Development of a Multi-Vector Information Security Rating Scale for Smart Devices as a Means for Raising Public InfoSec Awareness

摘要

Vulnerabilities on smart multimedia devices that are made for homes and Small Office Home Offices (SOHO) and their implementation practices, are a pragmatic fact. The broad usage of various devices that operate in home and SOHO environments has introduced a new threat paradigm for consumer platforms and devices, aiming at the secure operation and information of home and SOHO networks. These devices include a wide variety of commercially available technologies required for their operation but also proprietary technologies tailored specifically for those devices. For many manufacturers, usability and user friendliness take precedence over the security on these implementations, leaving home and SOHO networks vulnerable to potential risks that are unknown to consumers or require deep technical knowledge to comprehend them. Poor implementations, along with the inheritance of vulnerabilities that already exist, aggravate these circumstances. This paper aims to construct a measurement method through known vulnerabilities and related attack methods, to provide a scaling system that helps end-users easily understand and be aware of each device's vulnerability level, as well as provide a measurable score to help them compare devices that provide similar or identical services, in the same way this happens with other commodity features, attributes or characteristics.