Wireless Communications and Mobile Computing

Research Article

Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM

Table 1

Relations between event categories, vulnerability categories and attack surfaces on IoT ecosystems.

IoT Vulnerabilities

Event Categories

IoT Attack Surfaces

E₀

E₁

E₂

E₃

E₄

E₅

E₆

E₇

E₈

E₉

E₁₀

S₀

S₁

S₂

S₃

S₄

S₅

S₆

S₇

S₈

Lack of controls to avoid username enumeration

✘

Lack of two-factor auth for critical functions

✘

Lack of control against DoS attacks

✘

IoT service contains Insecure 3r party components

✘

Use of weak password

✘

Lack of an account lockout after multiple failed attempts

✘

Unencrypted network services allowing eavesdropping

✘

Lack of controls against manipulation of the code execution flow

✘

Storage location for updates files is writable

✘

Lack of control for device console access

✘

Update sent without encryption

✘

Storage Media is physically unprotected

✘

Possible Firmware and data extraction

✘

Fail in the implementation of encryption mechanisms

✘

Remote update is done without security controls

✘

Lack of controls to avoid command injection

✘

Acronym and event categories: E₀, request exceptions; E₁, authentication exceptions; E₂, input exceptions; E₃, access control exceptions; E₄, session exceptions; E₅, ecosystem member exceptions; E₆, Device Access Events; E₇, admin mode events; E₈, honey trap exceptions; E₉, command injection exceptions; E₁₀, reputation exceptions. acronym and IoT attack surfaces: S₀, mobile application; S₁, cloud web interface; S₂, device web interface; S₃, admin interface; S₄, local data storage; S₅, Device firmware; S₆, device network services; S₇, update mechanism; S₈, device physical interfaces.