SCI-IoT: A Quantitative Framework for Trust Scoring and Certification of IoT Devices

TL;DR

SCI-IoT introduces a standardized, quantitative framework for trust scoring and certification of IoT devices, assessing security and reliability across multiple domains with a transparent grading system.

Contribution

The paper presents a novel, unified trust evaluation framework with a six-tier grading model and weighted trust tests, enabling scalable certification of IoT devices.

Findings

Framework employs 30 trust tests across key security dimensions.

Devices are scored and certified using a weighted, normalized trust index.

Framework enhances transparency and scalability in IoT device certification.

Abstract

The exponential growth of the Internet of Things (IoT) ecosystem has amplified concerns regarding device reliability, interoperability, and security assurance. Despite the proliferation of IoT security guidelines, a unified and quantitative approach to measuring trust remains absent. This paper introduces SCI-IoT (Secure Certification Index for IoT), a standardized and quantitative framework for trust scoring, evaluation, and certification of IoT devices. The framework employs a six-tier grading model (Grades A-F), enabling device profiling across consumer, industrial, and critical infrastructure domains. Within this model, 30 distinct Trust Tests assess devices across dimensions such as authentication, encryption, data integrity, resilience, and firmware security. Each test is assigned a criticality-based weight (1.0-2.0) and a performance rating (1-4), converted to a normalized percentage and aggregated through a weighted computation to yield the Secure Certification Index (SCI). The SCI determines the device's Trust Verdict, categorized into five SCI levels, and serves as the foundation for optional grade-based certification. The framework also incorporates critical gate conditions, enforcing absolute compliance in high risk parameters to prevent certification of devices with fundamental vulnerabilities. By unifying quantitative trust scoring with structured certification criteria, SCI-IoT provides a transparent, scalable, and reproducible method to benchmark IoT device trustworthiness. The proposed system aims to streamline manufacturer compliance, improve consumer confidence, and facilitate global interoperability in IoT security certification.