Cargando…

Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach

Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and net...

Descripción completa

Detalles Bibliográficos
Autores principales: Abbas, Syed Ghazanfar, Vaccari, Ivan, Hussain, Faisal, Zahid, Shahzaib, Fayyaz, Ubaid Ullah, Shah, Ghalib A., Bakhshi, Taimur, Cambiaso, Enrico
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2021
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8309744/
https://www.ncbi.nlm.nih.gov/pubmed/34300556
http://dx.doi.org/10.3390/s21144816
_version_ 1783728593121050624
author Abbas, Syed Ghazanfar
Vaccari, Ivan
Hussain, Faisal
Zahid, Shahzaib
Fayyaz, Ubaid Ullah
Shah, Ghalib A.
Bakhshi, Taimur
Cambiaso, Enrico
author_facet Abbas, Syed Ghazanfar
Vaccari, Ivan
Hussain, Faisal
Zahid, Shahzaib
Fayyaz, Ubaid Ullah
Shah, Ghalib A.
Bakhshi, Taimur
Cambiaso, Enrico
author_sort Abbas, Syed Ghazanfar
collection PubMed
description Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures.
format Online
Article
Text
id pubmed-8309744
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-83097442021-07-25 Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach Abbas, Syed Ghazanfar Vaccari, Ivan Hussain, Faisal Zahid, Shahzaib Fayyaz, Ubaid Ullah Shah, Ghalib A. Bakhshi, Taimur Cambiaso, Enrico Sensors (Basel) Article Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures. MDPI 2021-07-14 /pmc/articles/PMC8309744/ /pubmed/34300556 http://dx.doi.org/10.3390/s21144816 Text en © 2021 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Abbas, Syed Ghazanfar
Vaccari, Ivan
Hussain, Faisal
Zahid, Shahzaib
Fayyaz, Ubaid Ullah
Shah, Ghalib A.
Bakhshi, Taimur
Cambiaso, Enrico
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach
title Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach
title_full Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach
title_fullStr Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach
title_full_unstemmed Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach
title_short Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach
title_sort identifying and mitigating phishing attack threats in iot use cases using a threat modelling approach
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8309744/
https://www.ncbi.nlm.nih.gov/pubmed/34300556
http://dx.doi.org/10.3390/s21144816
work_keys_str_mv AT abbassyedghazanfar identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach
AT vaccariivan identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach
AT hussainfaisal identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach
AT zahidshahzaib identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach
AT fayyazubaidullah identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach
AT shahghaliba identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach
AT bakhshitaimur identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach
AT cambiasoenrico identifyingandmitigatingphishingattackthreatsiniotusecasesusingathreatmodellingapproach