Do you Trust your Device? Open Challenges in IoT Security Analysis

Alessandro Sanna;Giorgio Giacinto;Davide Maiorca
2024-01-01

Abstract

Several critical contexts, such as healthcare, smart cities, drones, transportation, and agriculture, nowadays rely on IoT, or more in general embedded, devices that require comprehensive security analysis to ensure their integrity before deployment. Security concerns are often related to vulnerabilities that result from inad- equate coding or undocumented features that may create significant privacy issues for users and companies. Current analysis methods, albeit dependent on complex tools, may lead to superficial assessments due to compatibility issues, while authoritative entities struggle with specifying feasible firmware analysis requests for manufacturers within operational contexts. This paper urges the scientific community to collaborate with stakeholders—manufacturers, vendors, security analysts, and experts—to forge a cooperative model that clari- fies manufacturer contributions and aligns analysis demands with operational constraints. Aiming at a modular approach, this paper highlights the crucial need to refine security analysis, ensuring more precise requirements, balanced expectations, and stronger partnerships between vendors and analysts. To achieve this, we propose a threat model based on the feasible interactions of actors involved in the security evaluation of a device, with a particular emphasis on the responsibilities and necessities of all entities involved.
2024
Inglese
Proceedings of the 21st International Conference on Security and Cryptography, SECRYPT - Volume 1
978-989-758-709-2
SciTePress - Science and and Technology Publications
Setúbal
PORTOGALLO
Sabrina De Capitani Di Vimercati and Pierangela Samarati
568
575
8
21st International Conference on Security and Cryptography, SECRYPT 2024
Comitato scientifico
8 - 10 Luglio 2024
Dijon, France
internazionale
scientifica
Firmware Analysis; IoT; Security evaluation
no
4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno
Binosi, Lorenzo; Mazzini, Pietro; Sanna, Alessandro; Carminati, Michele; Giacinto, Giorgio; Lazzeretti, Riccardo; Zanero, Stefano; Polino, Mario; Copp ...espandi
273
10
4.1 Contributo in Atti di convegno
open
info:eu-repo/semantics/conferencePaper
   Studying thE impact of anti-analysis Techniques in IoT security evAluations
   SETA
   NextGenerationEU
   229240.00€

   Firmware Analysis for vulneRability dEtection
   FARE
   NextGenerationEU
File in questo prodotto:
File Dimensione Formato  
DoYouTrust_def.pdf

accesso aperto

Descrizione: Published Paper
Tipologia: versione editoriale
Dimensione 130.04 kB
Formato Adobe PDF
Visualizza/Apri
130.04 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Questionario e social

Condividi su:
Impostazioni cookie