Lack of Systematic Approach to Security of IoT Context Sharing Platforms

TL;DR

The paper addresses the lack of systematic security evaluation for IoT context-sharing platforms and advocates a secure-by-design approach through threat modelling with MITRE ATT&CK. It proposes a methodological framework that identifies the core elements of IoT context-sharing platforms, maps ATT&CK tactics to these elements, and demonstrates feasibility by a credential-access case study. By surveying industry projects (EU FP7 and Horizon 2020) and outlining a structured threat modelling process, the work lays groundwork for rigorous security assessment and design guidance for future platforms. The approach aims to improve resilience of IoT deployments and critical infrastructure by enabling systematic security analysis across platform lifecycle stages.

Abstract

IoT context-sharing platforms are an essential component of today's interconnected IoT deployments with their security affecting the entire deployment and the critical infrastructure adopting IoT. We report on a lack of systematic approach to the security of IoT context-sharing platforms and propose the need for a methodological and systematic alternative to evaluate the existing solutions and develop `secure-by-design' solutions. We have identified the key components of a generic IoT context-sharing platform and propose using MITRE ATT&CK for threat modelling of such platforms.