Computing Security Scores for IoT Device Vulnerabilities

In today’s computing edge, security and data privacy is considered as one of the most critical aspects that hinders the wide spread adoption of large-scale Internet of Things (IoT) devices. Therefore, being able to understand the device-level vulnerabilities and determine the security level of a certain device is crucial for their acceptance. Motivated with this, we compute the security score for each common vulnerability of IoT devices within three primary IoT domains (i.e., healthcare, commerce, and home-automation) using the National Institute of Standards and Technology (NIST) Common Vulnerability Scoring System (CVSS) method. Specifically, IoT devices within these primary domains are isolated and analyzed for common vulnerabilities to generate quantitative and qualitative scores using the CVSS exploitability, impact, and scope metrics. The finding of this research work will empower different stakeholders (e.g., risk analysts, IT departments, or any individual user) with the ability to understand the security risks associated with the IoT devices.