Open Access

ARTICLE

IWTW: A Framework for IoWT Cyber Threat Analysis

GyuHyun Jeon¹, Hojun Jin¹, Ju Hyeon Lee¹, Seungho Jeon², Jung Taek Seo^2,*

1 Department of Information Security, Gachon University, Seongnam, 13120, Republic of Korea
2 Department of Computer Engineering (Smart Security), Gachon University, Seongnam, 13120, Republic of Korea

* Corresponding Author: Jung Taek Seo. Email:

(This article belongs to the Special Issue: Advanced Security for Future Mobile Internet: A Key Challenge for the Digital Transformation)

Computer Modeling in Engineering & Sciences 2024, 141(2), 1575-1622. https://doi.org/10.32604/cmes.2024.053465

Received 30 April 2024; Accepted 20 August 2024; Issue published 27 September 2024

Abstract

The Internet of Wearable Things (IoWT) or Wearable Internet of Things (WIoT) is a new paradigm that combines IoT and wearable technology. Advances in IoT technology have enabled the miniaturization of sensors embedded in wearable devices and the ability to communicate data and access real-time information over low-power mobile networks. IoWT devices are highly interdependent with mobile devices. However, due to their limited processing power and bandwidth, IoWT devices are vulnerable to cyberattacks due to their low level of security. Threat modeling and frameworks for analyzing cyber threats against existing IoT or low-power protocols have been actively researched. The threat analysis framework used in existing studies was limited to specific protocols and did not target IoWT devices. In addition, In the literature surveyed to date, no cyber threat analysis framework is targeting IoWT. Therefore, the threat model presented in the existing research on cyber threat analysis and modeling for IoWT is specialized for specific devices. In addition, because it does not present standardized attack tactics and techniques, there is a limitation in that it is difficult to identify attacks quickly. In this paper, we propose an Internet of Wearable Things threat analysis frameWork (IWTW) framework that can derive security threats through systematic analysis of IoWT attack cases and possible security threats and perform cyber threat analysis based on them. The methodology for developing the IWTW framework consists of three steps: Analysis, Standardization, and Compilation. IoWT attack cases and potential security threats are analyzed in the analysis stage. In the standardization stage, attack tactics and techniques derived from the analysis of attack cases and potential security threats are standardized, resulting in 3 attack categories, 18 attack tactics, and 68 attack techniques. In the compilation stage, standardized security threats are combined to develop the IWTW framework ultimately. We present four case studies targeting MiBand 2, Fitbit Charge HR/Surge, Samsung Gear 3, Xiaomi Amazifit, Honor Band 5, Honor Watch ES, and Senbono CF-58 devices to validate the proposed IWTW framework. We analyzed the attack process through a case study and applied the IWTW framework to derive standardized attack categories, tactics, and techniques effectively. By applying the IWTW framework to cyber threat analysis targeting IoWT, security threats can be standardized, and the attack process can be quickly derived, enabling effective attack analysis on IoWT.

---

Keywords

---