MDPAS: Markov Decision Process Based Adaptive

MDPAS: Markov Decision Process Based Adaptive Security for Sensors in Internet of Things Eric Ke Wang1,*, Tsu-Yang Wu1, Chien-Ming Chen1, Yuming Ye1, Zhujin Zhang1, and Futai Zou2 1

Shenzhen Key Laboratory of Internet Information Collaboration, Shenzhen Graduate School, Harbin Institute of Technology, China 2 School of Information Security Engineering, Shanghai Jiaotong University {wk_hit,yym}@hitsz.edu.cn, {wutsuyang,chienming.taiwan}@gmail.com, [email protected]

Abstract. Nowadays chipped based sensors and RFID tags are widely employed in Internet of Things; however, for those devices, effective and flexible security mechanisms lack. In this paper we study the security requirement and propose an adaptive security framework for sensors in Internet of things, which provides dynamic confidentiality, authenticity and integrity in the networks with relative suitable overhead by context aware computing, decision making and dynamic enforcement of policies. We employ Markov Decision Process to make the decisions of security actions and adopt aspect-oriented programming technique to enforce the security policies dynamically in the working networks. We made simulations of our framework, and the performance is encouraging. Keywords: Adaptive security, Markov Decision Process, Aspect-Oriented Programming.

1

Introduction

The Internet of Things (IoT), a highly heterogeneous network with various kinds of objects, has been a very hot area in academic and industrial world. IoT mainly includes three types of communication ways, human-to-human, thing-to-thing and human-to-thing. Since people become more and more familiar with IoT, security problems remain challenging it. Many IoT devices(such as sensors, RFID tags) may have limited resource and low power, while, higher secure measures always come with more resources and energy consumption since they cost a lot of computation and communication. In other words, security measures and power saving often stand in the opposite side with each other. On one hand, IoT designer are willing to employ high secure measures to increase their security, on the other hand, they hope those measures cost as less as possible in IOT. Therefore, it is desirable to achieve security and low cost at the same time for sensors in IOT. Traditional security measures of sensor networks are mainly targeting on selecting or propose low power security algorithms or protocols. While, in our previous study, we found that traditional security mechanisms lack flexibility, *

Corresponding author.

© Springer International Publishing Switzerland 2015 H. Sun et al. (eds.), Genetic and Evolutionary Computing, Advances in Intelligent Systems and Computing 329, DOI: 10.1007/978-3-319-12286-1_40

389

390

E.K. Wang et al.

security measures for IoT should be more adaptive to current context. Therefore, in this paper we propose an adaptive security framework for IoT, which is called MDPAS. It mainly provides dynamic secure measures by context aware computing, decision making and dynamic enforcement of policies. In this paper, we explain how MDPAS can adaptively adjust the security policies to meet the various security requirement of complicated environment. Moreover, we have made simulation and the performance is invigorating. The paper is organized as follows: section 1 is the introduction to introduce the background of trust issues in IOT; section 2 is the relative works about the trust models; in section 3 we introduce a security model for the security threats in IOT; in section 4 we propose the adaptive framework for sensors in IoT; in Section 5 we made the simulation and analysis; the final conclusion is in section 5.

2

Related Work

Adaptive security mechanism is that the security actions can be self-decided and selfexecuted in the dynamic systems. It mainly includes three parts, context awareness, security action decision making and policies enforcement. Context awareness and inference is relative mature field[1-5], however, currently most of context awareness computing is for the sufficient resources computing environment, while, for many IoT devices with low computation and communication resources, the support of context awareness computing is limited. Besides, on the problems of security actions decision making and dynamic enforcement, Preda [6] proposed how to deploy the access control polices according to current situation in the limited resources devices, but it mainly solves the related problems of access control. Mardziel [7] proposed an enforcement way of security policies based on knowledge, but it mainly identify the different level of security policies according to limited knowledge and it needs the active interaction of users. Aloulou [8] employs formal method to define the security polices for mobile agent systems and propose a dynamic enforcement way, Rafailidis [9] proposed a reference monitor inlining approach that treat input injection vulnerabilities as a crosscutting concern. But it is mainly for web application. Currently, adaptive security mechanism is employed in many resources sufficient systems, however, for limited resources devices in IoT, adaptive security mechanisms lack. Therefore, we propose an adaptive security framework for IoT to make IoT devices can dynamically decide the security actions and make enforcement according to situations.

3

Cyber Physical Adaptive Security Framework for IoT

IoT is a heterogeneity and complex system, and it may have various security requirements. However, if we enforce complete security measures to satisfy all the requirements, it is a great burden for IoT devices especially for limited resources devices. Therefore, as we observation, we propose an adaptive security framework for IoT that can adapt security measures to current context.

MDPAS: Markov Decision Process Based Adaptive Security for Sensors

Security Context

Physical Process

Security Context

S

Cyber Process

391

Security Context

N

Computing

Fig. 1. Adaptive security framework for IoT

As Figure 1 shows, it is an adaptive security framework for IoT which incorporates various security measurements such as authentication, encryption, key agreement protocol, access control in sensing, networking, and computing processes. Commonly, IoT connects physical things and cyber world. The process flow can be divided into physical process, cyber process and computing process. Therefore, security mechanism for IoT devices can be dynamically adapting to context by the assistance of context coupling at each key process. We call this kind of security mechanism adaptive security framework. It mainly includes context aware computing, decision making process and dynamic enforcement. 3.1

Context Aware Computing

In our framework, we mainly tackle security-relevant context which consists of the set of contextual attributes that can be used to characterize the situation of an entity, whose value affects the choice of the most appropriate measures or the configuration of the network to protect information from unauthorized access, use, disclosure, disruption, modification or destruction, and based on it, we provide confidentiality, integrity and availability. When attacks occur, the attack model and the adversary types can also be one of the contextual attributes. The values of security-relevant contextual attributes affect the choice of the most appropriate controls because they impact the likelihood of certain threats to confidentiality, integrity, and availability being realized. Therefore, based on their values, the most appropriate controls and configuration of those controls can be employed to mitigate those threats. We use Ci represent one context, then a multiple context set MS includes k types of context information which can be inference to a final context obj_cs for security policies (we design a context inference engine to make context aggregation and inference): MS={C1,C2,…….,Ck}-->obj_cs 3.2

(1)

Dynamic Markov Decision Process

Selecting security actions based on current context is a typical decision making process, so we adopt Markov Decision Process to solve the problem since it is one of the best decision process for random dynamic network. We can look at each security action as a state; the decision of each action is to select one of the best security actions. Then after n piece of decisions are made sequentially, the accumulate energy cost are expected to be low.

392

E.K. Wang et al.

In each step, the decision making depends on the current situation, and with sequential decisions are made, the whole security policies is the optimal. Since the decision making steps are not infinite, so we adopt finite Markov decision process to solve it. The basic idea is: we use maximum of decision metric in the whole process as the goal of the decisions to build a Finite Markov Decision Process model, in order to find out the set of best security actions from candidates. T Phases Markov Decision Process (as shown in Following Tetrad, Equation 2):

{ E; D(i)| i ∈ E; Pij ( α )| i, j ∈ E,α ∈ D(i); r( i,a )| i ∈ E, α ∈ D( i ) }

(2)

They are states space, decision set, state transit probability and valued reward. They includes that Set of States E, Set of Decisions DT(i), Probability of States Transit Pij ( α ) , Expected Reward r( i,α ) , Policy θ ; *

The Accumulation computation ut (i) :

u*t (i) = maxd∈DS {rt (i,dt (i)) +  pt ( j | i,dt (i))u*t +1( j ) }

j = T − 1,T − 2,...,t

(3)

j∈S

Then we can find out the policies set

π = ( d1( i ),d 2 ( i ),....,dT (i)) ，that is the

final path result of decision. 3.3

Implementation Method of Dynamic Enforcement

After the policies of secure actions are decided, the actions should be integrated into real-time network system to realize the adaptive security measures. Thus the dynamic enforcement is required, as shown in figure 2, it has an objective that dynamically integrate security actions into main programs. When the method is called, firstly it adjudges if the method need security control, if yes, execute the decision making for deciding security policies and integrate them into programs. As our previous work, we adopt Aspect-Oriented Programming(AOP) [10]method to realize the dynamic enforcement of security policies. Method Call in Main Program

Integrate Security Actions

Method Call

If the method need security control

Objectives

N

Y

Decision making for security policies

Fig. 2. Common dynamic enforcement

Execute Program

MDPAS: Markov Decision Process Based Adaptive Security for Sensors

393

， ，

Currently, AOP has support multiple language, such as Java, C, C++ most importantly some researchers have implemented AOP for sensors [11] that provides us the feasible enforcement tools. AOP has dynamic injection mechanism which is mainly replace the original method by dynamic agent rewriting father class and intercepting messages to hacking program. In AOP, there are some notations need to be explained. [Aspect], is represented the special objects modeled by cross-cutting concerns, which is different from the direct concerns of the other network program logics; [Pointcut], is to identify where the Aspect is be executed; [Advise], the action details in Aspect ; [Jointpoint], is the execution points which is corresponding to pointcut.

，

Fig. 3. Flow of aspect programming

The process of the integration has typical three steps, as shown in figure 3: (1) Aspects decomposition: analyze the security requirement to propose the aspect concern points(as called pointcut). That means locating the interception points of target program which are waiting for security actions being intercepted. (2) Concerns realization: realize the concerns (as called advises). The concerns mean the details of aspects in which the security actions are included. (3) Aspects integration: dynamic inject aspects into network programs at the pointcut location. Thus the original programs are transferred into aspects involved programs. After this step, the objective program is generated. The security policies are embedded inside the network programs. In it, we need to set up the corresponding interceptor which is a major way to interrupt the program and dynamic weave the policies into program. In our scheme, the interceptor mainly includes three types, Before, After, Around, which represent when to

394

E.K. Wang et al.

execute the security actions on the pointcuts. “Before” means the security measures should be enforced before the pointcut execution, “After” means the opposite way, “Around” means enforce the action before or after the pointcut execution. 3.4

Security Policies Categorization

In order to help judgment, we need to classify the security measures firstly. In this paper, we mainly classify security measures into three levels, level 1, level 2 and level 3. The level is higher, the security measures are stronger. Table 1. Security Measures classification Security Level

Effectiveness

Security Measures(some examples)

Level 1

Basic security protection

1. Optional encryption (or simple encryption algorithms such as RC5) 2. Basic authentication (simple authentication protocols such as HMAC) 3. No Integrity

Level 2

Medium security protection

1.Common encryption ( such as TEA- Tiny Encryption Algorithm) 2.Common authentication protocol(RSA 1024) 3. Integrity checking (ECDSA 160)

Level 3

Strong security protection

1. Strong encryption(such as RC6) 2. Strong authentication protocols(RSA 2048) 3. Strong integrity checking(ECDSA 224)

4

Simulation and Analysis

 Adaptation Simulation To evaluate the efficiency of MDPAS, we simulated it for 100 nodes generated in MATLAB. The parameters are set as shown in table 2. The deployment of nodes is random as shown in figure 4. Among the nodes, there are some compromised nodes which are supposed to launch the Sybil attacks[12] to the network. Table 2. Paremeters Configuration Total Area Number of nodes Initial Energy Data rate Transmission Range Packet size

Value 100m × 100m 100 0.5J 300 kbps 10m 48 bytes

MDPAS: Markov Decision Process Based Adaptive Security for Sensors

395

Fig. 4. Radom deployment of sensor nodes in an area of 100m × 100m

We set different scenarios by the Sybil attacks, different percentage of compromised nodes means the security environment is different. In our simulation, we run 1200 rounds of hop to hop routing processes. As shown in figure 5, routing with the adaptive security can have much more alive nodes lasting in the networks than without adaptive security.

Fig. 5. Comparison of alive nodes

In order to test adaptive security ability, we set different security scenarios. We run the test again for 1200 times. From 0 to 400 rounds, we set zero percentage of compromised nodes, at round 400, compromised nodes rate is set to be 20%, at round 800, the compromised nodes rate is set to be 50%. According to our adaptive scheme MDPAS, it can dynamically adjust the security policies to meet the current environment requirements.

396

E.K. Wang et al.

Fig. 6. Comparison of total energy residual

From the simulation result, as shown in figure 6, we can observe that from 0 to 400 rounds, the adaptive security loss less energy than non adaptive security since non adaptive security mechanism adopt the highest security policies from initial time to the end, while in the initial time, adaptive security mechanism just use lightest security measures; after 400 rounds, since the security scenario changes, the policies will be also changed to fit the current situation, then the security level is enhanced and energy consumption increases, so as after 800 rounds. From the simulation result, we can conclude that the proposed adaptive security framework is effective. Acknowledgments. This research was supported in part by National Natural Science Foundation of China (No.61100192), Research Fund for the Doctoral Program of Higher Education of China (No.20112302120074), grant No.10451805707004183 from Guangdong Province Natural Science Foundation and Shenzhen Strategic Emerging Industries Program under Grants No. JCYJ20120613151032592 and No. ZDSY20120613125016389. The authors thank the reviewers for their comments.

5

Conclusion

In this paper we propose an adaptive security framework for sensors in IoT, which provides dynamic confidentiality, authenticity and integrity in the networks with relative suitable overhead by context aware computing, decision making and dynamic enforcement of policies. We employ Markov Decision Process to make the decisions of security actions and adopt aspect-oriented programming technique to enforce the security policies dynamically in the working networks. We made simulation and the performance is encouraging.

MDPAS: Markov Decision Process Based Adaptive Security for Sensors

397

References 1. Baldauf, M., Dustdar, S., Rosenberg, F.: A survey on context-aware systems. International Journal of Ad Hoc and Ubiquitous Computing 2(4), 263–277 (2007) 2. Santos, A.C., et al.: Challenges in the Development of Context-Inference Systems for Mobile Applications. International Workshop on Programming Methods for Mobile and Pervasive Systems (PMMPS), colocated with Pervasive (2010) 3. Min, J.-K., Cho, S.-B.: A hybrid context-aware wearable system with evolutionary optimization and selective inference of dynamic bayesian networks. In: Corchado, E., Kurzyński, M., Woźniak, M. (eds.) HAIS 2011, Part I. LNCS (LNAI), vol. 6678, pp. 444–451. Springer, Heidelberg (2011) 4. Mehra, P.: Context-aware computing: beyond search and location-based services. IEEE Internet Computing 16(2), 12–16 (2012) 5. Perera, C., Zaslavsky, A., Christen, P., et al.: Context aware computing for the internet of things: A survey (2013) 6. Stere, P., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Toutain, L.: Dynamic deployment of context-aware access control policies for constrained security devices. Journal of Systems and Software 84(7), 1144–1159 (2011) 7. Piotr, M., Magill, S., Hicks, M., Srivatsa, M.: Dynamic enforcement of knowledge-based security policies. In: 2011 IEEE 24th Computer Security Foundations Symposium (CSF), pp. 114–128. IEEE (2011) 8. Aloulou, H., Loulou, M., Kallel, S., Hadj Kacem, A.: RDyMASS: Reliable and dynamic enforcement of security policies for mobile agent systems. In: Garcia-Alfaro, J., NavarroArribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009 and SETOP 2009. LNCS, vol. 5939, pp. 237–252. Springer, Heidelberg (2010) 9. Rafailidis, F., Panagos, I., Katsaros, P., et al.: Inlined monitors for security policy enforcement in web applications. In: Proceedings of the 17th Panhellenic Conference on Informatics, pp. 75–82. ACM (2013) 10. Singh, S.N., Singh, M.P.: Aspect Oriented And Object Oriented Software Using Java Programming Tools. Golden Research Thoughts 2(2) (2012) 11. Siegmund, N., Rosenmuller, M., Moritz, G., et al.: Towards robust data storage in wireless sensor networks. IETE Technical Review 26(5), 335 (2009) 12. Kumar, R.N., Bapuji, V., Govardhan, A., et al.: An Improvement to Trust Based CrossLayer Security Protocol against Sybil Attacks (DAS). Computer Engineering and Intelligent Systems 3(7), 62–70 (2012)