IoT Information Security Evaluation for Developers and Users

The accelerated growth of Internet of Things (IoT) exposes many unsecured issues related to design and usage of devices leading to a new technological security paradigm. This paper presents an evaluation method and corrective actions to be carried out in order to make the usage of IoT devices safer. This method combines both the developer’s perspective and user’s perspective, thus differing from current guides. The proposed evaluation method is divided by categories, each one composed of security control clauses and their corresponding action recommendation. The user perspective of such evaluation method was applied into a service company, and the developer perspective into an IoT device manufacturer. These experiments produced useful perceptions on such view points. The evaluation provided an opportunity to enhance manufacturer security awareness and improve user experience with IoT devices.

Download Full-text

A Fuzzy Model for Knowledge Base IoT Information Security Evaluation

Journal of Information Security and Cryptography (Enigma) ◽

10.17648/jisc.v5i1.66 ◽

2019 ◽

Vol 5 (1) ◽

pp. 20

Author(s):

Flávio Luis de Mello

Keyword(s):

Evaluation Method ◽

Fuzzy Model ◽

Security Evaluation ◽

Fuzzy Evaluation ◽

User Perspective ◽

Information Technology Security ◽

Integrated Devices ◽

Device Manufacturer ◽

Security Standards ◽

Novel Model

Internet of Things (IoT) accelerating growth exposes many unsecured issues related to the design and the usage of network integrated devices. This paper presents a fuzzy evaluation method, based on both IOT hardware/software developers’ and users’ knowledge, creating an novel model to aid correctness actions over security procedures, in order to increase the IOT safeness usage. This method combines both the developer’s and user’s perspectives, creating an integrated adaptive evaluation attached to the Information Technology security standards and best practices guidelines. The proposed evaluation method is divided by categories, each one composed of security control clauses and their corresponding action recommendation. The user perspective of such evaluation method was applied into a service company, and the developer perspective was defined by an IoT device manufacturer. The obtained results have shown that the evaluation method enhances both the manufacturer security awareness and the IOT users experience in the improvement of security IoT issues.

Download Full-text

Complex security problems of the internet of things

MATEC Web of Conferences ◽

10.1051/matecconf/201926507014 ◽

2019 ◽

Vol 265 ◽

pp. 07014

Author(s):

Alexander Shiler ◽

Elizaveta Stepanova

Keyword(s):

Information Technology ◽

Information Security ◽

Internet Of Things ◽

Point Of View ◽

The Internet ◽

Constant Increase ◽

Internet Market ◽

Iot Devices ◽

Almost All ◽

The Internet Of Things

At present, the Internet market of things is constantly expanding; it has covered almost all the most important areas: transport, housing and communal services, industry, agriculture, telecommunications and information technology. In connection with the constant increase in the number of attacks on IoT-devices, the issue of standardization of this technology is quite acute. The features of the of existing solutions and the new proposed Russian NB-Fi standard for IoT are presented in this article from the point of view of information security.

Download Full-text

ParlAmI: A Multimodal Approach for Programming Intelligent Environments

Technologies ◽

10.3390/technologies7010011 ◽

2019 ◽

Vol 7 (1) ◽

pp. 11 ◽

Cited By ~ 6

Author(s):

Evropi Stefanidi ◽

Michalis Foukarakis ◽

Dimitrios Arampatzis ◽

Maria Korozi ◽

Asterios Leonidis ◽

...

Keyword(s):

Internet Of Things ◽

User Experience ◽

Humanoid Robot ◽

Multimodal Approach ◽

Conversational Agent ◽

Intelligent Environments ◽

Intelligent Environment ◽

Embodied Conversational Agent ◽

Intelligent Home ◽

Iot Devices

The proliferation of Internet of Things (IoT) devices and services and their integration in intelligent environments creates the need for a simple yet effective way of controlling and communicating with them. Towards such a direction, this work presents ParlAmI, a conversational framework featuring a multimodal chatbot that permits users to create simple “if-then” rules to define the behavior of an intelligent environment. ParlAmI delivers a disembodied conversational agent in the form of a messaging application named MAI, and an embodied conversational agent named nAoMI employing the programmable humanoid robot NAO. This paper describes the requirements and architecture of ParlAmI, the infrastructure of the “Intelligent Home” in which ParlAmI is deployed, the characteristics and functionality of both MAI and nAoMI, and finally presents the findings of a user experience evaluation that was conducted with the participation of sixteen users.

Download Full-text

RESEARCH ON THE USE OF DECEPTION TECHNOLOGY TO PREVENT CYBERSECURITY THREATS

CASPIAN JOURNAL Control and High Technologies ◽

10.21672/2074-1707.2020.52.4.085-098 ◽

2020 ◽

Vol 52 (4) ◽

pp. 85-98

Author(s):

MIKHAIL M PUTYATO ◽

◽

ALEKSANDR S. MAKARYAN ◽

SHAMIL M. CHICH ◽

VALENTINA K. MARKOVA ◽

...

Keyword(s):

Comparative Analysis ◽

Information Security ◽

Internet Of Things ◽

The Internet ◽

Security Audit ◽

Timely Manner ◽

Simple Operation ◽

Malicious Activity ◽

Iot Devices ◽

High Level

Internet of things (IoT) devices have become increasingly popular in recent years. IoT refers to smart refrigerators, smart locks, video nannies, and other household devices that have access to the Internet. However, the growing popularity of IoT technology is increasingly attracting the attention of hackers who are interested both in disclosing confidential enduser data and in misuse of the computing resources of the attacked devices. Unfortunately, malicious attacks often result in successful compromise of devices, with the ensuing consequences. The reasons for the high level of compromise of IoT devices are caused both by errors in the design, implementation, and relatively simple operation with the use of various information security audit tools. To identify defects in the development and implementation of devices, you need to have some idea about them, that is, to identify and eliminate them in a timely manner. This can be achieved in various ways. One of these methods is to create special traps that collect information about the activity of an attacker, called honeypot. The essence of the honeypot technology is to emulate or implement the functionality of existing devices, services, and protocols, with the accumulation of data about malicious activity of an attacker. The information obtained can be used to improve the protection of real devices, services, and protocols, as well as to develop measures to counter hackers. The article provides a comparative analysis of the existing most popular honeypot systems in order to identify the best system. The analysis identified both the weaknesses and strengths of these systems. Next, an attempt is made to adapt these same systems to function at the level of Internet of things devices.

Download Full-text

Advanced Security Model for Internet of Things Environment

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f8815.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 3387-3392

Keyword(s):

Internet Of Things ◽

User Experience ◽

Security Level ◽

Security Model ◽

Accurate Data ◽

Operational Costs ◽

Internet Of Things Environment ◽

Iot Devices ◽

Almost All ◽

Security Checks

IoT has become one of the most prominent used industry which is been intensively used in various applications across the globe. This usage has also made it more vulnerable to numerous attacks from within and outside the industry. Though this remains as one of the most predominant challenges in almost all of the industries, most of the organizations fail to allocate security budgets in order to secure their sub-networks from being misused and attacked. One of the most important aspects of this drawback is the unawareness of various upcoming IoT devices and infrastructures that are not technically sound enough to handle and meet the challenges caused by the various attacking methods. Implementation of highly secure IoT based infrastructure could basically produce various other benefits that include obtaining greater revenues from new inculcated methods and models while minimizing the operational costs by making use of the various optimized processes. This, in turn, leads to various meaningful and accurate data with a better knowledge of user experience. In order to develop such an IoT infrastructure, all the organizations have to mandatory build built-in security checks in each and every level of the applications being used by them. The paper presents a new design model that is used for securing all the devices from various malicious attacks. The paper also compares the newly designed model with the existing model and has proved the betterment of the security level that is been achieved.

Download Full-text

Research of Information Security Quantitative Evaluation Method

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.513-517.369 ◽

2014 ◽

Vol 513-517 ◽

pp. 369-372 ◽

Cited By ~ 2

Author(s):

Wen Long Zang

Keyword(s):

Information Security ◽

Quantitative Evaluation ◽

Evaluation Method ◽

Qualitative Evaluation ◽

Security Evaluation ◽

Security Assessment ◽

Security Risk ◽

Qualitative And Quantitative ◽

Fuzzy Transformation ◽

Security Risk Assessment

Information security risk assessment is an important component of information system security engineering. Adopting the combination of qualitative and quantitative to qualitative evaluation method, based on the theory of fuzzy membership, every assessment indicator can be quantized with the method of integration of the qualitative to the quantitative. And adopting the objective method of fuzzy transformation to try to eliminate the initiative judgments, thus to ensure that the information security assessment is truly reflected, and solving such problems as the data collection in the process of information security evaluation, the combination of qualitative and quantitative evaluation, which are both very difficult to deal with. Consequently, the evaluation method is more scientific, comprehensive and maneuverability.

Download Full-text

A cyclical evaluation model of information security maturity

Information Management & Computer Security ◽

10.1108/imcs-04-2013-0025 ◽

2014 ◽

Vol 22 (3) ◽

pp. 265-278 ◽

Cited By ~ 11

Author(s):

Evandro Alencar Rigon ◽

Carla Merkle Westphall ◽

Daniel Ricardo dos Santos ◽

Carlos Becker Westphall

Keyword(s):

Information Security ◽

Internal Control ◽

Evaluation Method ◽

Evaluation Model ◽

Security Requirements ◽

Security Evaluation ◽

Generic Model ◽

Maturity Model ◽

Content Type ◽

Is Management

Purpose – This paper aims at presenting a cyclical evaluation model of information security (IS) maturity. The lack of a security evaluation method might expose organizations to several risky situations. Design/methodology/approach – This model was developed through the definition of a set of steps to be followed to obtain periodical evaluation of maturity and continuous improvement of controls. Findings – This model, based on controls present in ISO/IEC 27002, provides a means to measure the current situation of IS management through the use of a maturity model and provides a subsidy to take appropriate and feasible improvement actions, based on risks. A case study is performed, and the results indicate that the method is efficient for evaluating the current state of IS, to support IS management, risks identification and business and internal control processes. Research limitations/implications – It is possible that modifications to the process may be needed where there is less understanding of security requirements, such as in a less mature organization. Originality/value – This paper presents a generic model applicable to all kinds of organizations. The main contribution of this paper is the use of a maturity scale allied to the cyclical process of evaluation, providing the generation of immediate indicators for the management of IS.

Download Full-text

An Information Security Evaluation Method Based on Entropy Theory and Improved TOPSIS

2017 IEEE Second International Conference on Data Science in Cyberspace (DSC) ◽

10.1109/dsc.2017.84 ◽

2017 ◽

Author(s):

Dongqing Wang ◽

Yueming Lu ◽

Jiefu Gan

Keyword(s):

Information Security ◽

Evaluation Method ◽

Security Evaluation ◽

Entropy Theory

Download Full-text

Research on Information Security Evaluation of Internet of Things Electronic Commerce Based on AHP

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.217-218.1355 ◽

2011 ◽

Vol 217-218 ◽

pp. 1355-1360 ◽

Cited By ~ 2

Author(s):

Man Ying Huang

Keyword(s):

Information Security ◽

Internet Of Things ◽

Electronic Commerce ◽

Evaluation Model ◽

Production Quality ◽

Security Evaluation ◽

Promoting Effect ◽

Production Quality Control ◽

Ahp Model ◽

Information Safety

Internet of Things (IOT) is an extension and expansion of the internet development. The ultimate goal of IOT system is to realize the exchange and communication between human and thing as well as thing to thing. With the constant development of IOT, the intellectual degree of the future IOT would be higher and higher, the application filed would be getting extensive too. IOT plays a very important promoting effect on the logistic service system, corporation production and operation management, the production quality control of the online shopping by consumers and other aspects of the electronic commerce. IOT E-commerce provides extreme convenience to people’s work and life, but its information safety still has some restriction. The character of Analytic Hierarchy Process (AHP) is to divide the complicated problem into simple combinations of multiple hierarchies and factors, and group each factor in two for comparison and calculation, according to the calculated result to make judgment and make choice. This article, based on AHP model, establishes information security evaluation model of IOT electronic commerce, evaluates on the five physical measures to protect electronic label by theory analysis on algorithm and AHP model, which has certain referential value to the IOT E-commerce information security evaluation work.

Download Full-text

Security Evaluation Framework for Military IoT Devices

Security and Communication Networks ◽

10.1155/2018/6135845 ◽

2018 ◽

Vol 2018 ◽

pp. 1-12 ◽

Cited By ~ 1

Author(s):

Sungyong Cha ◽

Seungsoo Baek ◽

Sooyoung Kang ◽

Seungjoo Kim

Keyword(s):

System Development ◽

Developed Countries ◽

Evaluation Framework ◽

Security Evaluation ◽

Weapon System ◽

Weapon Systems ◽

Security Control ◽

Security By Design ◽

Iot Devices ◽

The Military

IoT is gaining importance in our lives and in the military too. With the application of IoT paradigm in the military and the weapon system’s connectivity to the network, this facilitates the commanders to make real-time decisions. However, cybersecurity threats to weapon systems intensify along with the growing of IoT’s benefits. Coping with these cybersecurity threats nowadays, we require the implementation of “security by design” concept during weapon system development throughout the system lifecycle, but not traditional security solutions. Since only developed countries are capable of developing systems on their own, they adopt “security by design” when developing new weapon systems; another approach to acquire weapon systems is through import if a country cannot develop the whole weapon system. However, few studies have been done on the security evaluation framework that could be used upon purchase and integration of the developed weapon system. In this paper, we proposed a novel security evaluation framework that could be used to integrate IoT devices and components into the weapon system and a method to address cybersecurity requirements using international standard security control.

Download Full-text