Abstract
IoT devices are riddled with vulnerabilities and design flaws. In consequence, we have witnessed the rise of IoT specific malware and botnets with devastating consequences on the security and privacy of consumers using those devices. Despite the growing attacks targeting these vulnerable IoT devices, manufacturers are yet to strengthen the security posture of their devices and adopt best-practices and a security by design approach. To this end, we devise an concise, informative IoT labelling scheme to convey high-level security and privacy facts about an IoT device to the consumers so as to raise their security and privacy awareness.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mirai: what you need to know about the botnet behind recent major DDoS attacks. https://www.symantec.com/connect/blogs/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks
OpenVAS - Open Vulnerability Assessment System. http://openvas.org/
The Nessus Scanner. https://www.tenable.com/products/nessus/nessus-professional
Wireshark. https://www.wireshark.org/
Insecurity in the Internet of Things (2015). https://www.symantec.com/content/en/us/enterprise/iot/b-insecurity-in-the-internet-of-things_21349619.pdf
Remote Code Execution in CCTV-DVR affecting over 70 different vendors (2016). http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html
“BrickerBot” Results In PDoS Attack (2017). https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/
New IoT/Linux Malware Targets DVRs, Forms Botnet (2017). http://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/
Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: SoK: security evaluation of home-based IoT deployments. In: IEEE S&P (2019)
Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security (2017)
Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. In: DAT (2017)
Celik, Z.B., et al.: Sensitive information tracking in commodity IoT. In: USENIX Security (2018)
Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. In: NDSS (2016)
Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)
Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large scale analysis of the security of embedded firmwares. In: USENIX Security (2014)
Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: ASIACCS (2016)
ENISA. Baseline Security Recommendations for IoT (2017). https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot
Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A nutrition label for privacy. In: USENIX SOUPS (2009)
Kelley, P.G., Cesca, L., Bresee, J., Cranor, L.F.: Standardizing privacy notices: an online study of the nutrition label approach. In: CHI (2010)
Naeini, P.E., Agarwal, Y., Cranor, L., Dixon, H.: Exploring how privacy and security factor into IoT device purchase behavior. In: USENIX SOUPS (2017)
Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: USENIX SOUPS (2017)
Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications (2018). https://arxiv.org/pdf/1802.02041.pdf
Tenable: Nessus Network Monitor (2018). https://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/datasheets/Tenable2018_DS-Nessus-Network-Monitor.pdf
Pierre-Antoine, V., Shen, Y.: Before toasters rise up: a view into the emerging IoT threat landscape. In: RAID (2018)
Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D.: Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares. In: NDSS (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Shen, Y., Vervier, PA. (2019). IoT Security and Privacy Labels. In: Naldi, M., Italiano, G., Rannenberg, K., Medina, M., Bourka, A. (eds) Privacy Technologies and Policy. APF 2019. Lecture Notes in Computer Science(), vol 11498. Springer, Cham. https://doi.org/10.1007/978-3-030-21752-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-21752-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21751-8
Online ISBN: 978-3-030-21752-5
eBook Packages: Computer ScienceComputer Science (R0)