Threat Modeling and IoT Attack Surfaces

Raja, S.; Manikandasaran, S. S.; Doss, Rajesh

doi:10.1007/978-3-030-66607-1_11

S. Raja⁴,
S. S. Manikandasaran⁵ &
Rajesh Doss⁶

Part of the book series: EAI/Springer Innovations in Communication and Computing ((EAISICC))

858 Accesses

Abstract

According to NIST, “IoT involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and decision making.” In today’s world, IoT and cloud are ruling the world of automation. Internet of Things is otherwise known by the name of the Internet of Everything. The IoT device refers to web-enabled computing devices and capability sensing, collecting, and sending data using sensors and communications hardware processors embedded in the machine. The IoT device types have been categorized as implanted on natural, Man-made or machine-made objects and can communicate over the network. Security of the IoT devices and data traveled between IoT devices are more vulnerable to attacks. This chapter covers the real-time security tools and techniques to attack the IoT devices to defend against them by building a holistic view of the aggregated analytics layer. The secure reference architecture presents various layers in it, which can be followed by best practices that how weakness must rectify in constraint devices. The next aspect is the vulnerability security management of IoT environment. Network fencing is a complex issue to ensure end-to-end communication, which should not deviate from the security standards. Exploitation can be performed to steal the data or make outage of the large enterprise comprehensive data protection and stringent access mechanism to protect the devices from malicious attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 99.00; Price excludes VAT (USA)

Softcover Book: USD 129.99; Price excludes VAT (USA)

Hardcover Book: USD 129.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

N.M. Karie, N.M. Sahri, P. Haskell-Dowland, IoT threat detection advances, challenges and future directions, in 2020 IEEE Workshop on Emerging Technologies for Security in IoT (ETSecIoT), (2020), pp. 22–29. https://doi.org/10.1109/ETSecIoT50046.2020.00009
Chapter Google Scholar
S. Sicari, A. Rizzardi, L. Grieco, A. Coen-Porisini, Security, privacy and trust in the internet of things: the road ahead. Comput. Netw. 76, 146–164 (2015). https://doi.org/10.1016/j.comnet.2014.11.008
Article Google Scholar
I. Andrea, C. Chrysostomou, G. Hadjichristofi, Internet of Things: security vulnerabilities and challenges, in 2015 IEEE Symposium on Computers Communication (ISCC), (2015), pp. 180–187
Chapter Google Scholar
A. Al-Omary, A. Othman, H.M. AlSabbagh, H. Al-Rizzo, Survey of hardware-based security support for IoT/CPS Systems. KnE Eng. 3(7), 52–70 (2018)
Article Google Scholar
M. Burhan, R.A. Rehman, B. Khan, B.-S. Kim, IoT elements, layered architectures and security issues: a comprehensive survey. Sensors 18, 2796 (2018)
Article Google Scholar
S. Latif, Z. Zou, Z. Idrees, J. Ahmad, A novel attack detection scheme for the industrial internet of things using a lightweight random neural network. IEEE Access 8, 89337–89350 (2020). https://doi.org/10.1109/ACCESS.2020.2994079
Article Google Scholar
A. Dalvi, S. Maddala, D. Suvarna, Threat Modelling of Smart Light Bulb, in 2018 Fourth International Conference on Computing, Communication Control and Automation (ICCUBEA), Pune, India (2018), pp. 1–4. https://doi.org/10.1109/ICCUBEA.2018.8697723
N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, N. Ghani, Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations, in IEEE Communications Surveys & Tutorials, vol. 21, no. 3, third quarter (2019), pp. 2702–2733. https://doi.org/10.1109/COMST.2019.2910750
F. Jaskani, S. Manzoor, M.T. Amin, M. Asif, M. Irfan, An investigation on several operating systems for the Internet of Things. EAI Endorsed Trans. Creative Technol. 6, 160386 (2018). https://doi.org/10.4108/eai.13-7-2018.160386
Article Google Scholar
S.S. Manikandasaran, S. Raja, Security architecture for multi-tenant cloud migration. Int. J. Future Comput. Commun. 7(2), 42–45 (2018)
Article Google Scholar
https://developer.ibm.com/technologies/iot/articles/iot-top-10-iot-security-challenges/. Accessed 1 Aug 2020
S.S. Manikandasaran, K. Balaji, S. Raja, Infrastructure virtualization security architecture specification for private cloud international. J. Comput. Sci. Eng. 6(2), 10–14 (2018)
Google Scholar
T.U. Sheikh, H. Rahman, H.S. Al-Qahtani, T. Kumar Hazra, N.U. Sheikh, Countermeasure of attack vectors using signature-based IDS in IoT environments, in 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Vancouver, BC (2019), pp. 1130–1136. https://doi.org/10.1109/IEMCON.2019.8936231
T.S. Fatayer, M.N. Azara, IoT secure communication using ANN classification algorithms, in 2019 International Conference on Promising Electronic Technologies (ICPET), Gaza City, Palestine (2019), pp. 142–146. https://doi.org/10.1109/ICPET.2019.00033
https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Top_10. Accessed 10 Aug 2020
https://www.shodan.io/. Accessed 10 Aug 2020
https://iridi.com/server/. Accessed 10 Aug 2020
S.L. Keoh, S.S. Kumar, H. Tschofenig, Securing the Internet of Things: a standardization perspective. IEEE Internet Things J 1(3), 265–275 (2014). https://doi.org/10.1109/JIOT.2014.2323395
Article Google Scholar
W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, Y. Abbas, An in-depth analysis of IoT security requirements, challenges and their countermeasures via software-defined security. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2020.2997651
Z.A. Alizai, N.F. Tareen, I. Jadoon, Improved IoT device authentication scheme using device capability and digital signatures, in 2018 International Conference on Applied and Engineering Mathematics (ICAEM), Taxila (2018), pp. 1–5. https://doi.org/10.1109/ICAEM.2018.8536261

Download references

Author information

Authors and Affiliations

PG and Research Department of Computer Science, Christhu Raj College, Panjappur, Tiruchirappalli, Tamil Nadu, India
S. Raja
PG and Research Department of Computer Science, Adaikalamatha College, Vallam, Thanjavur, Tamil Nadu, India
S. S. Manikandasaran
Department of Computer Science, National Defense Academy, Pune, India
Rajesh Doss

Authors

S. Raja
View author publications
You can also search for this author in PubMed Google Scholar
S. S. Manikandasaran
View author publications
You can also search for this author in PubMed Google Scholar
Rajesh Doss
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

CHRIST (Deemed to be University), Bengaluru, Karnataka, India
Sagaya Aurelia
Polytechnic Institute of Viana do Castel, VIANA DO CASTELO, Portugal
Sara Paiva

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Raja, S., Manikandasaran, S.S., Doss, R. (2022). Threat Modeling and IoT Attack Surfaces. In: Aurelia, S., Paiva, S. (eds) Immersive Technology in Smart Cities. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-66607-1_11

Download citation

DOI: https://doi.org/10.1007/978-3-030-66607-1_11
Published: 08 July 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66606-4
Online ISBN: 978-3-030-66607-1
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics