{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T14:00:48Z","timestamp":1743084048729,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":29,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819970315"},{"type":"electronic","value":"9789819970322"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-981-99-7032-2_9","type":"book-chapter","created":{"date-parts":[[2023,11,7]],"date-time":"2023-11-07T23:02:49Z","timestamp":1699398169000},"page":"138-153","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Transparent Security Method for\u00a0Automating IoT Security Assessments"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8692-763X","authenticated-orcid":false,"given":"Rauli","family":"Kaksonen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1169-5920","authenticated-orcid":false,"given":"Kimmo","family":"Halunen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marko","family":"Laakso","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9993-8602","authenticated-orcid":false,"given":"Juha","family":"R\u00f6ning","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,11,8]]},"reference":[{"key":"9_CR1","unstructured":"Cyber Security for Consumer Internet of Things: Baseline Requirements v2.1.1. ETSI EN 303 645, ETSI (2020)"},{"key":"9_CR2","unstructured":"Common Criteria for Information Technology Security Evaluation, Parts 1\u20135. Standard (2022). https:\/\/www.commoncriteriaportal.org\/"},{"key":"9_CR3","unstructured":"OpenAPI Specification (2023). https:\/\/swagger.io\/resources\/open-api\/"},{"key":"9_CR4","unstructured":"Ruuvi home page (2023). https:\/\/ruuvi.com"},{"key":"9_CR5","doi-asserted-by":"publisher","first-page":"101648","DOI":"10.1016\/j.cose.2019.101648","volume":"88","author":"O Abu Waraga","year":"2020","unstructured":"Abu Waraga, O., Bettayeb, M., Nasir, Q., Abu Talib, M.: Design and implementation of automated IoT security testbed. Comput. Secur. 88, 101648 (2020)","journal-title":"Comput. Secur."},{"issue":"10","key":"9_CR6","doi-asserted-by":"publisher","first-page":"276","DOI":"10.3390\/fi14100276","volume":"14","author":"R Akhilesh","year":"2022","unstructured":"Akhilesh, R., Bills, O., Chilamkurti, N., Mohammad Jabed, M.C.: Automated penetration testing framework for smart-home-based IoT devices. Future Internet 14(10), 276 (2022)","journal-title":"Future Internet"},{"key":"9_CR7","unstructured":"BSI, Germany: Baseline Requirements for consumer IoT devices (2023). https:\/\/www.bsi.bund.de\/dok\/ciot-standard"},{"key":"9_CR8","doi-asserted-by":"publisher","first-page":"513","DOI":"10.3390\/s22020513","volume":"22","author":"E Chatzoglou","year":"2022","unstructured":"Chatzoglou, E., Kambourakis, G., Smiliotopoulos, C.: Let the cat out of the bag: popular android IoT apps under security scrutiny. Sensors 22, 513 (2022)","journal-title":"Sensors"},{"key":"9_CR9","doi-asserted-by":"publisher","first-page":"102669","DOI":"10.1016\/j.cose.2022.102669","volume":"116","author":"A Cirne","year":"2022","unstructured":"Cirne, A., Sousa, P.R., Resende, J.S., Antunes, L.: IoT security certifications: challenges and potential approaches. Comput. Secur. 116, 102669 (2022)","journal-title":"Comput. Secur."},{"key":"9_CR10","unstructured":"Connectivity Standards Alliance Inc: Matter Specification, Version 1.0. Standard (2022)"},{"key":"9_CR11","unstructured":"Cyber Security Agency of Singapore: Cybersecurity Labelling Scheme (2023). https:\/\/www.csa.gov.sg\/our-programmes\/certification-and-labelling-schemes\/cybersecurity-labelling-scheme"},{"issue":"2","key":"9_CR12","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1109\/MSEC.2021.3132398","volume":"20","author":"P Emami-Naeini","year":"2022","unstructured":"Emami-Naeini, P., Dheenadhayalan, J., Agarwal, Y., Cranor, L.F.: An informative security and privacy \u201cnutrition\u2019\u2019 label for internet of things devices. IEEE Secur. Priv. 20(2), 31\u201339 (2022)","journal-title":"IEEE Secur. Priv."},{"key":"9_CR13","unstructured":"European Commission: Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation) (2016)"},{"key":"9_CR14","unstructured":"European Cyber Security Organisation (ECSO): European Cyber Security Certification, A Meta-Scheme Approach v1.0. WG1 - Standardisation, certification, labelling and supply chain management, ESCO (2017)"},{"key":"9_CR15","unstructured":"Gangurde, C.: Automation of IoT pre-certification security testing environment based on the manufacturing usage description. Master thesis, Eindhoven University of Technology (2019)"},{"key":"9_CR16","doi-asserted-by":"publisher","first-page":"126265","DOI":"10.1109\/ACCESS.2021.3111477","volume":"9","author":"JL Hern\u00e1ndez-Ramos","year":"2021","unstructured":"Hern\u00e1ndez-Ramos, J.L., et al.: Defining the behavior of IoT devices through the MUD standard: review, challenges, and research directions. IEEE Access 9, 126265\u2013126285 (2021)","journal-title":"IEEE Access"},{"key":"9_CR17","unstructured":"ioXt Alliance: ioXT Internet of secure things (2023). https:\/\/www.ioxtalliance.org\/"},{"key":"9_CR18","unstructured":"Jan Odvarko: HTTP Archive 1.2 Specification (2007). http:\/\/www.softwareishard.com\/blog\/har-12-spec\/"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Kaksonen, R., Halunen, K., R\u00f6ning, J.: Common cybersecurity requirements in IoT standards, best practices, and guidelines. In: Proceedings of the 7th International Conference on Internet of Things, Big Data and Security - vol. 1: IoTBDS, pp. 149\u2013156. INSTICC, SciTePress (2022)","DOI":"10.5220\/0011041700003194"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Kaksonen, R., Halunen, K., R\u00f6ning, J.: Vulnerabilities in IoT devices, backends, applications, and components. In: ICISSP - 9th International Conference on Information Systems Security and Privacy. INSTICC, SciTePress (2023)","DOI":"10.5220\/0011784400003405"},{"key":"9_CR21","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-030-78120-0_12","volume-title":"ICT Systems Security and Privacy Protection","author":"R Kaksonen","year":"2021","unstructured":"Kaksonen, R., J\u00e4rvenp\u00e4\u00e4, T., Pajukangas, J., Mahalean, M., R\u00f6ning, J.: 100 popular open-source Infosec tools. In: J\u00f8sang, A., Futcher, L., Hagen, J. (eds.) SEC 2021. IAICT, vol. 625, pp. 181\u2013195. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78120-0_12"},{"key":"9_CR22","doi-asserted-by":"publisher","first-page":"129932","DOI":"10.1109\/ACCESS.2022.3225973","volume":"10","author":"A Khurshid","year":"2022","unstructured":"Khurshid, A., Alsaaidi, R., Aslam, M., Raza, S.: EU cybersecurity act and IoT certification: landscape, perspective and a proposed template scheme. IEEE Access 10, 129932\u2013129948 (2022)","journal-title":"IEEE Access"},{"issue":"6","key":"9_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3410160","volume":"53","author":"SN Matheu","year":"2020","unstructured":"Matheu, S.N., Hern\u00e1ndez-Ramos, J.L., Skarmeta, A.F., Baldini, G.: A survey of cybersecurity certification for the internet of things. ACM Comput. Surv. 53(6), 1\u201336 (2020)","journal-title":"ACM Comput. Surv."},{"key":"9_CR24","unstructured":"National Institute of Standards and Technology (NIST): National Vulnerability Database (2023). https:\/\/nvd.nist.gov\/"},{"key":"9_CR25","unstructured":"Rekhter, Y., Li, T.: Manufacturer Usage Description Specification. RFC - Proposed Standard, RFC Editor (2019)"},{"key":"9_CR26","unstructured":"Rollo, J.: D1.2 List of tools and techniques applicable for high and medium assurance for efficient assurance. Report DS-01-731456 \/ D1.2 \/ V1.0, Project: Compositional security certification for medium to high-assurance COTS-based systems in environments with emerging threats (2017)"},{"key":"9_CR27","doi-asserted-by":"publisher","first-page":"100467","DOI":"10.1016\/j.cosrev.2022.100467","volume":"44","author":"E Schiller","year":"2022","unstructured":"Schiller, E., Aidoo, A., Fuhrer, J., Stahl, J., Zi\u00f6rjen, M., Stiller, B.: Landscape of IoT security. Comput. Sci. Rev. 44, 100467 (2022)","journal-title":"Comput. Sci. Rev."},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., Tschofenig, H.: Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth). RFC - Proposed Standard, RFC Editor (2022)","DOI":"10.17487\/RFC9200"},{"key":"9_CR29","unstructured":"Traficom, Finland: The Cybersecurity Label, National Cyber Security Center, Finnish Transport and Communications Agency (2023). https:\/\/tietoturvamerkki.fi\/en\/"}],"container-title":["Lecture Notes in Computer Science","Information Security Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-7032-2_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,7]],"date-time":"2023-11-07T23:04:24Z","timestamp":1699398264000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-7032-2_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9789819970315","9789819970322"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-7032-2_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"8 November 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISPEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Practice and Experience","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 August 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ispec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}