Abstract
The proliferation of Internet of Things (IoT) technology raises major security and privacy concerns. Specifically, ordinary electrical appliances are being transformed into smart connected devices with the capability to sense, compute, and communicate with their surroundings and the Internet. These smart embedded devices increase the attack surface of the environments in which they are deployed by becoming new points of entry for malicious activities, resulting in severe network security flaws. One of the major challenges lies in examining the influence of IoT devices on the security level of the environment they operate within. In this paper, we propose a security ranking model for IoT devices, based on the analytic hierarchy process (AHP) technique, which can be used for the device risk assessment task. Our implementation of the AHP model is based on a device-centric approach, where both device-specific features and domain-related features are taken into account. We applied the proposed model on several IoT devices in the context of an enterprise network environment, demonstrating its feasibility in analyzing security-related considerations in smart environments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Atzori, L., Iera, A., Morabito, G.: The Internet of Things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013)
Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)
Weber, R.H.: Internet of Things – new security and privacy challenges. Comput. Law Secur. Rev. 26(1), 23–30 (2010)
Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for Internet of Things. J. Netw. Comput. Appl. 42, 120–134 (2014)
Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed Internet of Things. Comput. Netw. 57(10), 2266–2279 (2013)
Ukil, A., Sen, J., Koilakonda, S.: Embedded security for Internet of Things. In: 2011 2nd National Conference on Emerging Trends and Applications in Computer Science (NCETACS), pp. 1–6. IEEE (2011)
Chang, S.I., Huang, A., Chang, L.M., Liao, J.C.: Risk factors of enterprise internal control: governance refers to Internet of Things (IoT) environment. In: Pacific Asia Conference on Information Systems (PACIS) (2016)
Bi, Z., Da Xu, L., Wang, C.: Internet of Things for enterprise systems of modern manufacturing. IEEE Trans. Ind. Inf. 10(2), 1537–1546 (2014)
Abomhara, M., Køien, G.M.: Security and privacy in the Internet of Things: current status and open issues. In: 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8. IEEE (2014)
Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A survey on sensor-based threats to Internet-of-Things (IoT) devices and applications. arXiv preprint: arXiv:1802.02041 (2018)
Siboni, S., Glezer, C., Shabtai, A., Elovici, Y.: A weighted risk score model for IoT devices. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11637, pp. 20–34. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24900-7_2
Saaty, T.L.: Risk—its priority and probability: the analytic hierarchy process. Risk Anal. 7(2), 159–172 (1987)
NIST: IoT Security and Privacy Risk Considerations (2017). https://www.nist.gov/sites/default/files/documents/2017/12/20/nist_iot_security_and_pri-vacy_risk_considerations_discussion_draft.pdf. Accessed 10 Mar 2019
Nurse, J.R., Creese, S., De Roure, D.: Security risk assessment in Internet of Things systems. IT Prof. 19(5), 20–26 (2017)
Watkins, L.A., Hurley, J.S.: Cyber maturity as measured by scientific-based risk metrics. J. Inf. Warfare 14(3), 57–65 (2015)
Hwang, J., Syamsuddin, I.: Information security policy decision making: an analytic hierarchy process approach. In: 2009 Third Asia International Conference on Modelling and Simulation, pp. 158–163. IEEE (2009)
Irfan, S., Junseok, H.: The use of AHP in security policy decision making: an open office calc application. J. Softw. 5(2), 1162–1169 (2010)
Otair, M., Al-Refaei, A.: Cybercrime fighting readiness evaluation using analytic hierarchy process. In: Proceedings of 48th the IIER International Conference, Spain, Barcelona (2015)
Wilamowski, G.C., Dever, J.R., Stuban, S.M.: Using analytical hierarchy and analytical network processes to create cyber security metrics. Def. Acquis. Res. J. 24(2), 186–221 (2017)
Alexander, R.: Using the analytical hierarchy process model in the prioritization of information assurance defense in-depth measures?—A quantitative study. J. Inf. Secur. 8(03), 166 (2017)
Mowafi, Y., Dhiah el Diehn, I., Zmily, A., Al-Aqarbeh, T., Abilov, M., Dmitriyevr, V.: Exploring a context-based network access control for mobile devices. Procedia Comput. Sci. 62, 547–554 (2015)
Jacobsson, A., Boldt, M., Carlsson, B.: A risk analysis of a smart home automation system. Future Gener. Comput. Syst. 56, 719–733 (2016)
Abie, H., Balasingham, I.: Risk-based adaptive security for smart IoT in eHealth. In: Proceedings of the 7th International Conference on Body Area Networks, pp. 269–275. Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (2012)
Mohajerani, Z., et al.: Cyber-related risk assessment and critical asset identification within the power grid. In: IEEE PES on Transmission and Distribution Conference and Exposition (2010)
Goepel, K.D.: Implementing the analytic hierarchy process as a standard method for multi-criteria decision making in corporate enterprises – a new AHP excel template with multiple inputs. In: Proceedings of the International Symposium on the Analytic Hierarchy Process, pp. 1–10. Creative Decisions Foundation Kuala Lumpur (2013)
Alonso, J.A., Lamata, M.T.: Consistency in the analytic hierarchy process: a new approach. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 14(04), 445–459 (2006)
Aguarón, J., Moreno-Jiménez, J.M.: The geometric consistency index: approximated thresholds. Eur. J. Oper. Res. 147(1), 137–145 (2003)
Tenable: Nessus vulnerability scanner tool for network security (2018). https://www.tenable.com/products/nessus-home. Accessed 16 Feb 2020
Siboni, S., et al.: Security testbed for Internet-of-Things devices. IEEE Trans. Reliab. 68(1), 23–44 (2018)
Siboni, S.: An AHP questionnaire for device ranking task (2020). https://drive.google.com/file/d/1Bx7YMZdTcRMyIwWt5HVIzsExW5U72OgT/view?usp=sharing. Accessed 24 Mar 2020
NIST: NVD Vulnerability Metrics and Severity Ratings for CVSS v3.0. https://nvd.nist.gov/vuln-metrics/cvss. Accessed 28 Mar 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Siboni, S., Glezer, C., Puzis, R., Shabtai, A., Elovici, Y. (2020). Security Ranking of IoT Devices Using an AHP Model. In: Dolev, S., Kolesnikov, V., Lodha, S., Weiss, G. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2020. Lecture Notes in Computer Science(), vol 12161. Springer, Cham. https://doi.org/10.1007/978-3-030-49785-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-49785-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49784-2
Online ISBN: 978-3-030-49785-9
eBook Packages: Computer ScienceComputer Science (R0)