Several critical contexts, such as healthcare, smart cities, drones, transportation, and agriculture, nowadays rely on IoT, or more in general embedded, devices that require comprehensive security analysis to ensure their integrity before deployment. Security concerns are often related to vulnerabilities that result from inadequate coding or undocumented features that may create significant privacy issues for users and companies. Current analysis methods, albeit dependent on complex tools, may lead to superficial assessments due to compatibility issues, while authoritative entities struggle with specifying feasible firmware analysis requests for manufacturers within operational contexts. This paper urges the scientific community to collaborate with stakeholders—manufacturers, vendors, security analysts, and experts—to forge a cooperative model that clarifies manufacturer contributions and aligns analysis demands with operational constraints. Aiming at a modular approach, this paper highlights the crucial need to refine security analysis, ensuring more precise requirements, balanced expectations, and stronger partnerships between vendors and analysts. To achieve this, we propose a threat model based on the feasible interactions of actors involved in the security evaluation of a device, with a particular emphasis on the responsibilities and necessities of all entities involved.
Do You Trust Your Device? Open Challenges in IoT Security Analysis / Binosi, L.; Mazzini, P.; Sanna, A.; Carminati, M.; Giacinto, G.; Lazzeretti, R.; Zanero, S.; Polino, M.; Coppa, Emilio; Maiorca, D.. - Proceedings of the 21st International Conference on Security and Cryptography, (2024), pp. 568-575. (21st International Conference on Security and Cryptography, SECRYPT 2024, Dijon, France, 8-10 July, 2024). [10.5220/0012856200003767].
Do You Trust Your Device? Open Challenges in IoT Security Analysis
Coppa E.;
2024
Abstract
Several critical contexts, such as healthcare, smart cities, drones, transportation, and agriculture, nowadays rely on IoT, or more in general embedded, devices that require comprehensive security analysis to ensure their integrity before deployment. Security concerns are often related to vulnerabilities that result from inadequate coding or undocumented features that may create significant privacy issues for users and companies. Current analysis methods, albeit dependent on complex tools, may lead to superficial assessments due to compatibility issues, while authoritative entities struggle with specifying feasible firmware analysis requests for manufacturers within operational contexts. This paper urges the scientific community to collaborate with stakeholders—manufacturers, vendors, security analysts, and experts—to forge a cooperative model that clarifies manufacturer contributions and aligns analysis demands with operational constraints. Aiming at a modular approach, this paper highlights the crucial need to refine security analysis, ensuring more precise requirements, balanced expectations, and stronger partnerships between vendors and analysts. To achieve this, we propose a threat model based on the feasible interactions of actors involved in the security evaluation of a device, with a particular emphasis on the responsibilities and necessities of all entities involved.
| File | Dimensione | Formato | |
|---|---|---|---|
|
128562.pdf
Open Access
Tipologia:
Versione dell'editore
Licenza:
Creative commons
Dimensione
191.53 kB
Formato
Adobe PDF
|
191.53 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
