Shortfall-Based Optimal Placement of Security Resources for Mobile IoT Scenarios

  • Antonino RulloEmail author
  • Edoardo Serra
  • Elisa Bertino
  • Jorge Lobo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10493)


We present a method for computing the best provisioning of security resources for Internet of Things (IoT) scenarios characterized by a high degree of mobility. The security infrastructure is specified by a security resource allocation plan computed as the solution of an optimization problem that minimizes the risk of having IoT devices not monitored by any resource. Due the mobile nature of IoT devices, a probabilistic framework for modeling such scenarios is adopted. We adapt the concept of shortfall from economics as a risk measure and show how to compute and evaluate the quality of an allocation plan. The proposed approach fits well with applications such as vehicular networks, mobile ad-hoc networks, smart cities, or any IoT environment characterized by mobile devices that needs a monitoring infrastructure.


Network security Internet of Things Stochastic allocation 



Jorge Lobo was partially supported by the Secretaria de Universitats i Recerca de la Generalitat de Catalunya, the Maria de Maeztu Units of Excellence Programme and the Spanish Ministry for Economy and Competitiveness (MINECO) under Grant Ref.: TIN2016-81032-P.


  1. 1.
    Altman, E., Avrachenkov, K., Gamaev, A.: Jamming in wireless networks: the case of several jammers. In: Proceedings of the First ICST International Conference on Game Theory for Networks (2009)Google Scholar
  2. 2.
    Alwajeeh, T., Combeau, P., Bounceur, A., Vauzelle, R.: Efficient method for associating radio propagation models with spatial partitioning for smart city applications. In: Proceedings of the International Conference on Internet of Things and Cloud Computing, p. 8. ACM (2016)Google Scholar
  3. 3.
    Bertsimas, D., Lauprete, G.J., Samarov, A.: Shortfall as a risk measure: properties, optimization and applications. J. Econ. Dyn. Control 28(7), 1353–1381 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Charoen, P., Ohtsuki, T.: Codebook based interference mitigation with base station cooperation in multi-cell cellular network. In: 2011 IEEE Vehicular Technology Conference (VTC Fall), pp. 1–5. IEEE (2011)Google Scholar
  5. 5.
    Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29963-6_11CrossRefGoogle Scholar
  6. 6.
    Cheng, H.T., Zhuang, W.: Pareto optimal resource management for wireless mesh networks with QoS assurance: joint node clustering and subcarrier allocation. IEEE Trans. Wireless Commun. (2009)Google Scholar
  7. 7.
    Chigan, C., Li, L., Ye, Y.: Resource-aware self-adaptive security provisioning in mobile ad hoc networks. In: 2005 IEEE Wireless Communications and Networking Conference, vol. 4, pp. 2118–2124. IEEE (2005)Google Scholar
  8. 8.
    Deb, K., Pratap, A., Agarwal, S., Meyarivan, T.: A fast elitist multi-objective genetic algorithm: NSGA-II. IEEE Trans. Evol. Comput. 6, 182–197 (2000)CrossRefGoogle Scholar
  9. 9.
    Goldhirsh, J., Vogel, W.J.: Handbook of propagation effects for vehicular and personal mobile satellite systems. NASA Ref. Publ. 1274, 40–67 (1998)Google Scholar
  10. 10.
    Gonsalves, A.: New toolkit seeks routers, internet of things for DDoS botnet (2014). Accessed May 2016
  11. 11.
    Guo, A., Haenggi, M.: Spatial stochastic models and metrics for the structure of base stations in cellular networks. IEEE Trans. Wireless Commun. 12(11), 5800–5812 (2013)CrossRefGoogle Scholar
  12. 12.
    Huang, Y.A., Lee, W.: A cooperative intrusion detection system for ad hoc networks. In: Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, SASN 2003, pp. 135–147. ACM, New York (2003).
  13. 13.
    Hui, J., Culler, D., Chakrabarti, S.: 6LoWPAN: incorporating IEEE 802.15.4 into the IP architecture. IPSO Alliance White Paper 3 (2009)Google Scholar
  14. 14.
    IEEE: IEEE 802.15 WPAN Task Group 4 (TG4).
  15. 15.
    Jinwala, D., Patel, D., Dasgupta, K.: FlexiSec: a configurable link layer security architecture for wireless sensor networks. arXiv preprint (2012). arXiv:1203.4697
  16. 16.
    Kotz, D., Henderson, T., Abyzov, I., Yeo, J.: CRAWDAD dataset dartmouth/campus (v. 2009–09-09), September 2009Google Scholar
  17. 17.
    Kotz, D., Newport, C., Gray, R.S., Liu, J., Yuan, Y., Elliott, C.: Experimental evaluation of wireless simulation assumptions. In: Proceedings of the 7th ACM International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems, pp. 78–82. ACM (2004)Google Scholar
  18. 18.
    Levy, H., Kroll, Y.: Ordering uncertain options with borrowing and lending. J. Finance 33(2), 553–574 (1978)CrossRefGoogle Scholar
  19. 19.
    Messac, A., Ismail-Yahaya, A., Mattson, C.A.: The normalized normal constraint method for generating the pareto frontier. Struct. Multidiscip. Optim. 25(2), 86–98 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis: a system for knowledge-driven adaptable intrusion detection for the internet of things. In: IEEE 37th International Conference on Distributed Computing Systems (ICDCS) (2017)Google Scholar
  21. 21.
    Mishra, A., Nadkarni, K., Patcha, A.: Intrusion detection in wireless ad hoc networks. IEEE Wireless Commun. 11(1), 48–60 (2004)CrossRefGoogle Scholar
  22. 22.
    Molloy, I., Cheng, P.C., Rohatgi, P.: Trading in risk: using markets to improve access control. In: Proceedings of the 2008 Workshop on New Security Paradigms, pp. 107–125. ACM (2009)Google Scholar
  23. 23.
    Molloy, I., Dickens, L., Morisset, C., Cheng, P.C., Lobo, J., Russo, A.: Risk-based security decisions under uncertainty. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, pp. 157–168. ACM (2012)Google Scholar
  24. 24.
    Nasipuri, A., Li, K.: A directionality based location discovery scheme for wireless sensor networks. In: Proceedings of 1st ACM International Workshop on Wireless Sensor Networks and Applications. ACM (2002)Google Scholar
  25. 25.
    Rappaport, T.S., et al.: Wireless Communications: Principles and Practice, vol. 2. Prentice Hall PTR, Upper Saddle River (1996)zbMATHGoogle Scholar
  26. 26.
    Raza, S., Duquennoy, S., Höglund, J., Roedig, U., Voigt, T.: Secure communication for the internet of things–a comparison of link-layer security and IPsec for 6LoWPAN. Secur. Commun. Netw. (2012)Google Scholar
  27. 27.
    Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the internet of things. Ad Hoc Netw. (2013)Google Scholar
  28. 28.
    Robert, C., Casella, G.: Monte Carlo Statistical Methods. Springer Science & Business Media, Berlin (2013)zbMATHGoogle Scholar
  29. 29.
    Roman, R., Alcaraz, C., Lopez, J., Sklavos, N.: Key management systems for sensor networks in the context of the internet of things. Comput. Electr. Eng. 37(2), 147–159 (2011)CrossRefGoogle Scholar
  30. 30.
    Rullo, A., Midi, D., Serra, E., Bertino, E.: A game of things: strategic allocation of security resources for IoT. In: ACM/IEEE 2nd International Conference on Internet of Things Design and Implementation (IoTDI 2017), p. 6 (2017)Google Scholar
  31. 31.
    Serra, E., Jajodia, S., Pugliese, A., Rullo, A., Subrahmanian, V.: Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. (TISSEC) (2015)Google Scholar
  32. 32.
    Shen, X., Xu, K., Sun, X., Wu, J., Lin, J.: Optimized indoor wireless propagation model in WIFI-RoF network architecture for RSS-based localization in the internet of things. In: 2011 International Topical Meeting on & Microwave Photonics Conference Microwave Photonics, 2011 Asia-Pacific, MWP/APMP, pp. 274–277. IEEE (2011)Google Scholar
  33. 33.
    Simini, F., González, M.C., Maritan, A., Barabási, A.L.: A universal model for mobility and migration patterns. Nature 484(7392), 96–100 (2012)CrossRefGoogle Scholar
  34. 34.
    Sultana, S., Midi, D., Bertino, E.: Kinesis: a security incident response and prevention system for wireless sensor networks. In: Proceedings of ACM SensSys (2014)Google Scholar
  35. 35.
    Tumrongwittayapak, C., Varakulsiripunth, R.: Detecting sinkhole attack and selective forwarding attack in wireless sensor networks. In: ICICS 2009 (2009)Google Scholar
  36. 36.
    Weber, R.H., Weber, R.: Internet of Things, vol. 12. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  37. 37.
    Xia, F., Yang, L.T., Wang, L., Vinel, A.: Internet of things. Int. J. Commun. Syst. 25(9), 1101 (2012)CrossRefGoogle Scholar
  38. 38.
    Zhu, Q., Li, H., Han, Z., Basar, T.: A stochastic game model for jamming in multi-channel cognitive radio systems. In: IEEE ICC (2010)Google Scholar
  39. 39.
    ZigBee Alliance and others: Zigbee specification (2006)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Antonino Rullo
    • 1
    Email author
  • Edoardo Serra
    • 2
  • Elisa Bertino
    • 3
  • Jorge Lobo
    • 4
  1. 1.DIMES DepartmentUniversita della CalabriaRendeItaly
  2. 2.Department of Computer ScienceBoise State UniversityBoiseUSA
  3. 3.Lawson Computer Science DepartmentPurdue UniversityWest LafayetteUSA
  4. 4.ICREA and Department of Information and Communication TechnologiesUniversitat Pompeu FabraBarcelonaSpain

Personalised recommendations