Internet of Things (IoT)-enabled systems are steadily expanding their presence in all facets of industry and consumer lives. They enable regular citizens, consumers and manufacturers to easily interact with the digital world and are gradually employed in almost every domain, aiming to drastically improve the quality of our lives. Is it not a perfect setting for cyber threats? Their abnormal operation will have significant implications for their end-users, related to financial loss, privacy violation, critical services' outage or even human lives.
One of the solutions is to establish standards and processes to automate the security and privacy certification and verification of IoT devices and software components both individually and within an ecosystem in a trusted manner. For this purpose, we propose a Dynamic Risk Assessment (DRA) approach, leveraging two domains: cybersecurity and risk assessment. DRA performs continuous and automated identification of ongoing attacks, the evaluation of the likelihood of associated risks and dynamically appoints mitigation strategies for threat prevention for IoT devices deployed on the network. Furthermore, it certifies the integrity of firmware and software with the help of certification schemes and consensus agreements. Such an approach allows for secure checking of the hardware and software stack of IoT assets.
Lastly, privacy preservation is a crucial aspect of data handling, therefore, DRA implements methods to verify the data generation and access capabilities of network devices. The resulting data indicate strong promises for the automation of decision making to control the tightly coupled balance between cyber security and privacy compromise in terms of the embedded services' usability, end-users' expectations and their level of cyber concerns.
Keywords: Certification, trust, IoT, ICT systems, risk assessment, blockchain, verification, consensus networking, anomaly detection, behaviour profiling