@inproceedings{af87d91c81da40c69b4361e76a550e9c,
title = "Threat Modelling in Virtual Assistant Hub Devices",
abstract = "Despite increasing uptake, there are still many concerns as to the security of virtual assistant hubs (such as Google Nest and Amazon Alexa) in the home. Consumer fears have been somewhat exacerbated by widely publicised privacy breaches, and the continued prevalence of high-profile attacks targeting IoT networks. Little work has been evident to compare which threat modelling approach(es) would be most appropriate for these devices. There is therefore an opportunity to explore different threat modelling methodologies as applied to this context. Five approaches (STRIDE, CVSS, Attack/Threat Trees, LINDDUN GO, and Quantitative TMM) were compared as these were determined to be either the most prominent or potentially applicable to an IoT context. The key findings suggest that a combination of STRIDE and LINDDUN GO is optimal for elucidating threats under the pressures of a tight industry deadline cycle (with potential for elements of CVSS depending on time constraints). Such findings are useful for IoT device manufacturers seeking to optimally model threats, and educate consumers on the risks.",
author = "Kaniz Fatema and Beckett LeClair",
year = "2024",
month = dec,
day = "20",
doi = "10.1007/978-3-031-74443-3\_37",
language = "English",
isbn = "9783031744426 (pbk)",
series = "Lecture Notes in Networks and Systems (LNNS)",
publisher = "Springer, Cham",
pages = "635--646",
editor = "N. Naik and P. Jenkins and S. Prajapat and P. Grace",
booktitle = "Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK. C3AI 2024",
}