‘You hacked’ appears at muni stations as fare payment system crashes, November 2016
25.
Williams, C.: Hackers hit d.c. police closed-circuit camera network, city officials disclose, January 2017
26.
Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1625–1634 (2018)
27.
Goldman, J.: Cyber attack causes physical damage at German iron plant (2014)
28.
Kaspersky, I.: Threat landscape for industrial automation systems (2019)
29.
Langston, J.: UW researchers hack a teleoperated surgical robot to reveal security flaws (2015)
30.
Fu, K., Xu, W.: Risks of trusting the physics of sensors. Commun. ACM 61(2), 20–23 (2018)CrossRef
31.
Li, C., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. In: 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, pp. 150–156. IEEE (2011)
32.
Halperin, D., et al.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. In: 2008 IEEE Symposium on Security and Privacy (sp 2008), pp. 129–142. IEEE (2008)
33.
34.
Loukas, G., Gan, D., Vuong, T.: A review of cyber threats and defence approaches in emergency management. Future Internet 5(2), 205–236 (2013)CrossRef
35.
Gupta, M., Abdelsalam, M., Khorsandroo, S., Mittal, S.: Security and privacy in smart farming: challenges and opportunities. IEEE Access 8, 34564–34584 (2020)CrossRef
36.
Bennett, C.: Russia tied to cyberattack on Ukrainian power grid, February 2016
37.
Abomhara, M., Gerdes, M., Køien, G.M.: A stride-based threat model for telehealth systems. NISK J., 82–96 (2015)
38.
Alhassan, J.K., Abba, E., Olaniyi, O., Waziri, V.O.: Threat modeling of electronic health systems and mitigating countermeasures. In: International Conference on Information and Communication Technology and Its Applications (ICTA 2016). Federal University of Technology, Minna, Nigeria (2016)
39.
Amini, A., Jamil, N., Ahmad, A., Zaba, M.: Threat modeling approaches for securing cloud computin. JApSc 15(7), 953–967 (2015)
40.
Lin, X., Zavarsky, P., Ruhl, R., Lindskog, D.: Threat modeling for CSRF attacks. In: 2009 International Conference on Computational Science and Engineering, vol. 3, pp. 486–491. IEEE (2009)
41.
42.
Meier, J., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Muruka, A.: Threat modeling (2003)
Metadaten
Titel
Categorizing IoT Services According to Security Risks
verfasst von
Ostroški Dominik
Mikuc Miljenko
Vuković Marin
Copyright-Jahr
2021
Buch
Future Access Enablers for Ubiquitous and Intelligent Infrastructures

Print ISBN: 978-3-030-78458-4

Electronic ISBN: 978-3-030-78459-1

Copyright-Jahr: 2021

DOI
https://doi.org/10.1007/978-3-030-78459-1_11

Premium Partner

    Bildnachweise