A Unified View of IoT And CPS Security and Privacy

TL;DR

This paper presents a unified framework for understanding IoT and CPS security, enabling comprehensive risk assessment across hardware, software, and human factors, illustrated through various real-world examples.

Contribution

It offers a unified network architecture perspective for IoT and CPS and introduces a risk assessment framework considering six key factors.

Findings

Unified view of IoT and CPS architecture.

Risk assessment framework for IoT/CPS systems.

Analysis of real-world IoT applications using the framework.

Abstract

The concepts of Internet of Things (IoT) and Cyber Physical Systems (CPS) are closely related to each other. IoT is often used to refer to small interconnected devices like those in smart home while CPS often refers to large interconnected devices like industry machines and smart cars. In this paper, we present a unified view of IoT and CPS: from the perspective of network architecture, IoT and CPS are similar given that they are based on either the OSI model or TCP/IP model. In both IoT and CPS, networking/communication modules are attached to original things so that isolated things can be integrated into cyber space. If needed, actuators can also be integrated with a thing so as to control the thing. With this unified view, we can perform risk assessment of an IoT/CPS system from six factors, hardware, networking, operating system (OS), software, data and human. To illustrate the use of such risk analysis framework, we analyze an air quality monitoring network, smart home using smart plugs and building automation system (BAS). We also discuss challenges such as cost and secure OS in IoT security.