The Internet of Things, a network of interconnected devices that can form chains, is becoming increasingly more prevalent. Connecting devices together brings with it an inherent amount of additional cyber security related risk. Quantitative calculations of breach risks related to connecting devices to a server were made for a set of randomly generated networks. The calculations were made using a Monte Carlo model and predetermined probability distributions. The main purpose was to show how the risk evolves as more devices are connected. The variable used to measure risk was the breach probability of the central service. The main result was that this probability was not dependent on how many devices existed in the network except for situations with a very small number of devices, but was dependent on how many devices had a direct connection to the server hosting the central service instead of being connected to it via another device. If the devices and the central service have a common vulnerability, then the risk increases. The point of focus in the network can be moved from the central service to any device and the analysis regarding the risks remains valid for that device as if it was the central service.
Kai Rasmus, Tero Kokkonen
K. Rasmus and T. Kokkonen, “Modelling Breach Risk in a Network of Interconnected Devices,” 2023 Eighth International Conference On Mobile And Secure Services (MobiSecServ), Miami Beach, FL, USA, 2023, pp. 1-9, https://doi.org/10.1109/MobiSecServ58080.2023.10328996