The Transactions of the Korean Institute of Electrical Engineers P (전기학회논문지P)

The Korean Institute of Electrical Engineers (대한전기학회)
권호 표지
DOI QR코드

DOI QR Code

Application of Threat Modeling for Security Risk Analysis in Smart Home Service Environment

스마트홈 서비스 환경에서의 보안 위험 분석을 위한 위협 모델링 적용 방안

  • Received : 2017.04.28
  • Accepted : 2017.05.25
  • Published : 2017.06.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, the risk analysis of smart home services was implemented by applying threat modeling. Identified possible threats for safe deployment of smart home services and identified threats through the STRIDE model. Through the creation of the Attack Tree, the attackable risk was analyzed and the risk was measured by applying the DREAD model. The derived results can be used to protect assets and mitigate risk by preventing security vulnerabilities from compromising and identifying threats from adversely affecting services. In addition, the modeled result of the derived threat can be utilized as a basis for performing the security check of the smart home service.

Keywords

References

  1. MKE, "Smart Grid Road Map", 2010.
  2. "Smart Grid Cyber Security Potential Threats, Vulnerabilities and Risks", PIER Program INTERIM PROJECT REPORT, 2012.
  3. P. Hong, S. Lee, M. Park, and S. Kim, "Threat-Based Security Analysis for the Domestic Smart Home Appliance," KIPS Transactions on Computer and Communication Systems, vol. 6, no. 3, pp. 143-158, 2017. https://doi.org/10.3745/KTCCS.2017.6.3.143
  4. Kim Kyoung Gon, Kim Soo Hoon, "Using Threat Modeling for Risk Analysis of SmartHome", Proceedings of the Korean Institute of Communication Sciences Conference, 2015.
  5. Beckers, K., Fa$\ss$bender, S., Heisel, M., & Suppan, S. "A Threat Analysis Methodology for Smart Home Scenarios", Technical Report, 2016.
  6. Mikkelsen, Soren Aagaard, Jacobsen, Rune Hylsberg. "Securing the Home Energy Management Platform", 2016.
  7. Rao, K. Ram Mohan, and Durgesh Pant. "A threat risk modeling framework for Geospatial Weather Information System (GWIS): a DREAD based study." international Journal of Advanced Computer Science and Applications, 2010.
  8. Suppan, Santiago. "A Threat Analysis Methodology for Smart Home Scenarios." Smart Grid Security: Second International Workshop, Revised Selected Papers. vol. 8448. Springer, 2014.
  9. Microsoft, "Threat Modeling Web Applications", Available: https://msdn.microsoft.com/en-us/library/hh917316.aspx.
  10. Microsoft, "Threat Modeling Tool 2016 Getting Started Guide", 2016.
  11. OWASP, "Threat Risk Modeling", Available: https://www.owasp.org/index.php/Threat_Risk_Modeling.