IWTW:A Framework for IoWT Cyber Threat Analysis  

作　　者：GyuHyun Jeon Hojun Jin Ju Hyeon Lee Seungho Jeon Jung Taek Seo 

机构地区：[1]Department of Information Security,Gachon University,Seongnam,13120,Republic of Korea [2]Department of Computer Engineering(Smart Security),Gachon University,Seongnam,13120,Republic of Korea

出　　处：《Computer Modeling in Engineering & Sciences》2024年第11期1575-1622,共48页工程与科学中的计算机建模（英文）

基　　金：supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2021-II210493,5G Massive Next Generation Cyber Attack Deception Technology Development,90%);the Gachon University research fund of 2022(GCU-202300750001,10%).

摘　　要：The Internet of Wearable Things(IoWT)or Wearable Internet of Things(WIoT)is a new paradigm that combines IoT and wearable technology.Advances in IoT technology have enabled the miniaturization of sensors embedded in wearable devices and the ability to communicate data and access real-time information over low-power mobile networks.IoWT devices are highly interdependent with mobile devices.However,due to their limited processing power and bandwidth,IoWT devices are vulnerable to cyberattacks due to their low level of security.Threat modeling and frameworks for analyzing cyber threats against existing IoT or low-power protocols have been actively researched.The threat analysis framework used in existing studies was limited to specific protocols and did not target IoWT devices.In addition,In the literature surveyed to date,no cyber threat analysis framework is targeting IoWT.Therefore,the threat model presented in the existing research on cyber threat analysis and modeling for IoWT is specialized for specific devices.In addition,because it does not present standardized attack tactics and techniques,there is a limitation in that it is difficult to identify attacks quickly.In this paper,we propose an Internet of Wearable Things threat analysis frameWork(IWTW)framework that can derive security threats through systematic analysis of IoWT attack cases and possible security threats and perform cyber threat analysis based on them.The methodology for developing the IWTW framework consists of three steps:Analysis,Standardization,and Compilation.IoWT attack cases and potential security threats are analyzed in the analysis stage.In the standardization stage,attack tactics and techniques derived from the analysis of attack cases and potential security threats are standardized,resulting in 3 attack categories,18 attack tactics,and 68 attack techniques.In the compilation stage,standardized security threats are combined to develop the IWTW framework ultimately.We present four case studies targeting MiBand 2,Fitbit Charge HR/Surge,

关 键 词：Internet of wearable things wearable device threat framework security threat 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]