loading page

STRIDE based threat modeling for Smart Hazard Analysis and Critical Control Points in Korea
  • +2
  • SeHee Jung,
  • Haeun Lee,
  • Sungjin Kim,
  • Sangyoon Lee,
  • Kyounggon Kim
SeHee Jung
Chung-Ang University
Author Profile
Haeun Lee
Best of the Best program
Author Profile
Sungjin Kim
Best of the Best program
Author Profile
Sangyoon Lee
Best of the Best program
Author Profile
Kyounggon Kim
Naif Arab University for Security Sciences

Corresponding Author:[email protected]

Author Profile

Abstract

With the acceleration of the Fourth Industrial Revolution, Information and Communications Technology (ICT) has been increasingly implemented in the food industry to enhance convenience. In Korea, this implementation is referred to as Smart Hazard Analysis and Critical Control Points (Smart HACCP). Smart HACCP offers advantages such as real-time monitoring and automation through the integration of Internet of Things (IoT) technologies and others into the traditional HACCP system. However, these advantages can also introduce critical security vulnerabilities to the equipment and system. For instance, tampering with Critical Control Point (CCP) data within smart HACCP can lead to problems that result in casualties during the distribution process. Thus, ensuring the security of smart HACCP is of utmost importance. Despite the increased risk, only a few attempts have been made to address the research on the security vulnerabilities of smart HACCP. Furthermore, much of the existing literature primarily focuses on adapting the system to specific industries, such as the food sector. Therefore, in this paper, we identify smart HACCP threats through STRIDE threat modeling and propose attack scenarios based on the findings. Our experimental results reveal approximately 183 threats in smart HACCP, comprising 142 threats identified using the Microsoft Threat Modeling Tool and an additional 41 threats that consider the characteristics of smart HACCP. Building upon the experiment, we derive three attack scenarios and evaluate them using a standard module and actual enterprise in Korea.
Submitted to Transactions on Emerging Telecommunications Technologies
10 Jul 2024Reviewer(s) Assigned
20 Aug 2024Review(s) Completed, Editorial Evaluation Pending
30 Oct 2024Editorial Decision: Revise Major
10 Dec 20241st Revision Received