Research Article
Categorizing IoT Services According to Security Risks
@INPROCEEDINGS{10.1007/978-3-030-78459-1_11, author={Ostroški Dominik and Mikuc Miljenko and Vuković Marin}, title={Categorizing IoT Services According to Security Risks}, proceedings={Future Access Enablers for Ubiquitous and Intelligent Infrastructures. 5th EAI International Conference, FABULOUS 2021, Virtual Event, May 6--7, 2021, Proceedings}, proceedings_a={FABULOUS}, year={2021}, month={6}, keywords={Internet of Things Security requirements Service categorization Security and privacy risks}, doi={10.1007/978-3-030-78459-1_11} }- Ostroški Dominik
Mikuc Miljenko
Vuković Marin
Year: 2021
Categorizing IoT Services According to Security Risks
FABULOUS
Springer
DOI: 10.1007/978-3-030-78459-1_11
Abstract
Internet of things has been a part of our lives, both at home and in workplace, for several years now. However, due to its popularity, numerous security issues are emerging related to devices, network communication or Internet of things (IoT) acquired data storage and processing in the cloud. This paper presents a model for categorization of existing and novel IoT services based on estimated security risks. The goal is to develop security requirements for each service category in such a way that service creators are able to classify their services and follow the requirements in order to harden the services in development. The paper proposes a categorization model based on DREAD (Damage potential, Reproducibility, Exploitability, affected users, and Discoverability) and gives examples of existing services classification. A set of simple questions is proposed at the end of the paper that should be answered by service creators in order to categorize its service into one of the proposed categories.
