A Weighted Risk Score Model for IoT Devices

Shachar Siboni; Chanan Glezer; Asaf Shabtai; Yuval Elovici

doi:10.1007/978-3-030-24900-7_2

A Weighted Risk Score Model for IoT Devices

Shachar Siboni
, Chanan Glezer
, Asaf Shabtai
, Yuval Elovici

Deutsche Telekom Innovation Laboratories

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

The Internet of Things (IoT) defines a new era where ordinary physical objects are being transformed into smart connected devices. These advanced devices have the ability to sense, compute, and communicate with their surroundings via the Internet. This may result in severe network security breaches, as these devices in-crease the attack surface by exposing new vulnerabilities and infiltration points into restricted networks. One of the major challenges in such deployments is determining the security risks that IoT devices pose to the environment they operated in. This paper proposes an IoT device risk score model, denoted as the Weighted Risk Ranking (WRR) model. The proposed approach focuses on quantifying the static and dynamic properties of a device, in order to define a risk score. Our practical proof of concept demonstrates the use of the WRR scheme for several IoT devices in the context of an enterprise network, showing the feasibility of the suggested solution as a tool for device risk assessment in modern networks where IoT devices are widely deployed.

Original language	English
Title of host publication	Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings
Editors	Guojun Wang, Jun Feng, Md Zakirul Alam Bhuiyan, Rongxing Lu
Publisher	Springer Verlag
Pages	20-34
Number of pages	15
ISBN (Print)	9783030248994
DOIs	https://doi.org/10.1007/978-3-030-24900-7_2
State	Published - 1 Jan 2019
Event	12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019 - Atlanta, United States Duration: 14 Jul 2019 → 17 Jul 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11637 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019
Country/Territory	United States
City	Atlanta
Period	14/07/19 → 17/07/19

Keywords

Device risk assessment
Device-centric approach
Internet of Things
Security
Security risk score

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-24900-7_2

Cite this

Siboni, S., Glezer, C., Shabtai, A., & Elovici, Y. (2019). A Weighted Risk Score Model for IoT Devices. In G. Wang, J. Feng, M. Z. A. Bhuiyan, & R. Lu (Eds.), Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings (pp. 20-34). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11637 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-24900-7_2

Siboni, Shachar ; Glezer, Chanan ; Shabtai, Asaf et al. / A Weighted Risk Score Model for IoT Devices. Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings. editor / Guojun Wang ; Jun Feng ; Md Zakirul Alam Bhuiyan ; Rongxing Lu. Springer Verlag, 2019. pp. 20-34 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d3fe161f48d946e99fc46bab553529e2,

title = "A Weighted Risk Score Model for IoT Devices",

abstract = "The Internet of Things (IoT) defines a new era where ordinary physical objects are being transformed into smart connected devices. These advanced devices have the ability to sense, compute, and communicate with their surroundings via the Internet. This may result in severe network security breaches, as these devices in-crease the attack surface by exposing new vulnerabilities and infiltration points into restricted networks. One of the major challenges in such deployments is determining the security risks that IoT devices pose to the environment they operated in. This paper proposes an IoT device risk score model, denoted as the Weighted Risk Ranking (WRR) model. The proposed approach focuses on quantifying the static and dynamic properties of a device, in order to define a risk score. Our practical proof of concept demonstrates the use of the WRR scheme for several IoT devices in the context of an enterprise network, showing the feasibility of the suggested solution as a tool for device risk assessment in modern networks where IoT devices are widely deployed.",

keywords = "Device risk assessment, Device-centric approach, Internet of Things, Security, Security risk score",

author = "Shachar Siboni and Chanan Glezer and Asaf Shabtai and Yuval Elovici",

note = "Publisher Copyright: {\textcopyright} 2019, Springer Nature Switzerland AG.; 12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019 ; Conference date: 14-07-2019 Through 17-07-2019",

year = "2019",

month = jan,

day = "1",

doi = "10.1007/978-3-030-24900-7\_2",

language = "English",

isbn = "9783030248994",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "20--34",

editor = "Guojun Wang and Jun Feng and Bhuiyan, \{Md Zakirul Alam\} and Rongxing Lu",

booktitle = "Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings",

address = "Germany",

}

Siboni, S, Glezer, C, Shabtai, A & Elovici, Y 2019, A Weighted Risk Score Model for IoT Devices. in G Wang, J Feng, MZA Bhuiyan & R Lu (eds), Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11637 LNCS, Springer Verlag, pp. 20-34, 12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019, Atlanta, United States, 14/07/19. https://doi.org/10.1007/978-3-030-24900-7_2

A Weighted Risk Score Model for IoT Devices. / Siboni, Shachar; Glezer, Chanan; Shabtai, Asaf et al.
Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings. ed. / Guojun Wang; Jun Feng; Md Zakirul Alam Bhuiyan; Rongxing Lu. Springer Verlag, 2019. p. 20-34 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11637 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Weighted Risk Score Model for IoT Devices

AU - Siboni, Shachar

AU - Glezer, Chanan

AU - Shabtai, Asaf

AU - Elovici, Yuval

PY - 2019/1/1

Y1 - 2019/1/1

N2 - The Internet of Things (IoT) defines a new era where ordinary physical objects are being transformed into smart connected devices. These advanced devices have the ability to sense, compute, and communicate with their surroundings via the Internet. This may result in severe network security breaches, as these devices in-crease the attack surface by exposing new vulnerabilities and infiltration points into restricted networks. One of the major challenges in such deployments is determining the security risks that IoT devices pose to the environment they operated in. This paper proposes an IoT device risk score model, denoted as the Weighted Risk Ranking (WRR) model. The proposed approach focuses on quantifying the static and dynamic properties of a device, in order to define a risk score. Our practical proof of concept demonstrates the use of the WRR scheme for several IoT devices in the context of an enterprise network, showing the feasibility of the suggested solution as a tool for device risk assessment in modern networks where IoT devices are widely deployed.

AB - The Internet of Things (IoT) defines a new era where ordinary physical objects are being transformed into smart connected devices. These advanced devices have the ability to sense, compute, and communicate with their surroundings via the Internet. This may result in severe network security breaches, as these devices in-crease the attack surface by exposing new vulnerabilities and infiltration points into restricted networks. One of the major challenges in such deployments is determining the security risks that IoT devices pose to the environment they operated in. This paper proposes an IoT device risk score model, denoted as the Weighted Risk Ranking (WRR) model. The proposed approach focuses on quantifying the static and dynamic properties of a device, in order to define a risk score. Our practical proof of concept demonstrates the use of the WRR scheme for several IoT devices in the context of an enterprise network, showing the feasibility of the suggested solution as a tool for device risk assessment in modern networks where IoT devices are widely deployed.

KW - Device risk assessment

KW - Device-centric approach

KW - Internet of Things

KW - Security

KW - Security risk score

UR - https://www.scopus.com/pages/publications/85069804247

U2 - 10.1007/978-3-030-24900-7_2

DO - 10.1007/978-3-030-24900-7_2

M3 - Conference contribution

AN - SCOPUS:85069804247

SN - 9783030248994

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 20

EP - 34

BT - Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings

A2 - Wang, Guojun

A2 - Feng, Jun

A2 - Bhuiyan, Md Zakirul Alam

A2 - Lu, Rongxing

PB - Springer Verlag

T2 - 12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019

Y2 - 14 July 2019 through 17 July 2019

ER -

Siboni S, Glezer C, Shabtai A , Elovici Y. A Weighted Risk Score Model for IoT Devices. In Wang G, Feng J, Bhuiyan MZA, Lu R, editors, Security, Privacy, and Anonymity in Computation, Communication, and Storage - SpaCCS 2019 International Workshops, Proceedings. Springer Verlag. 2019. p. 20-34. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-24900-7_2

A Weighted Risk Score Model for IoT Devices

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this