IoT device security audit tools: a comprehensive analysis and a layered architecture approach for addressing expanded security requirements

Ashutosh Kumar,L. Kavisankar,S. Venkatesan,Manish Kumar,Suneel Yadav,Sandeep Kumar Shukla,Rahamatullah Khondoker
DOI: https://doi.org/10.1007/s10207-024-00930-z
2024-11-07
International Journal of Information Security
Abstract:The Internet of Things (IoT) has the potential to bring unprecedented accessibility and efficiency to a wide range of critical applications and access control services. With the advent of IoT technology, there is a surge in potential threats and challenges that engender the risk of IoT devices interconnected over the Internet infrastructure. The mitigation of potential threats and risks needs a comprehensive analysis of security threats and relevant attack vectors in IoT networks, especially in IoT devices. Auditing is crucial to ensure that all IoT devices in the ecosystem are operating accurately and securely. This research has examined several physical and remote IoT security auditing tools to identify their drawbacks. This paper has also explored possible security threats, audited these threats to prevent them proactively by using the proposed novel seven-layer architecture, and presented expanded security requirements for IoT devices. Even more, we have examined the existing audit tools using an IoT device (IP camera). The analysis has shown that audit features concerning security requirements are missing from the existing audit tools. Our proposed seven-layer IoT device architecture with expanded security requirements has the potential to be a security audit benchmark for all IoT devices at the manufacturing and end-user levels.
computer science, information systems, theory & methods, software engineering
What problem does this paper attempt to address?