TU Darmstadt / ULB / TUbiblio

Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats

Pütz, Philipp ; Mitev, Richard ; Sadeghi, Ahmad-Reza (2023)
Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats.
Annual Computer Security Applications Conference (ACSAC 2023). Austin, USA (04.12.2023-08.12.2023)
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The Internet of Things (IoT) market is rapidly growing and is expected to double from 2020 to 2025. The increasing use of IoT devices, particularly in smart homes, raises crucial concerns as inadequate security designs and implementations by IoT vendors can lead to significant vulnerabilities endangering the privacy and security of sensitive user information handled by these devices. To address these IoT device vulnerabilities, institutions and organizations have published IoT security best practices (BPs) to guide manufacturers in ensuring the security of their products. However, there is currently no standardized approach for evaluating the effectiveness of individual BP recommendations. This leads to manufacturers investing effort in implementing less effective BPs while potentially neglecting measures with greater impact. In this paper, we propose a methodology for evaluating the security impact of IoT BPs and ranking them based on their effectiveness in protecting against security threats. Our approach involves translating identified BPs into concrete test cases that can be applied to real-world IoT devices to assess their effectiveness in mitigating vulnerabilities. We applied this methodology to evaluate the security impact of nine commodity IoT products, discovering 18 vulnerabilities. By empirically assessing the actual impact of BPs on device security, IoT designers and implementers can prioritize their security investments more effectively, improving security outcomes and optimizing limited security budgets.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2023
Autor(en): Pütz, Philipp ; Mitev, Richard ; Sadeghi, Ahmad-Reza
Art des Eintrags: Bibliographie
Titel: Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats
Sprache: Englisch
Publikationsjahr: 9 Dezember 2023
Veranstaltungstitel: Annual Computer Security Applications Conference (ACSAC 2023)
Veranstaltungsort: Austin, USA
Veranstaltungsdatum: 04.12.2023-08.12.2023
URL / URN: https://www.openconf.org/acsac2023/modules/request.php?modul...
Kurzbeschreibung (Abstract):

The Internet of Things (IoT) market is rapidly growing and is expected to double from 2020 to 2025. The increasing use of IoT devices, particularly in smart homes, raises crucial concerns as inadequate security designs and implementations by IoT vendors can lead to significant vulnerabilities endangering the privacy and security of sensitive user information handled by these devices. To address these IoT device vulnerabilities, institutions and organizations have published IoT security best practices (BPs) to guide manufacturers in ensuring the security of their products. However, there is currently no standardized approach for evaluating the effectiveness of individual BP recommendations. This leads to manufacturers investing effort in implementing less effective BPs while potentially neglecting measures with greater impact. In this paper, we propose a methodology for evaluating the security impact of IoT BPs and ranking them based on their effectiveness in protecting against security threats. Our approach involves translating identified BPs into concrete test cases that can be applied to real-world IoT devices to assess their effectiveness in mitigating vulnerabilities. We applied this methodology to evaluate the security impact of nine commodity IoT products, discovering 18 vulnerabilities. By empirically assessing the actual impact of BPs on device security, IoT designers and implementers can prioritize their security investments more effectively, improving security outcomes and optimizing limited security budgets.

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
Hinterlegungsdatum: 11 Okt 2023 09:21
Letzte Änderung: 11 Okt 2023 09:21
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen