RIoTS: Risk Analysis of IoT Supply Chain Threats

Timothy Kieras, Muhammad Junaid Farooq, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Securing the supply chain of information and communications technology (ICT) has recently emerged as a critical concern for national security and integrity. With the proliferation of Internet of Things (IoT) devices and their increasing role in controlling real world infrastructure, there is a need to analyze risks in networked systems beyond established security analyses. Existing methods in literature typically leverage attack and fault trees to analyze malicious activity and its impact. In this paper, we develop RIoTS, a security risk assessment framework borrowing from system reliability theory to incorporate the supply chain. We also analyze the impact of grouping within suppliers that may pose hidden risks to the systems from malicious supply chain actors. The results show that the proposed analysis is able to reveal hidden threats posed to the IoT ecosystem from potential supplier collusion.

Original languageEnglish (US)
Title of host publicationIEEE World Forum on Internet of Things, WF-IoT 2020 - Symposium Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728155036
DOIs
StatePublished - Jun 2020
Event6th IEEE World Forum on Internet of Things, WF-IoT 2020 - New Orleans, United States
Duration: Jun 2 2020Jun 16 2020

Publication series

NameIEEE World Forum on Internet of Things, WF-IoT 2020 - Symposium Proceedings

Conference

Conference6th IEEE World Forum on Internet of Things, WF-IoT 2020
Country/TerritoryUnited States
CityNew Orleans
Period6/2/206/16/20

Keywords

  • Attack Tree
  • Birnbaum importance
  • Improvement potential
  • Internet of Things
  • Supply Chain

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems and Management
  • Statistics, Probability and Uncertainty
  • Computational Mechanics
  • Instrumentation

Fingerprint

Dive into the research topics of 'RIoTS: Risk Analysis of IoT Supply Chain Threats'. Together they form a unique fingerprint.

Cite this