Motivation and contribution: While various threat models for WSNs and IoT can be found in literature, there is no comprehensive and strategical threat model for understanding the holistic nature of VSN security for practical deployments. Furthermore, common mitigation strategies for the identified attack vectors are presented. This threat model extends previous works in the fields of Internet of Things (IoT) and wireless sensor networks (WSNs). However, a general threat model like presented in this work may be used to guide the threat modeling activities for a specific system based on the class of application. Typically, threat models are specific to one system. Based on that, a threat analysis can be used to quantify the risk of a certain attack vector and mitigation can be prioritized. A threat model for a specific system describes the potential ways an attacker can compromise this system. This paper presents a general threat model for the attack surfaces of distributed visual sensor network (VSN) applications and their components. As sensor nodes become smaller nowadays, eventually reaching sizes in the scale of nanometers, they will be invisibly embedded in our everyday life environment which poses new challenges on privacy and security requirements, motivating the need for a clear understanding of all potential security threats. These applications include, e.g., nuclear facilities, energy grids and water supplies, hospitals and medical systems, building infrastructure, airplanes and autonomous cars and private homes. Summarized, there are many different application domains which can be affected through IoT security breaches in order to attack the privacy of humans or the proper functioning of systems. Many more reports have been made public throughout recent years about the vulnerabilities of dedicated IoT devices. Very drastic privacy invasions on the vulnerabilities of baby monitors have also been reported lately. This malware targets IoT devices to perform Permanent Denial of Service (PDoS) attacks attempting to permanently destroy insecure devices by degenerating their storage. In 2017, Bricker bot attacked around 10 million home routers and IP cameras before it was discovered by Radware. This incident was an eye opener, showing how big the IoT insecurity problem is. In general, Mirai infects IoT devices via remote access, turning them into bots for executing Distributed Denial of Service (DDoS) attacks.
SDL THREAT MODELING TOOL FOR MAC SOFTWARE
Very prominently, the Mirai botnet was used to spread malicious software to millions of IoT devices.
With the growing popularity of IoT applications such as smart homes and industrial systems, the first waves of cyberattacks have been performed. Defending against attackers and malicious behavior in a potentially large-scale, fully distributed and autonomous network is non-trivial since nodes do not have any previous knowledge about others and solely rely on sensed or received information. Therefore, they need to be detected as effective as possible on all layers of the sensor network. Attackers might want to intrude the network in order to get access to sensitive data or to spread false information through the network. An important concern is thus to ensure robust and reliable applications even in the presence of attackers. The distributed nature of sensor networks and their deployment in remote areas make them vulnerable to numerous security threats that aim at affecting their proper functioning. The outlined threats are classified by the STRIDE taxonomy and their weaknesses are classified using CWE, a common taxonomy for security weaknesses.Īs sensor networks become more and more ubiquitous these days, surrounding us in our everyday environment, the concern for security and privacy increases steadily. This paper presents a general threat model for the attack surfaces of visual sensor network applications and their components. Since the state-of-the-art is lacking studies on vulnerabilities in VSNs, a thorough investigation of attacks that can be launched against VSNs is required. These vulnerabilities allow attackers to launch more severe and complicated attacks. Compared to traditional networks, sensor networks typically face numerous additional vulnerabilities due to the dynamic and distributed network topology, the resource constrained nodes, the potentially large network scale and the lack of global network knowledge. A major concern in the use of sensor networks in general is their reliability in the presence of security threats and cyberattacks. Today, visual sensor networks (VSNs) are pervasively used in smart environments such as intelligent homes, industrial automation or surveillance.
0 kommentar(er)
