THE SECURITY AND PRIVACY MEASURING SYSTEM FOR THE INTERNET OF THINGS DEVICES

Abstract

The purpose of the article: elimination of the gap in existing need in the set of clear and objective security and privacy metrics for the IoT devices users and manufacturers and an absence of such a set incorporating the interconnected security and privacy metrics, the algorithms for their calculation and generation of the integral clear and objective score by the development of the security and privacy measuring system for the IoT devices. Research method: theoretical and system analysis for determination and classification of the security and privacy metrics, semantic analysis for generating of the semantic model of personal data processing scenarios, analytical modeling methods for generating of the attack traces, log analysis methods, statistical methods and machine learning methods for searching of the anomalies in device behavior, development of the database and software implementing the proposed security and privacy measuring system. The result obtained: the security and privacy measuring system for the IoT devices users and manufacturers is proposed. The proposed system allows automated calculation of the security and privacy metrics based on the available data on the device and generation of the integral security and privacy score. The hierarchy of security and privacy metrics is developed in the scope of the proposed system. The proposed metrics are calculated using static and dynamic data on the device and its behavior. Original algorithms for calculation of the outlined metrics are developed, including the algorithms for calculation of the integral security and privacy score. The architecture of the security measuring system is developed. It integrates the components implementing the developed algorithms for metrics calculation. The system operation is demonstrated on the case study. The area of use of the proposed approach - the developed security and privacy measuring system can be used by the IoT devices manufacturers to analyse their security and privacy, and to provide the users with simple and clear security and privacy metrics. Novelty: the hierarchy of static and dynamic security and privacy metrics for the Internet of Things is developed; the approach to security and privacy assessment for the Internet of Things on the basis of the developed metrics and available data is proposed; novel algorithms for metrics calculation are developed; novel algorithms for integral metrics calculation considering available data are developed. Contribution: Fedorchenko E. – development of the approach, metrics hierarchy, and system architecture, problem statement for the components and their development, Novikova E. – the component for calculation of privacy risks, the component for calculation of integral risk scores, Kotenko I. – project management, problem statement, system architecture, Gaifulina D. – the component for event logs processing and integration, Tushkanova O., Murenin I. – the component for calculation of the dynamic risks score using statistical methods and machine learning, Levshun D. – metrics database, the component for calculation of the static risk score, Meleshko A. – the component for readability assessment, Kolomeets M. – the component for privacy risks assessment on the basis of *.apk files, the component for the dynamic risk score calculation considering attacks traces. All authors participated in the writing of the article.