Systematically Evaluating Security and Privacy for Consumer IoT Devices. Loi, F., Sivanathan, A., Gharakheili, H., H., Radford, A., & Sivaraman, V. In Proceedings of the Workshop on Internet of Things Security and Privacy (IoTS&P), pages 1-6, 11, 2017. ACM Press.
Systematically Evaluating Security and Privacy for Consumer IoT Devices [link]Website  abstract   bibtex   
Internet-of-Things (IoT) devices such as smart bulbs, cameras, and health monitors are being enthusiastically adopted by consumers, with numbers projected to rise to the billions. However, such devices are also easily attacked, or used for launching attacks, at large scale and at increasing frequency. This paper is an attempt at developing a systematic method to identify the security and privacy shortcomings of various IoT devices, with a view towards alerting consumers, manufacturers, and regulators to the associated risks. We categorize the threats along four dimensions: confidentiality of private data sent to/from the IoT device; integrity of data from the IoT device to internal/external entities; access control of the IoT device; and reflective attacks that can be launched from an IoT device. We develop scripts to automate the security testing along each of these dimensions, subject twenty market-ready consumer IoT devices to our test suite, and reveal findings that give a fairly comprehensive picture of the security/privacy posture of these devices. Our methodology can be used as a basis for a star-based security ratings system for IoT devices being brought to market.
@inProceedings{
 title = {Systematically Evaluating Security and Privacy for Consumer IoT Devices},
 type = {inProceedings},
 year = {2017},
 identifiers = {[object Object]},
 keywords = {iot,iotsec,privacy,security},
 pages = {1-6},
 websites = {http://dx.doi.org/10.1145/3139937.3139938},
 month = {11},
 publisher = {ACM Press},
 id = {aef24789-30e6-3344-a3dc-c718f1144c38},
 created = {2018-07-12T21:32:32.685Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:32:32.685Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {loi:systematic},
 source_type = {inproceedings},
 private_publication = {false},
 abstract = {Internet-of-Things (IoT) devices such as smart bulbs, cameras, and health monitors are being enthusiastically adopted by consumers, with numbers projected to rise to the billions. However, such devices are also easily attacked, or used for launching attacks, at large scale and at increasing frequency. This paper is an attempt at developing a systematic method to identify the security and privacy shortcomings of various IoT devices, with a view towards alerting consumers, manufacturers, and regulators to the associated risks. We categorize the threats along four dimensions: confidentiality of private data sent to/from the IoT device; integrity of data from the IoT device to internal/external entities; access control of the IoT device; and reflective attacks that can be launched from an IoT device. We develop scripts to automate the security testing along each of these dimensions, subject twenty market-ready consumer IoT devices to our test suite, and reveal findings that give a fairly comprehensive picture of the security/privacy posture of these devices. Our methodology can be used as a basis for a star-based security ratings system for IoT devices being brought to market.},
 bibtype = {inProceedings},
 author = {Loi, Franco and Sivanathan, Arunan and Gharakheili, Hassan H and Radford, Adam and Sivaraman, Vijay},
 booktitle = {Proceedings of the Workshop on Internet of Things Security and Privacy (IoTS&P)}
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021