A threat modelling approach to enhance the security of Internet of Things Devices

Abstract

The popular Internet of Things (IoT) devices have specific characteristics such as interaction with the environment through sensors and actuators and connection to a network such as the Internet. However, sensors can collect private or sensitive data and actuators can initiate physical processes. Therefore, security, privacy, and safety are among the most important challenges of the IoT. The current approach of standards and best practice guidelines is to provide device manufacturers with a list of security requirements. Another approach used in this thesis is threat modelling, which leverages models to support the identification of threats. It is hypothesised that by specialising threat modelling on IoT devices, the threat analysis can be simplified and improved. However, not all established threat modelling methods from the IT domain can be applied to the IoT. The research aim is therefore to adapt and specialise some of these methods to IoT devices in order to support manufacturers in identifying threats and developing countermeasures. This thesis has three contributions: i) a modelling technique specifically for IoT devices that also allows modelling of hardware, called Cyber-Physical Data Flow Diagram (CPDFD), ii) a threat analysis and risk assessment methodology specifically for device manufacturers, called Thing Threat Modelling (TTM), and iii) a software tool that implements the technique and methodology, called TTModeler. These solutions were evaluated through four studies: Firstly, an analysis of six case studies, five of which were created by students, secondly, a formal comparison of TTM with three other methodologies, thirdly, an experimental study in which 41 participants used different programs, and lastly, a survey and interviews with 15 security experts and engineers who examined the contributions themselves. The results suggest that numerous other attack scenarios can be found through the modelling technique CPDFD, especially through the hardware. The developed methodology TTM indicates a more comprehensive and model-based approach. The results for TTModeler show improvements in the number of identified threats and their information quality. The three adaptations to common methods indicate that the specialisation of threat modelling on IoT devices improves and simplifies the threat analysis.

Date of Award	1 Mar 2024
Original language	English
Awarding Institution	Abertay University
Supervisor	Ian Ferguson (Supervisor) & Natalie Coull (Supervisor)