Home // International Journal On Advances in Security, volume 10, numbers 1 and 2, 2017 // View article

Aspects of Security Update Handling for IoT-devices

Authors:
Geir Køien

Keywords: Security update; Internet-of-Things; Incident reporting; Security maintenance; Privacy; Security management.

Abstract:
There is a fast-growing number of quite capable Internet-of-Things (IoT) devices out there. These devices are generally unattended, often exposed and frequently vulnerable. The current practice of deploying, and then leaving the devices unattended and unmanaged is not future proof. There is an urgent need for well-defined security update management procedures for these devices. Sufficient, sensible and secure default settings, as well as built-in privacy must be included. This paper presents a brief overview of the IoT threat landscape, argues for the necessity of security update provisioning for the IoT devices. As such, it is a call for action. Finally, an outline of a privacy-aware security update provisioning model is given. We have included incident management as well in the outline, but is only very rudimentary sketch of what one would need to provide. Suffice to say that there may be a need for these capabilities too, but it can probably only be justified for relatively capable devices.

Pages: 1 to 13

Copyright: Copyright (c) to authors, 2017. Used with permission.

Publication date: June 30, 2017

Published in: journal

ISSN: 1942-2636