TU Darmstadt / ULB / TUbiblio

Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats

Pütz, Philipp ; Mitev, Richard ; Sadeghi, Ahmad-Reza (2023)
Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats.
Annual Computer Security Applications Conference (ACSAC 2023). Austin, USA (04.-08.12.2023)
Conference or Workshop Item, Bibliographie

Abstract

The Internet of Things (IoT) market is rapidly growing and is expected to double from 2020 to 2025. The increasing use of IoT devices, particularly in smart homes, raises crucial concerns as inadequate security designs and implementations by IoT vendors can lead to significant vulnerabilities endangering the privacy and security of sensitive user information handled by these devices. To address these IoT device vulnerabilities, institutions and organizations have published IoT security best practices (BPs) to guide manufacturers in ensuring the security of their products. However, there is currently no standardized approach for evaluating the effectiveness of individual BP recommendations. This leads to manufacturers investing effort in implementing less effective BPs while potentially neglecting measures with greater impact. In this paper, we propose a methodology for evaluating the security impact of IoT BPs and ranking them based on their effectiveness in protecting against security threats. Our approach involves translating identified BPs into concrete test cases that can be applied to real-world IoT devices to assess their effectiveness in mitigating vulnerabilities. We applied this methodology to evaluate the security impact of nine commodity IoT products, discovering 18 vulnerabilities. By empirically assessing the actual impact of BPs on device security, IoT designers and implementers can prioritize their security investments more effectively, improving security outcomes and optimizing limited security budgets.

Item Type: Conference or Workshop Item
Erschienen: 2023
Creators: Pütz, Philipp ; Mitev, Richard ; Sadeghi, Ahmad-Reza
Type of entry: Bibliographie
Title: Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats
Language: English
Date: 9 December 2023
Event Title: Annual Computer Security Applications Conference (ACSAC 2023)
Event Location: Austin, USA
Event Dates: 04.-08.12.2023
URL / URN: https://www.openconf.org/acsac2023/modules/request.php?modul...
Abstract:

The Internet of Things (IoT) market is rapidly growing and is expected to double from 2020 to 2025. The increasing use of IoT devices, particularly in smart homes, raises crucial concerns as inadequate security designs and implementations by IoT vendors can lead to significant vulnerabilities endangering the privacy and security of sensitive user information handled by these devices. To address these IoT device vulnerabilities, institutions and organizations have published IoT security best practices (BPs) to guide manufacturers in ensuring the security of their products. However, there is currently no standardized approach for evaluating the effectiveness of individual BP recommendations. This leads to manufacturers investing effort in implementing less effective BPs while potentially neglecting measures with greater impact. In this paper, we propose a methodology for evaluating the security impact of IoT BPs and ranking them based on their effectiveness in protecting against security threats. Our approach involves translating identified BPs into concrete test cases that can be applied to real-world IoT devices to assess their effectiveness in mitigating vulnerabilities. We applied this methodology to evaluate the security impact of nine commodity IoT products, discovering 18 vulnerabilities. By empirically assessing the actual impact of BPs on device security, IoT designers and implementers can prioritize their security investments more effectively, improving security outcomes and optimizing limited security budgets.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 11 Oct 2023 09:21
Last Modified: 11 Oct 2023 09:21
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details