TY - JOUR
T1 - An automated context-aware IoT vulnerability assessment rule-set generator
AU - Hashmat, Fabiha
AU - Abbas, Syed Ghazanfar
AU - Hina, Sadaf
AU - Shah, Ghalib A.
AU - Bakhshi, Taimur
AU - Abbas, Waseem
PY - 2022/3/15
Y1 - 2022/3/15
N2 - While introducing unprecedented applications, Internet of Things (IoT) has simultaneously provoked acute security challenges, in the form of the vulnerabilities. Mainly because manufacturers overlook the security considerations and produce devices that could be exploited easily. Security systems used for the protection of IoT environment usually deploy traditional rulesets which lack distinct IoT vulnerability assessment elements and therefore are inadequate for providing security to IoT eco-system. Hence, due to the variety and volume of such devices, traditional security solutions need to be more robust for IoT settings. Contrary to the traditional rule-set, IoT device vulnerability identification requires distinct understanding of IoT-specific vulnerability vectors, based on their architecture, resource constrained nature, communication primitives and context awareness. This research work has proposed an automated context-aware IoT vulnerability assessment rule-set framework. Proposed system dynamically identifies IoT devices along with the services running on them, gathers their respective vulnerabilities, transform them into rules and enforce them into the security solutions. The proposed framework has been evaluated on a dataset of 49 IoT devices. According to the results, proposed framework automatically generated rules against all the vulnerabilities present in the network under consideration. Additionally, this research has proposed IoT vulnerability assessment rule-set elements which are necessary to be considered while designing any IoT vulnerability assessment rule-set. With the proposed mechanism, this research work intends to fill the missing lines of defense against rising IoT vulnerabilities. The proposed framework will benefit researchers, security analysts and manufacturers to devise reliable IoT security solutions.
AB - While introducing unprecedented applications, Internet of Things (IoT) has simultaneously provoked acute security challenges, in the form of the vulnerabilities. Mainly because manufacturers overlook the security considerations and produce devices that could be exploited easily. Security systems used for the protection of IoT environment usually deploy traditional rulesets which lack distinct IoT vulnerability assessment elements and therefore are inadequate for providing security to IoT eco-system. Hence, due to the variety and volume of such devices, traditional security solutions need to be more robust for IoT settings. Contrary to the traditional rule-set, IoT device vulnerability identification requires distinct understanding of IoT-specific vulnerability vectors, based on their architecture, resource constrained nature, communication primitives and context awareness. This research work has proposed an automated context-aware IoT vulnerability assessment rule-set framework. Proposed system dynamically identifies IoT devices along with the services running on them, gathers their respective vulnerabilities, transform them into rules and enforce them into the security solutions. The proposed framework has been evaluated on a dataset of 49 IoT devices. According to the results, proposed framework automatically generated rules against all the vulnerabilities present in the network under consideration. Additionally, this research has proposed IoT vulnerability assessment rule-set elements which are necessary to be considered while designing any IoT vulnerability assessment rule-set. With the proposed mechanism, this research work intends to fill the missing lines of defense against rising IoT vulnerabilities. The proposed framework will benefit researchers, security analysts and manufacturers to devise reliable IoT security solutions.
KW - ET Open
KW - IoT
KW - IoT rule-set
KW - IoT vulnerability assessment
KW - Traditional Rule-Set
U2 - 10.1016/j.comcom.2022.01.022
DO - 10.1016/j.comcom.2022.01.022
M3 - Article
SN - 0140-3664
VL - 186
SP - 133
EP - 152
JO - Computer Communications
JF - Computer Communications
ER -