Threat Modeling of Internet of Things Health Devices

被引:19
作者
Omotosho, Adebayo [1 ]
Haruna, Benjamin Ayemlo [1 ]
Olaniyi, Olayemi Mikail [2 ]
机构
[1] Landmark Univ, Dept Comp Sci, PMB 1004, Omu Aran, Kwara State, Nigeria
[2] Fed Univ Technol, Dept Comp Engn, Minna, Nigeria
关键词
Internet of Things; health; STRIDE; DREAD; modeling; SECURITY; CARE;
D O I
10.1080/19361610.2019.1545278
中图分类号
DF [法律]; D9 [法律];
学科分类号
0301 ;
摘要
For a number of health conditions, the number of Internet of Things (IoT) devices available for self and remote monitoring are growing rapidly, and users are also increasing. In the same vein, cyber criminals are putting lots of effort into making these devices unsafe for users, and this has generated growing privacy concerns for both users and manufacturers. In this article, a threat model is designed for selected IoT health devices. Based on the device assets and access points, device threats were identified using the STRIDE model and ranked using a threat-risk ranking model called DREAD. Some countermeasures to mitigate each of the identified threats in the selected devices were also proposed. A Web system that presents the model was created and enables the users of devices, manufacturers, and professionals to view possible threats and severity based on the devices' risk scores. This model will benefit both the designers and users of health IoT devices in improving products' security and understanding devices' privacy risk, respectively.
引用
收藏
页码:106 / 121
页数:16
相关论文
共 35 条
[1]  
Abie H., 2012, P 7 INT C BOD AR NET, P269
[2]  
Abomhara M., 2015, Norsk informasjonssikkerhetskonferanse (NISK), V8, P82
[3]   Security and Privacy Issues in Wireless Sensor Networks for Healthcare [J].
Agrawal, Vivek .
INTERNET OF THINGS: USER-CENTRIC IOT, PT I, 2015, 150 :223-228
[4]  
Alhassan J. K., 2016, INT C INF COMM TECHN
[5]  
Amini A., 2015, Journal of Applied Sciences, V15, P953, DOI 10.3923/jas.2015.953.967
[6]  
Bertino E, 2005, INT FED INFO PROC, V175, P159
[7]  
Campbell D, 2016, INTERNET THINGS SE 1
[8]  
Chadwick D, 2005, INT FED INFO PROC, V175, P173
[9]  
Chen Y., 2007, P ANN HAWAII INT C S, p280a
[10]  
De Cock D, 2005, INT FED INFO PROC, V175, P183