Return to search

A cybersecurity application framework for consumer IoT devices

In recent years, there is an increasing use of smart Internet of Things (IoT) devices in our everyday lives. Cyberattacks on consumer IoT devices are also increasing. IoT certification is an active topic of research with many proposed frameworks for IoT cybersecurity certification and also proposing labels that can be used to represent the security and privacy levels of consumer IoT devices. The research problem that this thesis tried to solve was first, to understand why certification for consumer IoT devices was less used than expected, and second, define robust and complete processes for security and certification on consumer IoT devices, that will be used to broadly raise their security level. From a literature review performed, we became aware that the reason why little progress towards consumer IoT cybersecurity certification is not that research and frameworks do not exist, but there are multiple other responsible factors. Such factors are the lack of a universal cybersecurity framework and the fact that the consumers are not involved in the certification process of the frameworks. The framework that was designed in this thesis project tries to address all of the above factors. Design Science Research (DSR) was used as the methodology for developing and evaluating the artifact of this work, which is a framework that describes how to properly apply and certify cybersecurity on consumer IoT devices, building on top of existing cybersecurity procedures, frameworks and tools. During the design of the framework, further literature searches were performed for identifying important steps that need to be carried out. The framework proposed in this project, does not limit itself to the vendor of such devices as the only involved actor, but consumers and cybersecurity regulating authorities are also involved in the process. The evaluation of the framework showed that, if applied, it could adequately improve the cybersecurity of existing consumer IoT products by detecting and solving all of the common vulnerabilities and security weaknesses, as it was demonstrated on one use case selected. The significance of this work is that it is the first step towards a universal cybersecurity certification for consumer IoT devices.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:su-224320
Date January 2023
CreatorsSpaho, Jonilda
PublisherStockholms universitet, Institutionen för data- och systemvetenskap
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0021 seconds