Table 3.

Real-world examples related to the identified security threats and risks from different information assets.

Asset ID	Real-World Examples
1	An unauthorized individual obtains the necessary credentials and is able to login into the main smart home system.
2	The legitimate user loses his or her mobile device or it becomes stolen, and then the smart home-related apps are manipulated. The phone application can be manipulated remotely via injecting a malicious code.
3	An information asset is altered intentionally by malicious individuals to cause the power supply smart meter to show high electricity consumption.
	Jamming and tampering at the physical layer could prevent sensors from detecting risks such as fire, flood, and unexpected motion.
	A compromised motion sensor could be used to determine when there are people at home.
	The statuses of door locks and alarm systems could be used to determine when a smart home is occupied.
4	Attackers can gain access to this information asset by obtaining unencrypted backup media or via a social engineering attack.
5	This asset can be obtained if the log data are easily accessible via an insecure channel.
6	This asset can be obtained if the gateway is not properly secured, e.g., an open Wi-Fi network. The adversary can hijack the Wi-Fi connection, can inject a malicious code, and then takes control over the smart home system.
7	This asset can be obtained if the information asset is stored as a data file in the smart home system (e.g., a PC) without strong authentication mechanisms.
8	This asset can be obtained if such devices are outsourced to a non-serious (untrusted) third-party service provider.
9	This asset can be obtained if such information is sent from the tracking system to a listener device in clear text and is captured by an attacker.
10	This asset can be found physically or digitally, e.g., on papers, CDs, DVDs, backup media, a PC, communication networks or databases. The information can be accessed by unauthorized people if not stored properly and securely.