Data Protection Fortification: An Agile Approach for Threat Analysis of IoT Data
Authors: 
Sigrid Marita Kvamme, Espen Gudmundsen, Tosin Daniel Oyetoyan, and Daniela Soares CruzesAuthors Info & Claims
Sigrid Marita Kvamme, Espen Gudmundsen, Tosin Daniel Oyetoyan, and Daniela Soares CruzesAuthors Info & ClaimsNovember 2022
Pages 151 - 154
Abstract
Data from Internet of Things (IoT) devices has become a critical asset for decision-making. However, IoT devices have security challenges due to their low-resource constraints, heterogeneity, and deployment in hostile environments. Systems consuming IoT data must thus be designed with security measures to detect and prevent data tampering attacks.
We develop a data-centric threat modeling method named Data Protection Fortification (DPF) that practitioners can use during planning to assess and mitigate the security risk of using IoT data sources. We use design science to develop and validate DPF on 5 development teams from 3 organizations.
Results show that DPF can be used to identify and improve security practices of data sources. Practitioners have a positive attitude towards using DPF and because it is easily understood, it has the potential to become a communication tool for security between developers and stakeholders.
References
[1]
Fred D Davis. 1985. A technology acceptance model for empirically testing new end-user information systems: Theory and results. Ph. D. Dissertation. Massachusetts Institute of Technology.
[2]
Shawn Hernan, Scott Lambert, Tomasz Ostwald, and Adam Shostack. 2019. Uncover Security Design Flaws Using The STRIDE Approach. https://docs.microsoft.com/en-us/archive/msdn-magazine/2006/november/uncover-security-design-flaws-using-the-stride-approach
[3]
Da-Wen Huang, Wanping Liu, and Jichao Bi. 2021. Data tampering attacks diagnosis in dynamic wireless sensor networks. Computer Communications 172 (2021), 84–92.
[4]
Paul Johannesson and Erik Perjons. 2014. An introduction to design science. Vol. 10. Springer.
[5]
Briony J Oates. 2006. Researching Information Systems and Computing. Sage.
[6]
OWASP. 2021. Cheat Sheet Series. https://cheatsheetseries.owasp.org/
[7]
OWASP. 2021. Threat Modelling Process. https://owasp.org/www-community/Threat_Modeling_Process
[8]
Ken Peffers, Tuure Tuunanen, Marcus A Rothenberger, and Samir Chatterjee. 2007. A design science research methodology for information systems research. Journal of management information systems 24, 3 (2007), 45–77.
[9]
Tie Qiu, Zhao Zhao, Tong Zhang, Chen Chen, and CL Philip Chen. 2019. Underwater Internet of Things in smart ocean: System architecture and open issues. IEEE Transactions on Industrial Informatics 16, 7 (2019), 4297–4307.
[10]
Haftu Tasew Reda, Adnan Anwar, and Abdun Mahmood. 2022. Comprehensive survey and taxonomies of false data injection attacks in smart grids: attack models, targets, and impacts. Renewable and Sustainable Energy Reviews 163 (2022), 112423.
[11]
Colin Robson and Kieran McCartan. 2016. Real world research: a resource for users of social research methods in applied settings. Wiley.
[12]
Laurie Williams, Andrew Meneely, and Grant Shipley. 2010. Protection poker: The new software security "game". IEEE Security & Privacy 8, 3 (2010), 14–20.
Index Terms
- Data Protection Fortification: An Agile Approach for Threat Analysis of IoT Data
Recommendations
STRIPED: A Threat Analysis Method for IoT Systems
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecurityCurrently, IoT systems display a poor level of security, as 50% of IoT devices are vulnerable to severe attacks, according to research. In an attempt to ameliorate the situation, we propose STRIPED, a threat analysis technique that focuses particularly ...
Threat Analysis of IoT Security Knowledge Graph Based on Confidence
Emerging Technologies for EducationAbstractThe identification, analysis and application of vulnerabilities and weaknesses exposed after attacks on devices in the IoT security field are imminent. It is very important to combine the concepts of IoT security and knowledge graph to build the ...
Landscape of IoT security
AbstractThe last two decades have experienced a steady rise in the production and deployment of sensing-and-connectivity-enabled electronic devices, replacing “regular” physical objects. The resulting Internet-of-Things (IoT) will soon become ...
Comments
Information & Contributors
Information
Published In
November 2022
259 pages
ISBN:9781450396653
DOI:10.1145/3567445
Copyright © 2022 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 January 2023
Check for updates
Author Tags
Qualifiers
- Poster
- Research
- Refereed limited
Funding Sources
- The Research Council of Norway
Conference
IoT 2022
IoT 2022: The 12th International Conference on the Internet of Things
November 7 - 10, 2022
Delft, Netherlands
Acceptance Rates
Overall Acceptance Rate 28 of 84 submissions, 33%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 96Total Downloads
- Downloads (Last 12 months)60
- Downloads (Last 6 weeks)3
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format