Analyzing and Mitigating Attacks in IoT Smart Home Using a Threat Modeling Approach-Based STRIDE

Abstract

The Internet of Things (IoT) is a network of interconnected devices that enables data exchange. It is widely used in areas such as healthcare, aviation, agriculture, energy, and home automation. Despite its rapid growth and the massive adoption of connected devices, IoT presents significant security risks. Traditional threat modeling approaches are insufficient to address these risks. Architecture-based modeling is recommended, as it considers the entire system and helps in understanding potential threats. Threat modeling is a systematic technique used to identify and evaluate potential threats that could compromise the security of a system. The main objective is to understand the vulnerabilities of a system in order to design appropriate security measures to mitigate them. This paper aims to analyze and mitigate specific IoT smart home threats using the STRIDE threat modeling framework, which systematically identifies potential vulnerabilities at the development level. By applying STRIDE, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, we focused on addressing key security threats, including denial of service (DoS), phishing, and man-in-the-middle (MitM) attacks. Our findings demonstrate that the proposed mitigation strategies are effective in countering these threats, providing a robust security layer for IoT smart homes. Through this study, we highlight the importance of architecture-based threat modeling to enhance security within the IoT ecosystem and offer practical solutions that strengthen IoT smart home resilience. The outcomes of the STRIDE-based analysis and the effectiveness of the mitigation techniques are detailed, offering empirical evidence to support our approach.