In modern society, information and communication technology (ICT) has been applied to various areas such as home, industry, and finance. Therefore, social networks using Internet of Things (IoT) technologies have been constructed. As ICT continues to be used in various modern applications, security vulnerabilities from legacy ICT have been inherited by social IoT network systems. To guarantee the safety of these applications, these networks must be protected from various cyberattacks. A variety of security technologies and products have been developed for this purpose. However, the most important task in dealing with cyberattacks is to inspect the current security status of a social IoT network system. Many types of vulnerability quantification methods exist for inspecting the security vulnerabilities of network systems. However, with legacy methods, quantification results lack objectivity. In this study, to compensate for this limitation, we propose a game-theory-based vulnerability quantification method using attack tree, which consists of three steps: game strategy modeling, cost-impact analyzation, and payoff calculation. We present a case study for a social-IoT-based network environment. Using the proposed method, we believe social IoT network system security experts will be able to cope with security incidents more effectively. The proposed method can be used as a reference for constructing a safer social IoT network system.
This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF), funded by the Ministry of Science, ICT & Future Planning ( 2015R1A1A1A05001238 ).Kyuwon (Ken) Choi is currently an associate professor in the department of Electrical and Computer Engineering in Illinois Institute of Technology. He received the Ph.D. degree in electrical and computer engineering from Georgia Institute of Technology, Atlanta, USA in 2002. During the Ph.D. he proposed and conducted several projects supported by NASA (National Aeronautics and Space Administration), DARPA (Defense Advanced Research Projects Agency), NSF (US National Science Foundation), and SRC (Scientific Research Corporation) regarding power-aware computing/communication (PACC). Since 2004, he had been with the Takayasu Sakurai Lab. in the University of Tokyo, Japan as a post-doc research associate, working on leakage-power-reduction circuit techniques. He is now a director of VLSI Design and Automation Lab (DA-Lab) at IIT, a senior member of IEEE, an editor-in-chief of Journal of Pervasive Technologies, guest editor of Springer and Wiley Journals, a TPC member for several IEEE circuit design conferences, and an ex-president in KSEA (Korean-American Scientists and Engineers Association)-Chicago/Midwest chapter and a technical group director for KSEA-HQ now.
