In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an “optimal” set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users’ payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.
|Title of host publication||2015 IEEE International Conference on Communication Workshop (ICCW)|
|Place of Publication||London|
|Number of pages||6|
|Publication status||Published - 10 Mar 2015|
|Event||2015 IEEE International Conference on Communication Workshop (ICCW) - London, UK, 8-12 June 2015|
Duration: 10 Mar 2015 → …
|Conference||2015 IEEE International Conference on Communication Workshop (ICCW)|
|Period||10/03/15 → …|
Bibliographical note© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Rontidis, G., Panaousis, E., Laszka, A., Dagiuklas, T., Malacaria, P., & Alpcan, T. (2015). A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things. In 2015 IEEE International Conference on Communication Workshop (ICCW) (pp. 2639-2644). IEEE. https://doi.org/10.1109/ICCW.2015.7247577