Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Unified View of IoT And CPS Security and Privacy

Lan Luo, Christopher Morales-Gonzalez, Shan Wang, Zhen Ling, Xinwen Fu

TL;DR

The paper advocates a unified network-centric view of IoT and CPS and introduces a six-factor risk-analysis framework (hardware, networking, OS, software, data, human) to assess security and privacy. It demonstrates the framework with concrete IoT and CPS scenarios, including an air-quality IoT device and BAS CPS, and discusses attacks such as hardware firmware extraction, data injection, MITM, and protocol-level vulnerabilities (KNX, BACnet/IP). A key contribution is exploring secure OS approaches for constrained devices, notably a function-based ASLR mechanism implemented on resource-limited hardware to mitigate memory-corruption attacks, alongside broader OS/security research directions. The work highlights practical security challenges, the importance of design and training, and how cost considerations shape defense strategies in large-scale IoT/CPS deployments.

Abstract

The concepts of Internet of Things (IoT) and Cyber Physical Systems (CPS) are closely related to each other. IoT is often used to refer to small interconnected devices like those in smart home while CPS often refers to large interconnected devices like industry machines and smart cars. In this paper, we present a unified view of IoT and CPS: from the perspective of network architecture, IoT and CPS are similar given that they are based on either the OSI model or TCP/IP model. In both IoT and CPS, networking/communication modules are attached to original things so that isolated things can be integrated into cyber space. If needed, actuators can also be integrated with a thing so as to control the thing. With this unified view, we can perform risk assessment of an IoT/CPS system from six factors, hardware, networking, operating system (OS), software, data and human. To illustrate the use of such risk analysis framework, we analyze an air quality monitoring network, smart home using smart plugs and building automation system (BAS). We also discuss challenges such as cost and secure OS in IoT security.

A Unified View of IoT And CPS Security and Privacy

TL;DR

The paper advocates a unified network-centric view of IoT and CPS and introduces a six-factor risk-analysis framework (hardware, networking, OS, software, data, human) to assess security and privacy. It demonstrates the framework with concrete IoT and CPS scenarios, including an air-quality IoT device and BAS CPS, and discusses attacks such as hardware firmware extraction, data injection, MITM, and protocol-level vulnerabilities (KNX, BACnet/IP). A key contribution is exploring secure OS approaches for constrained devices, notably a function-based ASLR mechanism implemented on resource-limited hardware to mitigate memory-corruption attacks, alongside broader OS/security research directions. The work highlights practical security challenges, the importance of design and training, and how cost considerations shape defense strategies in large-scale IoT/CPS deployments.

Abstract

The concepts of Internet of Things (IoT) and Cyber Physical Systems (CPS) are closely related to each other. IoT is often used to refer to small interconnected devices like those in smart home while CPS often refers to large interconnected devices like industry machines and smart cars. In this paper, we present a unified view of IoT and CPS: from the perspective of network architecture, IoT and CPS are similar given that they are based on either the OSI model or TCP/IP model. In both IoT and CPS, networking/communication modules are attached to original things so that isolated things can be integrated into cyber space. If needed, actuators can also be integrated with a thing so as to control the thing. With this unified view, we can perform risk assessment of an IoT/CPS system from six factors, hardware, networking, operating system (OS), software, data and human. To illustrate the use of such risk analysis framework, we analyze an air quality monitoring network, smart home using smart plugs and building automation system (BAS). We also discuss challenges such as cost and secure OS in IoT security.
Paper Structure (12 sections, 8 figures)

This paper contains 12 sections, 8 figures.

Table of Contents

  1. Introduction
  2. Internet of Things (IoT)
  3. Cyber Physical System (CPS)
  4. Unified View of IoT and CPS
  5. Unified Network Architecture
  6. Difference between IoT and CPS
  7. Risk Analysis Based on Unified View
  8. Attacks against IoT
  9. Attacks against CPS
  10. Challenges in IoT Security and Privacy
  11. Causes of security issues in IoT
  12. Secure Operating System for IoT

Figures (8)

  • Figure 1: Air Quality Monitoring Network
  • Figure 2: Air Quality Monitoring Network
  • Figure 3: Unified Architecture of IoT and CPS
  • Figure 4: Risk analysis from six factors
  • Figure 5: Inside of the air quality monitoring device
  • ...and 3 more figures