A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things

George Rontidis, Emmanouil Panaousis, Aron Laszka, Tasos Dagiuklas, Pasquale Malacaria, Tansu Alpcan

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNResearchpeer-review

Abstract

In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an “optimal” set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users’ payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.
Original languageEnglish
Title of host publication2015 IEEE International Conference on Communication Workshop (ICCW)
Place of PublicationLondon
PublisherIEEE
Pages2639-2644
Number of pages6
ISBN (Print)9781467363051
DOIs
Publication statusPublished - 10 Mar 2015
Event2015 IEEE International Conference on Communication Workshop (ICCW) - London, UK, 8-12 June 2015
Duration: 10 Mar 2015 → …

Conference

Conference2015 IEEE International Conference on Communication Workshop (ICCW)
Period10/03/15 → …

Fingerprint

Set theory
Internet of things

Bibliographical note

© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Cite this

Rontidis, G., Panaousis, E., Laszka, A., Dagiuklas, T., Malacaria, P., & Alpcan, T. (2015). A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things. In 2015 IEEE International Conference on Communication Workshop (ICCW) (pp. 2639-2644). London: IEEE. https://doi.org/10.1109/ICCW.2015.7247577
Rontidis, George ; Panaousis, Emmanouil ; Laszka, Aron ; Dagiuklas, Tasos ; Malacaria, Pasquale ; Alpcan, Tansu. / A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things. 2015 IEEE International Conference on Communication Workshop (ICCW). London : IEEE, 2015. pp. 2639-2644
@inproceedings{bbebf4f2afd24595ae2b20718efcade6,
title = "A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things",
abstract = "In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an “optimal” set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users’ payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38{\%} more effective in terms of security-risk mitigation.",
author = "George Rontidis and Emmanouil Panaousis and Aron Laszka and Tasos Dagiuklas and Pasquale Malacaria and Tansu Alpcan",
note = "{\circledC} 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.",
year = "2015",
month = "3",
day = "10",
doi = "10.1109/ICCW.2015.7247577",
language = "English",
isbn = "9781467363051",
pages = "2639--2644",
booktitle = "2015 IEEE International Conference on Communication Workshop (ICCW)",
publisher = "IEEE",

}

Rontidis, G, Panaousis, E, Laszka, A, Dagiuklas, T, Malacaria, P & Alpcan, T 2015, A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things. in 2015 IEEE International Conference on Communication Workshop (ICCW). IEEE, London, pp. 2639-2644, 2015 IEEE International Conference on Communication Workshop (ICCW), 10/03/15. https://doi.org/10.1109/ICCW.2015.7247577

A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things. / Rontidis, George; Panaousis, Emmanouil; Laszka, Aron; Dagiuklas, Tasos; Malacaria, Pasquale; Alpcan, Tansu.

2015 IEEE International Conference on Communication Workshop (ICCW). London : IEEE, 2015. p. 2639-2644.

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNResearchpeer-review

TY - GEN

T1 - A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things

AU - Rontidis, George

AU - Panaousis, Emmanouil

AU - Laszka, Aron

AU - Dagiuklas, Tasos

AU - Malacaria, Pasquale

AU - Alpcan, Tansu

N1 - © 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2015/3/10

Y1 - 2015/3/10

N2 - In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an “optimal” set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users’ payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.

AB - In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an “optimal” set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users’ payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.

U2 - 10.1109/ICCW.2015.7247577

DO - 10.1109/ICCW.2015.7247577

M3 - Conference contribution with ISSN or ISBN

SN - 9781467363051

SP - 2639

EP - 2644

BT - 2015 IEEE International Conference on Communication Workshop (ICCW)

PB - IEEE

CY - London

ER -

Rontidis G, Panaousis E, Laszka A, Dagiuklas T, Malacaria P, Alpcan T. A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things. In 2015 IEEE International Conference on Communication Workshop (ICCW). London: IEEE. 2015. p. 2639-2644 https://doi.org/10.1109/ICCW.2015.7247577