IoT threat assessment with the AttackDefense framework

The talk focuses on threat assessment for the Internet of Things (IoT). It presents pervasive security vulnerabilities in IoT protocols, including impersonation and machine-in-the-middle attacks on Fast IDentity Online v2 (FIDO2) and the Open Charge Point Protocol (OCPP). It then introduces a new and practical solution for IoT threat assessment based on threat modeling, a somewhat lost art in academia that we should revive! The talk explains how to threat-model IoT devices and their life cycles using the AttackDefense Framework (ADF). Through a real-world cryptowallet case study that we run with a team of hardware, software, and protocol security experts, we demonstrate the effectiveness of ADF in threat modeling heterogeneous attacks and defenses on the full IoT stack. We also discuss current limitations, which should provide a basis for exciting discussion on how to improve IoT threat modeling and the ADF framework! The audience will learn about the state of the art in IoT threat assessment and modeling, as well as related future trends.