TY - GEN
T1 - A game-theoretic approach for minimizing security risks in the Internet-of-Things
AU - Rontidis, George
AU - Panaousis, Emmanouil
AU - Laszka, Aron
AU - Dagiuklas, Tasos
AU - Malacaria, Pasquale
AU - Alpcan, Tansu
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/9/8
Y1 - 2015/9/8
N2 - In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an 'optimal' set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users' payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.
AB - In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an 'optimal' set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users' payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.
UR - https://www.scopus.com/pages/publications/84947766643
UR - https://www.scopus.com/pages/publications/84947766643#tab=citedBy
U2 - 10.1109/ICCW.2015.7247577
DO - 10.1109/ICCW.2015.7247577
M3 - Conference contribution
AN - SCOPUS:84947766643
T3 - 2015 IEEE International Conference on Communication Workshop, ICCW 2015
SP - 2639
EP - 2644
BT - 2015 IEEE International Conference on Communication Workshop, ICCW 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - IEEE International Conference on Communication Workshop, ICCW 2015
Y2 - 8 June 2015 through 12 June 2015
ER -