Fault Tree Analysis-based Risk Quantification of Smart Homes

A smart home is a new enabling innovative appliance domain that is developed from the rapid growth of the Internet of Things Despite its popularity and evident usefulness for human beings, smart homes have numerous security issues that originate from the heterogeneous, wide-scale and complex structure of the Internet of Things. It is obvious that a risk assessment is needed in order to ensure the security of smart homes. We propose a security risk quantification technique that permits to have a measure of the level of security of a given smart home based on the 'things' that it is composed of. Our method is based on Fault Tree Analysis which is the de-facto tool used in mission-critical systems. At first, we generated an exhaustive security tree based on the general architecture of a smart home. Afterwards, we evaluated our proposal in a use case of successful attacks on a light bulb system that functions through the ZigBee protocol. We were able to demonstrate that the risk of a successful attack in that system is very high given the same conditions.