Mazumdar, S.
, Bostos, D.
and Singhal, A.
(2021),
Security Auditing of Internet of Things Devices in a Smart Home, Advances in Digital Forensics XVII, Arlington, VA, US, [online], https://doi.org/10.1007/978-3-030-88381-2_11, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=931460
(Accessed November 21, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security Auditing of Internet of Things Devices in a Smart Home
Published
Author(s)
Suryadipta Mazumdar, Daniel Bostos,
Abstract
Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution that has been applied with success in other domains. However, security auditing of Internet of Things devices is challenging because the high-level security recommendations provided by standards and best practices are not readily applicable to auditing low-level device data such as sensor readings, logs and configurations. Additionally, the heterogeneous nature of Internet of Things devices and their resource constraints increase the complexity of the auditing process. Therefore, enabling the security auditing of Internet of Things devices requires the definition of actionable security policies, collection and processing of audit data, and specification of appropriate audit procedures. This chapter focuses on the security auditing of Internet of Things devices. It presents a methodology for extracting actionable security rules from existing security standards and best practices and conducting security audits of Internet of Things devices. The methodology is applied to devices in a smart home environment, and its efficiency and scalability are evaluated.Proceedings Title
Advances in Digital Forensics XVII
Volume
612
Conference Dates
February 1-2, 2021
Conference Location
Arlington, VA, US
Conference Title
Seventeenth Annual IFIP International Conference on Digital Forensics
Pub Type
Conferences
Download Paper
Keywords
Internet of Things, security auditing, formal verification
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created October 15, 2021, Updated February 23, 2022