P3CRID: A Threat Model Methodology for Smart Homes

Threat modelling is a methodology employed for identifying and analysing threats and applicable mitigations for web applications, mobile applications, infrastructure, and environments including smart home environments. Threat modelling starts with a tabletop exercise to identify threats. It provides extremely important insights into what can go wrong if certain events or a series of events take place. The identification of these events is critical to ensuring the right mitigation strategies are applied. Threat modelling also helps to identify security controls that may be assumed to provide required security, but, in reality, may not be addressing the existing and applicable threat(s). Existing literature, in the public domain and in academia, discusses threat materialisation for smart homes; however, entry points for a threat to materialise and exploit these vulnerabilities are not explored and a dedicated threat model for smart home environments is currently unavailable. Whilst threats can be mitigated by smart home device manufacturers, there are also mitigations that need to be applied by smart home owners who are both technology-aware and technology-unaware. In this paper, we propose a structured, domain-specific threat modelling methodology for smart home environments. The methodology models threats from a smart home owner’s perspective, identifies entry points and the mitigations that need to be implemented by a smart home owner. It also acknowledges that the attack surface expands and contracts and is not constant; which is addressed by applying zero-trust principles.