Pareto Optimal Security Resource Allocation for Internet of Things

Authors:
Antonino Rullo

Purdue University, West Lafayette, IN, USA

Purdue University, West Lafayette, IN, USA
View Profile

,
Daniele Midi

Purdue University, West Lafayette, IN, USA

Purdue University, West Lafayette, IN, USA
View Profile

,
Edoardo Serra

Boise State University, Boise, ID, USA

Boise State University, Boise, ID, USA
View Profile

,
Elisa Bertino

Purdue University, West Lafayette, IN, USA

Purdue University, West Lafayette, IN, USA
View Profile

Authors Info & Claims

ACM Transactions on Privacy and Security Volume 20 Issue 4Article No.: 15pp 1–30https://doi.org/10.1145/3139293

Published:24 October 2017Publication History

ACM Transactions on Privacy and Security

Abstract

In many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and energy cost. In this article, we focus on the problem of efficiently and effectively securing IoT networks by carefully allocating security resources in the network area. In particular, given a set of security resources R and a set of attacks to be faced A, our method chooses the subset of R that best addresses the attacks in A, and the set of locations where to place them, that ensure the security coverage of all IoT devices at minimum cost and energy consumption. We model our problem according to game theory and provide a Pareto-optimal solution in which the cost of the security infrastructure, its energy consumption, and the probability of a successful attack are minimized. Our experimental evaluation shows that our technique improves the system robustness in terms of packet delivery rate for different network topologies. Furthermore, we also provide a method for handling the computation of the resource allocation plan for large-scale networks scenarios, where the optimization problem may require an unreasonable amount of time to be solved. We show how our proposed method drastically reduces the computing time, while providing a reasonable approximation of the optimal solution.

References

Eitan Altman, Konstantin Avrachenkov, and Andrey Gamaev. 2009. Jamming in wireless networks: The case of several jammers. In Proceedings of the 1st ICST International Conference on Game Theory for Networks. Google ScholarDigital Library
Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The Internet of Things: A survey. Comput. Netw. 54, 15 (2010), 2787--2805. Google ScholarDigital Library
Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In Proceedings of the Design Automation Conference (DAC’15). IEEE, 1--6. Google ScholarDigital Library
Srdjan Čapkun, Levente Buttyán, and Jean-Pierre Hubaux. 2003. SECTOR: Secure tracking of node encounters in multi-hop wireless networks. In Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks. Google ScholarDigital Library
Ho Ting Cheng and Weihua Zhuang. 2009. Pareto optimal resource management for wireless mesh networks with QoS assurance: Joint node clustering and subcarrier allocation. IEEE Transactions on Wireless Communications 8, 3 (2009), 1573--1583. Google ScholarDigital Library
Chunxiao Chigan, Leiyuan Li, and Yinghua Ye. 2005. Resource-aware self-adaptive security provisioning in mobile ad hoc networks. In Proceedings of the IEEE Wireless Communications and Networking Conference.Google ScholarCross Ref
Kalyanmoy Deb, Amrit Pratap, Sameer Agarwal, and T. Meyarivan. 2000. A fast elitist multi-objective genetic algorithm: NSGA-II. IEEE Trans. Evol. Comput. 6 (2000), 182--197. Google ScholarDigital Library
Rinku Dewri, Indrajit Ray, Nayot Poolsappasit, and Darrell Whitley. 2012. Optimal security hardening on attack tree models of networks: A cost-benefit analysis. In International Journal of Information Security 11, 3 (2012), 167--188. Google ScholarDigital Library
Rinku Dewri, Indrakshi Ray, Indrajit Ray, and Darrell Whitley. 2008. Security provisioning in pervasive environments using multi-objective optimization. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’08). Google ScholarDigital Library
Thang N. Dinh, Ying Xuan, My T. Thai, EK Park, and Taieb Znati. 2010. On approximation of new optimization methods for assessing network vulnerability. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’10). Google ScholarDigital Library
Laurent Eschenauer and Virgil D. Gligor. 2002. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, 41--47. Google ScholarDigital Library
Lewis Girod, Jeremy Elson, Alberto Cerpa, Thanos Stathopoulos, Nithya Ramanathan, and Deborah Estrin. 2004. EmStar: A software environment for developing and deploying wireless sensor networks. In Proceedings of the USENIX Annual Technical Conference (USENIX’04). Google ScholarDigital Library
Lal C Godara. 1997. Application of antenna arrays to mobile communications. II. Beam-forming and direction-of-arrival considerations. Proc. IEEE 85, 8 (1997), 1195--1245.Google ScholarCross Ref
Zhu Han, Ninoslav Marina, Mérouane Debbah, and Are Hjørungnes. 2009. Physical layer security game: How to date a girl with her boyfriend on the same table. In Proc. of the 1st ICST International Conference on Game Theory for Networks. Google ScholarDigital Library
Yih-Chun Hu, Adrian Perrig, and David B. Johnson. 2003. Packet leashes: A defense against wormhole attacks in wireless networks. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’03). IEEE.Google Scholar
Yi-an Huang and Wenke Lee. 2003. A cooperative intrusion detection system for Ad Hoc networks. In Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN’03). ACM, New York, NY, 135--147. Google ScholarDigital Library
Jonathan Hui, David Culler, and Samita Chakrabarti. 2009. 6LoWPAN: Incorporating IEEE 802.15. 4 into the IP architecture. IPSO Alliance White Paper 3 (2009).Google Scholar
IEEEE. 2007. IEEE 802.15 WPAN Task Group 4 (TG4). Retrieved from http://www.ieee802.org/15/pub/TG4.html.Google Scholar
IBM ILOG. 2011. CPLEX 12.5. (2011).Google Scholar
Devesh Jinwala, Dhiren Patel, and Kankar Dasgupta. 2012. FlexiSec: A configurable link layer security architecture for wireless sensor networks. arXiv preprint arXiv:1203.4697 (2012).Google Scholar
Anne-Marie Kermarrec, Erwan Le Merrer, Bruno Sericola, and Gilles Trédan. 2011. Second order centrality: Distributed assessment of nodes criticity in complex networks. Computer Communications 34, 5 (2011), 619--628. Google ScholarDigital Library
Issa Khalil, Saurabh Bagchi, and Ness B Shroff. 2005. LITEWORP: A lightweight countermeasure for the wormhole attack in multihop wireless networks. In Proceedings of the International Conference on Dependable Systems and Networks (DSN’05).. IEEE, 612--621. Google ScholarDigital Library
Philip Levis, Nelson Lee, Matt Welsh, and David Culler. 2003. TOSSIM: Accurate and scalable simulation of entire TinyOS applications. In Proceedings of the 1st International Conference on Embedded Networked Sensor Systems. ACM. Google ScholarDigital Library
P. Levis, S. Madden, J. Polastre, R. Szewczyk, K. Whitehouse, A. Woo, D. Gay, J. Hill, M. Welsh, E. Brewer, and D. Culler. 2005. TinyOS: An operating system for sensor networks. In Ambient Intelligence. Springer, Berlin.Google Scholar
Peter V. Marsden. 2002. Egocentric and sociocentric measures of network centrality. Soc. Netw. 24, 4 (2002), 407--422.Google ScholarCross Ref
Sergio Marti, Thomas J Giuli, Kevin Lai, and Mary Baker. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th Annual International Conference on Mobile Computing and Networking. ACM, 255--265. Google ScholarDigital Library
Achille Messac, Amir Ismail-Yahaya, and Christopher A Mattson. 2003. The normalized normal constraint method for generating the Pareto frontier. Structural and Multidisciplinary Optimization 25, 2 (2003), 86--98.Google ScholarCross Ref
Daniele Midi, Antonino Rullo, Anand Mudgerikar, and Elisa Bertino. 2017. Kalis: A system for knowledge-driven adaptable intrusion detection for the Internet of Things. In Proceedings of the IEEE 37th International Conference on Distributed Computing Systems (ICDCS’17).Google ScholarCross Ref
A. Mishra, K. Nadkarni, and A. Patcha. 2004. Intrusion detection in wireless ad hoc networks. IEEE Wireless Communications 11, 1 (Feb 2004), 48--60. Google ScholarDigital Library
Asis Nasipuri and Kai Li. 2002. A directionality based location discovery scheme for wireless sensor networks. In Proceedings of the 1st ACM International Workshop on Wireless Sensor Networks and Applications. ACM. Google ScholarDigital Library
Raymond T. Ng and Jiawei Han. 1994. Efficient and effective clustering methods for spatial data mining.Google Scholar
Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing 9, 1 (2012), 61--74. Google ScholarDigital Library
Shahid Raza, Simon Duquennoy, Joel Höglund, Utz Roedig, and Thiemo Voigt. 2014. Secure communication for the Internet of Things a comparison of link-layer security and IPsec for 6LoWPAN. Security and Communication Networks 7, 12 (2014), 2654--2668.Google ScholarCross Ref
Shahid Raza, Linus Wallgren, and Thiemo Voigt. 2013. SVELTE: Real-time intrusion detection in the Internet of Things. Ad Hoc Networks (2013). Google ScholarDigital Library
Rodrigo Roman, Cristina Alcaraz, Javier Lopez, and Nicolas Sklavos. 2011. Key management systems for sensor networks in the context of the Internet of Things. Comput. Electr. Eng. 37, 2 (2011), 147--159. Google ScholarDigital Library
Antonino Rullo, Daniele Midi, Edoardo Serra, and Elisa Bertino. 2017a. A game of things: Strategic allocation of security resources for IoT. In Procedings of the ACM/IEEE 2nd International Conference on Internet-of-Things Design and Implementaion (IoTDI’17). ACM/IEEE. Google ScholarDigital Library
Antonino Rullo, Edoardo Serra, Elisa Bertino, and Jorge Lobo. 2017b. Shortfall-based optimal placement of security resources for mobile IoT scenarios. In European Symposium on Research in Computer Security (ESORICS’17). Springer, Berlin.Google ScholarCross Ref
Edoardo Serra, Sushil Jajodia, Andrea Pugliese, Antonino Rullo, and V. S. Subrahmanian. 2015. Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. 17, 3 (2015), 11. Google ScholarDigital Library
Kalpana Sharma and M. K. Ghose. 2010. Wireless sensor networks: An overview on its security threats. IJCA Special Issue on Mobile Ad-Hoc Networks MANETs. 42--45.Google Scholar
Chanatip Tumrongwittayapak and Ruttikorn Varakulsiripunth. 2009. Detecting sinkhole attack and selective forwarding attack in wireless sensor networks. In Proceedings of the International Conference on Intelligent Circuits and Systems (ICICS’09). Google ScholarDigital Library
András Varga and others. 2001. The OMNeT++ discrete event simulation system. In Proceedings of the European Simulation Multiconference (ESM’01).Google Scholar
Heinrich von Stackelberg, Damien Bazin, Rowland Hill, and Lynn Urch. 2010. Market Structure and Equilibrium. Springer, Berlin.Google Scholar
Dazhi Zhang and Donggang Liu. 2010. DataGuard: Dynamic data attestation in wireless sensor networks. In Proceedings of the IEEE International Conference on Dependable Systems and Networks (DSN’10). IEEE.Google Scholar
Liang Zhou and Han-Chieh Chao. 2011. Multimedia traffic security architecture for the Internet of Things. IEEE Netw. 25, 3 (2011), 35--40.Google ScholarCross Ref
Quanyan Zhu, Linda Bushnell, and Tamer Basar. 2012. Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks. In Proceedings of the IEEE Conference on Decision and Control (CDC’12). IEEE, 3404--3411.Google ScholarCross Ref
Quanyan Zhu, Husheng Li, Zhu Han, and Tamer Basar. 2010. A stochastic game model for jamming in multi-channel cognitive radio systems. In Proceedings of the IEEE International Conference on Communications (ICC’10).Google ScholarCross Ref
Alliance Zigbee. 2006. Zigbee specification. ZigBee document 053474r13 (2006).Google Scholar

Index Terms

Pareto Optimal Security Resource Allocation for Internet of Things
1. Security and privacy

Recommendations

A Game of Things: Strategic Allocation of Security Resources for IoT
IoTDI '17: Proceedings of the Second International Conference on Internet-of-Things Design and Implementation

In many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security ...
Read More
Internet of things security: challenges and perspectives
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing

No one can deny that the Internet of Things (IOT) will revolutionize our daily thanks to its many benefits in order to improve and simplify people's lives. Us any new technology the internet of things has a number of problems that prevents it to reach ...
Read More
Internet of Things: information security challenges and solutions

Keeping up with the burgeoning Internet of Things (IoT) requires staying up to date on the latest network attack trends in dynamic and complicated cyberspace, and take them into account while developing holistic information security (IS) approaches for ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Privacy and Security Volume 20, Issue 4
November 2017
150 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3143524
Editor:
David Basin
ETH Zurich, Switzerland
Issue’s Table of Contents
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2017
- Accepted: 1 August 2017
- Revised: 1 June 2017
- Received: 1 February 2017
Published in tops Volume 20, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Internet of things
clustering
pareto analysis
stochastic allocation
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 15
  Total Citations
  View Citations
- 719
  Total Downloads
- Downloads (Last 12 months)103
- Downloads (Last 6 weeks)14
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Pareto Optimal Security Resource Allocation for Internet of Things

ACM Transactions on Privacy and Security

Abstract

References

Cited By

Index Terms

Recommendations

A Game of Things: Strategic Allocation of Security Resources for IoT

Internet of things security: challenges and perspectives

Internet of Things: information security challenges and solutions