Exploring Security Economics in IoT Standardization Efforts

by   Philipp Morgner, et al.

The Internet of Things (IoT) propagates the paradigm of interconnecting billions of heterogeneous devices by various manufacturers. To enable IoT applications, the communication between IoT devices follows specifications defined by standard developing organizations. In this paper, we present a case study that investigates disclosed insecurities of the popular IoT standard ZigBee, and derive general lessons about security economics in IoT standardization efforts. We discuss the motivation of IoT standardization efforts that are primarily driven from an economic perspective, in which large investments in security are not considered necessary since the consumers do not reward them. Success at the market is achieved by being quick-to-market, providing functional features and offering easy integration for complementors. Nevertheless, manufacturers should not only consider economic reasons but also see their responsibility to protect humans and technological infrastructures from being threatened by insecure IoT products. In this context, we propose a number of recommendations to strengthen the security design in future IoT standardization efforts, ranging from the definition of a precise security model to the enforcement of an update policy.


page 1

page 2

page 3

page 4


Understanding Security Requirements and Challenges in Internet of Things (IoTs): A Review

Internet of Things (IoT) is realized by the idea of free flow of informa...

Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products

With the expansion of the Internet of Things (IoT), the number of securi...

Dataset: Analysis of IFTTT Recipes to Study How Humans Use Internet-of-Things (IoT) Devices

With the rapid development and usage of Internet-of-Things (IoT) and sma...

Systematic Analysis and Comparison of Security Advice Datasets

A long list of documents have been offered as security advice, codes of ...

Performance Analysis of the Hybrid IoT Security Model of MQTT and UMA

IoT applications are promising for future daily activities; therefore, t...

Selling a Single Item with Negative Externalities

We consider the problem of regulating products with negative externaliti...

The Challenges with Internet of Things for Business

Many companies consider IoT as a central element for increasing competit...

Please sign up or login with your details

Forgot password? Click here to reset