Security Auditing of Internet of Things Devices in a Smart Home
Suryadipta Mazumdar, Daniel Bostos, Anoop Singhal
Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution that has been applied with success in other domains. However, security auditing of Internet of Things devices is challenging because the high-level security recommendations provided by standards and best practices are not readily applicable to auditing low-level device data such as sensor readings, logs and configurations. Additionally, the heterogeneous nature of Internet of Things devices and their resource constraints increase the complexity of the auditing process. Therefore, enabling the security auditing of Internet of Things devices requires the definition of actionable security policies, collection and processing of audit data, and specification of appropriate audit procedures. This chapter focuses on the security auditing of Internet of Things devices. It presents a methodology for extracting actionable security rules from existing security standards and best practices and conducting security audits of Internet of Things devices. The methodology is applied to devices in a smart home environment, and its efficiency and scalability are evaluated.
Advances in Digital Forensics XVII
February 1-2, 2021
Arlington, VA, US
Seventeenth Annual IFIP International Conference on Digital Forensics
, Bostos, D.
and Singhal, A.
Security Auditing of Internet of Things Devices in a Smart Home, Advances in Digital Forensics XVII, Arlington, VA, US, [online], https://doi.org/10.1007/978-3-030-88381-2_11, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=931460
(Accessed March 2, 2024)