TUI Model for Analyzing Data Privacy of Internet of Things (IoT) Devices

The development of the Internet of Things (IoT) has been at the forefront of progressing societal functionality. The creation of new IoT devices has raised and prioritized the concern of information technology (IT) security. The Common Vulnerability Scoring System (CVSS) is a framework for providing information to the public about the impact of vulnerabilities and exploits executed on a multitude of devices. While the CVSS addresses a plethora of conditions for vulnerabilities, it does not adequately make end-users aware of the impact data privacy can have on their devices. The purpose of this paper is to extend the content within the current CVSS and propose a new model that acknowledges Transparency, Unlinkability, and Intervenability (TUI) when scoring impacts of vulnerabilities. After development of the new scoring for TUI, our research highlights case studies to emphasize the impact our TUI model will have on the CVSS. Our research has developed this model in order to provide a new sufficient score for analyzing the true impact of compromised data privacy. We strongly believe that our proposed model benefit both the individual users (consumers of IoT devices) and the industry to portray the possible vulnerabilities from a user standpoint as well as a manufacturer standpoint.