IoTSAT: A formal framework for security analysis of the internet of things (IoT)

The new attack surface being crafted by the huge influx of IoT devices is both formidable and unpredictable, as it introduces a rich set of unexplored attack techniques and unknown vulnerabilities. These new attack techniques are hard to perceive through traditional means, owing to concealed and cas...

Full description

Saved in:

Bibliographic Details
Published in:	2016 IEEE Conference on Communications and Network Security (CNS) pp. 180 - 188
Main Authors:	Mohsin, Mujahid, Anwar, Zahid, Husari, Ghaith, Al-Shaer, Ehab, Rahman, Mohammad Ashiqur
Format:	Conference Proceeding
Language:	English
Published:	IEEE 01-10-2016
Subjects:	Formal verification IoT security analysis IoT system modeling IoT threat classification IoT threat modeling SMT
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

Abstract	The new attack surface being crafted by the huge influx of IoT devices is both formidable and unpredictable, as it introduces a rich set of unexplored attack techniques and unknown vulnerabilities. These new attack techniques are hard to perceive through traditional means, owing to concealed and cascaded inter-device, inter-system and device-environment dependencies. In this paper, we present IoTSAT, a formal framework for security analysis of IoT. IoTSAT formally models the generic behavior of IoT system of systems, based on device configurations, network topologies, user policies and IoT-specific attack surface. The model is then used to measure system's resilience against potential attacks and identify threat vectors and specific attack techniques, which can be used to achieve higher-level adversary's objectives. We evaluate IoTSAT over realistic IoT networks, which concludes that our approach is scalable and highly beneficial for uncovering complex attack vectors of IoT systems.
AbstractList	The new attack surface being crafted by the huge influx of IoT devices is both formidable and unpredictable, as it introduces a rich set of unexplored attack techniques and unknown vulnerabilities. These new attack techniques are hard to perceive through traditional means, owing to concealed and cascaded inter-device, inter-system and device-environment dependencies. In this paper, we present IoTSAT, a formal framework for security analysis of IoT. IoTSAT formally models the generic behavior of IoT system of systems, based on device configurations, network topologies, user policies and IoT-specific attack surface. The model is then used to measure system's resilience against potential attacks and identify threat vectors and specific attack techniques, which can be used to achieve higher-level adversary's objectives. We evaluate IoTSAT over realistic IoT networks, which concludes that our approach is scalable and highly beneficial for uncovering complex attack vectors of IoT systems.
Author	Rahman, Mohammad Ashiqur Anwar, Zahid Husari, Ghaith Mohsin, Mujahid Al-Shaer, Ehab
Author_xml	– sequence: 1 givenname: Mujahid surname: Mohsin fullname: Mohsin, Mujahid email: 13phdccsmmohsin@seecs.edu.pk organization: Nat. Univ. of Sci. & Technol., Islamabad, Pakistan – sequence: 2 givenname: Zahid surname: Anwar fullname: Anwar, Zahid email: zahid.anwar@seecs.edu.pk organization: Nat. Univ. of Sci. & Technol., Islamabad, Pakistan – sequence: 3 givenname: Ghaith surname: Husari fullname: Husari, Ghaith email: ghusari@uncc.edu organization: Univ. of North Carolina at Charlotte, Charlotte, NC, USA – sequence: 4 givenname: Ehab surname: Al-Shaer fullname: Al-Shaer, Ehab email: ealshaer@uncc.edu organization: Univ. of North Carolina at Charlotte, Charlotte, NC, USA – sequence: 5 givenname: Mohammad Ashiqur surname: Rahman fullname: Rahman, Mohammad Ashiqur email: marahman@tntech.edu organization: Tennessee Tech Univ., Cookeville, TN, USA
BookMark	eNotj0tLxDAURiMoqGP3gpssddF60-bprhQfA4MKU9dDxt5otE0lqUj_vcrM6uOcxYHvlByGMSAh5wwKxsBcN4_rogQmC6UlcM0PSGaUZgIMVCAFOyZZSh8AwIzUTOsT8rwc23Xd3tCaujEOtqcu2gF_xvj5L2jC1-_op5naYPs5-URHR6d3pD5MGANOO_bhLdHLv9bVGTlytk-Y7XdBXu5u2-YhXz3dL5t6lXumxJRrZTQXpQNhO1QMrOLWWa230nUgpZOcsxKN6soSrZPCgRFb4NiV6JAbVS3Ixa7rEXHzFf1g47zZ_65-Ac49Toc
ContentType	Conference Proceeding
DBID	6IE 6IL CBEJK RIE RIL
DOI	10.1109/CNS.2016.7860484
DatabaseName	IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library Online IEEE Proceedings Order Plans (POP All) 1998-Present
DatabaseTitleList
Database_xml	– sequence: 1 dbid: RIE name: IEEE Electronic Library Online url: http://ieeexplore.ieee.org/Xplore/DynWel.jsp sourceTypes: Publisher
DeliveryMethod	fulltext_linktorsrc
Discipline	Engineering
EISBN	9781509030651 1509030654
EndPage	188
ExternalDocumentID	7860484
Genre	orig-research
GroupedDBID	6IE 6IF 6IK 6IL 6IN AAJGR ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK OCL RIE RIL
ID	FETCH-LOGICAL-i175t-8798452f05ade710a74afa88b6fd066f64412e97d22eaf65f095b04ed2efe4973
IEDL.DBID	RIE
IngestDate	Thu Jun 29 18:37:45 EDT 2023
IsPeerReviewed	false
IsScholarly	false
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-i175t-8798452f05ade710a74afa88b6fd066f64412e97d22eaf65f095b04ed2efe4973
PageCount	9
ParticipantIDs	ieee_primary_7860484
PublicationCentury	2000
PublicationDate	2016-Oct.
PublicationDateYYYYMMDD	2016-10-01
PublicationDate_xml	– month: 10 year: 2016 text: 2016-Oct.
PublicationDecade	2010
PublicationTitle	2016 IEEE Conference on Communications and Network Security (CNS)
PublicationTitleAbbrev	CNS
PublicationYear	2016
Publisher	IEEE
Publisher_xml	– name: IEEE
SSID	ssj0001968188
Score	1.9702511
Snippet	The new attack surface being crafted by the huge influx of IoT devices is both formidable and unpredictable, as it introduces a rich set of unexplored attack...
SourceID	ieee
SourceType	Publisher
StartPage	180
SubjectTerms	Formal verification IoT security analysis IoT system modeling IoT threat classification IoT threat modeling SMT
Title	IoTSAT: A formal framework for security analysis of the internet of things (IoT)
URI	https://ieeexplore.ieee.org/document/7860484
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
link	http://sdu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1La8MwDBZrT9tlj3bsjQ87bLD04TiJvVvpWrpLKbSD3YpTy1AYzVjT_z8pSdsNdtktEcQBOfb3RZb0Adw7Q3ZCahZ3cQFrOQQ6TMMAQ2cJwEzXOv5RHE2T8bt-GXCbnKddLQwiFsln2OLL4izfZYsNh8raiY7pg1M1qCVGl7Va-3iKiQl79PYksmPa_fGUU7fiVvXYL_2UAj6Gx_978Qk093V4YrJDmFM4wNUZHP1oIdiAyWs2m_Zmz6InCvr5Ifw23YoNYl3p0wlbdR8RmRdE-sSyCAViXt5zvFw80FiPTXgbDmb9UVCpJARLgv6ctjOjVSR9J7IOiS-Qi623Wqexd8QnPBMeiSZxUqL1ceSJVKUdhU6iR2WS8Bzqq2yFFyCckV5GqYoXqVU8hEJPSzTCbko8wkeX0GDfzD_LRhjzyi1Xf5uv4ZDdX2a-3UA9_9rgLdTWbnNXTN03wK2Zww
link.rule.ids	310,311,782,786,791,792,798,27934,54767
linkProvider	IEEE
linkToHtml	http://sdu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LS8NAEB5sPagXH634dg8eFEwfyW6y663UlhZrKTSCt7LpzkJBGrHt_3c2SVsFL96Sgd3A7Cbfl9mZ-QDujCI7IbUTdzGe03LwZJAEHgZGE4CppjbuR7E3jobv8rnj2uQ8bmphEDFLPsOau8zO8k06XblQWT2SIW04XoJdwaMwyqu1thEVFRL6yPVZZEPV28OxS94Ka8XAXwoqGYB0D__36COobivx2GiDMcewg_MTOPjRRLACo34aj1vxE2uxjIB-MLtOuHIGtigU6pgu-o-w1DKifWyWBQNxmd-7iDm7p7keqvDW7cTtnlfoJHgzAv8lfdCU5MK3DaENEmMgJ2urpUxCa4hRWEd5fFSR8X3UNhSWaFXS4Gh8tMhVFJxCeZ7O8QyYUb71RcLDaaK5m4KjpZdUYDMhJmHFOVScbyafeSuMSeGWi7_Nt7DXi18Hk0F_-HIJ-24p8jy4Kygvv1Z4DaWFWd1ky_gNClOdFA
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2016+IEEE+Conference+on+Communications+and+Network+Security+%28CNS%29&rft.atitle=IoTSAT%3A+A+formal+framework+for+security+analysis+of+the+internet+of+things+%28IoT%29&rft.au=Mohsin%2C+Mujahid&rft.au=Anwar%2C+Zahid&rft.au=Husari%2C+Ghaith&rft.au=Al-Shaer%2C+Ehab&rft.date=2016-10-01&rft.pub=IEEE&rft.spage=180&rft.epage=188&rft_id=info:doi/10.1109%2FCNS.2016.7860484&rft.externalDocID=7860484