The creation of intelligent devices provoked further development in this area, which led to the emergence of the Internet of things. Such devices are controlled in the same way using mobile applications, which creates additional sources of problems with the safety of their operation. Since most consumers lack technology security literacy, this problem poses a threat to users (Allifah & Zualkernan, 2022). Also, there are no available and understandable to the end consumer security standards for such Internet things that could influence the choice of purchase. As a result, the article identifies the main security risks, demonstrates previous attempts to build a ranking model, and suggests developed directions in this area.
The first such devices began to appear in 1985, gradually increasing the consumption rate, but by 2006, many were noticeably concerned about the security of these devices. Because they were controlled by Internet access, they could be easily compromised (Allifah & Zualkernan, 2022). 40% of homes have at least five devices with Internet access, and the same 40% have at least one device with several vulnerabilities (Allifah & Zualkernan, 2022). Many authors and works are given in the article, where various loopholes and problems of the Internet of Things are proved. At the same time, there were appropriate safety labels, but the consumer could hardly understand them if he did not have the appropriate in-depth knowledge.
Determining the relative safety of devices of this type is a rather complex multi-criteria task, especially given the different orientations of each of these devices. The models under consideration often adopted a hierarchical analytical process as a method for solving such multiobjective problems (Allifah & Zualkernan, 2022). This method can combine qualitative and quantitative characteristics of a device, evaluate internal consistency, and have a transparent framework for comparing devices against criteria.
The article proposes the construction of such a safety rating with the condition of its understandability for the end-user. Such an approach will create a criterion by which the user will make a more informed decision about the purchase. The method is also built on AHP, offering new solutions and insights in methodology building (Allifah & Zualkernan, 2022). Finally, the article also provides an example of the application of this technique.
AHP is a goal-based approach against which criteria are built. Each criterion has its weight compared to others or relative priority. Based on the priority of criteria or sub-criteria, their contribution to the overall goal is evaluated. This method is widely used in various cyber security systems, information security, decision validation, web applications, cloud storage, networks, and mobile applications (Allifah & Zualkernan, 2022). The methods often focus on privacy, attack prevention, authentication, security, access, and integration.
Most intelligent systems or devices in a brilliant homework with cloud storage and a service provider. In addition, wireless data transmission methods are used: Wi-fi, Bluetooth, ZigBee (Allifah & Zualkernan, 2022). Accordingly, given that each device is unique in its tasks, the task of the security risk assessment is to identify the main commonalities for the purpose of an integrated approach. Recently, there has also been a trend to use third-party local devices as a gateway, access to which can be restricted by the user, and as a result, their use is more secure. Also, most devices offer mobile applications to manage them.
What are the common vulnerabilities of consumer smart home devices when viewed as IoT peripherals? What are common network vulnerabilities when used with smart home devices? What are the common vulnerabilities of the cloud when used with smart home devices? What are common application vulnerabilities when used with smart home devices? (Allifah & Zualkernan, 2022).
To assess this issue, the article’s authors turned to the most researched and frequently used digital libraries that provide functionality for various technologies and devices. Peripherals are attacked by potential Internet access and default passwords, undocumented Secure Shell, end-to-end network layer delays, and more (Allifah & Zualkernan, 2022). As a result, attackers can gain access to control, listen and write personal data. If many privileges are granted to such devices, they pose a danger in their operation, and if an attacker can replace the voice, then in matters of control over them. Many companies cannot continue supporting the device due to closures or the creation of new models, which also raises the issue of security.
Dangers can occur at the network level, hardware, cloud, and mobile. It is recommended to change passwords more often, update device software, and introduce additional authentication steps on the network. Developers use machine learning to detect third-party intrusions. Cloud security is related to the threats of information transactions between the device and the cloud. It is also recommended to look for alternative ways to deliver information to the cloud if a threat is detected on the main one, the same additional authentication methods, and diversification of different cloud providers (Allifah & Zualkernan, 2022). With smartphones, end-users should also change passwords more often, preventing the threat of resource restriction and information leakage through similar applications and other things using a firewall.
The authors propose a security system with criteria for countering the main types of danger: applications, hardware level, cloud, and network. Then these criteria were given priority ratings, after which the relative safety of the device is calculated using formulas. As a result, appropriate sub-criteria were selected for each criterion, and a computational experiment was presented for a pairwise comparison of device security performance (Allifah & Zualkernan, 2022). As a result, the end-user will receive relative percentages for the four selected criteria and will be able to make an informed choice of the best device.
The authors argue that although only one empirical study was evaluated with this model in this article, it can be adapted for other devices. The model’s flexibility is explained by a preliminary study conducted on the sources of vulnerabilities in most devices in the smart home (Allifah & Zualkernan, 2022). Sufficiently wide multi-criteria sub-criteria, each having its weight, make the system universal regardless of the operational purpose of the device.
Reference
Allifah, N. M., & Zualkernan, I. A. (2022). Ranking Security of IoT-Based Smart Home Consumer Devices.IEEE Access, 10, 18352-18369. Web.