nach oben

Telecommunication Systems

Erschienen in:

13.05.2016

Security assessment framework for IoT service

verfasst von: Keon Chul Park, Dong-Hee Shin

Erschienen in: Telecommunication Systems | Ausgabe 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

What are the critical requirements to be considered for the security measures in Internet of Things (IoT) services? Further, how should those security resources be allocated? To provide valuable insight into these questions, this paper introduces a security assessment framework for the IoT service environment from an architectural perspective. Our proposed framework integrates fuzzy DEMATEL and fuzzy ANP to reflect dependence and feedback interrelations among security criteria and, ultimately, to weigh and prioritize them. The results, gleaned from the judgments of 38 security experts, revealed that security design should put more importance on the service layer, especially to ensure availability and trust. We believe that these results will contribute to the provision of more secure and reliable IoT services.

Vorheriger Artikel PSK to CSK mapping for hybrid systems involving the radio frequency and the visible spectrum

Nächster Artikel Integrating HEC with circuit breakers and multipath RTP to improve RTC media quality

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Abomhara, M., & Koien, G. M. (2014, May). Security and privacy in the Internet of Things: Current status and open issues. Paper presented at the 2nd international conference on privacy and security in mobile systems, Aalborg. doi:10.1109/PRISMS.2014.6970594

Alam, S., Chowdhury, M. M., & Noll, J. (2011). Interoperability of security-enabled Internet of things. Wireless Personal Communications, 61(3), 567–586. doi:10.1007/s11277-011-0384-6.CrossRef

Attari, M. Y. N., Bagheri, M., & Jami, E. N. (2012). A decision making model for outsourcing of manufacturing activities by ANP and DEMATEL under fuzzy environment. International Journal of Industrial Engineering, 23(3), 163–174. Retrieved from http://ijiepr.iust.ac.ir/browse.php?a_code=A-10-149-2&slc_lang=en&sid=1.

Babar, S., Mahalle, P., Stango, A., Prasad, N., & Prasad, R. (2010). Proposed security model and threat taxonomy for the Internet of things. In N. Meghanathan, et al. (Eds.), Recent trends in network security and applications (pp. 420–429). Berlin: Springer.CrossRef

Bellman, R. E., & Zadeh, L. A. (1970). Decision-making in a fuzzy environment. Management Science, 17(4), B-141–B-164. doi:10.1287/mnsc.17.4.B141.

Buckley, J. J. (1985). Fuzzy hierarchical analysis. Fuzzy Sets and Systems, 17(3), 233–247. doi:10.1016/0165-0114(85)90090-9.CrossRef

Büyüközkan, G., & Çifçi, G. (2012). A novel hybrid MCDM approach based on fuzzy DEMATEL, fuzzy ANP and fuzzy TOPSIS to evaluate green suppliers. Expert Systems with Applications, 39(3), 3000–3011. doi:10.1016/j.eswa.2011.08.162.CrossRef

Chang, D. Y. (1996). Applications of the extent analysis method on fuzzy AHP. European Journal of Operational Research, 95(3), 649–655. doi:10.1016/0377-2217(95)00300-2.CrossRef

Chen, J.-K., & Chen, I.-S. (2010). Using a novel conjunctive MCDM approach based on DEMATEL, fuzzy ANP, and TOPSIS as an innovation support system for Taiwanese higher education. Expert Systems with Applications, 37(3), 1981–1990. doi:10.1016/j.eswa.2009.06.079.CrossRef

10.

Chen-Yi, H., Ke-Ting, C., & Gwo-Hshiung, T. (2007). FMCDM with fuzzy DEMATEL approach for customers’ choice behavior model. International Journal of Fuzzy Systems, 9(4), 236–246.

11.

Cheng, C.-H. (1997). Evaluating naval tactical missile systems by fuzzy AHP based on the grade value of membership function. European Journal of Operational Research, 96(2), 343–350. doi:10.1016/S0377-2217(96)00026-4.CrossRef

12.

Cirani, S., Ferrari, G., & Veltri, L. (2013). Enforcing security mechanisms in the IP-based internet of things: An algorithmic overview. Algorithms, 6(2), 197–226. doi:10.3390/a6020197.CrossRef

13.

Covington, M. J., & Carskadden, R. (2013, June). Threat implications of the internet of things. In 2013 5th IEEE International conference on cyber conflict (pp. 1–12).

14.

Deng, H. (1999). Multicriteria analysis with fuzzy pairwise comparison. International Journal of Approximate Reasoning, 21(3), 215–231. doi:10.1016/S0888-613X(99)00025-0.CrossRef

15.

Europol. (2014). The Internet Organized Crime Threat Assessment. European Cybercrime Centre (EC3). Retrieved from https://www.europol.europa.eu/iocta/2014/.

16.

Forman, E. H., & Gass, S. I. (2001). The analytic hierarchy process–An exposition. Operations Research, 49(4), 469–486. doi:10.1287/opre.49.4.469.11231.CrossRef

17.

FTC. (2015). Internet of things: Privacy & security in a connected world. FTC Staff Report. Retrieved from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.

18.

Gabus, A., & Fontela, E. (1972). World problems, an invitation to further thought within the framework of DEMATEL. Geneva: Battelle Geneva Research Center.

19.

Gazis, V., Sasloglou, K., Frangiadakis, N., & Kikiras, P. (2012, October). Wireless sensor networking, automation technologies and machine to machine developments on the path to the Internet of Things. Paper presented at 16th Panhellenic conference on informatics (PCI), Piraeus. doi:10.1109/PCi.2012.64

20.

Giachetti, R. E., & Young, R. E. (1997). A parametric representation of fuzzy numbers and their arithmetic operators. Fuzzy Sets and Systems, 91(2), 185–202. doi:10.1016/S0165-0114(97)00140-1.CrossRef

21.

Guillemin, P., & Friess, P. (2009, September). Internet of things strategic research roadmap. The Cluster of European Research Projects. Technical Report.

22.

IoT-A. (2012). D4.2 concepts and solutions for privacy and security in the resolution infrastructure. FP7 Integrated Project Internet of Things Architecture. Retrieved from http://www.iot-a.eu/public/public-documents/d4.2/view.

23.

Karsak, E. E., & Tolga, E. (2001). Fuzzy multi-criteria decision-making procedure for evaluating advanced manufacturing system investments. International Journal of Production Economics, 69(1), 49–64. doi:10.1016/S0925-5273(00)00081-5.CrossRef

24.

Leung, L. C., & Cao, D. (2000). On consistency and ranking of alternatives in fuzzy AHP. European Journal of Operational Research, 124(1), 102–113. doi:10.1016/S0377-2217(99)00118-6.CrossRef

25.

Lin, C.-L., & Tzeng, G.-H. (2009). A value-created system of science (technology) park by using DEMATEL. Expert Systems with Applications, 36(6), 9683–9697. doi:10.1016/j.eswa.2008.11.040.CrossRef

26.

Maras, M. H. (2015). Internet of Things: Security and privacy implications. International Data Privacy Law, 5(2), 99–104. doi:10.1093/idpl/ipv004.CrossRef

27.

Mardani, A., Jusoh, A., & Zavadskas, E. K. (2015). Fuzzy multiple criteria decision-making techniques and applications–Two decades review from 1994 to 2014. Expert Systems with Applications, 42(8), 4126–4148. doi:10.1016/j.eswa.2015.01.003.CrossRef

28.

Middleton, P., Kjeldsen, P., & Tully, J. (2013, November).Forecast: The Internet of things, worldwide. Stamford, CT: Gartner Research. Retrieved from https://www.gartner.com/doc/2625419/forecast-internet-things-worldwide.

29.

Mikhailov, L. (2004). Group prioritization in the AHP by fuzzy preference programming method. Computers & Operations Research, 31(2), 293–301. doi:10.1016/S0305-0548(03)00012-1.CrossRef

30.

Ministry of Science, ICT and Future Planning. (2013). Vitamin Project Initiatives for creative economy in Korea. http://www.msip.go.kr/webzine/index.do, https://www.facebook.com/vitathon

31.

Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516. doi:10.1016/j.adhoc.2012.02.016.CrossRef

32.

Nedeltchev, P. (2014). The Internet of everything is the new economy. Cisco. Retrieved from http://www.cisco.com/c/en/us/solutions/collateral/enterprise/cisco-on-cisco/Cisco_IT_Trends_IoE_Is_the_New_Economy.html.

33.

Ning, H., Liu, H., & Yang, L. T. (2013). Cyberentity security in the Internet of Things. Computer, 46(4), 46–53. doi:10.1109/MC.2013.74.CrossRef

34.

Önüt, S., Kara, S. S., & Işik, E. (2009). Long term supplier selection using a combined fuzzy MCDM approach: A case study for a telecommunication company. Expert Systems with Applications, 36(2), 3887–3895. doi:10.1016/j.eswa.2008.02.045.CrossRef

35.

Park, K. C., Shin, J. W., & Lee, B. G. (2014). Analysis of authentication methods for smartphone banking service using ANP. KSII Transactions on Internet and Information Systems (TIIS), 8(6), 2087–2103. Retrieved from http://www.dbpia.co.kr/Article/3531347.

36.

Ramik, J. (2007). A decision system using ANP and fuzzy inputs. International Journal of Innovative Computing, Information and Control, 3(4), 825–837.

37.

Raza, S., Shafagh, H., Hewage, K., Hummen, R., & Voigt, T. (2013). Lithe: Lightweight secure CoAP for the internet of things. IEEE Sensors Journal, 13(10), 3711–3720. doi:10.1109/JSEN.2013.2277656.CrossRef

38.

Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266–2279.CrossRef

39.

Saaty, T. L. (1996). The analytic network process: Decision making with dependence and feedback; the organization and prioritization of complexity. Pittsburgh, PA: RWS Publications.

40.

Saaty, T. L. (2006). The analytic network process. In T. L. Saaty & L. G. Vargas (Eds.), Decision making with the analytic network process (pp. 1–26). Berlin: Springer.CrossRef

41.

Shin, D. (2010). The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption. Interacting with Computers, 22(5), 428–438.CrossRef

42.

Shin, D. (2014). A socio-technical framework for Internet-of-Things design: A human-centered design for the Internet of Things. Telematics and Informatics, 31(4), 519–531.CrossRef

43.

Shin, D. (2015). Effect of the customer experience on satisfaction with smartphones: Assessing smart satisfaction index with partial least squares. Telecommunications Policy, 39(8), 627–641.CrossRef

44.

Sun, C.-C. (2010). A performance evaluation model by integrating fuzzy AHP and fuzzy TOPSIS methods. Expert Systems with Applications, 37(12), 7745–7754.CrossRef

45.

Syamsuddin, I., & Hwang, J. (2010, October). A new fuzzy MCDM framework to evaluate e-government security strategy. Paper presented at 2010 4th international conference on application of information and communication technologies, Uzbekistan.

46.

Tadić, S., Zečević, S., & Krstić, M. (2014). A novel hybrid MCDM model based on fuzzy DEMATEL, fuzzy ANP and fuzzy VIKOR for city logistics concept selection. Expert Systems with Applications, 41(18), 8112–8128. doi:10.1016/j.eswa.2014.07.021.CrossRef

47.

Tavana, M., Zandi, F., & Katehakis, M. N. (2013). A hybrid fuzzy group ANP-TOPSIS framework for assessment of e-government readiness from a CiRM perspective. Information & Management, 50(7), 383–397.CrossRef

48.

Tseng, M.-L. (2009). Using the extension of DEMATEL to integrate hotel service quality perceptions into a cause-effect model in uncertainty. Expert Systems with Applications, 36(5), 9015–9023. doi:10.1016/j.eswa.2008.12.052.CrossRef

49.

Turskis, Z., Zavadskas, E. K., & Peldschus, F. (2009). Multi-criteria optimization system for decision making in construction design and management. Engineering Economics, 61(1), 7–17.

50.

Tuzkaya, G., Ozgen, A., Ozgen, D., & Tuzkaya, U. (2009). Environmental performance evaluation of suppliers: A hybrid fuzzy multi-criteria decision approach. International Journal of Environmental Science & Technology, 6(3), 477–490. doi:10.1007/BF03326087.CrossRef

51.

Tuzkaya, U. R., & Önüt, S. (2008). A fuzzy analytic network process based approach to transportation-mode selection between Turkey and Germany: A case study. Information Sciences, 178(15), 3133–3146. doi:10.1016/j.ins.2008.03.015.CrossRef

52.

Uygun, Ö., Kaçamak, H., & Kahraman, Ü. A. (2014). An integrated DEMATEL and Fuzzy ANP techniques for evaluation and selection of outsourcing provider for a telecommunication company. Computers & Industrial Engineering,. doi:10.1016/j.cie.2014.09.014.

53.

Van Laarhoven, P., & Pedrycz, W. (1983). A fuzzy extension of Saaty’s priority theory. Fuzzy Sets and Systems, 11(1), 199–227. doi:10.1016/S0165-0114(83)80082-7.

54.

Vuković, D. (2014). Security issues in Internet of Things (IOT) related to passive RFID tags. Facta Universitatis, Series: Automatic Control and Robotics, 13(2), 97–105.

55.

Weber, R. H. (2010). Internet of Things-New security and privacy challenges. Computer Law & Security Review, 26(1), 23–30. doi:10.1016/j.clsr.2009.11.008.CrossRef

56.

Wu, W.-W., & Lee, Y.-T. (2007). Developing global managers’ competencies using the fuzzy DEMATEL method. Expert Systems with Applications, 32(2), 499–507. doi:10.1016/j.eswa.2005.12.005.CrossRef

57.

Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120–134. doi:10.1016/j.jnca.2014.01.014.

58.

Yang, H.-W., & Chang, K.-F. (2012). Combining means-end chain and fuzzy ANP to explore customers’ decision process in selecting bundles. International Journal of Information Management, 32(4), 381–395. doi:10.1016/j.ijinfomgt.2011.11.005.CrossRef

59.

Yang, Y. P. O., Shieh, H. M., & Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, 482–500. doi:10.1016/j.ins.2011.09.012.CrossRef

60.

Yeh, T.-M., & Huang, Y.-L. (2014). Factors in determining wind farm location: Integrating GQM, fuzzy DEMATEL, and ANP. Renewable Energy, 66, 159–169. doi:10.1016/j.renene.2013.12.003.CrossRef

61.

Yüksel, İ., & Dağdeviren, M. (2010). Using the fuzzy analytic network process (ANP) for Balanced Scorecard (BSC): A case study for a manufacturing firm. Expert Systems with Applications, 37(2), 1270–1278. doi:10.1016/j.eswa.2009.06.002.CrossRef

62.

Zadeh, L. A. (1965). Fuzzy sets. Information and Control, 8(3), 338–353.CrossRef

Titel: Security assessment framework for IoT service
verfasst von: Keon Chul Park
Dong-Hee Shin
Publikationsdatum: 13.05.2016
Verlag: Springer US
Erschienen in: Telecommunication Systems / Ausgabe 1/2017
Print ISSN: 1018-4864
Elektronische ISSN: 1572-9451
DOI: https://doi.org/10.1007/s11235-016-0168-0

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2017

Instantaneous recovery route design scheme using multiple coding-aware protection scenarios

Lifetime enhancement of wireless sensor networks by avoiding energy-holes with Gaussian distribution

Active queue management algorithm based on data-driven predictive control

A stochastic worm model

A stochastic approximation resource allocation approach for HD live streaming

PSK to CSK mapping for hybrid systems involving the radio frequency and the visible spectrum

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.