Abstract
The new attack surface being crafted by the huge influx of IoT devices is both formidable and unpredictable, as it introduces a rich set of unexplored attack techniques and unknown vulnerabilities. These new attack techniques are hard to perceive through traditional means, owing to concealed and cascaded inter-device, inter-system and device-environment dependencies. In this paper, we present IoTSAT, a formal framework for security analysis of IoT. IoTSAT formally models the generic behavior of IoT system of systems, based on device configurations, network topologies, user policies and IoT-specific attack surface. The model is then used to measure system's resilience against potential attacks and identify threat vectors and specific attack techniques, which can be used to achieve higher-level adversary's objectives. We evaluate IoTSAT over realistic IoT networks, which concludes that our approach is scalable and highly beneficial for uncovering complex attack vectors of IoT systems.
| Original language | English |
|---|---|
| Title of host publication | 2016 IEEE Conference on Communications and Network Security, CNS 2016 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 180-188 |
| Number of pages | 9 |
| ISBN (Electronic) | 9781509030651 |
| DOIs | |
| State | Published - 21 Feb 2017 |
| Externally published | Yes |
Publication series
| Name | 2016 IEEE Conference on Communications and Network Security, CNS 2016 |
|---|
Bibliographical note
Publisher Copyright:© 2016 IEEE.
Keywords
- Formal verification
- IoT security analysis
- IoT system modeling
- IoT threat classification
- IoT threat modeling
- SMT
ASJC Scopus subject areas
- Computer Networks and Communications
- Safety, Risk, Reliability and Quality