A Study on Security Requirments Analysis through Security Threat Modeling of Home IoT Appliance

Suk-Jin Yun, Jungduk Kim


Today many companies are offering IoT-enabled products and place emphasis on security from the planning stage to protect their products and user information from external threats. The present security levels, however, remain low because the time and resources invested in developing security requirements for each device are far from enough to meet the needs of a wide range of IoT products. Nevertheless, vulnerabilities of IoT devices have been reported continuously, which calls for more detailed security requirements for home IoT devices. In this context, this research identified threats of home IoT systems by using Microsoft Threat Modeling Tool. It then suggested measures to enhance the security of home IoT devices by developing security assessment items through comparative analysis of the identified threats, domestic and global vulnerability assessment standards and related research. It also verified the effectiveness of the developed security requirements by testing them against the existing ones, and the results revealed the security requirements developed in this research proved to be more effective in identifying vulnerabilities.

Full Text:



Choi, J. W., “The status and prospect of the IoT market,” Kotra, 2016.

Gartner, “Press Release: Global Internet of Things Market to Grow to 27 Billion Devices, Generating USD 3 Trillion Revenue in 2025,” Gartner, 2016.

Han, J. J., “Configuring the design and inspection item for reviewing the Internet of Things (IoT) security,” Master’s thesis in Yonsei University, pp. 41-57, 2016.

IoT Security Alliance, “IoT Common Security Guide,” IoT Security Alliance, p. 3 2016.

IoT Security Alliance, “IoT Common Security Principles,” IoT Security Alliance, pp. 1-10, 2016.

Kang, J. M., “How to Validate Smart TV Security in an Internet of Things,” Master’s thesis at Soongsil University, pp. 28-29, 2016.

Kim, E. A., “A Study on Development and Application of Taxonomy of Internet of Things Service,” The Journal of Society for e-Business Studies, Vol. 20, No. 2, pp. 107-123, 2015.

Korea Institute for industrial Economics & Trade, “Safety Net in the Age of Internet of Things, Convergence Security Industry,” KIET, pp. 1-8, 2014.

Korea Internet & Security Agency. “Seven Cyber Attacks Forecasts of 2019,” KISA, p. 13, 2018.

Kumar, S. A. and Vealey, H. S., “Security in Internet of Things: Challenges, Solutions and Future Directions,” IEEE, pp. 1-9, 2016.

Lin, H. and N. W. Bergmann, “IoT Privacy and Security Challenges for Smart Home Environments,” Information, pp. 1-13, 2016.

OWASP, “OWASP IoT Top 10,” OWASP, 2014.

Shostack, A., “Experience Threat Modeling at Microsoft,” Microsoft, 2008.

Shostack, A., Threat Modeling: Design for Security, WILEY, pp. 1-30, 2014.

Torr, P., “Demystifying the Threat modeling process,” IEEE Security & Private, Vol. 3, No. 5, pp. 66-70, 2005.


  • There are currently no refbacks.