The development and deployment of highly dynamic, cyber+connected operational environments, such as smart homes, smart cities, and smart transportation systems, is increasing. The security analysis of such dynamic environments necessitates the use of dynamic risk assessment methodologies and the modeling of dynamically changing states. In this paper, we focus on the smart home environment, where the deployment of IoT devices increase the attack surface. We examine existing dynamic risk assessment methodologies, and by leveraging a smart home reference architecture we identify the security risks of a smart home’s physical and communication viewpoints, taking into consideration also dynamic operational aspects. Further, we develop a smart home network topology generator and a graph-based attack model to study dependencies among dynamically changing states and the propagation of a malware infection.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited