Please enable JavaScript.
Coggle requires JavaScript to display documents.
IoT Threat Modeling, Common IoT Threats, References - Coggle Diagram
IoT Threat Modeling
Process
-
- Create an IoT Device Architecture Overview
-
- Identify Threats Use case
-
-
Threat Rating System
-
DREAD
Risk rating system ranging from 1-3. 1 low, 2 medium, and 3 high
-
-
-
-
-
Identify Threat Use case
STRIDE Method
-
-
Repudiation: Repudiation is the ability of users (legitimate or otherwise) to deny that they performed specific actions or transactions. Without adequate auditing, repudiation attacks are difficult to prove
-
-
-
Once the IoT device attack surface is drawn out, threat use cases have to be identified
Theoretical use cases will need to be thought of before testing has taken place, or before software is written to discover each attack surface. This exercise is known as threat modeling
Common IoT Threats
-
Signal Jamming Attacks
-
For example, the drug infusion pump system has one control server connected to multiple drug infusion pumps. With special equipment, it’s possible to isolate the control server and pumps from each other
Replay Attacks
-
In the drug infusion pump example, this could mean that a patient receives multiple doses of a drug
-
Node Cloning
Part of a Sybil attack, in which an attacker creates fake nodes in a network to compromise its reliability
One reason is that the association protocols that the nodes use to communicate aren’t very sophisticated, and creating fake nodes can sometimes be easy. Occasionally, you can even create a fake master node
-
User Security Awareness
This could include their ability to detect phishing emails, which could compromise their workstations, or their habit of allowing unauthorized people into sensitive areas
-