Introducing the Cyber-Physical Data Flow Diagram to Improve Threat Modelling of Internet of Things Devices

TL;DR

This paper introduces the Cyber-Physical Data Flow Diagram (CPDFD), a new threat modelling method tailored for IoT devices that enhances threat identification by including hardware aspects.

Contribution

The paper presents the CPDFD, a novel modelling technique specifically designed for IoT devices to improve threat detection and support manufacturers.

Findings

CPDFD enables identification of more attack scenarios.

The technique was validated through experiments and surveys.

It improves threat modelling accuracy for IoT hardware.

Abstract

A growing number of Internet of Things (IoT) devices are used across consumer, medical, and industrial domains. They interact with their environment through sensors and actuators and connect to networks such as the Internet. Because sensors may collect sensitive data and actuators can trigger physical actions, security, privacy, and safety are major challenges. Threat modelling can help identify risks, but established IT-focused methods transfer to the IoT only to a limited extent. In this paper, a new modelling technique specifically for IoT devices called Cyber-Physical Data Flow Diagram (CPDFD) is proposed that also allows modelling of hardware with the aim to support manufacturers in identifying threats and developing countermeasures. The technique was examined through an experimental study and a survey with interviews. The results suggest that numerous other attack scenarios can be found through the modelling technique, improving the identification of threats to IoT devices.