Step 2 – create a system/architecture overview

This step provides a solid foundation for understanding not only the expected functionality of the IoT system, but also the potential misuse of the system. There are three sub-steps to this part of the threat modeling process:

1. Start with documenting expected functionality.
2. Create an architectural diagram that details the new IoT system. During this process, trust boundaries in the architecture should be established. Trust boundaries should elucidate the trust between actors and their directionality.
3. Identify technologies used within the IoT system.

Documentation of system functionality is best accomplished by creating a set of use cases such as those that follow:

An architectural diagram of the system details the components of the system, their interactions, and the protocols employed in their interactions. The following is an architectural diagram of our example smart parking solution:

Once the logical architecture view is complete, it is important to identify and examine the specific technologies that will comprise the IoT system. This includes understanding and documenting lower-level details regarding the endpoint devices, such as the processor types and operating systems.

The endpoint details provide the information needed to understand the specific types of potential vulnerabilities that may eventually be exposed and define processes for patch management and firmware updates. Understanding and documenting the protocols that are used by each IoT device will also allow for updates to the architecture, especially if gaps are found in the cryptographic controls applied to the data transmitted throughout the system and the organization: