A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things

Transcription

1 A Game-Theoretc Approach for Mnmzng Securty Rsks n the Internet-of-Thngs George Rontds, Emmanoul Panaouss, Aron Laszka, Tasos Daguklas, Pasquale Malacara, and Tansu Alpcan Hellenc Open Unversty, Greece Unversty of Brghton, UK Insttute for Software Integrated Systems, Vanderblt Unversty, Nashvlle, USA Queen Mary Unversty of London, UK The Unversty of Melbourne, Australa Abstract In the Internet-of-Thngs (IoT), users mght share part of ther data wth dfferent IoT prosumers, whch offer applcatons or servces. Wthn ths open envronment, the exstence of an adversary ntroduces securty rsks. These can be related, for nstance, to the theft of user data, and they vary dependng on the securty controls that each IoT prosumer has put n place. To mnmze such rsks, users mght seek an optmal set of prosumers. However, assumng the adversary has the same nformaton as the users about the exstng securty measures, he can then devse whch prosumers wll be preferable (e.g., wth the hghest securty levels) and attack them more ntensvely. Ths paper proposes a decson-support approach that mnmzes securty rsks n the above scenaro. We propose a non-cooperatve, two-player game enttled Prosumers Selecton Game (PSG). The Nash Equlbra of PSG determne subsets of prosumers that optmze users payoffs. We refer to any game soluton as the Nash Prosumers Selecton (NPS), whch s a vector of probabltes over subsets of prosumers. We show that when usng NPS, a user faces the least expected damages. Addtonally, we show that accordng to NPS every prosumer, even the least secure one, s selected wth some non-zero probablty. We have also performed smulatons to compare NPS aganst two dfferent heurstc selecton algorthms. The former s proven to be approxmately 38% more effectve n terms of securty-rsk mtgaton. I. INTRODUCTION Scentfc research and technologcal achevements of the last few decades wthn the feld of moble and wreless communcatons have paved the way for a vast deployment of the Internet-of-Thngs (IoT). In addton to the advent of IoT, the growng use of smartphones enables the user to experence unprecedented servces. For nstance, havng the vson of an IoT world, Apple developed Beacon [], a technology standard whch permts moble applcatons to receve beacon sgnals from the physcal world and react accordngly. Beacons n the real world can be used n several applcatons enhancng user experence by provdng futurstc servces [2], [3]. However, ths growth n terms of applcatons and servces comes wth the need users to share part of ther data wth dfferent IoT prosumers [4]. A prosumer partcpates n IoT servce development stages and therefore t offers servces and applcatons. Although users beneft from IoT prosumers, securty s a very mportant consderaton n these open envronments. Therefore, the set of prosumers that a user selects to share hs/her data wth determnes the level of securty rsk that the user faces. For example an attacker can use the vulnerablty CVE to launch the lnux.darlloz attack [5] that nfects devces to mne crypto currency. The same attack vector can also redrect the user s browser to whatever the attacker desres or to make the user s devce part of a botnet. Accordng to Symantec [5], 38% on nfectons of ths attack type are IoT devces, especally routers. To understand the scale of vulnerable IoT devces, the Trpwre Survey [6] reports that 80% of Amazon s top-25 best-sellng SOHO wreless router models have securty vulnerabltes. A. Motvaton The motvaton of our work les wthn the feld of decsonmakng for mnmzng securty rsks. Suppose a user s wthn an IoT network nfrastructure and requests dfferent applcatons and servces, whch are lkely to be offered by dfferent prosumers. Followng the archtecture proposed n [7], an IoT Gateway updates the lst of servces that t manages on behalf of prosumers resdng n the network, thus makng these servces consumable by both local (.e., resdng n the network) and remote (e.g., va Internet) users. The same gateway s aware of the securty controls that each prosumer has put n place. Ths nformaton can be used to elct the securty levels of all prosumers, and provde them to the user pror to hs/her decson about sharng data wth a set of prosumers. The securty level [8] determnes the strength (.e., nverse vulnerablty ) of a prosumer aganst dfferent attacks. An applcaton that supports ths elctaton s the Trust Feedback Toolkt (TFT) [9] proposed n the Usable Trust n the Internet of Thngs (utrustt) project [0], []. Apart from the user, any adversary can also be aware of the dfferent prosumers securty controls akn to levels because he can appear as a normal user who requests such nformaton from the IoT Gateway. Ths s a crucal assumpton because the attacker can guess the set of prosumers that the user mght choose; therefore, he has good chances of comprsng user data successfully. More specfcally, the attacker mght assume that the users wll take a common-sense approach choosng the prosumers wth the hghest securty levels. However, n ths paper, we prove that a game-theoretc approach outperforms

2 the common-sense approach. Note that we have assumed that the adversary attacks only one prosumer n order () to mnmze the lkelhood of beng detected, and () to utlze hs/her tme n the most effcent way by focusng on one goal. B. Envronment We nvestgate the case of an IoT nfrastructure whch hosts a set of prosumers as P := {, 2,..., n}. Any user can share prvate data wth any of these prosumers, ncludng combnatons of them, n return for some servces. We suppose that an attacker les wthn ths IoT area amng at stealng user data (e.g., credt card detals) by compromsng a prosumer that the user mght select. To acheve ths, the attacker must bypass the securty measures that the targeted prosumer has mplemented. We model the securty level of a prosumer by a unform random varable S [0, ), whose dstrbuton s known to both the user and adversary by, for nstance, usng a moble applcaton as n [9]. Hence, we can state that S corresponds to the vulnerablty level of prosumer. We have assumed that S, n any case, due to zero-day vulnerabltes. We also assume that the value of user data equals V. Note that our analyss does not change f we assume that V s the expectaton of the User data value when ths s a random varable. To motvate the reader, we can thnk of a scenaro where a shoppng centre (playng the role of the user) seeks to recommend a set of IoT prosumers that can be used by the local shops to allow NFC payments for ther clents/customers. To do that, the user performs an a pror analyss of the securty of each of the avalable NFC payment systems and sets ther securty levels. C. Contrbutons The man contrbuton of ths paper s a decson-support system for users to select a set of prosumers that mnmzes securty rsks n presence of an adversary who threatens ther assets (e.g., prvate data). We have formulated a complete nformaton game, enttled Prosumers Selecton Game (PSG) between two players: the User who chooses a set of prosumers and an Attacker who s attemptng to penetrate a prosumer s system. We have nvestgated the IoT prosumer selecton problem mathematcally and we have provded constrants on the User s strategy at the equlbrum of PSG. We have devsed optmal User strateges n worst-case scenaros where Attacker mposes the hghest possble securty rsks, and we have proven that the game-theoretc soluton, called Nash Prosumers Selecton (NPS), performs n the best possble way. We have also undertaken smulatons that demonstrate the effcency of NPS as opposed to two other heurstc selecton algorthms. D. Outlne The remander of ths paper s organzed as follows. Secton II dscusses related work, whle n Secton III we formulate the Prosumers Selecton Game (PSG) by ntroducng the two players, ther strategy sets, and the correspondng payoffs for both pure and mxed strateges. Secton IV presents some theoretcal results for the saddle ponts (.e., equlbra) of PSG, whle smulaton results for dfferent selecton algorthms are presented n Secton V. Fnally, Secton VI concludes ths paper by summarzng ts man contrbutons, lmtatons and provdng our plans for future work. II. RELATED WORK Securty, prvacy, and trust are ranked among the top research challenges for the IoT. Recent work has been undertaken by the Usable Trust n the Internet of Thngs (utrustt) project [0]. An outcome of utrustt s the development of the Trust Feedback Toolkt (TFT) [9], whch nforms users about the securty of an IoT network. As a result, ths feedback s avalable to lterally every user, ether benevolent or malcous. Frtsch et al. [2] dscuss trust ssues related to dfferent IoT devces and servces, gven that for every transacton commtted, personal data are dsclosed. Accordng to the authors, whether a user should trust (and therefore share hs/her data) or not a specfc IoT nfrastructure, greatly depends on the type of transacton. In ther work, they present dfferent trust strateges, varyng from smple always or never trust to more complcated schemes nvolvng central agents or analyzng mechansms to evaluate trust. They conclude that there s not a sngle strategy n trustng IoT applcatons and they underlne the sgnfcance of developng flexble trust management mechansms. Due to the poneerng nature of the IoT feld, the number of game-theoretc approaches that are concerned wth securty and trust s very lmted. In [3] Duan et al. study the problem of creatng an effectve algorthm n terms of energy consumpton and bandwdth usage, capable of evaluatng node s trust dervaton process. They use game theory to support the node decson wth regard to replyng a trust request wth respect to the ncurred energy consumpton. A game based securty model for medcal applcatons s proposed, n [4], by Hamd et al. The authors propose a decson support mechansm that assesses the remanng battery lfe, the channel bandwdth, the memory capacty, and the nearby compromsed nodes, to determne whether or not the sender of a message should be authentcated. Chen et al. propose a fuson-based defensve model to address ntentonal attacks n the IoT [8]. In ther model the attacker s fully nformed about network topology and capable of sabotagng all nodes smultaneously. In ther zero-sum game between the adversary and defender, they ntroduce a nodal decson mechansm wth mnmum overhead, whch s capable of guaranteeng robustness n large-scale IoT networks. All the aforementoned papers use game theory to provde network nodes (.e., thngs) wth approprate tools to mtgate certan attacks. In contrast, our work focuses on provdng users wth the sutable decson support mechansm, n order to assure at least a threshold above whch the attacker cannot cause hgher damage. To the best of our knowledge ths s the 2

3 frst work done wthn the realm of IoT prosumers selecton that ams at mnmzng securty rsks. The foundaton of our work s based on the game-theoretc model publshed by Felder et al. n [5]. We see the cybersecurty targets and schedules consdered n [5] as all avalable prosumers and the possble dfferent subsets of them, correspondngly. III. GAME-THEORETIC FORMULATION In ths secton we formulate a two-player, determnstc, complete-nformaton game, enttled Prosumers Selecton Game (PSG), between the User and Attacker. In ths game, players choose ther strateges smultaneously. Thus the Attacker does not know whch prosumers have been selected by the User, and the User s not aware of whch prosumer s under attack. The User requres to communcate wth k prosumers durng a tme perod that defnes a one-shot game. On the other hand, the Attacker wshes to successfully compromse a prosumer n order to reveal users prvate data. Fg. s an abstract llustraton of our model envronment. Ths game model facltates decsons related to whch prosumers the User must trust (.e., n ths sense, trust and securty are seen n a smlar fashon) more when sharng hs/her data or usng ther servces. We assume that the Attacker attacks only one prosumer at a tme, and that he can attack any of them. We consder the worst-case scenaro for the User, where the Attacker knows all the avalable prosumers and ther correspondng securty levels modelng a completenformaton game. Fg.. Illustraton of our model. The User chooses to communcate wth 2 out of 4 prosumers, and the Attacker s attackng one of them. A. Strategy Sets The normal form of ths game s descrbed as follows. A pure strategy of the User s to choose k out of n prosumers to use some of ther applcatons or servces. Formally, the User chooses a sze-k subset P P. A pure strategy, related to the selecton of P, s represented by a tuple s = s {0, } n, where s equals when prosumer s chosen by the User (.e., P ); or 0 otherwse. A mxed strategy U = u s of the User s a probablty dstrbuton over the dfferent tuples, where u s s the probablty of choosng subset s. On the other hand, the Attacker s pure strategy space s the set of prosumers, seen as targets, whle a mxed strategy s denoted by A = a, where a represents the probablty of attackng prosumer. B. Payoffs In ths paper we formulate a zero-sum game accordng to whch the loss of User equals the Attacker s beneft. Ratonale of ths choce s that a zero-sum game n the securty rsk management doman represents scenaros where the Attacker ams at causng the maxmum possble loss to the User. Therefore, we am at supportng the User s decson n worstcase scenaros. However, we provde game solutons beyond the zero-sum game by lookng at cases where the Attacker s payoff s a negatve affne transformaton of the User s payoff. Suppose the User chooses a subset P of prosumers and prosumer s attacked. Formally, f P, the User loses V wth probablty ( S ) (.e., we assume that a more secure prosumer s more dffcult to be compromsed, therefore yelds V wth lower probablty), and the Attacker gans V wth the same probablty. Consequently, for any prosumer / P, the User has no securty loss and the Attacker has no beneft. We defne the securty rsk R of the user when sharng data wth prosumer, as the product of data value V and the probablty ( S ) of the prosumer beng compromsed and therefore the User data beng stolen. Formally, R := ( S ) V. The expected payoff of the User, when the Attacker plays accordng to a mxed strategy A and the User selects s, s gven by J U (s, A) := s a R. () On the other hand, the expected payoff of the Attacker when attackng and the User plays U s gven by J A (U, ) := s u s R. (2) s From Eq. (), we see that the User s strategc choce nfluences the payoffs only through the probablty of selectng each prosumer. Snce every prosumer may be present n more than one selected subsets, we must compute the probablty of each ndvdual prosumer to be selected. Hence the expected payoff of the User can be determned by the representaton of User s mxed-strategy acton spaces that are smpler than the canoncal ones, defned as follows. Defnton : When the User requres to share data wth k prosumers, we defne the vector of prosumers nduced by the strategy U as the margnal probabltes vector p = p, where the probablty p of choosng prosumer s gven by p := s s u s, where 0 p, and n = p = k. It s easy to see that there s a mappng between U and p, hence we refer to ether of those as the mxed strategy of the User from now on. IV. THEORETICAL RESULTS For a gven mxed strategy A of the Attacker, User seeks to mnmze the probablty of hs/her own data to be stolen by choosng the mxed strategy U. Gven the par U, A of mxed strateges, the User s expected payoff s gven by J U (U, A) = u s a s R. (3) s 3

4 If we express the User s strategy by p, then for the par p, A of mxed strateges the User s payoff s gven by J U (p, A) = p a R. (4) Snce we are nvestgatng a two-person zero-sum game wth fnte number of actons for both players, accordng to Nash [6] t admts at least one mxed-strategy Nash Equlbrum (NE). Saddle-ponts correspond to Nash equlbra as dscussed n [7]. From [8], we know that PSG admts a saddle pont n mxed strateges, (U, A ), wth the property U = argmax U mn A J U (U, A) and A = argmax A mn U J A (U, A). The par of saddle pont strateges (U, A ) are, at the same tme, securty strateges for the players,.e., they ensure a mnmum performance regardless of the opponent s actons. Furthermore, f the game admts multple saddle ponts (and strateges), they have the ordered nterchangeablty property,.e., the player acheves same performance level ndependent from the other player s choce of saddle-pont strategy. We refer to the strategy of User at the equlbrum as Nash Prosumers Selecton (NPS). Our results can be extended to non-zero sum, b-matrx games. In ths case, the exstence of a NE s also guaranteed, but the addtonal propertes hold only n the case where Attacker s utlty s a negatve affne transformaton of the defender s utlty. The mnmax theorem [9] states that, for zero sum games NE, maxmn, and mnmax solutons concde. Therefore U = argmn max J A(U, A). (5) U A Ths means that regardless of the Attacker s strategy, NPS guarantees a mnmum performance, whch s an upper lmt of expected damage for the User. On the other hand, the Attacker seeks hs/her best response by attackng prosumers that maxmze hs/her payoff J A (p, ) = J A (p, ) := p R when the User plays p. Therefore, the support of the Attacker s strategy has to be a subset of ( ) argmax p R. (6) We begn our analyss by provdng a necessary condton on the NPS strateges. Lemma : In PSG, for every prosumer, p = or p R = max j p j R j must hold when the User plays the NPS strategy. Proof: For the sake of contradcton, suppose that the clam of the lemma does not hold, that s, suppose that there exst a Nash equlbrum (p, A) and a prosumer such that p < and p R < max j p j R j. Gven Eq. (6) and our assumpton that p R < max j p j R j, we have that a = 0. Then, let k be an arbtrary prosumer such that a k > 0. Snce A s a best-response strategy, p k > 0 must hold obvously. Now, consder the strategy p whch s defned as follows: j, k let p j = p j ; p = p + ; p k = p k, (7) where = mn{ p, p k }. We can see that, from Eqs. (4) and (7), we have that J U (p, A) J U (p, A) = j,k p j a j R j (p + ) a R (p k ) a k R k + p j a j R j + p a R + p k a k R k j,k a =0 = a k R k > 0, because, a k, R k > 0. (8) Therefore, we have that aganst A, the strategy p acheves a hgher payoff for the defender than strategy p. However, ths contradcts our ntal assumpton that p s a best response; consequently, the clam of lemma must hold. Intutvely, the above lemma states that, n an equlbrum, the prosumers can be dvded nto two groups. Prosumers n the frst group are always selected by the User; however, the Attacker s payoff for attackng these prosumers s less than or equal to the payoff for attackng prosumers n the second group. On the other hand, prosumers n the second group are selected by the User only wth less-than-one probablty. The followng corollary confrms the ntuton that more secure prosumers should be selected wth hgher probablty. Corollary : For any NPS strategy and prosumers, j, we have that R R j mples p p j. Proof: For the sake of contradcton, suppose there exst an NPS strategy p and prosumers, j such that R R j and p < p j. Snce p < p j, we have from Lemma that p R = max k p k R k. However, ths contradcts p R p R j < p j R j ; hence, the corollary must hold. The followng theorem establshes the surprsng result that, n an NPS strategy, every prosumer even the least secure one s selected wth some non-zero probablty. Theorem : In PSG, f k > 0, the User selects every prosumer wth some non-zero probablty accordng to NPS. Proof: Snce k > 0, there exsts at least one prosumer j such that p j > 0; hence, max j p j R j > 0. From Lemma, we have that p = or p R = max j p j R j must hold for every prosumer. Consequently, for every prosumer, the maxj pj Rj probablty p s equal ether to > 0 or to R > 0. Fnally, we show how to compute an NPS strategy effcently, n O(n 2 ) tme. Theorem 2: Wthout loss of generalty, assume that R R 2... R n and k < n. Then, the followng algorthm outputs an NPS strategy n O(n 2 ) steps: ) Let S := k. 2) Construct p(s) = p (S),..., p n (S) such that: a) For every S, let p (S) :=. b) For every > S, let p (S) := (k S) R n j=s+ R j. 3) If S = 0 or R S p S+ (S) R S+, then output p(s). 4) Otherwse, let S := S and contnue from Step 2. Proof: Frst, suppose that we are gven a fxed S, and the User s strategc choce s restrcted to strateges p where the number of prosumers wth p = s S (.e., the User selects exactly S prosumers wth certanty, and n S prosumers wth less-than-one probablty). Then, from Corollary and the assumpton that prosumers are ordered by ther R values, we readly have that p = has to hold for every S f p s an NPS strategy. 4

5 Next, t easy to see that p = (k S) R n j=s+ R j must hold for every > S f p s an NPS strategy. Otherwse, ether p = or the unformty of p R over > S (see Lemma ) would be volated. Consequently, f there exsts an NPS strategy p for a gven S, then t has to be the strategy p(s) defned n Steps 2.a and 2.b of the above algorthm. Hence, t remans to show that the algorthm outputs the strategy p(s) for a correct value of S. Frstly, f the condton R S p S+ (S) R S+ s not satsfed for a strategy, then that strategy cannot be an NPS. To see ths, consder the nequalty p S (S) R S = R S > p S+ (S) R S+ max k p k (S) R k, whch obvously contradcts Lemma. Fnally, we show that, of all the S values satsfyng the condton R S p S+ (S) R S+, the hghest one s the optmal. Let S < S 2 be two values satsfyng the condton. From Lemma and the defnton of the attacker s payoff, t follows that attackng prosumer n s a best response for the attacker aganst p(s). Then, t s easy to see that p n (S ) = (k S ) R n n j=s + R j vared. The latter represent 500 dfferent users playng aganst the attacker. To evaluate the performance of NPS strategy as opposed to Unform and CSS, we have aggregated the securty rsk nflcted by the attacker to 500 users for the 3 dfferent strateges. In Fgs. 2-5 we present the smulaton results for the aforesad scenaros. All experments corroborate the dea that for a gven k, the securty rsk decreases when n grows. Ths was an expected outcome because when ncreasng the number of avalable prosumers the probablty of a prosumer to be attacked decreases. It s also profound that when the user s choces are lmted (.e., when k n), greater securty rsk s antcpated. Every case studed proved that NPS always performs better than Unform and CSS. The latter seems to perform, n overall, slghtly better than Unform, although ther dfference decreases as the number of requested servces ncreases. R n > (k S 2 ) n j=s = p n (S 2 ). 2+ R j Consequently we have that the attacker s payoff and hence, the defender s loss s hgher for S than for S 2. Therefore, we have that the optmal value of S s the one that s used by the output of the algorthm, whch concludes our proof. V. SIMULATION RESULTS In ths secton, we present the results of numerc smulatons undertaken by usng a game-theoretc Python smulator enrched wth the IoT securty model proposed n ths paper. We compare the effcency of NPS aganst a Unform and a Common Sense Strategy (CSS). Accordng to the Unform strategy, User selects a subset of prosumers by usng a unform probablty dstrbuton, whle accordng to CSS, User selects the subset that ncludes the most secure prosumers. We have smulated four dfferent scenaros akn to experments, where n each experment we fx the number k of requested prosumers and vary the number n of prosumers. We have smulated an attacker who attacks prosumers n a proportonal manner based on the securty level of each prosumer. More specfcally, the more controls a prosumer has mplemented (.e., hgher securty level) the more lkely t s to be attacked by the adversary. Ths adversaral type assumes a ratonal attacker who beleves that more users wll select subsets that nclude prosumers wth hgher securty levels. Thus, the weghted attack strategy determnes that the probablty of prosumer to be attacked s gven by S / O S. Each experment conssts of a number of cases. A case s determned by a par (k, n). In each case we have smulated 500 selecton decsons, representng 500 ndependent teratons of the PSG, n whch the parameter values were Fg. 2. Aggregated securty rsk when selectng 2 prosumers. Fg. 3. Aggregated securty rsk when selectng 3 prosumers. In the frst experment (Fg. 2), where the User selects 2 prosumers, NPS attrbutes an average of 25% lower securty rsk compared to Unform and 6% to CSS. When the selected prosumers ncrease to 3 (Fg. 3), NPS decreases securty rsk by approxmately 54% than Unform and 34% than CSS. In these seres of experments, CSS was slghtly better (5% - 22%) than Unform. 5

6 The rest of experments further show that NPS acheves on average one thrd lower securty rsk. More specfcally, when the User selects 4 servces (Fg. 4), NPS decreases securty rsk by an average of 54% and 43% as opposed to Unform and CSS, respectvely, whle n the experment wth 5 servces (Fg. 5), NPS acheves n average 35% less securty rsk than the other two strateges. about ther opponents preferences. For nstance, the securty levels of the prosumers mght not be avalable to nonauthorzed users. Furthermore, we have plans to nvestgate a non-zero sum game by ntroducng some attackng cost and consderng that the value of User data mght be evaluated dfferently by the players. Another dmenson of the same problem s when the Attacker s motvated by non-monetary profts, such as reputaton acqured after successfully hackng a prosumer. We also plan to consder a game where the Attacker targets multple prosumers, and the User takes nto account network characterstcs when decdng upon selecton of a partcular subset of prosumers. More mportantly, we plan to consder dfferent benefts, measured n terms of servces provson, when the User chooses dfferent prosumers. Acknowledgments Ths work was supported n part by the Natonal Scence Foundaton under Award CNS REFERENCES Fg. 4. Aggregated securty rsk when selectng 4 prosumers. Fg. 5. Aggregated securty rsk when selectng 5 prosumers. VI. CONCLUSION In ths paper, we provde a decson support methodology for users to select from a set of IoT prosumers n a way that mnmzes ther securty rsks. Such methodology can be mplemented, for nstance, by usng software agents runnng on the users devces. The game-theoretc soluton dscussed, called Nash Prosumers Selecton, s a mxed-strategy Nash Equlbrum that can be translated to a vector of margnal probabltes over the set of IoT prosumers. By usng a mxed strategy, the User, who abstracts any number of users, randomzes over the prosumer selecton n an optmal manner. Such randomzaton ams at confusng the Attacker. It can also be nterpreted as the percent of users n an IoT area who choose a partcular subset of prosumers. Future work wll am at ncreasng the realsm of our model by modelng a Bayesan game (.e., ncomplete-nformaton game). In ths realm, the players ntally have uncertanty [] Beacon Webste (accessed Jan. 204) [2] Tulpen Park Webste (accessed Jan. 204) com [3] San Francsco Internatonal Arport Applcaton, (accessed Jan. 204) [4] Martn, D., Alcarra, R., Robles, T., Morales, A.: A Systematc Approach for Servce Prosumerzaton n IoT Scenaros. In Proc. of the 7th Internatonal Conference on Innovatve Moble and Internet Servces n Ubqutous Computng (IMIS), pp.494,499, 3-5 (July 203) [5] Symantec: IoT Worm Used to Mne Cryptocurrency (accessed March 204) [6] Trpwre: 204 Retal Securty Survey Report (Feb 204) [7] Cran S., Davol L., Ferrar G., Léone R., Medaglan P., Pcone M., Veltr L.: A Scalable and Self-Confgurng Archtecture for Servce Dscovery n the Internet of Thngs. IEEE IoT Journal, (5) (204) [8] Chen P., Cheng S., Chen K.: Informaton Fuson to Defend Intentonal Attack n Internet of Thngs. IEEE IoT Journal, Vol., No.4 (Aug. 204) [9] Hochletner C., Graf C., Unger D., Tschelg M.: Makng Devces Trustworthy: Securty and Trust Feedback n the IoT. In Proc. of the 4th Internatonal Workshop on Securty and Prvacy n Spontaneous Interacton and Moble Phone Use (June 202) [0] The utrustt Project s Webste: (accessed Jan. 204) [] Petro D., Vesztergomb G., Frtsch L.: utrustt: D.3.2 Threat Analyss Search Lab (Apr. 20) [2] Frtsch L., Groven A.-K., Schulz T.: On the Internet of Thngs, Trust s Relatve Constructng Ambent Intellgence, Ambent Intellgence (AmI) 20 Workshops [3] Duan J., Gao D., Yang D., Foh C., Chen H.: An Energy-Aware Trust Dervaton Scheme Wth game-theoretc Approach n Wreless Sensor Networks for IoT Applcatons. IEEE IoT Journal, Vol., No., Feb. 204 [4] Hamd, M., Abe, H.: Game-Based Adaptve Securty n the Internet of Thngs for ehealth. In Proc. of the IEEE Internatonal Conference on Communcatons (ICC) 204 [5] Felder A., Panaouss E., Malacara P., Hankn C., Smerald F.: Game Theory Meets Informaton Securty Management. In Proc. of the 29th IFIP Internatonal Informaton Securty and Prvacy Conference (204) [6] Nash, J.F.: Equlbrum ponts n n-person games. In Proc. of the Natonal Academy of Scences 36(), pp (950) [7] Alpcan, T., Basar, T.: Network Securty: A Decson and Game-Theoretc Approach. Cambrdge Unversty Press (200) [8] Basar, T., Olsder, G. J.: Dynamc noncooperatve game theory. London Academc press, 2nd Edton (995) [9] Von Neumann, J., Morgenstern O.: Theory of Games and Economc Behavor (60th Annversary Commemoratve Edton). Prnceton unversty press (2007) 6