Noga Agmon, Asaf Shabtai, Rami Puzis
Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, 11 Apr 2019
The Internet of things (IoT) has become an integral part of our lifeat both work and home. However, these IoT devices are prone to vulnerability exploits due to their low cost, low resources, the diversityof vendors, and proprietary firmware. Moreover, short range communication protocols (e.g., Bluetooth or ZigBee) open additionalopportunities for the lateral movement of an attacker within an organization. Thus, the type and location of IoT devices may significantlychange the level of network security of the organizational network.In this paper, we quantify the level of network security based onan augmented attack graph analysis that accounts for the physicallocation of IoT devices and their communication capabilities. Weuse the depth-first branch and bound (DFBnB) heuristic search algorithm to solve two optimization problems: Full Deployment withMinimal Risk (FDMR) and Maximal Utility without Risk Deterioration (MURD). An admissible heuristic is proposed to accelerate thesearch. The proposed method is evaluated using a real network withsimulated deployment of IoT devices. The results demonstrate (1)the contribution of the augmented attack graphs to quantifying theimpact of IoT devices deployed within the organization on security,and (2) the effectiveness of the optimized IoT deployment.