Semiotics: An Approach to Model Security Scenarios for IoT-Based Agriculture Software
Abstract
Agriculture is a vital human activity that contributes to sustainable development. A few decades ago, the agricultural sector adopted the Internet of Things (IoT), which has played a relevant role in precision and smart farming. The IoT developments in agriculture require that numerous connected devices work cooperatively. This increases the vulnerability of IoT devices, mainly because they lack the necessary built-in security because of their context and computational capacity. Other security threats to these devices are related to data storage and processing connected to edge or cloud servers. To ensure that IoT-based solutions meet functional and non-functional requirements, particularly those concerning security, software companies should adopt a security-focused approach to their software requirements specification. This paper proposes a method for specifying security scenarios, integrating requirements and architecture viewpoints into the context of IoT for agricultural solutions. The method comprises four steps: (i) describe scenarios for the intended software, (ii) describe scenarios with incorrect uses of the system, (iii) translate these scenarios into security scenarios using a set of rules, and (iv) improve the security scenarios. This paper also describes a prototype application that employs the proposed algorithm to strengthen the incorrect use scenario based on the correct use scenario. Then, the expert can complete the information for the analysis and subsequent derivation of the security scenario. In addition, this paper describes a preliminary validation of our approach. The results show that the proposed approach enables software engineers to define and analyze security scenarios in the IoT and agricultural contexts with good results. A survey administered to five security experts found that the proposed security scenario method is generally useful for specifying agricultural IoT solutions but needs improvement in different areas.
References
ITU-T. “Overview of internet of things.” 2012. [Online]. Available: https://www.itu.int/rec/T-REC-Y.2060/en
K. Ojo-Gonzalez, and B. Bonilla-Morales, “Requerimientos no funcionales para sistemas basados en el internet de las cosas (IoT): Una revisión,” I+D Tecnológico, vol. 17, no. 2, Jul. 2021. https://doi.org/10.33412/idt.v17.2.3303
Berkeley CPS Publications. “Cyber-Physical Systems (CPS).” Berkeley.edu. Accessed: Sep. 20, 2023. [Online]. Available: https://ptolemy.berkeley.edu/projects/cps/
P. Shankar, B. Morkos, D. Yadav, and J. D. Summers, “Towards the formalization of non-functional requirements in conceptual design,” Res. Eng. Des., vol. 31, no. 4, pp. 449–469, Oct. 2020. https://doi.org/10.1007/s00163-020-00345-6
E. Serna M., and A. Serna A., “Process and progress of requirement formalization in software engineering,” Ingeniare, Rev. Chil. Ing., vol. 28, no. 3, pp. 411–423, Sep. 2020. https://doi.org/10.4067/S0718-33052020000300411
U. Ahmed, “A review on khowledge management in requirements engineering,” in International Conference on Engineering and Emerging Technologies (ICEET), Lahore, Pakistan, 2018, pp. 1-5. https://doi.org/10.1109/ICEET1.2018.8338650
C. Potts, “Using schematic scenarios to understand user needs,” in Proceedings of the conference on Designing interactive systems processes, practices, methods, & techniques - DIS ’95, New York, Aug. 1995, pp. 247–256. https://doi.org/10.1145/225434.225462
J. Patton, and P. Economy, User Story Mapping: Discover the Whole Story, Build the Right Product, 1st Ed. Sebastopol, CA, United States of America: O’Reilly Media, 2014.
J. R. Price, Write a Use Case: Gathering Requirements that Users Understand, The Communication Circle, 2020.
J. M. Carroll, “Five reasons for scenario-based design,” in Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers, Maui, HI, USA, Jan. 1999, pp. 11. https://doi.org/10.1109/hicss.1999.772890
S. Hofer, and H. Schwentner, Domain Storytelling: A Collaborative, Visual, and Agile Way to Build Domain-Driven Software (Addison-Wesley Signature Series (Vernon)), 1st Ed. Massachusetts, United States Of America: Addison-Wesley Professional, 2021.
S. Pal, M. Hitchens, T. Rabehaja, and S. Mukhopadhyay, “Security requirements for the internet of things: A systematic approach,” Sensors, vol. 20, no. 20, p. 5897, Oct. 2020. https://doi.org/10.3390/s20205897
S. Myagmar, A. J. Lee, and W. Yurcik, “Threat Modeling as a Basis for Security Requirements,” ResearchGate, Aug. 2005. [Online]. Available: https://www.researchgate.net/publication/228634178_Threat_Modeling_as_a_Basis_for_Security_Requirements
B. Schneier, “Cryptography Is Harder than It Looks,” IEEE Secur. Priv., vol. 14, no. 1, pp. 87–88, Jan.-Feb. 2016. https://doi.org/10.1109/MSP.2016.7
T. Martin, D. Geneiatakis, I. Kounelis, S. Kerckhof, and I. N. Fovino, “Towards a formal lot security model,” Symmetry, vol. 12, no. 8, p. 1305, Aug. 2020. https://doi.org/10.3390/sym12081305
M. Dhanaraju, P. Chenniappan, K. Ramalingam, S. Pazhanivelan, and R. Kaliaperumal, “Smart Farming: Internet of Things (IoT)-Based Sustainable Agriculture,” Agriculture, vol. 12, no. 10, p. 1745, Oct. 2022. https://doi.org/10.3390/agriculture12101745
N. Khan, R. L. Ray, G. R. Sargani, M. Ihtisham, M. Khayyam, and S. Ismail, “Current progress and future prospects of agriculture technology: Gateway to sustainable agriculture,” Sustainability, vol. 13, no. 9, p. 4883, Apr. 2021. https://doi.org/10.3390/su13094883
D. C. Rose, R. Wheeler, M. Winter, M. Lobley, and C. Charlotte-Anne, “Agriculture 4.0: Making it work for people, production, and the planet,” Land use policy, vol. 100, p. 104933, Jan. 2021. https://doi.org/10.1016/j.landusepol.2020.104933
S. El-Gendy, and M. A. Azer, “Security Framework for Internet of Things (IoT),” in 2020 15th International Conference on Computer Engineering and Systems (ICCES), Cairo, Egypt, 2020, pp. 1-6. https://doi.org/10.1109/ICCES51560.2020.9334589
A. Rettore de Araujo Zanella, E. da Silva, and L. C. Pessoa Albini, “Security challenges to smart agriculture: Current state, key issues, and future directions,” Array, vol. 8, p. 100048, Dec. 2020. https://doi.org/10.1016/j.array.2020.100048
A. Yazdinejad et al., “A review on security of smart farming and precision agriculture: Security aspects, attacks, threats and countermeasures,” Applied Sciences, vol. 11, no. 16, Aug. 2021. https://doi.org/10.3390/app11167518
K. Demestichas, N. Peppes, and T. Alexakis, “Survey on Security Threats in Agricultural IoT and Smart Farming,” sensors, vol. 20, no. 22, p. 6458, Nov. 2020. https://doi.org/10.3390/s20226458
J. C. Sampaio Do Prado Leite, G. D. S. Hadad, J. H. Doorn, and G. N. Kaplan, “A scenario construction process,” Requir. Eng., vol. 5, no. 1, pp. 38–61, Jul. 2000. https://doi.org/10.1007/pl00010342
S. Khamaiseh, and D. Xu, “Software security testing via misuse case modeling,” in 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress, Orlando, FL, USA, 2017, pp. 534-541. https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.98
X. T. Nguyen, H. T. Tran, H. Baraki, and K. Geihs, “Frasad: A Framework for Model-driven IoT Application Development Xuan,” in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, Italy, 2015, pp. 387-392. https://doi.org/10.1109/WF-IoT.2015.7389085
B. Karaduman, S. Mustafiz, and M. Challenger, “FTG+PM for the Model-Driven Development of Wireless Sensor Network based IoT Systems,” in 2021 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), Fukuoka, Japan, 2021, pp. 306-316. https://doi.org/10.1109/MODELS-C53483.2021.00052
H. Cardenas, R. Zimmerman, A. R. Viesca, M. Al Lail, and A. J. Perez, "Formal UML-based Modeling and Analysis for Securing Location-based IoT Applications," in 2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS), Denver, CO, USA, 2022, pp. 722-723. https://doi.org/10.1109/MASS56207.2022.00109
K. Slovenec, M. Vuković, D. Salopek, and M. Mikuc, "Securing IoT Services Based on Security Requirement Categories," in 2022 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, 2022, pp. 1-6. https://doi.org/10.23919/SoftCOM55329.2022.9911319
S. Sotoudeh, S. Hashemi, and H. G. Garakani, Security Framework of IoT-Based Smart Home," in 2020 10th International Symposium on Telecommunications (IST), Tehran, Iran, 2020, pp. 251-256. https://doi.org/10.1109/IST50524.2020.9345886
W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, and Y. A. Bangash, “An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software-Defined Security,” IEEE Internet Things J., vol. 7, no. 10, pp. 10250–10276, Oct. 2020. https://doi.org/10.1109/JIOT.2020.2997651
Ö. Özkaya, and B. Örs, "Model based node design methodology for secure IoT applications," in 2018 26th Signal Processing and Communications Applications Conference (SIU), Izmir, Turkey, 2018, pp. 1-4. https://doi.org/10.1109/SIU.2018.8404490
R. M. Carvalho, "Dealing with Conflicts Between Non-functional Requirements of UbiComp and IoT Applications," in 2017 IEEE 25th International Requirements Engineering Conference (RE), Lisbon, Portugal, 2017, pp. 544-549. https://doi.org/10.1109/RE.2017.51
F. Kammuller, J. C. Augusto, and S. Jones, “Security and privacy requirements engineering for human centric IoT systems using eFRIEND and Isabelle,” in 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), London, UK, 2017, pp. 401-406. https://doi.org/10.1109/SERA.2017.7965758
M. Gupta, M. Abdelsalam, S. Khorsandroo, and S. Mittal, “Security and Privacy in Smart Farming: Challenges and Opportunities,” IEEE Access, vol. 8, pp. 34564–34584, Feb. 2020. https://doi.org/10.1109/ACCESS.2020.2975142
F. Davis, “User Acceptance of Information Systems: Technology acceptance model (TAM),” University of Michigan, Ann Arbor, Michigan. [Online]. Available: https://deepblue.lib.umich.edu/bitstream/handle/2027.42/35547/b1409190.0001.001.pdf?seque
N. Marangunić, and A. Granić, “Technology acceptance model: a literature review from 1986 to 2013,” Univers. Access Inf. Soc., vol. 14, pp. 81–95, Mar. 2015. https://doi.org/10.1007/s10209-014-0348-1
Python. (1995). Netherlands. Accessed: Sep. 20, 2023. [Online]. Available: https://www.python.org/
Spacy. Industrial-Strength Natural Language Processing. (2016). Accessed: Sep. 20, 2023. [Online]. Available: https://spacy.io/
S. Loria. Textblob (Python). (2023). Accessed: Sep. 23, 2023. [Online]. Available: https://pypi.org/project/textblob/
S. Aurangzeb, M. Aleem, M. Azhar Iqbal, and M. Arshad Islam, “Ransomware: A Survey and Trends,” Journal of Information Assurance and Security, vol. 12, Jun. 2017. https://www.researchgate.net/publication/317380115_Ransomware_A_Survey_and_Trends
S. G. Abbas et al., “Identifying and mitigating phishing attack threats in IoT use cases using a threat modelling approach,” Sensors, vol. 21, no. 14, p. 4816, Jul. 2021. https://doi.org/10.3390/s21144816
L. Chang, “A Proactive Approach to Detect IoT Based Flooding Attacks by Using Software Defined Networks and Manufacturer Usage Descriptions,” M.S thesis, Arizona State University Tempe Campus, EE. UU. 2018. [Online]. Available: https://core.ac.uk/download/pdf/161995314.pdf
J. Liu, Y. Xiao, and C. L. P. Chen, "Authentication and Access Control in the Internet of Things," in 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 2012, pp. 588-592. https://doi.org/10.1109/ICDCSW.2012.23
Q. M. Ashraf, and M. H. Habaebi, “Autonomic schemes for threat mitigation in Internet of Things,” J. Netw. Comput. Appl., vol. 49, pp. 112–127, 2015. https://doi.org/10.1016/j.jnca.2014.11.011
J. Deogirikar, and A. Vidhate, “Security attacks in IoT: A survey,” in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 2017, pp. 32-37. https://doi.org/10.1109/I-SMAC.2017.8058363
Decisioning, “The second workshop on Collaboration in knowledge discovery and decision making.” unicauca.edu.co. Accessed: Sep. 23, 2023. [Online]. Available: https://www.unicauca.edu.co/versionP/eventos/conversatorio/decisioning-2023-second-workshop-collaboration-knowledge-discovery-and-decision-making
Downloads
Copyright (c) 2024 TecnoLógicas
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Altmetric
