Quantifying IoT Security Parameters: An Assessment Framework

Abstract

Several attempts have been made to propose metrics that quantify the parameters of existing solutions to improve the security of IoT systems. This paper presents a framework to classify and compare these metrics based on a set of attributes that can be used to answer the research questions. Forty-six metrics from the literature were analyzed, classified, and compared according to the developed framework. They were divided into two main categories according to the metric's source, i.e., internal and external sources. Then, they were further divided into seven sub-categories: size, time, numbering/scoring, checklist, blockchain, device integration effort, and legislation. There are eight widely used metrics among the existing IoT solutions: throughput, packet loss rate, jitter, password, security transmission rate, resilience, average energy consumption, and blockchain-related metrics (i.e., technical metrics). The simulation technique is the most common validation method among the current IoT solutions. Furthermore, the results revealed a gap in four aspects of proposing metrics for measuring security parameters. These aspects include the network/transport IoT layer, blockchain, legislation, and the use of data science in simulation research methodologies.