Abstract
What are the critical requirements to be considered for the security measures in Internet of Things (IoT) services? Further, how should those security resources be allocated? To provide valuable insight into these questions, this paper introduces a security assessment framework for the IoT service environment from an architectural perspective. Our proposed framework integrates fuzzy DEMATEL and fuzzy ANP to reflect dependence and feedback interrelations among security criteria and, ultimately, to weigh and prioritize them. The results, gleaned from the judgments of 38 security experts, revealed that security design should put more importance on the service layer, especially to ensure availability and trust. We believe that these results will contribute to the provision of more secure and reliable IoT services.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abomhara, M., & Koien, G. M. (2014, May). Security and privacy in the Internet of Things: Current status and open issues. Paper presented at the 2nd international conference on privacy and security in mobile systems, Aalborg. doi:10.1109/PRISMS.2014.6970594
Alam, S., Chowdhury, M. M., & Noll, J. (2011). Interoperability of security-enabled Internet of things. Wireless Personal Communications, 61(3), 567–586. doi:10.1007/s11277-011-0384-6.
Attari, M. Y. N., Bagheri, M., & Jami, E. N. (2012). A decision making model for outsourcing of manufacturing activities by ANP and DEMATEL under fuzzy environment. International Journal of Industrial Engineering, 23(3), 163–174. Retrieved from http://ijiepr.iust.ac.ir/browse.php?a_code=A-10-149-2&slc_lang=en&sid=1.
Babar, S., Mahalle, P., Stango, A., Prasad, N., & Prasad, R. (2010). Proposed security model and threat taxonomy for the Internet of things. In N. Meghanathan, et al. (Eds.), Recent trends in network security and applications (pp. 420–429). Berlin: Springer.
Bellman, R. E., & Zadeh, L. A. (1970). Decision-making in a fuzzy environment. Management Science, 17(4), B-141–B-164. doi:10.1287/mnsc.17.4.B141.
Buckley, J. J. (1985). Fuzzy hierarchical analysis. Fuzzy Sets and Systems, 17(3), 233–247. doi:10.1016/0165-0114(85)90090-9.
Büyüközkan, G., & Çifçi, G. (2012). A novel hybrid MCDM approach based on fuzzy DEMATEL, fuzzy ANP and fuzzy TOPSIS to evaluate green suppliers. Expert Systems with Applications, 39(3), 3000–3011. doi:10.1016/j.eswa.2011.08.162.
Chang, D. Y. (1996). Applications of the extent analysis method on fuzzy AHP. European Journal of Operational Research, 95(3), 649–655. doi:10.1016/0377-2217(95)00300-2.
Chen, J.-K., & Chen, I.-S. (2010). Using a novel conjunctive MCDM approach based on DEMATEL, fuzzy ANP, and TOPSIS as an innovation support system for Taiwanese higher education. Expert Systems with Applications, 37(3), 1981–1990. doi:10.1016/j.eswa.2009.06.079.
Chen-Yi, H., Ke-Ting, C., & Gwo-Hshiung, T. (2007). FMCDM with fuzzy DEMATEL approach for customers’ choice behavior model. International Journal of Fuzzy Systems, 9(4), 236–246.
Cheng, C.-H. (1997). Evaluating naval tactical missile systems by fuzzy AHP based on the grade value of membership function. European Journal of Operational Research, 96(2), 343–350. doi:10.1016/S0377-2217(96)00026-4.
Cirani, S., Ferrari, G., & Veltri, L. (2013). Enforcing security mechanisms in the IP-based internet of things: An algorithmic overview. Algorithms, 6(2), 197–226. doi:10.3390/a6020197.
Covington, M. J., & Carskadden, R. (2013, June). Threat implications of the internet of things. In 2013 5th IEEE International conference on cyber conflict (pp. 1–12).
Deng, H. (1999). Multicriteria analysis with fuzzy pairwise comparison. International Journal of Approximate Reasoning, 21(3), 215–231. doi:10.1016/S0888-613X(99)00025-0.
Europol. (2014). The Internet Organized Crime Threat Assessment. European Cybercrime Centre (EC3). Retrieved from https://www.europol.europa.eu/iocta/2014/.
Forman, E. H., & Gass, S. I. (2001). The analytic hierarchy process–An exposition. Operations Research, 49(4), 469–486. doi:10.1287/opre.49.4.469.11231.
FTC. (2015). Internet of things: Privacy & security in a connected world. FTC Staff Report. Retrieved from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.
Gabus, A., & Fontela, E. (1972). World problems, an invitation to further thought within the framework of DEMATEL. Geneva: Battelle Geneva Research Center.
Gazis, V., Sasloglou, K., Frangiadakis, N., & Kikiras, P. (2012, October). Wireless sensor networking, automation technologies and machine to machine developments on the path to the Internet of Things. Paper presented at 16th Panhellenic conference on informatics (PCI), Piraeus. doi:10.1109/PCi.2012.64
Giachetti, R. E., & Young, R. E. (1997). A parametric representation of fuzzy numbers and their arithmetic operators. Fuzzy Sets and Systems, 91(2), 185–202. doi:10.1016/S0165-0114(97)00140-1.
Guillemin, P., & Friess, P. (2009, September). Internet of things strategic research roadmap. The Cluster of European Research Projects. Technical Report.
IoT-A. (2012). D4.2 concepts and solutions for privacy and security in the resolution infrastructure. FP7 Integrated Project Internet of Things Architecture. Retrieved from http://www.iot-a.eu/public/public-documents/d4.2/view.
Karsak, E. E., & Tolga, E. (2001). Fuzzy multi-criteria decision-making procedure for evaluating advanced manufacturing system investments. International Journal of Production Economics, 69(1), 49–64. doi:10.1016/S0925-5273(00)00081-5.
Leung, L. C., & Cao, D. (2000). On consistency and ranking of alternatives in fuzzy AHP. European Journal of Operational Research, 124(1), 102–113. doi:10.1016/S0377-2217(99)00118-6.
Lin, C.-L., & Tzeng, G.-H. (2009). A value-created system of science (technology) park by using DEMATEL. Expert Systems with Applications, 36(6), 9683–9697. doi:10.1016/j.eswa.2008.11.040.
Maras, M. H. (2015). Internet of Things: Security and privacy implications. International Data Privacy Law, 5(2), 99–104. doi:10.1093/idpl/ipv004.
Mardani, A., Jusoh, A., & Zavadskas, E. K. (2015). Fuzzy multiple criteria decision-making techniques and applications–Two decades review from 1994 to 2014. Expert Systems with Applications, 42(8), 4126–4148. doi:10.1016/j.eswa.2015.01.003.
Middleton, P., Kjeldsen, P., & Tully, J. (2013, November).Forecast: The Internet of things, worldwide. Stamford, CT: Gartner Research. Retrieved from https://www.gartner.com/doc/2625419/forecast-internet-things-worldwide.
Mikhailov, L. (2004). Group prioritization in the AHP by fuzzy preference programming method. Computers & Operations Research, 31(2), 293–301. doi:10.1016/S0305-0548(03)00012-1.
Ministry of Science, ICT and Future Planning. (2013). Vitamin Project Initiatives for creative economy in Korea. http://www.msip.go.kr/webzine/index.do, https://www.facebook.com/vitathon
Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516. doi:10.1016/j.adhoc.2012.02.016.
Nedeltchev, P. (2014). The Internet of everything is the new economy. Cisco. Retrieved from http://www.cisco.com/c/en/us/solutions/collateral/enterprise/cisco-on-cisco/Cisco_IT_Trends_IoE_Is_the_New_Economy.html.
Ning, H., Liu, H., & Yang, L. T. (2013). Cyberentity security in the Internet of Things. Computer, 46(4), 46–53. doi:10.1109/MC.2013.74.
Önüt, S., Kara, S. S., & Işik, E. (2009). Long term supplier selection using a combined fuzzy MCDM approach: A case study for a telecommunication company. Expert Systems with Applications, 36(2), 3887–3895. doi:10.1016/j.eswa.2008.02.045.
Park, K. C., Shin, J. W., & Lee, B. G. (2014). Analysis of authentication methods for smartphone banking service using ANP. KSII Transactions on Internet and Information Systems (TIIS), 8(6), 2087–2103. Retrieved from http://www.dbpia.co.kr/Article/3531347.
Ramik, J. (2007). A decision system using ANP and fuzzy inputs. International Journal of Innovative Computing, Information and Control, 3(4), 825–837.
Raza, S., Shafagh, H., Hewage, K., Hummen, R., & Voigt, T. (2013). Lithe: Lightweight secure CoAP for the internet of things. IEEE Sensors Journal, 13(10), 3711–3720. doi:10.1109/JSEN.2013.2277656.
Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266–2279.
Saaty, T. L. (1996). The analytic network process: Decision making with dependence and feedback; the organization and prioritization of complexity. Pittsburgh, PA: RWS Publications.
Saaty, T. L. (2006). The analytic network process. In T. L. Saaty & L. G. Vargas (Eds.), Decision making with the analytic network process (pp. 1–26). Berlin: Springer.
Shin, D. (2010). The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption. Interacting with Computers, 22(5), 428–438.
Shin, D. (2014). A socio-technical framework for Internet-of-Things design: A human-centered design for the Internet of Things. Telematics and Informatics, 31(4), 519–531.
Shin, D. (2015). Effect of the customer experience on satisfaction with smartphones: Assessing smart satisfaction index with partial least squares. Telecommunications Policy, 39(8), 627–641.
Sun, C.-C. (2010). A performance evaluation model by integrating fuzzy AHP and fuzzy TOPSIS methods. Expert Systems with Applications, 37(12), 7745–7754.
Syamsuddin, I., & Hwang, J. (2010, October). A new fuzzy MCDM framework to evaluate e-government security strategy. Paper presented at 2010 4th international conference on application of information and communication technologies, Uzbekistan.
Tadić, S., Zečević, S., & Krstić, M. (2014). A novel hybrid MCDM model based on fuzzy DEMATEL, fuzzy ANP and fuzzy VIKOR for city logistics concept selection. Expert Systems with Applications, 41(18), 8112–8128. doi:10.1016/j.eswa.2014.07.021.
Tavana, M., Zandi, F., & Katehakis, M. N. (2013). A hybrid fuzzy group ANP-TOPSIS framework for assessment of e-government readiness from a CiRM perspective. Information & Management, 50(7), 383–397.
Tseng, M.-L. (2009). Using the extension of DEMATEL to integrate hotel service quality perceptions into a cause-effect model in uncertainty. Expert Systems with Applications, 36(5), 9015–9023. doi:10.1016/j.eswa.2008.12.052.
Turskis, Z., Zavadskas, E. K., & Peldschus, F. (2009). Multi-criteria optimization system for decision making in construction design and management. Engineering Economics, 61(1), 7–17.
Tuzkaya, G., Ozgen, A., Ozgen, D., & Tuzkaya, U. (2009). Environmental performance evaluation of suppliers: A hybrid fuzzy multi-criteria decision approach. International Journal of Environmental Science & Technology, 6(3), 477–490. doi:10.1007/BF03326087.
Tuzkaya, U. R., & Önüt, S. (2008). A fuzzy analytic network process based approach to transportation-mode selection between Turkey and Germany: A case study. Information Sciences, 178(15), 3133–3146. doi:10.1016/j.ins.2008.03.015.
Uygun, Ö., Kaçamak, H., & Kahraman, Ü. A. (2014). An integrated DEMATEL and Fuzzy ANP techniques for evaluation and selection of outsourcing provider for a telecommunication company. Computers & Industrial Engineering,. doi:10.1016/j.cie.2014.09.014.
Van Laarhoven, P., & Pedrycz, W. (1983). A fuzzy extension of Saaty’s priority theory. Fuzzy Sets and Systems, 11(1), 199–227. doi:10.1016/S0165-0114(83)80082-7.
Vuković, D. (2014). Security issues in Internet of Things (IOT) related to passive RFID tags. Facta Universitatis, Series: Automatic Control and Robotics, 13(2), 97–105.
Weber, R. H. (2010). Internet of Things-New security and privacy challenges. Computer Law & Security Review, 26(1), 23–30. doi:10.1016/j.clsr.2009.11.008.
Wu, W.-W., & Lee, Y.-T. (2007). Developing global managers’ competencies using the fuzzy DEMATEL method. Expert Systems with Applications, 32(2), 499–507. doi:10.1016/j.eswa.2005.12.005.
Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120–134. doi:10.1016/j.jnca.2014.01.014.
Yang, H.-W., & Chang, K.-F. (2012). Combining means-end chain and fuzzy ANP to explore customers’ decision process in selecting bundles. International Journal of Information Management, 32(4), 381–395. doi:10.1016/j.ijinfomgt.2011.11.005.
Yang, Y. P. O., Shieh, H. M., & Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, 482–500. doi:10.1016/j.ins.2011.09.012.
Yeh, T.-M., & Huang, Y.-L. (2014). Factors in determining wind farm location: Integrating GQM, fuzzy DEMATEL, and ANP. Renewable Energy, 66, 159–169. doi:10.1016/j.renene.2013.12.003.
Yüksel, İ., & Dağdeviren, M. (2010). Using the fuzzy analytic network process (ANP) for Balanced Scorecard (BSC): A case study for a manufacturing firm. Expert Systems with Applications, 37(2), 1270–1278. doi:10.1016/j.eswa.2009.06.002.
Zadeh, L. A. (1965). Fuzzy sets. Information and Control, 8(3), 338–353.
Author information
Authors and Affiliations
Corresponding author
Additional information
An erratum to this article is available at http://dx.doi.org/10.1007/s11235-016-0228-5.
Rights and permissions
About this article
Cite this article
Park, K.C., Shin, DH. Security assessment framework for IoT service. Telecommun Syst 64, 193–209 (2017). https://doi.org/10.1007/s11235-016-0168-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-016-0168-0