A Weighted Risk Score Model for IoT Devices

Shachar Siboni, Chanan Glezer, Asaf Shabtai, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

The Internet of Things (IoT) defines a new era where ordinary physical objects are being transformed into smart connected devices. These advanced devices have the ability to sense, compute, and communicate with their surroundings via the Internet. This may result in severe network security breaches, as these devices in-crease the attack surface by exposing new vulnerabilities and infiltration points into restricted networks. One of the major challenges in such deployments is determining the security risks that IoT devices pose to the environment they operated in. This paper proposes an IoT device risk score model, denoted as the Weighted Risk Ranking (WRR) model. The proposed approach focuses on quantifying the static and dynamic properties of a device, in order to define a risk score. Our practical proof of concept demonstrates the use of the WRR scheme for several IoT devices in the context of an enterprise network, showing the feasibility of the suggested solution as a tool for device risk assessment in modern networks where IoT devices are widely deployed.

Original languageEnglish
Title of host publicationSecurity, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings
EditorsGuojun Wang, Jun Feng, Md Zakirul Alam Bhuiyan, Rongxing Lu
PublisherSpringer Verlag
Pages20-34
Number of pages15
ISBN (Print)9783030248994
DOIs
StatePublished - 1 Jan 2019
Event12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019 - Atlanta, United States
Duration: 14 Jul 201917 Jul 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11637 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019
Country/TerritoryUnited States
CityAtlanta
Period14/07/1917/07/19

Keywords

  • Device risk assessment
  • Device-centric approach
  • Internet of Things
  • Security
  • Security risk score

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)

Fingerprint

Dive into the research topics of 'A Weighted Risk Score Model for IoT Devices'. Together they form a unique fingerprint.

Cite this