U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Security Auditing of Internet of Things Devices in a Smart Home

Published

Author(s)

Suryadipta Mazumdar, Daniel Bostos, Anoop Singhal

Abstract

Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution that has been applied with success in other domains. However, security auditing of Internet of Things devices is challenging because the high-level security recommendations provided by standards and best practices are not readily applicable to auditing low-level device data such as sensor readings, logs and configurations. Additionally, the heterogeneous nature of Internet of Things devices and their resource constraints increase the complexity of the auditing process. Therefore, enabling the security auditing of Internet of Things devices requires the definition of actionable security policies, collection and processing of audit data, and specification of appropriate audit procedures. This chapter focuses on the security auditing of Internet of Things devices. It presents a methodology for extracting actionable security rules from existing security standards and best practices and conducting security audits of Internet of Things devices. The methodology is applied to devices in a smart home environment, and its efficiency and scalability are evaluated.
Proceedings Title
Advances in Digital Forensics XVII
Volume
612
Conference Dates
February 1-2, 2021
Conference Location
Arlington, VA, US
Conference Title
Seventeenth Annual IFIP International Conference on Digital Forensics
Pub Type
Conferences

Download Paper

https://doi.org/10.1007/978-3-030-88381-2_11
Local Download

Keywords

Internet of Things, security auditing, formal verification
Risk management, Information technology and Cybersecurity

Citation

Mazumdar, S. , Bostos, D. and Singhal, A. (2021), Security Auditing of Internet of Things Devices in a Smart Home, Advances in Digital Forensics XVII, Arlington, VA, US, [online], https://doi.org/10.1007/978-3-030-88381-2_11, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=931460 (Accessed May 8, 2024)

Created October 15, 2021, Updated February 23, 2022