Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

SpaCCS 2019: Security, Privacy, and Anonymity in Computation, Communication, and Storage pp 20–34Cite as

A Weighted Risk Score Model for IoT Devices

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11637))

Abstract

The Internet of Things (IoT) defines a new era where ordinary physical objects are being transformed into smart connected devices. These advanced devices have the ability to sense, compute, and communicate with their surroundings via the Internet. This may result in severe network security breaches, as these devices in-crease the attack surface by exposing new vulnerabilities and infiltration points into restricted networks. One of the major challenges in such deployments is determining the security risks that IoT devices pose to the environment they operated in. This paper proposes an IoT device risk score model, denoted as the Weighted Risk Ranking (WRR) model. The proposed approach focuses on quantifying the static and dynamic properties of a device, in order to define a risk score. Our practical proof of concept demonstrates the use of the WRR scheme for several IoT devices in the context of an enterprise network, showing the feasibility of the suggested solution as a tool for device risk assessment in modern networks where IoT devices are widely deployed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Atzori, L., Iera, A., Morabito, G.: The Internet of Things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)

    Article  Google Scholar 

  2. Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)

    Article  Google Scholar 

  3. Weber, R.H.: Internet of Things-New security and privacy challenges. Comput. Law Secur. Rev. 26(1), 23–30 (2010)

    Article  MathSciNet  Google Scholar 

  4. Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed Internet of Things. Comput. Netw. 57(10), 2266–2279 (2013)

    Article  Google Scholar 

  5. Abomhara, M. Køien, G.M.: Security and privacy in the Internet of Things: current status and open issues. In: 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8. IEEE, May 2014

    Google Scholar 

  6. Chang, S.I., Huang, A., Chang, L.M., Liao, J.C.: Risk factors of enterprise internal control: Governance refers to Internet of Things (IoT) environment, RISK (2016)

    Google Scholar 

  7. Bi, Z., Da Xu, L., Wang, C.: Internet of Things for enterprise systems of modern manufacturing. IEEE Trans. Ind. Inf. 10(2), 1537–1546 (2014)

    Article  Google Scholar 

  8. Nurse, J.R., Creese, S., De Roure, D.: Security risk assessment in Internet of Things systems. IT Prof. 19(5), 20–26 (2017)

    Article  Google Scholar 

  9. NIST: IoT security and privacy risk considerations (2017). https://www.nist.gov/sites/default/files/documents/2017/12/20/nist_iot_security_and_privacy_risk_considerations_discussion_draft.pdf. Accessed 10 Mar 2019

  10. Stine, I., Rice, M., Dunlap, S., Pecarina, J.: A cyber risk scoring system for medical devices. Int. J. Crit. Infrastruct. Prot. 19, 32–46 (2017)

    Article  Google Scholar 

  11. Watkins, L.A., Hurley, J.S.: Cyber maturity as measured by scientific-based risk metrics. J. Inf. Warfare 14(3), 57–65 (2015)

    Google Scholar 

  12. Rapid7: Nexpose, a weighted model for risk calculation (2018). https://help.rapid7.com/nexpose/en-us/Files/Risk_scoring_FAQ.html. Accessed 10 Mar 2019

  13. Mohajerani, Z., et al.: Cyber-related risk assessment and critical asset identification within the power grid. In: IEEE PES on Transmission and Distribution Conference and Exposition (2010)

    Google Scholar 

  14. Abie, H., Balasingham, I.: Risk-based adaptive security for smart IoT in eHealth. In: Proceedings of the 7th International Conference on Body Area Networks, pp. 269–275. Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (2012)

    Google Scholar 

  15. Jacobsson, A., Boldt, M., Carlsson, B.: A risk analysis of a smart home automation system. Future Gener. Comput. Syst. 56, 719–733 (2016)

    Article  Google Scholar 

  16. Rahmati, A., Fernandes, E., Eykholt, K., Prakash, A.: Tyche: a risk-based permission model for smart homes. In: 2018 IEEE Cybersecurity Development (SecDev), pp. 29–36. IEEE, September 2018

    Google Scholar 

  17. NIST: NVD vulnerability metrics and severity ratings for CVSS v3.0 (2019). https://nvd.nist.gov/vuln-metrics/cvss. Accessed 10 Mar 2019

  18. Tenable: Nessus vulnerability scanner tool for network security (2018). https://www.tenable.com/products/nessus-home. Accessed 10 Mar 2019

  19. Kdnuggets: Removing outliers using standard deviation in Python (2017). https://www.kdnuggets.com/2017/02/removing-outliers-standard-deviation-python.html. Accessed 10 Mar 2019

  20. Siboni, S., Shabtai, A., Tippenhauer, N.O., Lee, J., Elovici, Y.: Advanced security testbed framework for wearable IoT devices. ACM Trans. Internet Technol. (TOIT) 16(4), 26 (2016)

    Article  Google Scholar 

  21. Siboni, S., et al.: Security testbed for Internet-of-Things Devices. IEEE Trans. Reliab. 68(1), 23–44 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, 84105, Beer-Sheva, Israel

    Shachar Siboni, Asaf Shabtai & Yuval Elovici

  2. Department of Industrial Engineering and Management, Ariel University, 40700, Ariel, Israel

    Chanan Glezer

Authors
  1. Shachar Siboni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chanan Glezer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Asaf Shabtai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuval Elovici
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shachar Siboni .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Huazhong University of Science and Technology, Wuhan, China

    Jun Feng

  3. Fordham University, New York City, NY, USA

    Md Zakirul Alam Bhuiyan

  4. University of New Brunswick, Fredericton, NB, Canada

    Rongxing Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Siboni, S., Glezer, C., Shabtai, A., Elovici, Y. (2019). A Weighted Risk Score Model for IoT Devices. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11637. Springer, Cham. https://doi.org/10.1007/978-3-030-24900-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24900-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24899-4

  • Online ISBN: 978-3-030-24900-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation