Skip to main content
SpringerLink
Log in

IoT Security and Privacy Labels

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11498))

Included in the following conference series:

Abstract

IoT devices are riddled with vulnerabilities and design flaws. In consequence, we have witnessed the rise of IoT specific malware and botnets with devastating consequences on the security and privacy of consumers using those devices. Despite the growing attacks targeting these vulnerable IoT devices, manufacturers are yet to strengthen the security posture of their devices and adopt best-practices and a security by design approach. To this end, we devise an concise, informative IoT labelling scheme to convey high-level security and privacy facts about an IoT device to the consumers so as to raise their security and privacy awareness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mirai: what you need to know about the botnet behind recent major DDoS attacks. https://www.symantec.com/connect/blogs/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks

  2. OpenVAS - Open Vulnerability Assessment System. http://openvas.org/

  3. The Nessus Scanner. https://www.tenable.com/products/nessus/nessus-professional

  4. Wireshark. https://www.wireshark.org/

  5. Insecurity in the Internet of Things (2015). https://www.symantec.com/content/en/us/enterprise/iot/b-insecurity-in-the-internet-of-things_21349619.pdf

  6. Remote Code Execution in CCTV-DVR affecting over 70 different vendors (2016). http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html

  7. “BrickerBot” Results In PDoS Attack (2017). https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/

  8. New IoT/Linux Malware Targets DVRs, Forms Botnet (2017). http://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/

  9. Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: SoK: security evaluation of home-based IoT deployments. In: IEEE S&P (2019)

    Google Scholar 

  10. Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security (2017)

    Google Scholar 

  11. Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. In: DAT (2017)

    Google Scholar 

  12. Celik, Z.B., et al.: Sensitive information tracking in commodity IoT. In: USENIX Security (2018)

    Google Scholar 

  13. Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. In: NDSS (2016)

    Google Scholar 

  14. Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)

    Google Scholar 

  15. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large scale analysis of the security of embedded firmwares. In: USENIX Security (2014)

    Google Scholar 

  16. Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: ASIACCS (2016)

    Google Scholar 

  17. ENISA. Baseline Security Recommendations for IoT (2017). https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot

  18. Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A nutrition label for privacy. In: USENIX SOUPS (2009)

    Google Scholar 

  19. Kelley, P.G., Cesca, L., Bresee, J., Cranor, L.F.: Standardizing privacy notices: an online study of the nutrition label approach. In: CHI (2010)

    Google Scholar 

  20. Naeini, P.E., Agarwal, Y., Cranor, L., Dixon, H.: Exploring how privacy and security factor into IoT device purchase behavior. In: USENIX SOUPS (2017)

    Google Scholar 

  21. Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: USENIX SOUPS (2017)

    Google Scholar 

  22. Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications (2018). https://arxiv.org/pdf/1802.02041.pdf

  23. Tenable: Nessus Network Monitor (2018). https://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/datasheets/Tenable2018_DS-Nessus-Network-Monitor.pdf

  24. Pierre-Antoine, V., Shen, Y.: Before toasters rise up: a view into the emerging IoT threat landscape. In: RAID (2018)

    Google Scholar 

  25. Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D.: Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares. In: NDSS (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Symantec Research Labs, Reading, UK

    Yun Shen

  2. Symantec Research Labs, Sophia Antipolis, France

    Pierre-Antoine Vervier

Authors
  1. Yun Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre-Antoine Vervier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yun Shen .

Editor information

Editors and Affiliations

  1. Università di Roma - Tor Vergata, Rome, Italy

    Maurizio Naldi

  2. LUISS Guido Carli University, Rome, Italy

    Giuseppe F. Italiano

  3. Goethe University Frankfurt, Frankfurt, Germany

    Kai Rannenberg

  4. Universitat Politècnica de Catalunya, Barcelona, Spain

    Manel Medina

  5. ENISA, Heraklion, Greece

    Athena Bourka

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shen, Y., Vervier, PA. (2019). IoT Security and Privacy Labels. In: Naldi, M., Italiano, G., Rannenberg, K., Medina, M., Bourka, A. (eds) Privacy Technologies and Policy. APF 2019. Lecture Notes in Computer Science(), vol 11498. Springer, Cham. https://doi.org/10.1007/978-3-030-21752-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-21752-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-21751-8

  • Online ISBN: 978-3-030-21752-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation