# Optimal Placement of Security Resources for the Internet of Things

## Abstract

In many Internet of Thing application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and/or energy cost. This chapter deals with the problem of efficiently and effectively securing IoT networks by carefully allocating security resources in the network area. The problem is modeled according to game theory, and provide a Pareto-optimal solution, in which the cost of the security infrastructure and the probability of a successful attack are minimized. As in the context of smart urban ecosystems both static and mobile smart city applications can take place, two different formalizations are provided for the two scenarios. For static networks, the optimization problem is modeled as a mixed integer linear program, whereas for mobile scenarios, computational intelligent techniques are adopted for providing a good approximation of the optimal solution.

## References

- 1.E. Altman, K. Avrachenkov, A. Gamaev, Jamming in wireless networks: the case of several jammers, in
*Proceedings of the First ICST International Conference on Game Theory for Networks*(2009)Google Scholar - 2.T. Alwajeeh, P. Combeau, A. Bounceur, R. Vauzelle, Efficient method for associating radio propagation models with spatial partitioning for smart city applications, in
*Proceedings of the International Conference on Internet of things and Cloud Computing*(ACM, 2016), p. 8Google Scholar - 3.L. Atzori, A. Iera, G. Morabito, The internet of things: a survey. Comput. Netw.
**54**(15), 2787–2805 (2010)CrossRefGoogle Scholar - 4.D. Bertsimas, G.J. Lauprete, A. Samarov, Shortfall as a risk measure: properties, optimization and applications. J. Econ. Dyn. Control
**28**(7), 1353–1381 (2004)MathSciNetCrossRefGoogle Scholar - 5.F. Brasser, B. El Mahjoub, A.R. Sadeghi, C. Wachsmann, P. Koeberl, Tytan: Tiny trust anchor for tiny devices, in
*DAC*, 2015 (IEEE, 2015), pp. 1–6Google Scholar - 6.L. Chen, J. Crampton, Risk-aware role-based access control, in
*International Workshop on Security and Trust Management*(Springer, 2011), pp. 140–156Google Scholar - 7.H.T. Cheng, W. Zhuang, Pareto optimal resource management for wireless mesh networks with qos assurance: joint node clustering and subcarrier allocation. IEEE Trans. Wirel. Commun.
**8**(3), 1573–1583 (2009)CrossRefGoogle Scholar - 8.C. Chigan, L. Li, Y. Ye, Resource-aware self-adaptive security provisioning in mobile ad hoc networks, in
*IEEE Wireless Communications and Networking Conference*(2005)Google Scholar - 9.K. Deb, A. Pratap, S. Agarwal, T. Meyarivan, A fast elitist multi-objective genetic algorithm: Nsga-ii. IEEE Trans. Evol. Comput.
**6**, 182–197 (2000)CrossRefGoogle Scholar - 10.R. Dewri, I. Ray, N. Poolsappasit, D. Whitley, Optimal security hardening on attack tree models of networks: a cost-benefit analysis. Int. J. Inf. Secur.
**11**(3), 167–188 (2012)CrossRefGoogle Scholar - 11.R. Dewri, I. Ray, I. Ray, D. Whitley, Security provisioning in pervasive environments using multi-objective optimization, in
*ESORICS*(2008)Google Scholar - 12.T.N. Dinh, Y. Xuan, M.T. Thai, E. Park, T. Znati, On approximation of new optimization methods for assessing network vulnerability, in
*INFOCOM, Proceedings IEEE*(2010)Google Scholar - 13.L. Eschenauer, V.D. Gligor, A key-management scheme for distributed sensor networks, in
*Proceedings of the 9th ACM Conference on Computer and Communications Security*(ACM, 2002), pp. 41–47Google Scholar - 14.G. Fortino, P. Trunfio,
*Internet of Things Based on Smart Objects: Technology, Middleware and Applications*(Springer, 2014)Google Scholar - 15.L. Girod, J. Elson, A. Cerpa, T. Stathopoulos, N. Ramanathan, D. Estrin, Emstar: a software environment for developing and deploying wireless sensor networks, in
*USENIX*(2004)Google Scholar - 16.J. Goldhirsh, W.J. Vogel,
*Handbook of propagation effects for vehicular and personal mobile satellite systems*, vol. 1274 (NASA Reference Publication, 1998), pp. 40–67Google Scholar - 17.A. Guerrieri, L. Valeria, R. Anna, F. Giancarlo, Management of Cyber Physical Objects in the Future Internet of
*things*(Springer, 2016)Google Scholar - 18.A. Guo, M. Haenggi, Spatial stochastic models and metrics for the structure of base stations in cellular networks. IEEE Trans. Wirel. Commun.
**12**(11), 5800–5812 (2013)CrossRefGoogle Scholar - 19.Z. Han, N. Marina, M. Debbah, A. Hjørungnes, Physical layer security game: How to date a girl with her boyfriend on the same table, in
*Proceedings of the First ICST International Conference on Game Theory for Networks*(2009)Google Scholar - 20.A.M. Kermarrec, E. Le Merrer, B. Sericola, G. Trédan, Second order centrality: distributed assessment of nodes criticity in complex networks. Comput. Commun.
**34**(5), 619–628 (2011)CrossRefGoogle Scholar - 21.I. Khalil, S. Bagchi, N.B. Shroff, Liteworp: a lightweight countermeasure for the wormhole attack in multihop wireless networks, in
*International Conference on Dependable Systems and Networks, 2005*. DSN 2005. Proceedings (IEEE, 2005), pp. 612–621Google Scholar - 22.D. Kotz, C. Newport, R.S. Gray, J. Liu, Y. Yuan, C. Elliott, Experimental evaluation of wireless simulation assumptions, in
*Proceedings of the 7th ACM International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems*(ACM, 2004), pp. 78–82Google Scholar - 23.P. Levis, N. Lee, M. Welsh, D. Culler, Tossim: accurate and scalable simulation of entire tinyos applications, in
*Proceedings of 1st International Conference on Embedded Networked Sensor Systems*(ACM, 2003)Google Scholar - 24.H. Levy, Y. Kroll, Ordering uncertain options with borrowing and lending. J. Finan.
**33**(2), 553–574 (1978)CrossRefGoogle Scholar - 25.P.V. Marsden, Egocentric and sociocentric measures of network centrality. Soc. Netw.
**24**(4), 407–422 (2002)CrossRefGoogle Scholar - 26.S. Marti, T.J. Giuli, K. Lai, M. Baker, Mitigating routing misbehavior in mobile ad hoc networks, in
*Proceedings of the 6th Annual International Conference on Mobile Computing and Networking*(ACM, 2000), pp. 255–265Google Scholar - 27.A. Messac, A. Ismail-Yahaya, C.A. Mattson, The normalized normal constraint method for generating the Pareto frontier. Struct. Multidiscip. Optim.
**25**(2), 86–98 (2003)MathSciNetCrossRefGoogle Scholar - 28.D. Midi, A. Rullo, A. Mudgerikar, E. Bertino, Kalis: a system for knowledge-driven adaptable intrusion detection for the internet of things, in
*IEEE 37th International Conference on Distributed Computing Systems (ICDCS)*(2017)Google Scholar - 29.I. Molloy, P.C. Cheng, P. Rohatgi, Trading in risk: using markets to improve access control, in
*Proceedings of the 2008 Workshop on New Security Paradigms*(ACM, 2009), pp. 107–125Google Scholar - 30.I. Molloy, L. Dickens, C. Morisset, P.C. Cheng, J. Lobo, A. Russo, Risk-based security decisions under uncertainty, in
*Proceedings of the Second ACM Conference on Data and Application Security and Privacy*(ACM, 2012), pp. 157–168Google Scholar - 31.N. Poolsappasit, R. Dewri, I. Ray, Dynamic security risk management using bayesian attack graphs. IEEE Trans. Dependable Secur. Comput.
**9**(1), 61–74 (2012)CrossRefGoogle Scholar - 32.T.S. Rappaport, et al.,
*Wireless Communications: Principles and Practice*, vol. 2 (Prentice Hall PTR, New Jersey, 1996)Google Scholar - 33.S. Raza, S. Duquennoy, J. Höglund, U. Roedig, T. Voigt, Secure communication for the internet of things a comparison of link-layer security and IPsec for 6LoWPAN. Secur. Commun. Netw.
**7**(12), 2654–2668 (2014)CrossRefGoogle Scholar - 34.S. Raza, L. Wallgren, T. Voigt, Svelte: real-time intrusion detection in the internet of things, in
*Ad Hoc Networks*(2013)Google Scholar - 35.C. Robert, G. Casella,
*Monte Carlo Statistical Methods*(Springer Science & Business Media, 2013)Google Scholar - 36.A. Rullo, D. Midi, E. Serra, E. Bertino, Pareto optimal security resource allocation for Internet of Things. ACM Trans. Priv. Secur. (TOPS)
**20**(4), 15 (2017)Google Scholar - 37.A. Rullo, E. Serra, E. Bertino, J. Lobo, Shortfall-based optimal placement of security resources for mobile IoT scenarios, in
*European Symposium on Research in Computer Security*(Springer, 2017), pp. 419–436Google Scholar - 38.E. Serra, S. Jajodia, A. Pugliese, A. Rullo, V. Subrahmanian, Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. (TISSEC)
**17**(3), 11 (2015)CrossRefGoogle Scholar - 39.K. Sharma, M. Ghose, Wireless sensor networks: an overview on its security threats. IJCA (Special Issue on Mobile Ad-hoc Networks MANETs), 42–45 (2010)Google Scholar
- 40.X. Shen, K. Xu, X. Sun, J. Wu, J. Lin, Optimized indoor wireless propagation model in wifi-rof network architecture for rss-based localization in the Internet of Things, in
*Microwave Photonics, 2011 International Topical Meeting on & Microwave Photonics Conference, 2011 Asia-Pacific, MWP/APMP*(IEEE, 2011), pp. 274–277Google Scholar - 41.F. Simini, M.C. González, A. Maritan, A.L. Barabási, A universal model for mobility and migration patterns. Nature
**484**(7392), 96–100 (2012)CrossRefGoogle Scholar - 42.H. von Stackelberg, D. Bazin, R. Hill, L. Urch, Market Structure and Equilibrium (Springer, 2010)Google Scholar
- 43.A. Varga et al., The omnet++ discrete event simulation system, in
*Proceedings of the European Simulation Multiconference (ESM2001)*(2001)Google Scholar - 44.D. Zhang, D. Liu, Dataguard: dynamic data attestation in wireless sensor networks, in
*DSN, 2010*(IEEE, 2010)Google Scholar - 45.L. Zhou, H.C. Chao, Multimedia traffic security architecture for the Internet of Things. IEEE Netw.
**25**(3), 35–40 (2011)CrossRefGoogle Scholar - 46.Q. Zhu, L. Bushnell, T. Basar, Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks, in
*CDC*(IEEE, 2012), pp. 3404–3411Google Scholar