A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things
George Rontidis, Emmanouil Panaousis, Aron Laszka, Tasos Dagiuklas, Pasquale Malacaria, Tansu Alpcan

Citation
George Rontidis, Emmanouil Panaousis, Aron Laszka, Tasos Dagiuklas, Pasquale Malacaria, Tansu Alpcan. "A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things". 1st IEEE International Workshop on Security and Privacy for Internet of Things and Cyber-Physical Systems, in conjunction with IEEE ICC 2015 (IoT/CPS-Security), June, 2015.

Abstract
In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an "optimal" set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users' payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.

Electronic downloads


Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
    George Rontidis, Emmanouil Panaousis, Aron Laszka, Tasos
    Dagiuklas, Pasquale Malacaria, Tansu Alpcan. <a
    href="http://www.cps-forces.org/pubs/122.html"
    >A Game-Theoretic Approach for Minimizing Security Risks
    in the Internet-of-Things</a>, 1st IEEE International
    Workshop on Security and Privacy for Internet of Things and
    Cyber-Physical Systems, in conjunction with IEEE ICC 2015
    (IoT/CPS-Security), June, 2015.
  • Plain text
    George Rontidis, Emmanouil Panaousis, Aron Laszka, Tasos
    Dagiuklas, Pasquale Malacaria, Tansu Alpcan. "A
    Game-Theoretic Approach for Minimizing Security Risks in the
    Internet-of-Things". 1st IEEE International Workshop on
    Security and Privacy for Internet of Things and
    Cyber-Physical Systems, in conjunction with IEEE ICC 2015
    (IoT/CPS-Security), June, 2015.
  • BibTeX
    @inproceedings{RontidisPanaousisLaszkaDagiuklasMalacariaAlpcan15_GameTheoreticApproachForMinimizingSecurityRisksInInternetofThings,
        author = {George Rontidis and Emmanouil Panaousis and Aron
                  Laszka and Tasos Dagiuklas and Pasquale Malacaria
                  and Tansu Alpcan},
        title = {A Game-Theoretic Approach for Minimizing Security
                  Risks in the Internet-of-Things},
        booktitle = {1st IEEE International Workshop on Security and
                  Privacy for Internet of Things and Cyber-Physical
                  Systems, in conjunction with IEEE ICC 2015
                  (IoT/CPS-Security)},
        month = {June},
        year = {2015},
        abstract = {In the Internet-of-Things (IoT), users might share
                  part of their data with different IoT prosumers,
                  which offer applications or services. Within this
                  open environment, the existence of an adversary
                  introduces security risks. These can be related,
                  for instance, to the theft of user data, and they
                  vary depending on the security controls that each
                  IoT prosumer has put in place. To minimize such
                  risks, users might seek an "optimal" set of
                  prosumers. However, assuming the adversary has the
                  same information as the users about the existing
                  security measures, he can then devise which
                  prosumers will be preferable (e.g., with the
                  highest security levels) and attack them more
                  intensively. This paper proposes a
                  decision-support approach that minimizes security
                  risks in the above scenario. We propose a
                  non-cooperative, two-player game entitled
                  Prosumers Selection Game (PSG). The Nash
                  Equilibria of PSG determine subsets of prosumers
                  that optimize users' payoffs. We refer to any game
                  solution as the Nash Prosumers Selection (NPS),
                  which is a vector of probabilities over subsets of
                  prosumers. We show that when using NPS, a user
                  faces the least expected damages. Additionally, we
                  show that according to NPS every prosumer, even
                  the least secure one, is selected with some
                  non-zero probability. We have also performed
                  simulations to compare NPS against two different
                  heuristic selection algorithms. The former is
                  proven to be approximately 38% more effective in
                  terms of security-risk mitigation.},
        URL = {http://cps-forces.org/pubs/122.html}
    }
    

Posted by Aron Laszka on 15 Mar 2016.
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.