Author 1: Hezam Akram Abdul-Ghani
Author 2: Dimitri Konstantas
Author 3: Mohammed Mahyoub
Internet of Things (IoT) has not yet reached a distinctive
definition. A generic understanding of IoT is that it offers
numerous services in many domains, utilizing conventional internet
infrastructure by enabling different communication patterns
such as human-to-object, object-to-objects, and object-to-object.
Integrating IoT objects into the standard Internet, however, has
unlocked several security challenges, as most internet technologies
and connectivity protocols have been specifically designed for
unconstrained objects. Moreover, IoT objects have their own
limitations in terms of computation power, memory and bandwidth.
IoT vision, therefore, has suffered from unprecedented
attacks targeting not only individuals but also enterprises, some
examples of these attacks are loss of privacy, organized crime,
mental suffering, and the probability of jeopardizing human
lives. Hence, providing a comprehensive classification of IoT
attacks and their available countermeasures is an indispensable
requirement. In this paper, we propose a novel four-layered IoT
reference model based on building blocks strategy, in which we
develop a comprehensive IoT attack model composed of four key
phases. First, we have proposed IoT asset-based attack surface,
which consists of four main components: 1) physical objects, 2)
protocols covering whole IoT stack, 3) data, and 4) software.
Second, we describe a set of IoT security goals. Third, we
identify IoT attack taxonomy for each asset. Finally, we show
the relationship between each attack and its violated security
goals, and identify a set of countermeasures to protect each asset
as well. To the best of our knowledge, this is the first paper that
attempts to provide a comprehensive IoT attacks model based on
a building-blocked reference model.
Internet of Things (IoT)
building block
security
and privacy
reference model