An attack tree based risk evaluation approach for the internet of things

Abstract

Internet of Things (IoTs) are being widely used for a large number of use case scenarios, where a wide range of devices, with different computational resources, are marshalled for the purpose of a certain mission goal. The unique combination of these devices and the nature of sensitive information that they hold poses a large number of risks where the risks are highly dependant upon the type of devices and the type of attacks that an adversary can launch. In this work, we propose an attack tree model to evaluate the user's privacy risks associated with an IoT eco system. We evaluate the potential risks based on varying attack attributes, the probable considerations/preferences of an adversary and the varying computational resources available on a device. The proposed model identifies the probability of risk associated with each attack scenario and thus benefits an analyst in identifying which attack is more likely of the use case scenario.