Comprehensive Review of Security Requirements for Mitigating Threats and Attacks on IoT Assets

• Published in: International Journal on Informatics Visualization
• Main Author: Janisar A.A.; Bin Kalid K.S.; Sarlan A.B.; Iqbal M.A.; Khan M.A.
• Format: Review
• Language: English
• Published: Politeknik Negeri Padang 2024
• Online Access: https://www.scopus.com/inward/record.uri?eid=2-s2.0-85211333563&doi=10.62527%2fjoiv.8.3-2.3084&partnerID=40&md5=bc9b8da74db9a65f79f8417b24e405ab

Machine learning and artificial intelligence are increasingly being utilized to automate identifying and defining security requirements (SR) and addressing diverse IoT security issues. Despite its extensive environment, IoT-focused cyberattacks had the largest attack surface. IoT security requirements include data confidentiality, integrity, authentication, access control, and privacy. Inadequate emphasis on assessing security requirements leads to attacks and threats. To address the security issues that threaten the IoT environment, additional security measures are required to protect IoT-based applications from threats and other vulnerabilities. However, the absence of the security requirement assessment in IoT systems architecture jeopardizes security, exposing the system to vulnerabilities and risking organizational assets and reputation while also escalating the cost and time required to address security issues. In this study major threats and attacks are identified relevant to the assets of IoT security requirements. To systematically identify, analyze, and address potential security threats and attacks related to IoT assets, this research proposes a three-step methodology: (1) analysis of the IoT security requirements, (2) Identification of threats and attacks in IoT, and (3) IoT assets centric security threats and attacks. An illustrative example of IoT asset security is provided to highlight potential attacks and threats relevant to IoT assets. This approach offers a practical and clear foundation for the early identification of IoT security requirements and their seamless integration into requirements engineering (RE) activities, contributing to a more secure and resilient IoT system architecture. © 2024, Politeknik Negeri Padang. All rights reserved.