Optimising a defence-aware threat modelling diagram incorporating a defence-in-depth approach for the internet-of-things

Modern technology has proliferated into just about every aspect of life while improving the quality of life. For instance, IoT technology has significantly improved over traditional systems, providing easy life, time-saving, financial saving, and security aspects. However, security weaknesses associated with IoT technology can pose a significant threat to the human factor. For instance, smart doorbells can make household life easier, save time, save money, and provide surveillance security. Nevertheless, the security weaknesses in smart doorbells could be exposed to a criminal and pose a danger to the life and money of the household. In addition, IoT technology is constantly advancing and expanding and rapidly becoming ubiquitous in modern society. In that case, increased usage and technological advancement create security weaknesses that attract cybercriminals looking to satisfy their agendas. Perfect security solutions do not exist in the real world because modern systems are continuously improving, and intruders frequently attempt various techniques to discover security flaws and bypass existing security control in modern systems. In that case, threat modelling is a great starting point in understanding the threat landscape of the system and its weaknesses. Therefore, the threat modelling field in computer science was significantly improved by implementing various frameworks to identify threats and address them to mitigate them. However, most mature threat modelling frameworks are implemented for traditional IT systems that only consider software-related weaknesses and do not address the physical attributes. This approach may not be practical for IoT technology because it inherits software and physical security weaknesses. However, scholars employed mature threat modelling frameworks such as STRIDE on IoT technology because mature frameworks still include security concepts that are significant for modern technology. Therefore, mature frameworks cannot be ignored but are not efficient in addressing the threat associated with modern systems. As a solution, this research study aims to extract the significant security concept of matured threat modelling frameworks and utilise them to implement robust IoT threat modelling frameworks. This study selected fifteen threat modelling frameworks from among researchers and the defence-in-depth security concept to extract threat modelling techniques. Subsequently, this research study conducted three independent reviews to discover valuable threat modelling concepts and their usefulness for IoT technology. The first study deduced that integration of threat modelling approach software-centric, asset-centric, attacker-centric and data-centric with defence-in-depth is valuable and delivers distinct benefits. As a result, PASTA and TRIKE demonstrated four threat modelling approaches based on a classification scheme. The second study deduced the features of a threat modelling framework that achieves a high satisfaction level toward defence-in-depth security architecture. Under evaluation criteria, the PASTA framework scored the highest satisfaction value. Finally, the third study deduced IoT systematic threat modelling techniques based on recent research studies. As a result, the STRIDE framework was identified as the most popular framework, and other frameworks demonstrated effective capabilities valuable to IoT technology. Respectively, this study introduced Defence-aware Threat Modelling (DATM), an IoT threat modelling framework based on the findings of threat modelling and defence-in-depth security concepts. The steps involved with the DATM framework are further described with figures for better understatement. Subsequently, a smart doorbell case study is considered for threat modelling using the DATM framework for validation. Furthermore, the outcome of the case study was further assessed with the findings of three research studies and validated the DATM framework. Moreover, the outcome of this thesis is helpful for researchers who want to conduct threat modelling in IoT environments and design a novel threat modelling framework suitable for IoT technology

Security requirements and tests for smart toys

Os brinquedos são uma parte essencial de nossa cultura e têm evoluído ao longo do tempo. Atualmente, encontramos no mercado brinquedos dotados de circuitos eletrônicos e sensores, capazes de coletar dados do ambiente e informações pessoais dos usuários. Além disso, eles podem se conectar automaticamente a redes de comunicação por meio de protocolos de rede sem fio para acessar serviços móveis com o objetivo de personalizar a experiência de jogo para cada usuário. Conhecidos como brinquedos inteligentes, estes fazem parte de um ambiente denominado de computação para brinquedos, composto pelo brinquedo físico, um dispositivo móvel, que pode ser um tablet ou smartphone, e um aplicativo móvel (app), que pode controlar o brinquedo físico e compartilhar informações com serviços móveis. Esse novo tipo de brinquedo, que pertence a um novo tipo de ambiente e que também carrega características da Internet das Coisas, traz consigo questões relacionadas à segurança da informação que não existiam nos brinquedos convencionais. Essas questões, portanto, devem ser tratadas de forma a evitar prejuízos aos usuários dessa tecnologia. Para isso, o presente trabalho apresenta vinte e dois (22) requisitos de segurança gerais identificados por meio da utilização do processo Security Development Lifecycle (SDL) da Microsoft e da técnica de modelagem de ameaças suportada pelo modelo de ameaça STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service e Elevation of privilege). Os requisitos apresentados endereçam questões de segurança que os brinquedos inteligentes devem atender para evitar as principais ameaças existentes. As questões de segurança consideradas foram extraídas da Childrens Online Privacy Protection Act (COPPA), General Data Protection Regulation (GDPR) e Personal Information Protection and Eletronic Documents Act (PIPEDA). Além dos requisitos de segurança, um conjunto de testes de segurança gerais foram identificados com base no processo SDL para verificar o adequado atendimento a esses requisitos. Uma análise dos brinquedos inteligentes atualmente disponíveis no mercado e suas falhas de segurança relatadas publicamente dão indícios da importância de atender aos requisitos de segurança e executar os testes propostos neste trabalho para evitar problemas de segurança variadosToys are an essential part of our culture, and they have evolved over time. Currently, we can find in the market toys equipped with electronic circuits and sensors able to collect environmental and personal data from users. They are also able to automatically connect to communication networks through wireless network protocols in order to access mobile services aiming at customizing the gaming experience for each user. Known as smart toys, these are part of a so-called toy computing environment, consisting of a physical toy, a mobile device, which can be a tablet or smartphone, and a mobile app, which can control the physical toy and share information with mobile services. This new type of toy, which belongs to a new type of environment and also present characteristics of the Internet of Things, raises issues regarding information security which did not exist in conventional toys. Such issues, hence, should be treated in a way to avoid losses to the users of this technology. Accordingly, this research project presents twenty two (22) general security requirements identified following the Microsoft Security Development Lifecycle (SDL) and the threat modeling supported by the threat model STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service e Elevation of privilege). These requirements address security issues that smart toys should meet to avoid the main existent threats. All considered issues were extracted from the Childrens Online Privacy Protection Act (COPPA), General Data Protection Regulation (GDPR) and Personal Information Protection and Electronic Documents Act (PIPEDA). Furthermore, we have also identified a general set of security tests based on the SDL process to check whether the identified security requirements have been met. A further analysis of the smart toys currently available in the market and their publicly related security flaws give evidence of the importance of meeting the proposed security requirements and executing the proposed security tests to avoid several security problem

Security requirements and tests for smart toys

Os brinquedos são uma parte essencial de nossa cultura e têm evoluído ao longo do tempo. Atualmente, encontramos no mercado brinquedos dotados de circuitos eletrônicos e sensores, capazes de coletar dados do ambiente e informações pessoais dos usuários. Além disso, eles podem se conectar automaticamente a redes de comunicação por meio de protocolos de rede sem fio para acessar serviços móveis com o objetivo de personalizar a experiência de jogo para cada usuário. Conhecidos como brinquedos inteligentes, estes fazem parte de um ambiente denominado de computação para brinquedos, composto pelo brinquedo físico, um dispositivo móvel, que pode ser um tablet ou smartphone, e um aplicativo móvel (app), que pode controlar o brinquedo físico e compartilhar informações com serviços móveis. Esse novo tipo de brinquedo, que pertence a um novo tipo de ambiente e que também carrega características da Internet das Coisas, traz consigo questões relacionadas à segurança da informação que não existiam nos brinquedos convencionais. Essas questões, portanto, devem ser tratadas de forma a evitar prejuízos aos usuários dessa tecnologia. Para isso, o presente trabalho apresenta vinte e dois (22) requisitos de segurança gerais identificados por meio da utilização do processo Security Development Lifecycle (SDL) da Microsoft e da técnica de modelagem de ameaças suportada pelo modelo de ameaça STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service e Elevation of privilege). Os requisitos apresentados endereçam questões de segurança que os brinquedos inteligentes devem atender para evitar as principais ameaças existentes. As questões de segurança consideradas foram extraídas da Childrens Online Privacy Protection Act (COPPA), General Data Protection Regulation (GDPR) e Personal Information Protection and Eletronic Documents Act (PIPEDA). Além dos requisitos de segurança, um conjunto de testes de segurança gerais foram identificados com base no processo SDL para verificar o adequado atendimento a esses requisitos. Uma análise dos brinquedos inteligentes atualmente disponíveis no mercado e suas falhas de segurança relatadas publicamente dão indícios da importância de atender aos requisitos de segurança e executar os testes propostos neste trabalho para evitar problemas de segurança variadosToys are an essential part of our culture, and they have evolved over time. Currently, we can find in the market toys equipped with electronic circuits and sensors able to collect environmental and personal data from users. They are also able to automatically connect to communication networks through wireless network protocols in order to access mobile services aiming at customizing the gaming experience for each user. Known as smart toys, these are part of a so-called toy computing environment, consisting of a physical toy, a mobile device, which can be a tablet or smartphone, and a mobile app, which can control the physical toy and share information with mobile services. This new type of toy, which belongs to a new type of environment and also present characteristics of the Internet of Things, raises issues regarding information security which did not exist in conventional toys. Such issues, hence, should be treated in a way to avoid losses to the users of this technology. Accordingly, this research project presents twenty two (22) general security requirements identified following the Microsoft Security Development Lifecycle (SDL) and the threat modeling supported by the threat model STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service e Elevation of privilege). These requirements address security issues that smart toys should meet to avoid the main existent threats. All considered issues were extracted from the Childrens Online Privacy Protection Act (COPPA), General Data Protection Regulation (GDPR) and Personal Information Protection and Electronic Documents Act (PIPEDA). Furthermore, we have also identified a general set of security tests based on the SDL process to check whether the identified security requirements have been met. A further analysis of the smart toys currently available in the market and their publicly related security flaws give evidence of the importance of meeting the proposed security requirements and executing the proposed security tests to avoid several security problem