Towards an Extensible IoT Security Taxonomy

“…Distributed DoS (DDoS) [14], [19], flooding [14], sinkhole [19], black/grey hole [20], packet drop/redirection [4], Permanent DoS (PDoS) [19], channel/radio frequency jamming [15], [19], [20].…”

“…In [15], a taxonomy is proposed categorizing the threats of IoT systems while mapping which security goals are being targeted by each attack. The taxonomy of the attacks is based on the IoT layer, the violated security goals, as well as the knowledge and capabilities of the attacker.…”

“…Examples are provided, without mapping to real-world incidents. [15] Cyber-physical layer attacks, Middleware layer attacks, Application layer attacks.…”

“…For instance, there exist works demonstrating how to leverage the attack layer (e.g, application, network, physical, etc.) [15], the attacker behavior [14], or both [4], in order to construct IoT attack classifications. In the following paragraphs, we provide a short survey of the existing literature discussing security issues within IoT and and various attack taxonomies.…”

“…Most, if not all, IoT ecosystems such as IIoT [8], Internet of Energy [9], Internet of Medical Things [10], military IoT [11], etc., have underlying hidden or unknown vulnerabilities that can have diverse consequences if they are successfully exploited by malicious threat actors, such as nation states and advanced persistent threat (APT) adversaries. Although previous works have underlined the security implications of IoT devices [12]- [15], in this work, we systematically review IoT security from three major sectors, i.e., (i) consumer, (ii) commercial, and (iii) industrial. The rationale for this distinction stems from the diverse operational requirements, implicit security constraints, mission criticality, and potential outcomes in the event of a compromise targeting the respective IoT sectors.…”

Consumer, Commercial, and Industrial IoT (In)Security: Attack Taxonomy and Case Studies

“…Distributed DoS (DDoS) [14], [19], flooding [14], sinkhole [19], black/grey hole [20], packet drop/redirection [4], Permanent DoS (PDoS) [19], channel/radio frequency jamming [15], [19], [20].…”

“…In [15], a taxonomy is proposed categorizing the threats of IoT systems while mapping which security goals are being targeted by each attack. The taxonomy of the attacks is based on the IoT layer, the violated security goals, as well as the knowledge and capabilities of the attacker.…”

“…Examples are provided, without mapping to real-world incidents. [15] Cyber-physical layer attacks, Middleware layer attacks, Application layer attacks.…”

“…For instance, there exist works demonstrating how to leverage the attack layer (e.g, application, network, physical, etc.) [15], the attacker behavior [14], or both [4], in order to construct IoT attack classifications. In the following paragraphs, we provide a short survey of the existing literature discussing security issues within IoT and and various attack taxonomies.…”

“…Most, if not all, IoT ecosystems such as IIoT [8], Internet of Energy [9], Internet of Medical Things [10], military IoT [11], etc., have underlying hidden or unknown vulnerabilities that can have diverse consequences if they are successfully exploited by malicious threat actors, such as nation states and advanced persistent threat (APT) adversaries. Although previous works have underlined the security implications of IoT devices [12]- [15], in this work, we systematically review IoT security from three major sectors, i.e., (i) consumer, (ii) commercial, and (iii) industrial. The rationale for this distinction stems from the diverse operational requirements, implicit security constraints, mission criticality, and potential outcomes in the event of a compromise targeting the respective IoT sectors.…”

Consumer, Commercial, and Industrial IoT (In)Security: Attack Taxonomy and Case Studies

Fake News and Threats to IoT—The Crucial Aspects of Cyberspace in the Times of Cyberwar

The survey and meta-analysis of the attacks, transgressions, countermeasures and security aspects common to the Cloud, Edge and IoT