• PDF / 1,864,693 Bytes
• 13 Pages / 439.37 x 666.142 pts Page_size
• 30 Downloads / 352 Views

DOWNLOAD

REPORT

School of Computer Science and Engineering, University of New South Wales (UNSW), Sydney, Australia {m.nerwich,h.paik}@unsw.edu.au 2 Tata Consultancy Services Limited (TCS), Brisbane, Australia [email protected] 3 CSIRO’s Data61, Sydney, Australia [email protected]

Abstract. In this paper we address the problem of lack of knowledge management systems for Internet of Things (IoT)-specific vulnerabilities and attacks. This data has been published in disparate sources including news articles, blogs, white papers and social media but not in a centralised form. In addition, while comprehensive vulnerability databases do exist, a significant portion of their listings may not apply to IoT devices since these devices tend to run on unique software, hardware and networking protocols. We present the design and implementation of a community-driven, IoT-specific database which documents the vulnerabilities and attacks on IoT infrastructures. Our database supports the integration with other vulnerability databases such as National Vulnerability Database (NVD) and provides a suite of data access APIs for integration with other applications, such as Integrated Development Environment (IDE) or security tools. The database can serve as a knowledge base for IoT application developers, and security researchers as well as contribute to the cyber situational awareness in an enterprise and improve general security awareness for the public over IoT security. Keywords: IoT · Vulnerabilities knowledge management

1

· Database · Cyber attacks · Security

Introduction

Internet of Things (IoT) is a system of interconnected computing devices with an ability to understand and comprehend, in any given situation, and take appropriate actions or decisions without any human interventions. As sensor technology continues to become cheaper, more advanced and widely available, the transformative influence of IoT-based applications is rapidly reaching many industries such as healthcare, manufacturing, transportation, utility, and energy & c Springer Nature Singapore Pte Ltd. 2020  L. Batina and G. Li (Eds.): ATIS 2020, CCIS 1338, pp. 95–107, 2020. https://doi.org/10.1007/978-981-33-4706-9_7

96

M. Nerwich et al.

resources. While IoT is becoming increasingly ubiquitous, its security vulnerabilities can be exploited to launch cyber attacks on the critical infrastructures. The prevalence of IoT vulnerabilities stems from the challenges faced by the IoT manufacturing industry such as unfamiliarity with the security practices, the use of third-party components, lack of regulation and resource-constrained cryptographic capabilities in the devices themselves. Hence it is important to build security knowledge management (SKM) databases that improve IoT security awareness among the stakeholders of IoT as well as address situational awareness of an enterprise once they are deployed for use. We have noticed several gaps in the SKM of IoT devices. Firstly, we have not found any centralised disclosure of IoT exploits. IoT exploit data is often publis

Recommend Documents

Adaptive Recollected RNN for Workload Forecasting in Database-as-a-Service

173 99 38MB

IoT Vulnerability Scanning: A State of the Art

148 73 18MB

Visualization as a Service for Scientific Data

187 74 83MB

Certification as a Service

199 81 9MB

Random Forest Learning Based Indoor Localization as an IoT Service for Smart Buildings

156 62 4MB

Community Interpreting as a Service

207 82 2MB

QoS monitor as a service

178 7 1MB

KMLOD: linked open data service for Korean medical database

107 57 3MB

A Novel Approach for Big Data Monetization as a Service

249 31 23MB

Associated Hazard Assessment of IoT Vulnerability Based on Risk Matrix

181 6 71MB

Mobility as a Service: Implications for Spatial and Social Cohesion

160 44 98MB

Usage Continuance in Software-as-a-Service

164 68 3MB