Abstract
In many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and energy cost. In this article, we focus on the problem of efficiently and effectively securing IoT networks by carefully allocating security resources in the network area. In particular, given a set of security resources R and a set of attacks to be faced A, our method chooses the subset of R that best addresses the attacks in A, and the set of locations where to place them, that ensure the security coverage of all IoT devices at minimum cost and energy consumption. We model our problem according to game theory and provide a Pareto-optimal solution in which the cost of the security infrastructure, its energy consumption, and the probability of a successful attack are minimized. Our experimental evaluation shows that our technique improves the system robustness in terms of packet delivery rate for different network topologies. Furthermore, we also provide a method for handling the computation of the resource allocation plan for large-scale networks scenarios, where the optimization problem may require an unreasonable amount of time to be solved. We show how our proposed method drastically reduces the computing time, while providing a reasonable approximation of the optimal solution.
- Eitan Altman, Konstantin Avrachenkov, and Andrey Gamaev. 2009. Jamming in wireless networks: The case of several jammers. In Proceedings of the 1st ICST International Conference on Game Theory for Networks. Google ScholarDigital Library
- Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The Internet of Things: A survey. Comput. Netw. 54, 15 (2010), 2787--2805. Google ScholarDigital Library
- Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In Proceedings of the Design Automation Conference (DAC’15). IEEE, 1--6. Google ScholarDigital Library
- Srdjan Čapkun, Levente Buttyán, and Jean-Pierre Hubaux. 2003. SECTOR: Secure tracking of node encounters in multi-hop wireless networks. In Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks. Google ScholarDigital Library
- Ho Ting Cheng and Weihua Zhuang. 2009. Pareto optimal resource management for wireless mesh networks with QoS assurance: Joint node clustering and subcarrier allocation. IEEE Transactions on Wireless Communications 8, 3 (2009), 1573--1583. Google ScholarDigital Library
- Chunxiao Chigan, Leiyuan Li, and Yinghua Ye. 2005. Resource-aware self-adaptive security provisioning in mobile ad hoc networks. In Proceedings of the IEEE Wireless Communications and Networking Conference.Google ScholarCross Ref
- Kalyanmoy Deb, Amrit Pratap, Sameer Agarwal, and T. Meyarivan. 2000. A fast elitist multi-objective genetic algorithm: NSGA-II. IEEE Trans. Evol. Comput. 6 (2000), 182--197. Google ScholarDigital Library
- Rinku Dewri, Indrajit Ray, Nayot Poolsappasit, and Darrell Whitley. 2012. Optimal security hardening on attack tree models of networks: A cost-benefit analysis. In International Journal of Information Security 11, 3 (2012), 167--188. Google ScholarDigital Library
- Rinku Dewri, Indrakshi Ray, Indrajit Ray, and Darrell Whitley. 2008. Security provisioning in pervasive environments using multi-objective optimization. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’08). Google ScholarDigital Library
- Thang N. Dinh, Ying Xuan, My T. Thai, EK Park, and Taieb Znati. 2010. On approximation of new optimization methods for assessing network vulnerability. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’10). Google ScholarDigital Library
- Laurent Eschenauer and Virgil D. Gligor. 2002. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, 41--47. Google ScholarDigital Library
- Lewis Girod, Jeremy Elson, Alberto Cerpa, Thanos Stathopoulos, Nithya Ramanathan, and Deborah Estrin. 2004. EmStar: A software environment for developing and deploying wireless sensor networks. In Proceedings of the USENIX Annual Technical Conference (USENIX’04). Google ScholarDigital Library
- Lal C Godara. 1997. Application of antenna arrays to mobile communications. II. Beam-forming and direction-of-arrival considerations. Proc. IEEE 85, 8 (1997), 1195--1245.Google ScholarCross Ref
- Zhu Han, Ninoslav Marina, Mérouane Debbah, and Are Hjørungnes. 2009. Physical layer security game: How to date a girl with her boyfriend on the same table. In Proc. of the 1st ICST International Conference on Game Theory for Networks. Google ScholarDigital Library
- Yih-Chun Hu, Adrian Perrig, and David B. Johnson. 2003. Packet leashes: A defense against wormhole attacks in wireless networks. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’03). IEEE.Google Scholar
- Yi-an Huang and Wenke Lee. 2003. A cooperative intrusion detection system for Ad Hoc networks. In Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN’03). ACM, New York, NY, 135--147. Google ScholarDigital Library
- Jonathan Hui, David Culler, and Samita Chakrabarti. 2009. 6LoWPAN: Incorporating IEEE 802.15. 4 into the IP architecture. IPSO Alliance White Paper 3 (2009).Google Scholar
- IEEEE. 2007. IEEE 802.15 WPAN Task Group 4 (TG4). Retrieved from http://www.ieee802.org/15/pub/TG4.html.Google Scholar
- IBM ILOG. 2011. CPLEX 12.5. (2011).Google Scholar
- Devesh Jinwala, Dhiren Patel, and Kankar Dasgupta. 2012. FlexiSec: A configurable link layer security architecture for wireless sensor networks. arXiv preprint arXiv:1203.4697 (2012).Google Scholar
- Anne-Marie Kermarrec, Erwan Le Merrer, Bruno Sericola, and Gilles Trédan. 2011. Second order centrality: Distributed assessment of nodes criticity in complex networks. Computer Communications 34, 5 (2011), 619--628. Google ScholarDigital Library
- Issa Khalil, Saurabh Bagchi, and Ness B Shroff. 2005. LITEWORP: A lightweight countermeasure for the wormhole attack in multihop wireless networks. In Proceedings of the International Conference on Dependable Systems and Networks (DSN’05).. IEEE, 612--621. Google ScholarDigital Library
- Philip Levis, Nelson Lee, Matt Welsh, and David Culler. 2003. TOSSIM: Accurate and scalable simulation of entire TinyOS applications. In Proceedings of the 1st International Conference on Embedded Networked Sensor Systems. ACM. Google ScholarDigital Library
- P. Levis, S. Madden, J. Polastre, R. Szewczyk, K. Whitehouse, A. Woo, D. Gay, J. Hill, M. Welsh, E. Brewer, and D. Culler. 2005. TinyOS: An operating system for sensor networks. In Ambient Intelligence. Springer, Berlin.Google Scholar
- Peter V. Marsden. 2002. Egocentric and sociocentric measures of network centrality. Soc. Netw. 24, 4 (2002), 407--422.Google ScholarCross Ref
- Sergio Marti, Thomas J Giuli, Kevin Lai, and Mary Baker. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th Annual International Conference on Mobile Computing and Networking. ACM, 255--265. Google ScholarDigital Library
- Achille Messac, Amir Ismail-Yahaya, and Christopher A Mattson. 2003. The normalized normal constraint method for generating the Pareto frontier. Structural and Multidisciplinary Optimization 25, 2 (2003), 86--98.Google ScholarCross Ref
- Daniele Midi, Antonino Rullo, Anand Mudgerikar, and Elisa Bertino. 2017. Kalis: A system for knowledge-driven adaptable intrusion detection for the Internet of Things. In Proceedings of the IEEE 37th International Conference on Distributed Computing Systems (ICDCS’17).Google ScholarCross Ref
- A. Mishra, K. Nadkarni, and A. Patcha. 2004. Intrusion detection in wireless ad hoc networks. IEEE Wireless Communications 11, 1 (Feb 2004), 48--60. Google ScholarDigital Library
- Asis Nasipuri and Kai Li. 2002. A directionality based location discovery scheme for wireless sensor networks. In Proceedings of the 1st ACM International Workshop on Wireless Sensor Networks and Applications. ACM. Google ScholarDigital Library
- Raymond T. Ng and Jiawei Han. 1994. Efficient and effective clustering methods for spatial data mining.Google Scholar
- Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing 9, 1 (2012), 61--74. Google ScholarDigital Library
- Shahid Raza, Simon Duquennoy, Joel Höglund, Utz Roedig, and Thiemo Voigt. 2014. Secure communication for the Internet of Things a comparison of link-layer security and IPsec for 6LoWPAN. Security and Communication Networks 7, 12 (2014), 2654--2668.Google ScholarCross Ref
- Shahid Raza, Linus Wallgren, and Thiemo Voigt. 2013. SVELTE: Real-time intrusion detection in the Internet of Things. Ad Hoc Networks (2013). Google ScholarDigital Library
- Rodrigo Roman, Cristina Alcaraz, Javier Lopez, and Nicolas Sklavos. 2011. Key management systems for sensor networks in the context of the Internet of Things. Comput. Electr. Eng. 37, 2 (2011), 147--159. Google ScholarDigital Library
- Antonino Rullo, Daniele Midi, Edoardo Serra, and Elisa Bertino. 2017a. A game of things: Strategic allocation of security resources for IoT. In Procedings of the ACM/IEEE 2nd International Conference on Internet-of-Things Design and Implementaion (IoTDI’17). ACM/IEEE. Google ScholarDigital Library
- Antonino Rullo, Edoardo Serra, Elisa Bertino, and Jorge Lobo. 2017b. Shortfall-based optimal placement of security resources for mobile IoT scenarios. In European Symposium on Research in Computer Security (ESORICS’17). Springer, Berlin.Google ScholarCross Ref
- Edoardo Serra, Sushil Jajodia, Andrea Pugliese, Antonino Rullo, and V. S. Subrahmanian. 2015. Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. 17, 3 (2015), 11. Google ScholarDigital Library
- Kalpana Sharma and M. K. Ghose. 2010. Wireless sensor networks: An overview on its security threats. IJCA Special Issue on Mobile Ad-Hoc Networks MANETs. 42--45.Google Scholar
- Chanatip Tumrongwittayapak and Ruttikorn Varakulsiripunth. 2009. Detecting sinkhole attack and selective forwarding attack in wireless sensor networks. In Proceedings of the International Conference on Intelligent Circuits and Systems (ICICS’09). Google ScholarDigital Library
- András Varga and others. 2001. The OMNeT++ discrete event simulation system. In Proceedings of the European Simulation Multiconference (ESM’01).Google Scholar
- Heinrich von Stackelberg, Damien Bazin, Rowland Hill, and Lynn Urch. 2010. Market Structure and Equilibrium. Springer, Berlin.Google Scholar
- Dazhi Zhang and Donggang Liu. 2010. DataGuard: Dynamic data attestation in wireless sensor networks. In Proceedings of the IEEE International Conference on Dependable Systems and Networks (DSN’10). IEEE.Google Scholar
- Liang Zhou and Han-Chieh Chao. 2011. Multimedia traffic security architecture for the Internet of Things. IEEE Netw. 25, 3 (2011), 35--40.Google ScholarCross Ref
- Quanyan Zhu, Linda Bushnell, and Tamer Basar. 2012. Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks. In Proceedings of the IEEE Conference on Decision and Control (CDC’12). IEEE, 3404--3411.Google ScholarCross Ref
- Quanyan Zhu, Husheng Li, Zhu Han, and Tamer Basar. 2010. A stochastic game model for jamming in multi-channel cognitive radio systems. In Proceedings of the IEEE International Conference on Communications (ICC’10).Google ScholarCross Ref
- Alliance Zigbee. 2006. Zigbee specification. ZigBee document 053474r13 (2006).Google Scholar
Index Terms
- Pareto Optimal Security Resource Allocation for Internet of Things
Recommendations
A Game of Things: Strategic Allocation of Security Resources for IoT
IoTDI '17: Proceedings of the Second International Conference on Internet-of-Things Design and ImplementationIn many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security ...
Internet of things security: challenges and perspectives
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud ComputingNo one can deny that the Internet of Things (IOT) will revolutionize our daily thanks to its many benefits in order to improve and simplify people's lives. Us any new technology the internet of things has a number of problems that prevents it to reach ...
Internet of Things: information security challenges and solutions
Keeping up with the burgeoning Internet of Things (IoT) requires staying up to date on the latest network attack trends in dynamic and complicated cyberspace, and take them into account while developing holistic information security (IS) approaches for ...
Comments