STRIPED: A Threat Analysis Method for IoT Systems

Article Number
96
Citation
17th International Conference on Availability, Reliability and Security (ARES 2022)
Contribution to Conference
17th International Conference on Availability, Reliability and Security, ARES 2022  
Publisher DOI
10.1145/3538969.3538970
Scopus ID
2-s2.0-85136952427
Currently, IoT systems display a poor level of security, as 50% of IoT devices are vulnerable to severe attacks, according to research. In an attempt to ameliorate the situation, we propose STRIPED, a threat analysis technique that focuses particularly on threat scenarios involving IoT devices that can be physically accessed by attackers. We evaluate STRIPED in a two-pronged way. First, we assess its performance compared to STRIDE (from which STRIPED is derived) in the context of a case study from the manufacturing industry. Second, we gather the feedback of 8 security experts working in a large, multinational company that specializes in secure IoT products for the domains of automotive, industrial, mobile and smart-home applications. These initial evaluation attempts provide encouraging evidence and suggest our method is a step in the right direction of facilitating security-by-design in IoT systems, especially industrial ones.
Subjects
IIoT
IoT
physical threats
security
STRIDE
threat analysis