Optimal Placement of Security Resources for the Internet of Things

  • Antonino RulloEmail author
  • Edoardo Serra
  • Elisa Bertino
  • Jorge Lobo
Part of the Internet of Things book series (ITTCC)


In many Internet of Thing application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and/or energy cost. This chapter deals with the problem of efficiently and effectively securing IoT networks by carefully allocating security resources in the network area. The problem is modeled according to game theory, and provide a Pareto-optimal solution, in which the cost of the security infrastructure and the probability of a successful attack are minimized. As in the context of smart urban ecosystems both static and mobile smart city applications can take place, two different formalizations are provided for the two scenarios. For static networks, the optimization problem is modeled as a mixed integer linear program, whereas for mobile scenarios, computational intelligent techniques are adopted for providing a good approximation of the optimal solution.


  1. 1.
    E. Altman, K. Avrachenkov, A. Gamaev, Jamming in wireless networks: the case of several jammers, in Proceedings of the First ICST International Conference on Game Theory for Networks (2009)Google Scholar
  2. 2.
    T. Alwajeeh, P. Combeau, A. Bounceur, R. Vauzelle, Efficient method for associating radio propagation models with spatial partitioning for smart city applications, in Proceedings of the International Conference on Internet of things and Cloud Computing (ACM, 2016), p. 8Google Scholar
  3. 3.
    L. Atzori, A. Iera, G. Morabito, The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)CrossRefGoogle Scholar
  4. 4.
    D. Bertsimas, G.J. Lauprete, A. Samarov, Shortfall as a risk measure: properties, optimization and applications. J. Econ. Dyn. Control 28(7), 1353–1381 (2004)MathSciNetCrossRefGoogle Scholar
  5. 5.
    F. Brasser, B. El Mahjoub, A.R. Sadeghi, C. Wachsmann, P. Koeberl, Tytan: Tiny trust anchor for tiny devices, in DAC, 2015 (IEEE, 2015), pp. 1–6Google Scholar
  6. 6.
    L. Chen, J. Crampton, Risk-aware role-based access control, in International Workshop on Security and Trust Management (Springer, 2011), pp. 140–156Google Scholar
  7. 7.
    H.T. Cheng, W. Zhuang, Pareto optimal resource management for wireless mesh networks with qos assurance: joint node clustering and subcarrier allocation. IEEE Trans. Wirel. Commun. 8(3), 1573–1583 (2009)CrossRefGoogle Scholar
  8. 8.
    C. Chigan, L. Li, Y. Ye, Resource-aware self-adaptive security provisioning in mobile ad hoc networks, in IEEE Wireless Communications and Networking Conference (2005)Google Scholar
  9. 9.
    K. Deb, A. Pratap, S. Agarwal, T. Meyarivan, A fast elitist multi-objective genetic algorithm: Nsga-ii. IEEE Trans. Evol. Comput. 6, 182–197 (2000)CrossRefGoogle Scholar
  10. 10.
    R. Dewri, I. Ray, N. Poolsappasit, D. Whitley, Optimal security hardening on attack tree models of networks: a cost-benefit analysis. Int. J. Inf. Secur. 11(3), 167–188 (2012)CrossRefGoogle Scholar
  11. 11.
    R. Dewri, I. Ray, I. Ray, D. Whitley, Security provisioning in pervasive environments using multi-objective optimization, in ESORICS (2008)Google Scholar
  12. 12.
    T.N. Dinh, Y. Xuan, M.T. Thai, E. Park, T. Znati, On approximation of new optimization methods for assessing network vulnerability, in INFOCOM, Proceedings IEEE (2010)Google Scholar
  13. 13.
    L. Eschenauer, V.D. Gligor, A key-management scheme for distributed sensor networks, in Proceedings of the 9th ACM Conference on Computer and Communications Security (ACM, 2002), pp. 41–47Google Scholar
  14. 14.
    G. Fortino, P. Trunfio, Internet of Things Based on Smart Objects: Technology, Middleware and Applications (Springer, 2014)Google Scholar
  15. 15.
    L. Girod, J. Elson, A. Cerpa, T. Stathopoulos, N. Ramanathan, D. Estrin, Emstar: a software environment for developing and deploying wireless sensor networks, in USENIX (2004)Google Scholar
  16. 16.
    J. Goldhirsh, W.J. Vogel, Handbook of propagation effects for vehicular and personal mobile satellite systems, vol. 1274 (NASA Reference Publication, 1998), pp. 40–67Google Scholar
  17. 17.
    A. Guerrieri, L. Valeria, R. Anna, F. Giancarlo, Management of Cyber Physical Objects in the Future Internet of things (Springer, 2016)Google Scholar
  18. 18.
    A. Guo, M. Haenggi, Spatial stochastic models and metrics for the structure of base stations in cellular networks. IEEE Trans. Wirel. Commun. 12(11), 5800–5812 (2013)CrossRefGoogle Scholar
  19. 19.
    Z. Han, N. Marina, M. Debbah, A. Hjørungnes, Physical layer security game: How to date a girl with her boyfriend on the same table, in Proceedings of the First ICST International Conference on Game Theory for Networks (2009)Google Scholar
  20. 20.
    A.M. Kermarrec, E. Le Merrer, B. Sericola, G. Trédan, Second order centrality: distributed assessment of nodes criticity in complex networks. Comput. Commun. 34(5), 619–628 (2011)CrossRefGoogle Scholar
  21. 21.
    I. Khalil, S. Bagchi, N.B. Shroff, Liteworp: a lightweight countermeasure for the wormhole attack in multihop wireless networks, in International Conference on Dependable Systems and Networks, 2005. DSN 2005. Proceedings (IEEE, 2005), pp. 612–621Google Scholar
  22. 22.
    D. Kotz, C. Newport, R.S. Gray, J. Liu, Y. Yuan, C. Elliott, Experimental evaluation of wireless simulation assumptions, in Proceedings of the 7th ACM International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (ACM, 2004), pp. 78–82Google Scholar
  23. 23.
    P. Levis, N. Lee, M. Welsh, D. Culler, Tossim: accurate and scalable simulation of entire tinyos applications, in Proceedings of 1st International Conference on Embedded Networked Sensor Systems (ACM, 2003)Google Scholar
  24. 24.
    H. Levy, Y. Kroll, Ordering uncertain options with borrowing and lending. J. Finan. 33(2), 553–574 (1978)CrossRefGoogle Scholar
  25. 25.
    P.V. Marsden, Egocentric and sociocentric measures of network centrality. Soc. Netw. 24(4), 407–422 (2002)CrossRefGoogle Scholar
  26. 26.
    S. Marti, T.J. Giuli, K. Lai, M. Baker, Mitigating routing misbehavior in mobile ad hoc networks, in Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (ACM, 2000), pp. 255–265Google Scholar
  27. 27.
    A. Messac, A. Ismail-Yahaya, C.A. Mattson, The normalized normal constraint method for generating the Pareto frontier. Struct. Multidiscip. Optim. 25(2), 86–98 (2003)MathSciNetCrossRefGoogle Scholar
  28. 28.
    D. Midi, A. Rullo, A. Mudgerikar, E. Bertino, Kalis: a system for knowledge-driven adaptable intrusion detection for the internet of things, in IEEE 37th International Conference on Distributed Computing Systems (ICDCS) (2017)Google Scholar
  29. 29.
    I. Molloy, P.C. Cheng, P. Rohatgi, Trading in risk: using markets to improve access control, in Proceedings of the 2008 Workshop on New Security Paradigms (ACM, 2009), pp. 107–125Google Scholar
  30. 30.
    I. Molloy, L. Dickens, C. Morisset, P.C. Cheng, J. Lobo, A. Russo, Risk-based security decisions under uncertainty, in Proceedings of the Second ACM Conference on Data and Application Security and Privacy (ACM, 2012), pp. 157–168Google Scholar
  31. 31.
    N. Poolsappasit, R. Dewri, I. Ray, Dynamic security risk management using bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 9(1), 61–74 (2012)CrossRefGoogle Scholar
  32. 32.
    T.S. Rappaport, et al., Wireless Communications: Principles and Practice, vol. 2 (Prentice Hall PTR, New Jersey, 1996)Google Scholar
  33. 33.
    S. Raza, S. Duquennoy, J. Höglund, U. Roedig, T. Voigt, Secure communication for the internet of things a comparison of link-layer security and IPsec for 6LoWPAN. Secur. Commun. Netw. 7(12), 2654–2668 (2014)CrossRefGoogle Scholar
  34. 34.
    S. Raza, L. Wallgren, T. Voigt, Svelte: real-time intrusion detection in the internet of things, in Ad Hoc Networks (2013)Google Scholar
  35. 35.
    C. Robert, G. Casella, Monte Carlo Statistical Methods (Springer Science & Business Media, 2013)Google Scholar
  36. 36.
    A. Rullo, D. Midi, E. Serra, E. Bertino, Pareto optimal security resource allocation for Internet of Things. ACM Trans. Priv. Secur. (TOPS) 20(4), 15 (2017)Google Scholar
  37. 37.
    A. Rullo, E. Serra, E. Bertino, J. Lobo, Shortfall-based optimal placement of security resources for mobile IoT scenarios, in European Symposium on Research in Computer Security (Springer, 2017), pp. 419–436Google Scholar
  38. 38.
    E. Serra, S. Jajodia, A. Pugliese, A. Rullo, V. Subrahmanian, Pareto-optimal adversarial defense of enterprise systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(3), 11 (2015)CrossRefGoogle Scholar
  39. 39.
    K. Sharma, M. Ghose, Wireless sensor networks: an overview on its security threats. IJCA (Special Issue on Mobile Ad-hoc Networks MANETs), 42–45 (2010)Google Scholar
  40. 40.
    X. Shen, K. Xu, X. Sun, J. Wu, J. Lin, Optimized indoor wireless propagation model in wifi-rof network architecture for rss-based localization in the Internet of Things, in Microwave Photonics, 2011 International Topical Meeting on & Microwave Photonics Conference, 2011 Asia-Pacific, MWP/APMP (IEEE, 2011), pp. 274–277Google Scholar
  41. 41.
    F. Simini, M.C. González, A. Maritan, A.L. Barabási, A universal model for mobility and migration patterns. Nature 484(7392), 96–100 (2012)CrossRefGoogle Scholar
  42. 42.
    H. von Stackelberg, D. Bazin, R. Hill, L. Urch, Market Structure and Equilibrium (Springer, 2010)Google Scholar
  43. 43.
    A. Varga et al., The omnet++ discrete event simulation system, in Proceedings of the European Simulation Multiconference (ESM2001) (2001)Google Scholar
  44. 44.
    D. Zhang, D. Liu, Dataguard: dynamic data attestation in wireless sensor networks, in DSN, 2010 (IEEE, 2010)Google Scholar
  45. 45.
    L. Zhou, H.C. Chao, Multimedia traffic security architecture for the Internet of Things. IEEE Netw. 25(3), 35–40 (2011)CrossRefGoogle Scholar
  46. 46.
    Q. Zhu, L. Bushnell, T. Basar, Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks, in CDC (IEEE, 2012), pp. 3404–3411Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Antonino Rullo
    • 1
    Email author
  • Edoardo Serra
    • 2
  • Elisa Bertino
    • 3
  • Jorge Lobo
    • 4
  1. 1.DIMES DepartmentUniversita della CalabriaRendeItaly
  2. 2.Department of Computer ScienceBoise State UniversityBoiseUSA
  3. 3.Lawson Computer Science DepartmentPurdue UniversityWest LafayetteUSA
  4. 4.ICREA and Department of Information and Communication TechnologiesUniversitat Pompeu FabraBarcelonaSpain

Personalised recommendations