Identifying the attack surface for IoT network

Syed Rizvi, R. J. Orr, Austin Cox, Prithvee Ashokkumar, Mohammad R. Rizvi

Research output: Contribution to journalArticlepeer-review

54 Scopus citations


For this research, our primary goal is to define an attack surface for networks utilizing the IoT (Internet of Things) devices. The IoT consists of systems of integrated objects, computing devices, digital, or mechanical machines that are given the ability to transmit and receive the data over a network without the need for human interaction. Each of these devices can operate independently within the existing Internet infrastructure. Issues will continue to increase as devices become more prevalent and continuously evolve to counter newer threats and schemes. The attack surface of a network sums up all penetration points, otherwise known as attack vectors. An attacker or an unauthorized user can take advantage of these attack vectors to penetrate and change or extract data from the threat environment. For this research, we define a threat model that allows us to systematically analyze the security solutions to mitigate potential risks from the beginning of the design phase. By designing an IoT architecture and breaking it down into several zones, we focus on each zone to identify any vulnerability or weaknesses within a system that allows unauthorized privileges, as well as any attacks that can target that area. We also investigate the available IoT devices across several domains (e.g., wellness, industrial, home, etc.) to provide a 1:1 and 1:n mapping across devices, vulnerabilities, and potential security threats based on the subjective assessment.

Original languageEnglish (US)
Article number100162
JournalInternet of Things (Netherlands)
StatePublished - Mar 2020

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science (miscellaneous)
  • Information Systems
  • Engineering (miscellaneous)
  • Hardware and Architecture
  • Computer Science Applications
  • Artificial Intelligence
  • Management of Technology and Innovation


Dive into the research topics of 'Identifying the attack surface for IoT network'. Together they form a unique fingerprint.

Cite this