scholarly journals Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge

2020 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Max Van Kleek ◽  
Uchenna Ani ◽  
Pete Burnap ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Internet Of Things ◽  
Cyber Security ◽  
Security Requirements ◽  
Self Assessment ◽  
Target State ◽  
Risk Assessment Models ◽  
Dependency Model ◽  
Iot Devices ◽  
Cyber Risk

AbstractThe Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.

scholarly journals Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment

2019 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Jason R.C. Nurse ◽  
Pete Burnap ◽  
Eirini Anthi ◽  
...  
Keyword(s):  
Internet Of Things ◽  
Impact Assessment ◽  
Cyber Security ◽  
The Internet ◽  
Self Assessment ◽  
Target State ◽  
Iot Devices ◽  
High Level ◽  
Cyber Risk ◽  
The Internet Of Things

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model.

scholarly journals Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things

2021 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Pete Burnap ◽  
Omar Santos
Keyword(s):  
Risk Assessment ◽  
Internet Of Things ◽  
Empirical Analysis ◽  
Quantitative Risk Assessment ◽  
The Internet ◽  
Self Assessment ◽  
Target State ◽  
Epistemological Analysis ◽  
Cyber Risk ◽  
The Internet Of Things

AbstractThe Internet-of-Things (IoT) triggers data protection questions and new types of cyber risks. Cyber risk regulations for the IoT, however, are still in their infancy. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. At present, there are no self-assessment methods for quantifying IoT cyber risk posture. It is considered that IoT represent a complex system with too many uncontrollable risk states for quantitative risk assessment. To enable quantitative risk assessment of uncontrollable risk states in complex and coupled IoT systems, a new epistemological equation is designed and tested though comparative and empirical analysis. The comparative analysis is conducted on national digital strategies, followed by an empirical analysis of cyber risk assessment approaches. The results from the analysis present the current and a target state for IoT systems, followed by a transformation roadmap, describing how IoT systems can achieve the target state with a new epistemological analysis model. The new epistemological analysis approach enables the assessment of uncontrollable risk states in complex IoT systems—which begin to resemble artificial intelligence—and can be used for a quantitative self-assessment of IoT cyber risk posture.

scholarly journals Cyber Risk Management for the Internet of Things

2019 ◽  
Author(s):  
Petar Radanliev ◽  
David Charles De Roure ◽  
Jason R.C. Nurse ◽  
Pete Burnap ◽  
Eirini Anthi ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Internet Of Things ◽  
Impact Assessment ◽  
Cyber Security ◽  
The Internet ◽  
Target State ◽  
High Level ◽  
Cyber Risk ◽  
The Internet Of Things ◽  
Oriented Approach

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model. The main contributions from this paper represent a transformation roadmap for standardisation of IoT risk impact assessment; and transformation design imperatives describing how IoT companies can achieve their target state based on their current state with a Goal-Oriented approach. Verified by epistemological analysis defining a unified cyber risk assessment approach. These can be used for calculating the economic impact of cyber risk; for international cyber risk assessment approach; for quantifying cyber risk; and for planning for impact of cyber-attacks, e.g. cyber insurance. The new methods presented in this paper for applying the roadmap include: IoT Risk Analysis through Functional Dependency; Network-based Linear Dependency Modelling; IoT risk impact assessment with a Goal-Oriented Approach; and a correlation between the Goal-Oriented Approach and the IoTMM model.

Bringing Security to The Smallest Embedded Systems

2017 ◽  
Author(s):  
JOSEPH YIU
Keyword(s):  
Internet Of Things ◽  
Embedded Systems ◽  
Low Cost ◽  
Security Requirements ◽  
The Internet ◽  
Security Measures ◽  
Significant Challenge ◽  
Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

A Survey of Authentication Schemes in the Internet of Things

2019 ◽  
Vol 6 (1) ◽  
pp. 15-30 ◽  
Author(s):  
Yasmine Labiod ◽  
Abdelaziz Amara Korba ◽  
Nacira Ghoualmi-Zine
Keyword(s):  
Internet Of Things ◽  
Security Requirements ◽  
Security And Privacy ◽  
The Internet ◽  
Privacy And Security ◽  
Depth Study ◽  
Authentication Schemes ◽  
Iot Devices ◽  
Privacy Issues ◽  
The Internet Of Things

In the recent years, the Internet of Things (IoT) has been widely deployed in different daily life aspects such as home automation, electronic health, the electric grid, etc. Nevertheless, the IoT paradigm raises major security and privacy issues. To secure the IoT devices, many research works have been conducted to counter those issues and discover a better way to remove those risks, or at least reduce their effects on the user's privacy and security requirements. This article mainly focuses on a critical review of the recent authentication techniques for IoT devices. First, this research presents a taxonomy of the current cryptography-based authentication schemes for IoT. In addition, this is followed by a discussion of the limitations, advantages, objectives, and attacks supported of current cryptography-based authentication schemes. Finally, the authors make in-depth study on the most relevant authentication schemes for IoT in the context of users, devices, and architecture that are needed to secure IoT environments and that are needed for improving IoT security and items to be addressed in the future.

Secure Routing Challenges for Opportunistic Internet of Things

2020 ◽  
pp. 145-168 ◽  
Author(s):  
Nisha Kandhoul ◽  
Sanjay K. Dhurandher
Keyword(s):  
Internet Of Things ◽  
Network Connectivity ◽  
Opportunistic Networks ◽  
Secure Routing ◽  
Security Requirements ◽  
Security And Privacy ◽  
Computing Systems ◽  
Heterogeneous Technologies ◽  
Iot Devices ◽  
Technical Revolution

Internet of Things(IoT) is a technical revolution of the internet where users, computing systems, and daily objects having sensing abilities, collaborate to provide innovative services in several application domains. Opportunistic IoT(OppIoT)is an extension of the opportunistic networks that exploits the interactions between the human-based communities and the IoT devices to increase the network connectivity and reliability. In this context, the security and privacy requirements play a crucial role as the collected information is exposed to a wide unknown audience. An adaptable infrastructure is required to handle the intrinsic vulnerabilities of OppIoT devices, with limited resources and heterogeneous technologies. This chapter elaborates the security requirements, the possible threats, and the current work conducted in the field of security in OppIoT networks.

IoT and Cyber Security

2020 ◽  
pp. 203-235
Author(s):  
Keyurbhai Arvindbhai Jani ◽  
Nirbhay Chaubey
Keyword(s):  
Internet Of Things ◽  
Cyber Security ◽  
Cyber Attacks ◽  
The Internet ◽  
Smart Objects ◽  
The Third ◽  
Different Types ◽  
Iot Devices ◽  
The Internet Of Things

The Internet of Things (IoT) connects different IoT smart objects around people to make their life easier by connecting them with the internet, which leads IoT environments vulnerable to many attacks. This chapter has few main objectives: to understand basics of IoT; different types of attacks possible in IoT; and prevention steps to secure IoT environment at some extent. Therefore, this chapter is mainly divided into three parts. In first part discusses IoT devices and application of it; the second part is about cyber-attacks possible on IoT environments; and in the third part is discussed prevention and recommendation steps to avoid damage from different attacks.

scholarly journals An Autonomous Log Storage Management Protocol with Blockchain Mechanism and Access Control for the Internet of Things

Sensors ◽  
2020 ◽  
Vol 20 (22) ◽  
pp. 6471
Author(s):  
Chien-Lung Hsu ◽  
Wei-Xin Chen ◽  
Tuan-Vinh Le
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Private Information ◽  
Cyber Security ◽  
Storage Management ◽  
Communication Process ◽  
Security Requirements ◽  
The Internet ◽  
Management Protocol ◽  
The Internet Of Things

As the Internet of Things (IoT) has become prevalent, a massive number of logs produced by IoT devices are transmitted and processed every day. The logs should contain important contents and private information. Moreover, these logs may be used as evidences for forensic investigations when cyber security incidents occur. However, evidence legality and internal security issues in existing works were not properly addressed. This paper proposes an autonomous log storage management protocol with blockchain mechanism and access control for the IoT. Autonomous model allows sensors to encrypt their logs before sending it to gateway and server, so that the logs are not revealed to the public during communication process. Along with blockchain, we introduce the concept “signature chain”. The integration of blockchain and signature chain provides efficient management functions with valuable security properties for the logs, including robust identity verification, data integrity, non-repudiation, data tamper resistance, and the legality. Our work also employs attribute-based encryption to achieve fine-grained access control and data confidentiality. The results of security analysis using AVSIPA toolset, GNY logic and semantic proof indicate that the proposed protocol meets various security requirements. Providing good performance with elliptic curve small key size, short BLS signature, efficient signcryption method, and single sign-on solution, our work is suitable for the IoT.

Sign in / Sign up

Export Citation Format

Share Document