IEEE ICC 2014 - Communication and Information Systems Security Symposium

Game-Based Adaptive Security in the Internet of

Things for eHealth
Mohamed Hamdi, Habtamu Abie
Norwegian Computing Center, Norway
AbstractThe Internet of Things (IoT) is enabling the deployment of distributed applications based on ubiquitous computing
and convergent networks. Due to its heterogeneous structure, it
introduces new security challenges and requirements. Particularly, the security mechanisms implemented in the IoT should
adapt to the dynamic context. This paper proposes a gamebased model for adaptive security in the IoT, with an emphasis
on eHealth applications. We use the trade-off between securityeffectiveness and energy-efciency to evaluate adaptive security
strategies. We also present the results of simulation experiments
to assess the performance of the proposed model. We show that
our model allows extending the lifetime of the smart things by
47% compared to existing models.
Index TermsInternet of Things, Adaptive Security, Game
Theory.

because Markov security games can model the unknown

parameters in security problems and capture the dynamic
nature of the game parameters [1]. It allows us to describe,
characterize and analyze discrete and continuous random game
variables, static and dynamic models, and quantication of
uncertainties in the game variables. We also introduce a set
of strategies that will be combined to design the game model.
The properties of this game are analytically studied and the
major result relates to the existence and expression of the
Nash Equilibrium. The simulations that have been conducted
corroborate the idea that adaptive security allows establishing a
trade-off between security effectiveness and energy-efciency.
The major contributions of the paper are:

I. I NTRODUCTION
Recent advances in ubiquitous computing and mobile networking have enabled IoT-based applications, where "anything" can be connected "anywhere" at "anytime". The IoT has
signicant applications in eHealth since it collects, processes,
and transmits continuously healthcare data thereby reducing
the cost of patient monitoring and improving the quality of
healthcare services. Nevertheless, there are strong privacy
and security concerns associated with the use of IoT in
eHealth. In the frame of the ASSET project (http://asset.nr.no),
we are developing risk-based adaptive security methods and
mechanisms to estimate and predict risk damages and security
solutions benets related to the use of the IoT in eHealth. In
fact, IoTs are vulnerable to attacks since communications are
mostly wireless and thus eavesdroppable, things are usually
unattended and thus vulnerable to physical attacks, and most
IoT elements are short on both the energy and computing resources necessary for the implementation of complex securitysupporting schemes.
In the complex and varying contexts where the smart things
operate, existing security solutions that have been proposed for
wireless sensor networks and ad hoc networks are no longer
tractable. They cannot protect against ever-changing attacks
while taking into account the power, computing, communication, and memory limitations. They mainly lack a granular
view of the context to reliably distinguish between situations
where security-effectiveness should be prioritized and other
cases where energy-efciency should be privileged.
This paper develops a game-based model for context-aware
adaptive security in the IoT. A mathematical framework is
provided to model the dynamic environment in which the
smart things operate. Our model relies on Markov game theory

978-1-4799-2003-7/14/$31.00 2014 IEEE

A novel mathematical model for a dynamic and composite context that represents the core of the decision-making
process associated to adaptive security,
An extensible adaptive security policy based on probabilistic rules. This policy can be extended depending on
the threat model and the available security modules,
A novel game-theoretic model that allows us to model
the trade-off between the effectiveness of the adaptive
security policy and the power consumption resulting from
the execution of the underlying security controls.

The rest of the paper is organized as follows. Section II

provides a review of the literature on game theory approaches
for adaptive security. A mathematical representation of the
dynamic context is introduced in Section III. Section IV
denes the proposed game model and analyzes its properties.
The simulations and results are described in Section V. Finally,
Section VI concludes the paper and points out potential
extensions.
II. S TATE - OF - THE -A RT OF G AME T HEORY M ODELS FOR
A DAPTIVE S ECURITY
The interest of the research community in security games
has consistently increased during the last years since they
provide a quantitative framework for modeling the interactions
between malicious users and defence systems. The output
equilibrium of such games have been used as a basis for
formal decision-making and algorithm development as well
as prediction of intruder behaviour. Security games have
been used to address multiple facets of the intruder/defence
interactions including risk analysis, intrusion detection, and
packet ltering [1]. Recently, with the introduction of new
challenges related to adaptive security, the research in security

920

IEEE ICC 2014 - Communication and Information Systems Security Symposium

TABLE I
S UMMARY OF GAME - BASED MODELS FOR ADAPTIVE SECURITY.
Reference
Shen et al. [2]
Chen et al. [3]
Xiaolin et al. [4]
Nielsen et al. [5]
Centry et al. [6]
Bonaci et al. [7]
Proposed approach

Context







Scalability






III. M ATHEMATICAL M ODELING OF THE DYNAMIC

C ONTEXT

Opacity


This section provides a mathematical model for the context

in which the smart things operate. We consider four basic
parameters to represent the context, which are the memory resources, the communication environment, the energy depletion
model, and the threat model.
A. Energy model

games has been directed towards the study of new approaches

that apply to dynamic situations.
Shen et al. [2] and Chen et al. [3] evaluated the feasibility
of the Markov game theoretic algorithm to threat prediction
and situation awareness and demonstrated its effectiveness
through simulations. In [4], Xiaolin et al. proposed a Markov
game theory based model for risk assessment of network
information system considering a dynamic security status.
They established a two-player game between threats and
vulnerabilities with complete and perfect information. The
authors formulated a function to capture the damage and used
it to assess the risk. Based on the damage function the system
administrator would select the repair strategy which minimizes
the maximum damage. Moreover, adaptive security has been
used in cryptography to refer to the security of cryptographic
algorithms against leakage of a limited number of bits from the
receivers internal state. In [5], a security game was proposed
to model an auxiliary interface from which the attacker can
execute pre-dened leakage functions and receive back the
output of these functions. In [6], the authors described an
adaptive game for broadcast security. They considered adaptive
and semi-static adversaries and proposed new short-ciphertext
schemes based on bilinear functions to guarantee security
against such intruders. Distributed game theoretic models have
also been proposed to mitigate the propagation of attacks
in wireless networks. In [7], the authors developed a gamebased approach to model the interaction between the adversary
and the network under node capture attacks. They proved the
existence of a pure Nash equilibrium and present an efcient
algorithm to solve it.
Table I summarizes the game-theoretic models that have
been proposed in the literature to address adaptive security.
These models are compared in terms of their ability to capture
the features of the context, their scalability, and their capability
of hiding players mutual actions. One noteworthy remark
is that these models have restricted their view on securityrelated context. Energy, memory, and communication issues,
which are of foremost importance in the IoT, have not been
considered as part of their context. Moreover, some models
gave the players the ability to gain complete knowledge about
the actions they execute. This assumption is often impossible
to fulll since the players are only able to estimate the action
of the opponents based on metrics collected from the context.
In this paper, this concept is referred to as opacity.

We consider a rechargeable Lithitum battery for which a

linear discharge model with relaxation effect [9]. According
to this model, the battery depletion process is represented as
follows:
t0 +t

I(t0 )dt,
(1)
b=b
t0


where b is the previous amount of energy and I(t0 ) is the

instantaneous current consumed by the smart things circuit at
time t0 . The relaxation effect refers to the diffusion process
that allows compensating the depleted capacity. In [10], it
was established that the probability of recovering the battery
capacity in one time slot is equal to e(Bb)(b) if b < B
and 0 otherwise, where B is the battery capacity, is the decay
of the discharge process, and (b) is a staircase function.
B. Communication model
To model the communication between the smart things,
we use a Nakagami-m fading channel that has the advantage
of modeling fading interdependence. A Finite-State Markov
Chain (FMSC) [11] process is considered to make the Signalto-Noise Ratio (SNR) values at the received partitioned in
N + 1 intervals [i , i+1 ], where 1 i N .
The state transition matrix for the FSMC is denoted by C =
(Ci,j )1i,jN , where
Ci,i+1

Ci,i1

Ci,i

t.i+1
, i = 0, .., N 1
P r(i)
t.i
, i = 1, .., N
P r(i)

1 Ci,i+1 Ci,i1 , 0 < i < N

i=0
1 C0,1 ,

i=N
1 CN,N 1 ,

(2)
(3)

(4)

where P r(i) is the probability that the channel is in state i

and i is the level crossing threshold. Typically, an entry Ci,j
represents the probability that the channel switches from state
i to state j.
C. Memory model
We assume that the communication within the BAN is such
that the queuing process at a smart thing is modeled as a
Batch Markov Arrival Process (BMAP) [12]. This is because
the communication within the BAN relies on batch processing
in which the detection algorithms deployed in the smart things
wait some amount of time before processing the accumulated
collected data. Having processed this data, the smart things

921

IEEE ICC 2014 - Communication and Information Systems Security Symposium

transmit it using streaming communication. The BMAP is

expressed by a sequence of matrices Pp , (0 p P ), which
are the transition probability matrices corresponding to the
arrival of p packets. The maximum batch size is denoted by
P . The analytical model used to compute the entries of these
matrices can be found in [12].
D. Intruder model
To represent how the intrusion process propagates within
the BAN, we use the Susceptible-Infective-Recovered with
Maintenance (SIR-M) model introduced in [13]. We denote
by V (t), C(t), and M (t) the random variables representing
the number of vulnerable, infected, and repaired (under maintenance) nodes. The dynamics of these random variables are
given by the following differential equations.
dV (t)
= i (t)C(t)V (t) + (a m ) V (t),
dt
dC(t)
= i (t)C(t)V (t) + ((1 p)m a ) C(t),
dt
dM (t)
= (r + pm ) C(t) + (a m )M (t),
dt
(5)
where i is the rate of infection based on a communication
between a vulnerable and a compromised node, r is the rate
at which a compromised node is recovered, a is the rate
of transition between the active and the maintenance mode,
m is the transition rate between the maintenance and the the
active mode, (t) is the connectivity degree of the BAN, and
f is the fraction of compromised nodes that go through the
maintenance process.
Based on these components, we dene the context as =
{B, C, M, I}, where B is the state of the battery, C represents
the state of the channel, M is the memory state, and I is the
state of the intrusion process. By construction, this context
is dynamic and reects the interplay between the conicting
objectives that should be taken into account when designing
security strategies.
IV. G AME M ODEL FOR A DAPTIVE I OT S ECURITY
This section introduces a new game-theoretic approach to
cope with the conict between security and power constraints.
An adaptive security policy consisting of simple protection
strategies is rst presented. Then, the utility functions of the
game are dened and the Nash equilibrium is studied.
A. Adaptive security policies
In order to thwart the propagation of an attack across the
weak radio links of the BAN, we design a simple adaptive
security policy which is distributed on the smart things. The
policy is adaptive because its rules are randomly applied
based on a set of transition probabilities. The basic action we
propose is that a thing acting as a relay should authenticate the
source of the trafc it forwards. Obviously, this considerably
reduces the probability that a compromised node spreads false
messages. Nonetheless, it also reduces the lifetime of the relay

nodes since it requires additional processing and communication. In the following, we introduce four adaptive strategies
to build simple adaptive security policies based on these
simple rules. The three rst strategies adapt individually to
the components of the context dened in the previous section.
We suppose that a smart thing can be in the secure mode
or in the passive mode. In the secure mode, it systematically
authenticates the forwarded packets while no security checks
is performed in the passive mode. An adaptive security policy
is dened by the transition probabilities between these two
states. In other terms, when the battery state is b, the channel
state is c, the queue state is q, and the security level is s, the
transition probabilities are dened as follows:
P (b, c, p, s)
P (b, c, p, s)

P rob(P(t) = passive|P(t 1) = secure)

P rob(P(t) = secure|P(t 1) = passive)

1) Strategy 1 - Adapting to energy: The smart thing

switches to the passive mode if the battery capacity is below
a threshold b and it goes to the secure mode if the battery
capacity is greater than b. In other terms:

1, b/B b
P (b, c, p, s) =
0, otherwise

(6)
1, b/B b
P (b, c, p, s) =
0, otherwise.
2) Strategy 2 - Adapting to the channel: When the channel
state is degraded, transmission becomes more expensive and
the smart things prioritize power saving. For simplicity, we
assume the following:

1, c = 0
P (b, c, p, s) =
0, c > 0

(7)
0,
c=0
P (b, c, p, s) =
0.5, c > 0
where c is a positive parameter measuring the quality of the
communication channel.
3) Strategy 3 - Adapting to memory: Another criterion
that can make the node decide whether to enforce packet
verication or not is the number of packets in the queue.
When this number is large, authentication is deactivated with
probability 1 because the risk of blocking legitimate packets
increases. Opposingly, when the queue capacity is greater than
a minimum threshold p, the smart thing switches from passive
mode to active mode with probability 2 .

1 ,
pp
P (b, c, p, s) =
1 1 , otherwise

(8)
2 ,
pp
P (b, c, p, s) =
1 2 , otherwise.

922

IEEE ICC 2014 - Communication and Information Systems Security Symposium

4) Strategy 4 - Adapting to the intruder: Using witnessbased detection methods, the smart things can compute the
revocation rate, which is the fraction of compromised nodes
revoked per time slot. We use the technique proposed in [8] to
estimate the revocation rate, denoted by r. We dene a high
threshold r and a low threshold r such that.

3 ,
rr
P (b, c, p, s) =
1 3 , otherwise

(9)
4 ,
rr
P (b, c, p, s) =
1 4 , otherwise.
5) Strategy 5 - Hybrid adaptation: This strategy relies
on combining two or more criteria to decide whether to
activate security or not. Many combinations can be thought
of, depending on the priorities of the target application. For
instance, the following example, we design a strategy where
security activation is triggered by both the channel state and
the residual battery capacity.

1, b/B b and c = 1
P (b, c, p, s) =
0, otherwise

(10)
0, b/B b and c = 0
P (b, c, p, s) =
0, otherwise

Fig. 1.

Markov game model for adaptive security.

Figure 1 depicts an instantiation of the proposed game

model where a smart thing forwards three packets to distinct
neighbors. It decides to authenticate or not the forwarded
packets based on information collected from the context. This
simple example illustrates the major advantages of our model,
which are:
Distributed: The security decisions taken by the smart
things are mutually independent

Context-aware: The decisions are made based on information about the context
Hierarchical: Instead of considering only the attacker and
the defender, our model involves a hierarchy of players
Scalable and lightweight: The aforementioned policies
are lightweight in the sense that they do not require
much storage and computation capabilities. In fact, a
policy is reduced to a set of probabilities related to
elementary actions. Unlike security policies operating
on trafc header elds, our proposed adaptive security
policies are slightly affected by the size of the packet
ow since the key design criteria are extracted from the
context.

B. Utility functions
Based on the analytical models described in the previous
sections, we develop a game-theoretic formulation to setup the
parameters of the adaptive security policy. The utility functions
reect the ability of a node to authenticate or not the forwarded
trafc and its inuence on security policy violation and packet
blocking. We consider a damage function, denoted by ,
which returns the efciency of the security policy in mitigating
the intrusion, and a function, which represents the impact of
the security mechanisms on the lifetime of the network. We
use the sigmoid function to express the utility functions as
follows.

1
1 + egpv .(Ppv hpv )
,
(Ppv ) =
(11)

1
(Ppb ) = 1 1 + egpb .(Ppb hpb )
,
where Ppv and Ppb are the probabilities of security policy
violation and packet blocking, respectively, gpv and gpb determine the sensitivity of the utility functions, and hpv and hpb
represent the centers of the sigmoid functions.
A security policy violation occurs because the security
queue is full and the incoming packets will not be checked
for their compliance with the security policy. Packet blocking
occurs when the battery of the smart thing is depleted and
it switches to the sleep mode for recharging. The utility
functions dened above express a trade-off between enforcing
the policy (at the risk of depleting the battery) and forwarding
potentially forged packets without security checks (at the risk
of violating the security policy). Based on this trade-off, we
formulate a Nash Bargaining model where the equilibrium
can be determined so that both utilities are maximized. The
players of the game are the adaptive security policy and
the energy decay process. They execute random strategies
to reach an equilibrium where the balance between securityeffectiveness and energy-efciency is achieved. In this game,
the decision variable is the vector = (1 , 2 , 3 , 4 ). Adjusting the components of this vector allows controlling the
policy violation and packet dropping probabilities, thereby
impacting the damage and lifetime functions. In addition, the
disagreement outcome in our case is the point (0, 0). This point
represents the damage and lifetime values when no agreement
can be reached between the players.

923

IEEE ICC 2014 - Communication and Information Systems Security Symposium

C. The Nash equilibrium

The equilibrium of the game is denoted by ( , ) and

is found by solving the following optimization problem.
max (1 (Ppv )).(Ppb ).

(12)

The existence of the Nash equilibrium for the proposed game

stems from the fact that the objective function dened by
(1-(Ppv )).(Ppb ) is continuous and dened on a compact,
which is easy to prove in our case.
The study of the Nash equilibrium requires the computation
of the probabilities Ppv and Ppb . To this purpose, the state
transition matrices for the security policy should be computed.
We rst combine the transition processes related to the
battery and the channel. The resulting transition matrix is

(p) .C, where

F(p) = B
(p,0)

B
B(p,0) . . . B(p,0)
B(p,1) B(p,1) . . . B(p,0)

(p) =
(13)
B

,
..
..
..

.
.
...
.
B(p,N )

B(p,c)

(p,c)

b0,0
(p,c)
b1,0
..
.

B(p,N )

...

B(p,N )

(p,c)

b0,1
(p,c)
b1,1
..
.

(p,c)

b1,2
..
.

(p,c)

(p,c)

bb,b1
..
.

(p,c)

bb,b
..
.

bb,b+1
..
.

(p,c)

bB,B

bB,B1

(p,c)

(14)

conducted to evaluate the efciency of our strategy and discuss

the major results.
V. S IMULATIONS AND R ESULTS
We assess the efciency of the proposed security game
through simulations using Matlab. The communication model
conforms to the IEEE 802.15.4 specication, especially with
respect to the packet size that has been set to 1024 bits in
our experiments. The good state of the channel has been
dened by a packet error rate equal to 1% where the SNR
threshold is 5.5dB. Moreover, the battery capacity has been
set to 1.35Wh as for the Shimmer motes used in patient
monitoring. We implemented our game-theoretic model using
the authentication technique proposed in [14], called Multilevel -Tesla (MTesla). We considered a scenario where 20
Shimmer nodes are deployed to collect and transmit patient
data. The energy consumption for the transmission and encryption processes have been taken from [14], [15]
We rst conducted an experiment where we compared the
performance of the four strategies proposed in Section IV to
the MTesla protocol and to the security game proposed in
[7], called Node Capture Game (NCG). Figure 2 illustrates
the evolution of the damage and lifetime functions for these
cases according to time when 1 = 2 = 3 = 4 = 0.5. The
damage and lifetime functions are depicted in blue and red,
respectively. The key ndings are:
1) The asymptotic behaviour is similar in all the considered
cases. The attack tends to spread on the whole network
while the batteries will be completely depleted after a
number of time slots.
2) NCG is less efcient than MTesla in mitigating the
attack. In addition, it does not result in substantial energy
savings since the slope of the battery depletion is less
sharp but the capacity is totally consumed after 500 time
slots for both cases.
3) Strategies 1 and 4 of the proposed game do not return
acceptable results since they purely focus on lifetime
extension and attack mitigation, respectively. Strategy
1 extends the lifetime by 120% but the attack spreads
much quickly. On the opposite, strategy 4 has a similar
mitigation process as TTesla but the lifetime is reduced
by 10%. These strategies have to be combined in order
to provide a good balance between security and energy
performance.
4) Strategies 2 and 3 provide well-balanced results comparing to strategies 1 and 4. Also, comparing to MTesla
and NCG, the lifetime extension is 50% and the security
improvement is 5%.

(p,c)

and bb,b is a (B + 1) (B + 1) matrix representing the

transition probabilities between battery capacities b and b
when the p packets are in the memory and the channel state
is c.
We denote by A = (ai,j ) transition matrix that represents
the transition probabilities between the previous state where i
packets have been authenticated and the current state where j
packets have been authenticated.
Based on this result, the probabilities Ppv and Ppb are
computed as follows.
X

P
I



j
a Xi , Xi +j
Ppv =
Ppb =

i=1 j=Xp+1

k=1

E(A)

(15)

(b, c, p, i),

b,c,p,i

where is the steady state probability matrix, obtained

through the resolution of the equations .A = and .1 = 1,
where 1 is a matrix of ones.
To reduce the complexity of the computation of the Nash
equilibrium, we restrict our search for the optimal solution of
Equation 12 to Pareto-efcient solutions. These are dened
by the solutions where one of the players achieves his highest
utility. Therefore, the Nash equilibrium necessarily belongs to
this set. In the following, we describe the simulations we have

These results corroborate our idea of introducing a hybrid

strategy that balances the results of the four strategies. The performance of the hybrid strategy is illustrated in Figure 3 where
the Nash equilibrium is found at ( , ) = (0.5952, 0.4861).
This value that has been computed for 1 = 2 = 3 = 4 =
0.5 extends the lifetime of the smart things by 47% while the
mitigation process is affected by only 4%. This shows that the

924

IEEE ICC 2014 - Communication and Information Systems Security Symposium

the incorporation of context. An important further step in our

work is to study the applicability of the proposed game to
other threats scenarios and extend the model accordingly. The
model is also being implemented in the ASSET testbed [16]
to rene the simulation results.
VII. ACKNOWLEDGMENT
The work presented here has been carried out in a research project ASSET - Adaptive Security for Smart Internet
of Things in eHealth (2012-2015) funded by The Research
Council of Norway.
R EFERENCES

Fig. 2.

Numerical examples for the damage and lifetime functions.

proposed security game allows reaching good compromises in

terms of energy-efciency and security-effectiveness.

Fig. 3.

Graphical illustration of the Nash equilibrium.

VI. C ONCLUSION AND F UTURE W ORK

In this paper, we have developed a Markov game-theoretic
model for adaptive security. Throughout the analytical study
of the game, we represented the trade-off between improving
the mitigation capabilities of the BAN and extending the
lifetime of the smart things. A novel adaptive security policy
focusing on authentication has been used to evaluate the
performance of our model through simulations. Our approach
allows the implementation of resilient security models for
distributed patient monitoring while taking into consideration
the resource limitations of the smart things. Simulation results
illustrate the efcacy of our method both at striking a balance
between security-effectiveness and energy-efciency as well
as illustrating the extended lifetime with 47% resulting from

[1] T. Alpcan, T. Basar, "Network Security: A Decision and Game-Theoretic

Approac," Cambridge University Press, 2010.
[2] D. Shen, G. Chen, E. Blasch, G. Tadda, "Adaptive Markov Game
Theoretic Data Fusion Approach for Cyber Network Defense," Proc.
IEEE Military Communications Conference (MILCOM), 2007.
[3] G. Chen, D. Shen, C. Kwan, J.B. Cruz, M. Kruger, E. Blasch, "Game
Theoretic Approach to Threat Prediction and Situation Awareness,"
Journal of Advances in Information Fusion, Vol. 2, No. 1, pp. 35-48,
2007.
[4] C. Xiaolin, T. Xiaobin, Z. Yong , X. Hongsheng, "A Markov Game
Theory-based Risk Assessment Model for Network Information System," Proc. International Conference on Computer Science and Software
Engineering, 1057-1061, 2008.
[5] J. B. Nielsen, D. Venturi, A. Zottarel, "On the Connection between Leakage Tolerance and Adaptive Security," Proc. International Conference on
Practice and Theory in Public-Key Cryptography, Nara, Japan, 2013.
[6] G. Centry, B. Waters, "Adaptive Security in Broadcast Encryption
Systems (with Short Ciphertexts)," Proc. International Conference on
the Theory and Applications of Cryptographic Techniques, Cologne,
Germany, 2009.
[7] T. Bonaci, L. Bushnell, "Node Capture Games: A Game Theoretic
Approach to Modeling and Mitigating Node Capture Attacks," Proc.
Second International GameSec Conference, Maryland, USA, 2011.
[8] Z. Li, G. Gong,"Randmoly Directed Exploration: An Efcient Node
Clone Detection Protocol in Wireless Sensor Networks," Proc. IEEE
Conference on Mobile AdHoc and Sensor Systems, pp. 1030-1035,
2009.
[9] A. Kansal, D. Potter, M.B. Srivastava, "Performance Aware Tasking for
Environmentally Powered Sensor Networks," Proc. ACM SIMETRICS
Performance Evaluation Rev., Vol. 32, No. 1, pp. 223-234, 2004.
[10] C.F. Chiasserini, R.R. Rao, "Improving Battery Performance by Using
trafc Shaping Techniques," IEEE Journal on Selected Areas in Communications, Vol. 19, No. 7, pp. 1385-1394, July 2001.
[11] M. D. Yacoub, G. Fraidenraich, and J. C. S. Santos Filho, "Nakagamim phase-envelope joint distribution," Electron. Lett., vol. 41, no. 5, pp.
259-261, Mar. 3, 2005.
[12] X. Ning, C.G. Cassandras, "Message Batching in Wireless Sensor
Networks - A Perturbation Analysis Approach," proc. IEEE Conference
on Decision and Control, New Orleans, USA, 2007.
[13] S. Tang, B.L. Mark, "Analysis of virus spread in wireless sensor
networks: An epidemic model," Proc. IEEE Workshop on Design of
Reliable Communication Network, Washington DC, USA, 2009.
[14] D. Liu, P. Ning, "Multi-level Tesla: Broadcast Authentication for Distributed Sensor Networks," ACM Transactions in Embedded Computing
Systems, Vol. 3, pp. 800-836, 2004.
[15] H. Rifa-Pous, J. Herrera-Joancomarti, "Computational and Energy Costs
of Cryptographic Algorithms on Handheld Devices," Future Internet,
Vol. 3, pp. 31-48, 2011.
[16] Y. Berhanu-Woldegeorgis, H. Abie, M. Hamdi, "A Testbed for Adaptive
Security for IoT in eHealth," Int. Workshop on Adaptive Security &
Privacy Management for the Internet of Things, Switzerland, 2013.

925