Skip to main content
SpringerLink
Log in

Security Ranking of IoT Devices Using an AHP Model

  • Conference paper
  • First Online:
Book cover Cyber Security Cryptography and Machine Learning (CSCML 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12161))

Abstract

The proliferation of Internet of Things (IoT) technology raises major security and privacy concerns. Specifically, ordinary electrical appliances are being transformed into smart connected devices with the capability to sense, compute, and communicate with their surroundings and the Internet. These smart embedded devices increase the attack surface of the environments in which they are deployed by becoming new points of entry for malicious activities, resulting in severe network security flaws. One of the major challenges lies in examining the influence of IoT devices on the security level of the environment they operate within. In this paper, we propose a security ranking model for IoT devices, based on the analytic hierarchy process (AHP) technique, which can be used for the device risk assessment task. Our implementation of the AHP model is based on a device-centric approach, where both device-specific features and domain-related features are taken into account. We applied the proposed model on several IoT devices in the context of an enterprise network environment, demonstrating its feasibility in analyzing security-related considerations in smart environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Atzori, L., Iera, A., Morabito, G.: The Internet of Things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)

    Article  Google Scholar 

  2. Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013)

    Article  Google Scholar 

  3. Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)

    Article  Google Scholar 

  4. Weber, R.H.: Internet of Things – new security and privacy challenges. Comput. Law Secur. Rev. 26(1), 23–30 (2010)

    Article  MathSciNet  Google Scholar 

  5. Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for Internet of Things. J. Netw. Comput. Appl. 42, 120–134 (2014)

    Article  Google Scholar 

  6. Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed Internet of Things. Comput. Netw. 57(10), 2266–2279 (2013)

    Article  Google Scholar 

  7. Ukil, A., Sen, J., Koilakonda, S.: Embedded security for Internet of Things. In: 2011 2nd National Conference on Emerging Trends and Applications in Computer Science (NCETACS), pp. 1–6. IEEE (2011)

    Google Scholar 

  8. Chang, S.I., Huang, A., Chang, L.M., Liao, J.C.: Risk factors of enterprise internal control: governance refers to Internet of Things (IoT) environment. In: Pacific Asia Conference on Information Systems (PACIS) (2016)

    Google Scholar 

  9. Bi, Z., Da Xu, L., Wang, C.: Internet of Things for enterprise systems of modern manufacturing. IEEE Trans. Ind. Inf. 10(2), 1537–1546 (2014)

    Article  Google Scholar 

  10. Abomhara, M., Køien, G.M.: Security and privacy in the Internet of Things: current status and open issues. In: 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8. IEEE (2014)

    Google Scholar 

  11. Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A survey on sensor-based threats to Internet-of-Things (IoT) devices and applications. arXiv preprint: arXiv:1802.02041 (2018)

  12. Siboni, S., Glezer, C., Shabtai, A., Elovici, Y.: A weighted risk score model for IoT devices. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11637, pp. 20–34. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24900-7_2

    Chapter  Google Scholar 

  13. Saaty, T.L.: Risk—its priority and probability: the analytic hierarchy process. Risk Anal. 7(2), 159–172 (1987)

    Article  Google Scholar 

  14. NIST: IoT Security and Privacy Risk Considerations (2017). https://www.nist.gov/sites/default/files/documents/2017/12/20/nist_iot_security_and_pri-vacy_risk_considerations_discussion_draft.pdf. Accessed 10 Mar 2019

  15. Nurse, J.R., Creese, S., De Roure, D.: Security risk assessment in Internet of Things systems. IT Prof. 19(5), 20–26 (2017)

    Article  Google Scholar 

  16. Watkins, L.A., Hurley, J.S.: Cyber maturity as measured by scientific-based risk metrics. J. Inf. Warfare 14(3), 57–65 (2015)

    Google Scholar 

  17. Hwang, J., Syamsuddin, I.: Information security policy decision making: an analytic hierarchy process approach. In: 2009 Third Asia International Conference on Modelling and Simulation, pp. 158–163. IEEE (2009)

    Google Scholar 

  18. Irfan, S., Junseok, H.: The use of AHP in security policy decision making: an open office calc application. J. Softw. 5(2), 1162–1169 (2010)

    Google Scholar 

  19. Otair, M., Al-Refaei, A.: Cybercrime fighting readiness evaluation using analytic hierarchy process. In: Proceedings of 48th the IIER International Conference, Spain, Barcelona (2015)

    Google Scholar 

  20. Wilamowski, G.C., Dever, J.R., Stuban, S.M.: Using analytical hierarchy and analytical network processes to create cyber security metrics. Def. Acquis. Res. J. 24(2), 186–221 (2017)

    Article  Google Scholar 

  21. Alexander, R.: Using the analytical hierarchy process model in the prioritization of information assurance defense in-depth measures?—A quantitative study. J. Inf. Secur. 8(03), 166 (2017)

    Google Scholar 

  22. Mowafi, Y., Dhiah el Diehn, I., Zmily, A., Al-Aqarbeh, T., Abilov, M., Dmitriyevr, V.: Exploring a context-based network access control for mobile devices. Procedia Comput. Sci. 62, 547–554 (2015)

    Article  Google Scholar 

  23. Jacobsson, A., Boldt, M., Carlsson, B.: A risk analysis of a smart home automation system. Future Gener. Comput. Syst. 56, 719–733 (2016)

    Article  Google Scholar 

  24. Abie, H., Balasingham, I.: Risk-based adaptive security for smart IoT in eHealth. In: Proceedings of the 7th International Conference on Body Area Networks, pp. 269–275. Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (2012)

    Google Scholar 

  25. Mohajerani, Z., et al.: Cyber-related risk assessment and critical asset identification within the power grid. In: IEEE PES on Transmission and Distribution Conference and Exposition (2010)

    Google Scholar 

  26. Goepel, K.D.: Implementing the analytic hierarchy process as a standard method for multi-criteria decision making in corporate enterprises – a new AHP excel template with multiple inputs. In: Proceedings of the International Symposium on the Analytic Hierarchy Process, pp. 1–10. Creative Decisions Foundation Kuala Lumpur (2013)

    Google Scholar 

  27. Alonso, J.A., Lamata, M.T.: Consistency in the analytic hierarchy process: a new approach. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 14(04), 445–459 (2006)

    Article  Google Scholar 

  28. Aguarón, J., Moreno-Jiménez, J.M.: The geometric consistency index: approximated thresholds. Eur. J. Oper. Res. 147(1), 137–145 (2003)

    Article  Google Scholar 

  29. Tenable: Nessus vulnerability scanner tool for network security (2018). https://www.tenable.com/products/nessus-home. Accessed 16 Feb 2020

  30. Siboni, S., et al.: Security testbed for Internet-of-Things devices. IEEE Trans. Reliab. 68(1), 23–44 (2018)

    Article  Google Scholar 

  31. Siboni, S.: An AHP questionnaire for device ranking task (2020). https://drive.google.com/file/d/1Bx7YMZdTcRMyIwWt5HVIzsExW5U72OgT/view?usp=sharing. Accessed 24 Mar 2020

  32. NIST: NVD Vulnerability Metrics and Severity Ratings for CVSS v3.0. https://nvd.nist.gov/vuln-metrics/cvss. Accessed 28 Mar 2020

Download references

Author information

Authors and Affiliations

  1. Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, 84105, Beer-Sheva, Israel

    Shachar Siboni, Rami Puzis, Asaf Shabtai & Yuval Elovici

  2. Department of Industrial Engineering and Management, Ariel University, 40700, Ariel, Israel

    Chanan Glezer

Authors
  1. Shachar Siboni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chanan Glezer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rami Puzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Asaf Shabtai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yuval Elovici
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shachar Siboni .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Ben-Gurion University of the Negev, Be'er Sheva, Israel

    Shlomi Dolev

  2. School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA

    Vladimir Kolesnikov

  3. Tata Consultancy Services, Chennai, Tamil Nadu, India

    Sachin Lodha

  4. Department of Computer Science, Ben-Gurion University of the Negev, Be'er Sheva, Israel

    Gera Weiss

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Siboni, S., Glezer, C., Puzis, R., Shabtai, A., Elovici, Y. (2020). Security Ranking of IoT Devices Using an AHP Model. In: Dolev, S., Kolesnikov, V., Lodha, S., Weiss, G. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2020. Lecture Notes in Computer Science(), vol 12161. Springer, Cham. https://doi.org/10.1007/978-3-030-49785-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-49785-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-49784-2

  • Online ISBN: 978-3-030-49785-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation