A Gradational Approach for Auditing IoT Security Vulnerability: Case Study of Smart Home Devices

Title

A Gradational Approach for Auditing IoT Security Vulnerability: Case Study of Smart Home Devices

Creator

Rajagopal M.; Ramkumar S.

Description

The world is experiencing a rapid convergence of physical and cyber systems, as objects used in day-to-day life are connected over the Internet. These Internet of Things (IoT) devices are mass produced, but ensure its usage in routine life. The impact of IoT in human life ranges from simple household equipment to life-critical devices. Owing to the diversity, both in application and nature, the security on these devices and their applications has become a major concern. In spite of having many security frameworks and compliance regulations, attacks on IoTs are exponentially growing. A handful of security frameworks are available for ensuring the security, there are very few frameworks proposed for auditing the security. Confidentiality, Integrity and Availability, which are the pillars of security in IoT, are found missing or found to have been implemented with flaws. An IoT security audit is one good solution that has proven a success in the literature but challenging as the high-level standards cannot be applied to low-level devices and applications. In addition, the challenges of audits include heterogeneity of IoT and lack of expert resources. IoT and related products reached market very quickly before it could be subjected to the complete audit procedures or, in other words, the time taken for a new IoT device or application to be developed is much less than the time taken for developing a security audit mechanism. Hence, to enable an efficient security auditing of IoT devices, a definite and dynamic framework is needed that can propose feasible policies, automatic collection and analysis of audit data and tailor-made procedures for risk assessment, risk control and risk mitigation. This chapter focuses on the auditing of security vulnerability in IoT devices. A gradational methodology is proposed for extracting the feasible security checks from leading standards and guidelines in the IoT domain. To exploit its efficiency, the proposed method is applied to a smart home with IoT enabled devices. Performance metrics such as efficiency, accuracy, and scalability are evaluated. The experiments were carried out in a simulated environment with IoT devices. The results were highly satisfying as the proposed method could do efficient and accurate auditing for seven hundred smart homes in a time of less than fifteen minutes. 2025 Taylor & Francis Group, LLC.

Source

Internet of Things Vulnerabilities and Recovery Strategies, pp. 87-101.

Date

2024-01-01

Publisher

CRC Press

Coverage

Rajagopal M., Lean Operations and Systems, School of Business and Management, CHRIST (Deemed to be University), Karnataka, Bangalore, India; Ramkumar S., Department of Computer Science, School of Sciences, CHRIST (Deemed to be University), Karnataka, Bangalore, India

Rights

Restricted Access

Relation

ISBN: 978-104002562-8; 978-103247331-4

Format

Online

Language

English

Type

Book chapter

Identifier

https://doi.org/10.1201/9781003474838-6

https://www.scopus.com/inward/record.uri?eid=2-s2.0-85199159509&doi=10.1201%2f9781003474838-6&partnerID=40&md5=86524daad059099942887a08a6d7ee2b