Characteristic−Based Security Analysis for the Personal Network
Andrew J. Paverd‚ Fadi El−Moussa and Ian Brown
Abstract
The Personal Network (PN) is a logical network of interconnected components used by an individual. It encompasses the home network, the Personal Area Network (PAN), and the Vehicular Area Network (VAN) and includes cloud-based services. Previous security analyses, including ITU-T Recommendation X.1111, have focussed on the individual physical networks rather than the PN itself. By consolidating and structuring previous work, we propose an updated and enhanced security analysis for the PN. In our characteristic-based approach we identify the primary characteristics of the PN and its components and use these to develop an abstract PN asset model. From this, we derive the main attacker objectives and a list of attack vectors through which these could be achieved. We propose a mapping between the attack vectors and the PN component characteristics that can be used to determine the specific attacks to which a particular component is vulnerable. We argue that this characteristic-based approach is better suited for use in the PN compared to the category-based approach in ITU-T X.1111 because of the high degree of heterogeneity between the PN components. In this paper, we present a summary of this analysis and discuss its usage.