A novel risk assessment model for privacy security in Internet of Things

Aiming at the issues of privacy security in Internet of Things (IoT) applications, we propose an effective risk assessment model to handle probabilistic causality of evaluation factors and derive weights of influence-relation of propagation paths. The model undertakes probabilistic inference and generates values of risk probability for assets and propagation paths by using Bayesian causal relation-network and prior probability. According to Bayesian network (BN) structure, the risk analysts can easily find out relevant risk propagation paths and calculate weight values of each path by using decision-making trial and evaluation laboratory (DEMATEL). This model is applied to determine the risk level of assets and each risk propagation path as well as implement countermeasure of recommendation in accordance with evaluation results. The simulation analysis shows that this model efficiently revises recommendation of countermeasures for decision-makers and mitigates risk to an acceptable range, in addition, it provides the theoretical basis for decision-making of privacy security risk assessment (PSRA) for further development in IoT area.

[1]  T. Saaty Decision making — the Analytic Hierarchy and Network Processes (AHP/ANP) , 2004 .

[2]  Chao Li,et al.  Information Security Risk Assessment on Complex Information System , 2013 .

[3]  Luming Tan,et al.  Future internet: The Internet of Things , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[4]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[5]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[6]  LoChi-Chun,et al.  A hybrid information security risk assessment procedure considering interdependences between controls , 2012 .

[7]  Edward Humphreys,et al.  Implementing the ISO/IEC 27001 Information Security Management System Standard , 2007 .

[8]  Rolf H. Weber,et al.  Internet of things - Need for a new legal environment? , 2009, Comput. Law Secur. Rev..

[9]  Albrecht Schmidt,et al.  Perci: Pervasive Service Interaction with the Internet of Things , 2009, IEEE Internet Computing.

[10]  Suleyman Kondakci Network Security Risk Assessment Using Bayesian Belief Networks , 2010, 2010 IEEE Second International Conference on Social Computing.

[11]  Chi-Chun Lo,et al.  A hybrid information security risk assessment procedure considering interdependences between controls , 2012, Expert Syst. Appl..

[12]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[13]  Gwo-Hshiung Tzeng,et al.  A VIKOR technique based on DEMATEL and ANP for information security risk control assessment , 2013, Inf. Sci..

[14]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[15]  Minqiang Li,et al.  A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis , 2014, Inf. Sci..

[16]  Qi Yong,et al.  Information Security Risk Assessment Based on Analytic Hierarchy Process and Fuzzy Comprehensive , 2008, 2008 International Conference on Risk Management & Engineering Management.