Security assessment in IoT ecosystems

Abstract

The Internet of Things (IoT) and "Smart Everything" trend is a reality that is becoming part of our daily lives. Consequently, there is a gradual increase in the deployment of real world IoT systems that attempt to make use of the various possibilities and benefits the IoT offers. However, the connection of billions of-usually inherently insecure-devices in a network, paired with the lack of a clear security framework for the development of IoT systems and platforms has widened the attack surface of these systems leading to them being targeted by malicious actors. In this paper, we explore the problem and related research, devise an assets taxonomy and focus on the security requirements for each asset category. Then, we discuss countermeasures and good practices as well as new approaches based on AI that improve security and intrusion detection capabilities. We also introduce a metric that can be incorporated by automated security auditing methods. The relevance of this metric is evaluated with respect to correlation across findings from a real-world study. Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).