Skip to main content
SpringerLink
Log in

Security Measuring System for IoT Devices

  • Conference paper
  • First Online:
Computer Security. ESORICS 2021 International Workshops (ESORICS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13106))

Included in the following conference series:

Abstract

Wide application of IoT devices together with the growth of cyber attacks against them creates a need for a simple and clear system of security metrics for the end users and producers that will allow them to understand how secure their IoT devices are and to compare these devices with each other, as well as to enhance the security of the devices. The paper proposes a security measuring system that is based on the hierarchy of metrics representing different security properties and integrates these security metrics in one clear and reasonable score depending on available data. The algorithms used for metrics calculation are briefly described with the main focus on the algorithms for integral scores. To demonstrate the operation of the proposed security measuring system, the case study describing metrics calculation for the IoT device is given.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  2. Local Outlier Factor. https://en.wikipedia.org/wiki/Local_outlier_factor

  3. Schölkopf, B., Platt, J.C., Shawe-Taylor, J., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001). https://doi.org/10.1162/089976601750264965

    Article  MATH  Google Scholar 

  4. Liu, F.T., Ting, K.M., Zhou, Z.-H.: Isolation-based anomaly detection. ACM Trans. Knowl. Discov. Data 6(1), 1–39 (2012). https://doi.org/10.1145/2133360.2133363

    Article  Google Scholar 

  5. Rousseeuw, P.J., Van Driessen, K.: A fast algorithm for the minimum covariance determinant estimator. Technometrics 41(3), 212 (1999)

    Article  Google Scholar 

  6. Novikova, E., Doynikova, E., Kotenko, I.: P2Onto: making privacy policies transparent. In: Katsikas, S., et al. (eds.) CyberICPS/SECPRE/ADIoT -2020. LNCS, vol. 12501, pp. 235–252. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64330-0_15

    Chapter  Google Scholar 

  7. Peltier, T.R.: Information Security Risk Analysis, 3d edn., p. 456. CRC Press, Boca Raton (2010)

    Book  Google Scholar 

  8. Common Vulnerability Scoring System v3.1: Specification Document. https://www.first.org/cvss/specification-document. Accessed 29 Dec 2019

  9. IoT Security Foundation. https://www.iotsecurityfoundation.org/best-practice-guidelines. Accessed 30 July 2021

  10. Doynikova, E., Chechulin, A., Kotenko, I.: Analytical attack modeling and security assessment based on the common vulnerability scoring system. In: Proceedings of the XXth Conference of Open Innovations Association FRUCT, pp. 53–61 (2017). https://doi.org/10.23919/FRUCT.2017.8071292

  11. Kincaid, J.P., Fishburne, R.P., Rogers, R.L., Chissom, B.S.: Derivation of new readability formulas (automated readability index, fog count, and flesch reading ease formula) for Navy enlisted personnel. Research branch report 8–75. Chief of Naval Technical Training: Naval Air Station Memphis (1975)

    Google Scholar 

  12. Ardagna, C.A., De Capitani di Vimercati, S., Samarati, P.: Enhancing user privacy through data handling policies. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 224–236. Springer, Heidelberg (2006). https://doi.org/10.1007/11805588_16

    Chapter  Google Scholar 

  13. Pardo, R., Le Métayer, D.: Analysis of privacy policies to enhance informed consent. In: Foley, S.N. (ed.) DBSec 2019. LNCS, vol. 11559, pp. 177–198. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22479-0_10

    Chapter  Google Scholar 

  14. Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics (IWSPA 2018), pp. 15–21. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3180445.3180447

  15. Wei, R., Cai, L., Yu, A., Meng, D.: AGE: authentication graph embedding for detecting anomalous login activities (2020). https://doi.org/10.1007/978-3-030-41579-2_20

  16. National Cyber Security Center. NCSC CAF guidance. https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework. Accessed 30 July 2021

  17. IoT Security Foundation, IoT Security Compliance Framework, Release 2, December 2018. https://www.iotsecurityfoundation.org/wp-content/uploads/2018/12/IoTSF-IoT-Security-Compliance-Framework-Release-2.0-December-2018.pdf. Accessed 30 July 2021

  18. Najib, W., Sulistyo, S., Widyawan: Survey on trust calculation methods in Internet of Things. Procedia Comput. Sci. 161, 1300–1307 (2019). https://doi.org/10.1016/j.procs.2019.11.245

  19. Khouzani, M.H.R., Liu, Z., Malacaria, P.: Scalable min-max multi-objective optimization over probabilistic attack graphs. Eur. J. Oper. Res. 278(3), 894–903 (2019)

    Article  Google Scholar 

  20. De, S.J., Le Metayer, D.: Privacy risk analysis to enable informed privacy settings. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), London, pp. 95–102 (2018)

    Google Scholar 

  21. Bar-Sinai, M., Sweeney, L., Crosas, M.: DataTags, data handling policy spaces and the tags language. In: 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, pp. 1–8 (2016)

    Google Scholar 

  22. Métayer, D.: A formal privacy management framework. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 162–176. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01465-9_11

    Chapter  Google Scholar 

  23. Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_31

    Chapter  Google Scholar 

  24. August Device and Service Privacy Policy. https://august.com/pages/privacy-policy. Accessed 30 Mar 2021

  25. General Data Protection Regulation (GDPR). https://gdpr-info.eu/. Accessed 31 July 2021

Download references

Author information

Authors and Affiliations

  1. St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS), St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 14-th Liniya, 39, St. Petersburg, 199178, Russia

    Elena Doynikova, Evgenia Novikova, Ivan Murenin, Maxim Kolomeec, Diana Gaifulina, Olga Tushkanova, Dmitry Levshun, Alexey Meleshko & Igor Kotenko

Authors
  1. Elena Doynikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Evgenia Novikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ivan Murenin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Maxim Kolomeec
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Diana Gaifulina
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Olga Tushkanova
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Dmitry Levshun
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Alexey Meleshko
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elena Doynikova .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. Polytechnique Montréal, Montréal, QC, Canada

    Nora Cuppens

  4. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  7. University of Nottingham, Nottingham, UK

    Steven Furnell

  8. Technische Universität Berlin, Berlin, Germany

    Frank Pallas

  9. Alexander von Humboldt Institut für Internet und Gesellschaft gGmbH, Berlin, Germany

    Jörg Pohle

  10. Ruhr-Universität Bochum, Bochum, Germany

    M. Angela Sasse

  11. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  12. University of Trento and Fondazione Bruno Kessler, Trento, Italy

    Silvio Ranise

  13. Università degli Studi di Genova, Genoa, Italy

    Luca Verderame

  14. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  15. Indra, Alcobendas, Spain

    Jorge Maestre Vidal

  16. Indra, Alcobendas, Spain

    Marco Antonio Sotelo Monge

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Doynikova, E. et al. (2022). Security Measuring System for IoT Devices. In: Katsikas, S., et al. Computer Security. ESORICS 2021 International Workshops. ESORICS 2021. Lecture Notes in Computer Science(), vol 13106. Springer, Cham. https://doi.org/10.1007/978-3-030-95484-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95484-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95483-3

  • Online ISBN: 978-3-030-95484-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation