Abstract
Internet of Things (IoT) made it possible to realize the vision of connected world, where devices ranging from wearables to industrial IoT solutions provide near real-time data insights. These IoT systems generates staggering amounts of data every single day which is prone to security risks. The threat surface for these IoT devices includes the entire hardware stack, processes, and associated applications, thus requires a systematic threat modeling approach to mitigate system vulnerabilities. In this paper, an industrial Smart Thermostat is threat modelled using the industry leading STRIDE framework to report system vulnerabilities, threat surface and its associated threat vectors. An attack tree is designed to investigate the threats on physical resources of the smart industrial thermostat under study identifying system wide vulnerabilities based on Common Vulnerability Scoring System (CVSS). Finally, the CVSS scores are calculated on the entire threat surface for an improved system design.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Byun J, Kim SH, Kim D (2014) Lilliput: ontology-based platform for IoT social networks. In: 2014 IEEE international conference on services computing, pp 139–146
Xiao H, Sidhu N, Christianson B (2015) Guarantor and reputation based trust model for social internet of things. In: 2015 International wireless communications and mobile computing conference (IWCMC), pp 600–605
Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W (2017) A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J 4(5):1125–1142
Oleg Kupreev JS, Khalimonenko A, (2016) Kaspersky DDOS intelligence report for Q3 2016. In: SecureList, KasperSky Labs, KasperSky website, quarterly report 31 October 2016, vol 1 https://securelist.com/kaspersky-ddos-intelligence-report-for-q3-2016/76464/,. Accessed 8 Feb 2019
Varghese S (2016) French hosting provider hit by DDoS close to 1TBps. https://www.itwire.com/security/74970-french-hosting-provider-hit-by-ddos-close-to-1tbps.html. Accessed 8 Feb 2016
Bonderud D (2015) Eight crazy hacks: the worst and weirdest data breaches of 2015. https://securityintelligence.com/eight-crazy-hacks-the-worst-and-weirdest-data-breaches-of-2015/. Accessed 8 Feb 2015
Pettey C (2017) When IT and operational technology converge. https://www.gartner.com/smarterwithgartner/when-it-and-operational-technology-converge/. Accessed 10 Feb 2017
Rizvi S, Pipetti R, McIntyre N, Todd J (2020) Threat model for securing Internet of Things (IoT) network at device-level. Internet Things 100240
Casola V, De Benedictis A, Rak M, Villano U (2019) Toward the automation of threat modeling and risk assessment in IoT systems. Internet of Things, 7:100056
Ngo QD, Nguyen HT, Le VH, Nguyen DH (2020) A survey of IoT malware and detection methods based on static features. ICT Express
Safaei Pour M, Bou-Harb E, Varma K, Neshenko N, Pados DA, Choo KKR (2019) Comprehending the IoT cyber threat landscape: a data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns. Digit Invest 28:S40-S49
Yoon J (2020) Deep-learning approach to attack handling of IoT devices using IoT-enabled network services. Internet Things 100241
Jung W, Zhao H, Sun M, Zhou G (2020) IoT botnet detection via power consumption modeling. Smart Health 15:100103
Arias O, Wurm J, Hoang K, Jin Y (2015) Privacy and security in internet of things and wearable devices. IEEE Trans Multi-Scale Comput Syst 1(2):99–109
Akatyev N, James JI (2019) Evidence identification in IoT networks based on threat assessment Future Gen Comput Syst 93:814–821
Puron D (2017) IoT security audits: IoT threat modelling, IoT security audits, p 5, https://barbaraiot.com/articles/iot-security-audits-24-iot-threat-modelling/. Accessed 10 Mar 2020
Shevchenko N (2018) Threat modeling: 12 available methods, threat modeling best practices in network security, p. 8, Security Report. https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html. Accessed 7 Mar 2020
Aufner P (2020) The IoT security gap: a look down into the valley between threat models and their implementation. Int J Inf Secur 19(1):3–14
Hussain KAS, Ahmad D, Rasool G, Iqba S (2014) Threat modeling methodologies: a Survey Sci Int 26
Department SR (2020) Smart home - statistics & facts, consumer electronics, p 36. https://www.statista.com/study/27165/smart-homes-statista-dossier/. Accessed 3 Mar 2020
Shevchuk N, Oinas-Kukkonen H, Benson V (2020) Risk and social influence in sustainable smart home technologies: a persuasive systems design model. In: Cyber influence and cognitive threats, Benson V, McAlaney J, Eds.: Academic Press, pp 185–216
Brooks C (2018) A scoville heat scale for measuring cybersecurity, cognitive world, p 8. https://www.forbes.com/sites/cognitiveworld/2018/09/05/a-scoville-heat-scale-for-measuring-cybersecurity/#6a0f6fe33327. Accessed 16 Mar 2020
Png E, Srinivasan S, Bekiroglu K, Chaoyang J, Su R, Poolla K (2019) An internet of things upgrade for smart and scalable heating, ventilation and air-conditioning control in commercial buildings. Appl Energy 239:408–424
Fabrizio E, Ferrara M, Monetti V (2017) Smart heating systems for cost-effective retrofitting. In: Cost-effective energy efficient building retrofitting, Pacheco-Torgal F, Granqvist CG, Jelle BP, Vanoli GP, Bianco N, Kurnitski J (eds).: Woodhead Publishing, pp 279–304
Huang Q, Lu C, Chen K (2017) Smart building applications and information system hardware co-design. In: Hsu HH, Chang CY, Hsu CH (eds) Big data analytics for sensor-network collected intelligence. Academic Press, pp 225–240
Acknowledgements
The authors would like to thank Universiti Sains Malaysia (USM) for providing the research grant (RUI: 8014049) that helped to carry out this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ali, O., Ishak, M.K., Bhatti, M.K.L. (2021). Internet of Things Security: Modelling Smart Industrial Thermostat for Threat Vectors and Common Vulnerabilities. In: Bahari, M.S., Harun, A., Zainal Abidin, Z., Hamidon, R., Zakaria, S. (eds) Intelligent Manufacturing and Mechatronics. Lecture Notes in Mechanical Engineering. Springer, Singapore. https://doi.org/10.1007/978-981-16-0866-7_14
Download citation
DOI: https://doi.org/10.1007/978-981-16-0866-7_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-0865-0
Online ISBN: 978-981-16-0866-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)