Trustworthy Smart Band: Security Requirements Analysis with Threat Modeling
|
|
Kang, Suin
(Graduate School of Information Security, Korea University)
Kim, Hye Min (Graduate School of Information Security, Korea University) Kim, Huy Kang (Graduate School of Information Security, Korea University) |
| 1 | C. Cremers, "The Scyther Tool: Verification, falsification, and analysis of security protocols," in Computer Aided Verification (CAV), ser. LNCS, vol. 5123. Springer, pp. 414-418, Jul. 2008 |
| 2 | M. Rahman, B. Carbunar, and M. Banik, "Fit and vulnerable: Attacks and defenses for a health monitoring device," arXiv 1304.5672, Apr. 2013 |
| 3 | H. Fereidooni, T. Frassetto, M. Miettinen, A.-R. Sadeghi, and M. Conti. "Fitness Trackers: Fit for Health but Unfit for Security and Privacy," in Connected Health: Applications, Systems and Engineering Technologies (CHASE), 2017 IEEE/ACM International Conference on. IEEE, pp. 19-24, Jul. 2017 |
| 4 | NIST, Trustworthy information system [Online]. Available: https://www.nist.gov/itl /trustworthy-information-systems. Accessed on: Oct 23, 2018 |
| 5 | P.K. Akshay Dev and K.P. Jevitha, "STRIDE Based Analysis of the Chrome Browser Extensions API," in Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applica- tions : FICTA 2016, Volume 2, S. C. Satapathy, V. Bhateja, S. K. Udgata, and P. K. Pattnaik, Eds., ed Singapore: Springer Singapore, pp. 169-178, Mar. 2017 |
| 6 | A. Karahasanovic, P. Kleberger, M. A lmgren, "Adapting Threat Modeling M ethods for the Automotive Industry," [Online]. Available: http://publications.lib.chalmers.se/records/fulltext/252083/local_252083.pdf. Accessed on: Oct 23, 2018 |
| 7 | D. Basin, C. Cremers, and S. Meier, "Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication," Proc. 1st Int'l Conf. Principles of Security and Trust (POST 12), LNCS 7215, P. Degano and J.D. Guttman, eds., pp. 129-148, Dec. 2012 |
| 8 | M. Cagnazzo, M. Hertlein, T. Holz, and N. Pohlmann "Threat Modeling for Mobile Health Systems," in Wireless Communications and Networking Conference Workshops (WCNCW), 2018 IEEE. IEEE, pp. 314-319, Apr. 2018 |
| 9 | Tae Un Kang and Huy Kang Kim, "VR Threat Analysis for Information Assurance of VR Device and Game System," Jonornal of The Korea Institute of information Security & Cryptology, 28(2), pp. 437-447, Apr. 2018 |
| 10 | Hye Min Kim and Huy Kang Kim, "Threat Modeling and Risk Analysis: PS4 Remote Play with PC," Jonornal of The Korea Institute of information Security & Cryptology, 28(1), pp. 135-143, Feb. 2018 |
| 11 | C. Cremers, "Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2," in European conference on research in computer security (ESORICS), Leuven, Belgium, Sep. 2011 |
| 12 | Microsoft, SDL Threat Modeling Tool. [Online]. Available: https://www.microsoft .com/en-us/sdl/adopt/threatmodeling.aspx. Accessed on: Sep 21, 2018. |
| 13 | B. Potter, "Microsoft SDL threat modelling tool," Network Security, vol. 2009, no. 1, pp. 15-18, Jan. 2009 DOI |
| 14 | A.K. Das, P.H. Pathak, C.-N. Chuah, and P. Mohapatra, "Uncovering privacy leakage in BLE network traffic of wearable fitness trackers," in Proc. 17th Int. Workshop Mobile Comput. Syst. Appl. (HotMobile), pp. 99-104, Feb. 2016 |
| 15 | Smart band attack demo video, [Online]. Available: https://youtu.be/QFb1AV7yUas. Accessed on: Oct 23, 2018. |
| 16 | R. Goyal, N. Dragoni, and A. Spognardi, "Mind the tracker you wear: A security analysis of wearable health trackers," in Proc. ACM Symp. Appl. Comput., pp. 131-136, Apr. 2016 |
| 17 | W. Diffie, P. C. Van Oorschot, and M. J. Wiener, "Authentication and authenticated key exchanges," Designs, Codes, Cryptography., vol. 2, no. 2, pp. 107-125, Jun. 1992 DOI |
| 18 | Scyther verification code for connectio n and communication protocol, [Online]. Available: https://github.com/hausdorfff/Protocol-Verification. Accessed on: Oct 23, 2018. |
| 19 | W. Zhou and S. Piramuthu, "Security/privacy of wearable fitness tracking IoT devices," in Proc. 9th Iberian Conf. Inf. Syst. Technol., pp. 1-5, Jun. 2014 |
| 20 | M. LEE, K. Lee, J. Shim, S. J. Cho, and J. Choi, "Security threat on wearable services: empirical study using a commercial smartband," in Consumer Electronics-Asia (ICCE-Asia), IEEE International Conference on. IEEE, pp. 1-5, Oct. 2016 |
| 21 | I. Williams, X. Yuan, "Evaluating Effectiveness of Microsoft Treat Modeling Tool", ISCD Conference, 2015, Oct. 2015 |
| 22 | S. Seneviratne, Y. Hu, T. Nguyen, G. Lan, S. Khalifa, K. Thilakarathna, M. Hassan, and A. Seneviratne, "A survey of wearable devices and challenges," IEEE Commun. Surveys Tuts., vol. 19, no. 4, pp. 2573-2620, Jul. 2017 DOI |
| 23 | H.F. Tipton and M. Krause, Information Security Management Handbook, CRC Press, May. 2007 |
| 24 | A. Shostack, Threat Modeling: Designing for Security, 1st ed. John Wiley & Sons, 2014 |
| 25 | A. Shostack, "Experiences Threat Modeling at Microsoft", Modeling Security Workshop, Toulouse, Sep. 2008 |
| 26 | STRIDE threat model of Microsoft. [Online]. Available: https://msdn.microsoft.com/en-us /library/ee823878(v=cs. 20).aspx. Accessed on: Oct 23, 2018 |
| 27 | B. Schneier, "Attack trees: Modeling security threats," Dr. Dobb's Journal, Dec. 1999 |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
