Towards Threat Modelling of IoT Context-Sharing Platforms

TL;DR

This paper introduces a comprehensive threat modelling framework for IoT context-sharing platforms using the MITRE ATT&CK framework, highlighting security challenges and providing an open-source analysis tool for improving IoT system resilience.

Contribution

It presents the first systematic threat modelling approach for IoT context-sharing platforms, including an open-source tool and security analysis based on industry and academic projects.

Findings

Identified key security challenges in IoT context-sharing platforms

Developed a detailed threat model using MITRE ATT&CK framework

Created an open-source tool for threat analysis and security evaluation

Abstract

The Internet of Things (IoT) involves complex, interconnected systems and devices that depend on context-sharing platforms for interoperability and information exchange. These platforms are, therefore, critical components of real-world IoT deployments, making their security essential to ensure the resilience and reliability of these 'systems of systems'. In this paper, we take the first steps toward systematically and comprehensively addressing the security of IoT context-sharing platforms. We propose a framework for threat modelling and security analysis of a generic IoT context-sharing solution, employing the MITRE ATT&CK framework. Through an evaluation of various industry-funded projects and academic research, we identify significant security challenges in the design of IoT context-sharing platforms. Our threat modelling provides an in-depth analysis of the techniques and sub-techniques adversaries may use to exploit these systems, offering valuable insights for future research aimed at developing resilient solutions. Additionally, we have developed an open-source threat analysis tool that incorporates our detailed threat modelling, which can be used to evaluate and enhance the security of existing context-sharing platforms.