TechRxiv

Current challenges of implementing ETSI EN 303 645 as a baseline security standard for consumer IoT security certification

Download (752.21 kB)
preprint
posted on 2023-12-05, 03:52 authored by Felix KörnerFelix Körner

Consumer IoT devices are primarily used by people who have limited understanding of cybersecurity. For this reason, it is incumbent upon the manufacturer to set up the consumer IoT device securely. However, implementing such measures is costly and often not done voluntarily by manufacturers. Since regulation is necessary, several standardization organizations worldwide are working on security certification of Consumer IoT devices. This paper provides an overview of the current challenges in certifying consumer IoT devices according to the specifications based on the ETSI EN 303 645 and TS 103 701. We present the assessment of two Consumer IoT devices, which gives an insight into the different involved certification players and exposes challenges and weaknesses of the certification process. Furthermore, interviews were conducted with certification bodies that provide consumer IoT security certification. The interviews highlighted some further challenges and suggestions for improvement of the ETSI EN 303 645 ecosystem.

History

Email Address of Submitting Author

felix.koerner@alumni.uni-potsdam.de

ORCID of Submitting Author

0009-0006-5242-1220

Submitting Author's Institution

University Potsdam

Submitting Author's Country

  • Germany

Usage metrics

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC