Trustworthy Smart Band: Security Requirement Analysis with Threat Modeling
This addresses security risks for users of smart bands, but it is incremental as it applies existing threat modeling methods to a specific domain.
The paper tackles the problem of securing smart bands by applying threat modeling techniques to identify vulnerabilities and derive security requirements, resulting in successful exploitation of smart bands and proposed security measures verified with Scyther.
As smart bands make life more convenient and provide a positive lifestyle, many people are now using them. Since smart bands deal with private information, security design and implementation for smart band system become necessary. To make a trustworthy smart band, we must derive the security requirements of the system first, and then design the system satisfying the security requirements. In this paper, we apply threat modeling techniques such as Data Flow Diagram, STRIDE, and Attack Tree to the smart band system to identify threats and derive security requirements accordingly. Through threat modeling, we found the vulnerabilities of the smart band system and successfully exploited smart bands with them. To defend against these threats, we propose security measures and verify that they are secure by using Scyther which is a tool for automatic verification of security protocol.