Skip to the main content

Original scientific paper

https://doi.org/10.17559/TV-20210122095638

A Security, Privacy and Trust Methodology for IIoT

Lifeng Chen ; Department of Global Business Administration, Gachon University, Seongnam 13120, South Korea
Zhixiao Ye ; College of Economics and Social Welfare, Zhejiang Shuren University, Hangzhou 310015, China
Shanyue Jin* ; Department of Global Business Administration, Gachon University, Seongnam 13120, South Korea


Full text: english pdf 387 Kb

page 898-906

downloads: 905

cite


Abstract

The implements of IoT and industrial IoT (IIoT) are increasingly becoming the consensus with Industry 4.0. Relevant data-driven methodologies are typically concentrated on the scoring systems of CVE prioritization schemes, the scoring formulas of CVSS metrics, and other vulnerability impact factors. However, these prioritized lists such as the CWE/SANS Top 25 suffer from a critical weakness: they fail to consider empirical evidence of exploits. Considering the distinct properties and specific risks of SCADA systems in IIoT, this paper overcomes the inherent limitation of IIoT empirical research which is the sample size of exploits by collecting data manually. This study then developed an exploits factors-embedded regression model to statistically access the significant relationships between security, privacy, and trust-based vulnerability attributes. Through this data-driven empirical methodology, the study elucidated the interactions of security, privacy, and trust in IIoT with professional quantitative indicators, which would provide grounds for substantial further related work. In addition to the security privacy and trust regression analysis, this study further explores the impact of IoT and IIoT by difference-in-difference (DID) approach, applying bootstrap standard error with Kernel option and quantile DID test to evaluate the robustness of DID model. In general, the empirical results indicated that: 1) the CVSS score of vulnerability is irrelevant to the disclosure of exploits, but is positively correlated with CWEs by Density and CVE year, 2) among the exploits of SCADA-related authors, the more identical CWEs that exist in these exploits, the higher the CVSS score of the exploit CVE will be, and CVE year has a negative moderating effect within this relationship; 3) the CVSS scores of SCADA exploits have significantly decreased in comparison with non-SCADA after the promulgation of Industry 4.0.

Keywords

CVSS scores; SCADA; industrial IoT (IIoT); security privacy and trust

Hrčak ID:

258221

URI

https://hrcak.srce.hr/258221

Publication date:

6.6.2021.

Visits: 2.070 *