Skip to main content
. 2022 Dec 25;23(1):218. doi: 10.3390/s23010218

Table 10.

A comparison between HIoT BC-IdM cybersecurity risk framework studies.

Authors Contributions Strengths Weaknesses
[S1] Sepczuk and Kotulski [22] Risk assessment as a service for IdM authentication, applies ISO/IEC27005. Covers authentication process in IdM systems. Does not follow risk management standards.
[S2] Wang et al. [31] Risk assessment for BC applications within China, follows the Chinese Classified Protection Cybersecurity (CPC) law. Based on national standards. It covers Bitcoin, Ethereum, and Hyperledger Fabric BCs and gives evaluation metrics and controls for P2P network, consensus, Distributed Ledger, and contract layers. It lacks main components of risk management.
[S3] Kim et al. [32] Risk analysis for DID document in the W3C DID technical standards. Scenario-based risk analysis for DID authentication used to provide Self-Sovereign Identity technologies. Does not follow risk management standards.
[S4] Vakhter et al. [45] Threat modelling and risk analysis for HIoT (miniaturized) applies NIST SP 800-30. Covers HIoT assets with a focus on miniaturized HIoT, and gives risk analysis. Does not cover BC and IdM assets.
[S5] Schlatt et al. [74] BC cybersecurity framework for BC. Covers the relations between stockholders (users, developers, attackers) in BC applications and the BC infrastructure. Lack of main components of risk management.
[S6] Alzahrani et al. [81] Assessment model for BC-based electronic health records. Covers BC-based electronic health records and security and privacy risks. General assessment does not follow risk management standards.
[S7] Psychoua et al. [90] Privacy risk assessment for HIoT (wearable). Covers privacy aspect with a focus on Privacy by Design. Does not follow risk management standards and does not cover BC and IdM assets.
[S8] Tseng et al. [91] Risk assessment for HIoT (wearable) using STRIDE and DREAD approaches. Covers HIoT assets. Does not follow risk management standards and does not cover BC and IdM assets.
[S9] Cagnazzo et al. [92] Threat modelling for HIoT (mHealth) using STRIDE and DREAD approaches. Covers HIoT assets. Does not follow risk management standards and does not cover BC and IdM assets.
[S10] Paul et al. [93] Risk management for HIoT applying ISO/IEC 80001-and AAMI TIR57. Proposes security risk management for HIoT(WBAN) and reviews regulations/standards and security and privacy controls. Does not cover IdM and BC assets.
[S11] Sheik et al. [94] Threat modelling for BC-IdM using the STRIDE approach. Covers BC-IdM. Does not follow risk management standards and does not cover HIoT assets and emerging BC-IdM standards, such as DID.
[S12] A Shostack [100] General threat modelling methodology. Covers Security and Privacy. It is general and does not support short-term repetition processes.
[S13] Bhardwaj et al. [107] Dynamic penetration test for SC-based applications. Applies OWASP top 10 vulnerabilities. Covers BC SC. Does not follow risk management standards and only focuses on SC assets.
[S14] Lv et al. [111] Static risk analysis for SCs in Hyperledger Fabric. Covers SC assets in Hyperledger Fabric. Does not follow risk management standards and only focus on SC assets.
[S15]Wen et al. [115] BC cybersecurity framework. Covers attacks and countermeasures in a BC-layered framework. It lacks risk management main components.
[S16] Naik et al. [116] Tree-based risk analysis for BC-IdM (SSI). Covers BC-IdM components, such as DID, and shows attack vectors. It does not follow risk management general standards and does cover HIoT assets.
[S17] Konig et al. [117] Risk analysis for BC. Presents a BC-layered framework and shows the prerequisites for attacks. Does not follow risk management standards.
[S18] Alsubaei et al. [118] Security risk assessment for HIoT (risk assessment as a service (tool) testing 260 attributes), and considers standards, such as HITECH Act, HIPPA, GDPR, PCEHR Act, ISO/iec27018, ISO/IEC 27034, AICPA, FIPS, GSMA, MDD39/42/EEC, MDR2017/745, ISO/IEC80001, ISO14971, ISO13485, ISO/IEC22301, and ISO/IEC27001. Covers HIoTs. Does not follow risk management standards and does not cover IdM and BC aspects.
[S19] Wang et al. [124] Uses Identified Security Attributes (ISA) framework for HIoT. Covers HIoT assets and gives systematic approach to evaluate security solutions and decision making. Does not follow risk management standards and does not cover BC and IdM assets.
[S20] Lopatina et al. [137] Risk assessment for HIoT. Covers HIoT assets. Does not follow risk management standards and does not cover BC and IdM assets.
[S21] Mallah et al. [138] Security risk assessment for BC-based transportation applications. Uses ISO31000 and ISO27005. Covers BC Assets. Does not cover HIoT and IdM assets.
[S22] Ruf et al. [139] Threat modelling for BC-based industrial IoT applications. Covers BC assets and presents a case study. Only on-premise threat analysis, does not give details about threat modelling methods, and does not cover HIoT and IdM assets.
[S23] Cha et al. [140] Security control framework for permissioned BC applications, and uses PCI-DSS, CIS controls, and ISO/IEC27001 and ISO/IEC 27002 standards. Covers controls in different layers. Does not cover the main security risk management phases.
[S24] Morganti et al. [141] Risk assessment for BC technology, which follows NIST SP-800-30. Covers BC assets. Covers BC in general but does not cover HIoT and IdM assets.
[S25] Homoliak et al. [142] Security reference architecture (SRA)-based risk assessment for BC technology, which uses ISO/IEC 15408 standards. Covers BC nodes (consensus, validating, lightweight), and gives detailed analysis of threats, vulnerabilities, and defences. Covers BC applications in general.
[S26]Putz and Pernul [143] Threat modelling for Hyperledger Fabric BC. Covers BC assets and threat indicators in Hyperledger Fabric BC. It lacks the main components of security risk management.
[S27] Zhao et al. [144] Risk analysis for BC technology communications. Presents a BC-layered framework. Does not follow risk management standards.
[S28] Wilson et al. [145] Digital identity security framework for IdM in IoT systems. A stack model covers privacy in IdM. Does not follow risk management standards, and does cover HIoT and BC assets.
[S29] Arias-Cabarcos et al. [146] Risk assessment for IdM, which uses multi-attribute utility theory (MAUT). Covers IdM physical and digital authentication aspects and gives quantitative evaluation for security and privacy. Does not follow risk management standards.
[S30] Attaallah et al. [147] Risk assessment for HIoT. Covers the security requirements of HIoT. Does not follow risk management standards, does not cover IdM and BC assets, and lacks details.
[S31] YIN et al. [148] Security risk management for HIoT, which applies ISO/IEC27005 standards. Presents a case study in a hospital. Lacks details and does not cover BC and IdM assets.