201
Smart factory; Retail; eHealth; Energy (Smart Grid).The following elements to be protected were identified:
Physical person: This represents the human user. Threats affecting the
human user are usually qualified as relating to 'safety' instead of
'security'. Such threats may arise if a critical service is diverted or made
unavailable by an attacker. An example for this is a malicious service that
returns erroneous information, or even information specifically shaped to
create hazardous situations. The eHealth scenario is the most critical
concerning such attacks. Notice that the level of this criticality of course
depends on the degree of automation. It is likely that most critical
decisions will still require the involvement of a human operator; Subject's privacy: This element represents all information elements that
a subject (either a user or a device) does not explicitly agree to make
publicly available, or whose availability shall be restrained to a controlled
set of other subjects; Communications channel: The communication channel itself has to be
protected. Common threats are attacks against the integrity of the data
that are exchanged over the channel. Examples for such attacks are
tampering and replay attacks. The communication channel shall also be
protected against attacks aiming at the routing functionality of the
underlying network (black hole, worm hole, depletion, etc.) [Mathur
2007]; Leaf devices: IoT-A leaf devices represent the wide variety of IoT
elements that are interconnected by the common IoT-A infrastructure.
Tags, readers, sensors, and actuators are examples for leaf devices.
Various protection schemes relevant to their object class capabilities are
to be implemented. These schemes need to ensure the integrity of the
software, hardware, and the location of these devices; Intermediary devices: Intermediary devices provide services to IoT-A
leaf devices and they also enable communication. A gateway designed
to interconnect constrained and unconstrained domains is an example of
such an intermediary device. Disabling or tampering critical intermediary
devices can lead to denial-of-service attacks against the service
infrastructure. Such attacks are within the scope of our analysis.
However, attacks against specific intermediary devices that offer non-
critical facilitating functions are outside the scope of our analysis and
have thus to be considered case by case;