IoT Security Risk Modelling and Assessment

Alyzia-Maria Konsta: Secure IoT: It is just a game

We can think about the security attacks as a game between the attacker and the defender. The attacker is trying to steal or modify some data and the defender is trying their best to make sure that the attacker is not going to achieve their goal.

Internet of Things (IoT) is a recent technology that creates a global network of machines and devices that are capable of communicating and exchanging data with each other through the Internet. IoT devices exist everywhere in our everyday life: smart watches, smart cars, smart homes and health care are just an example. We can imagine that these kinds of devices collect and process a huge amount of sensitive and sometimes, even personal data. It is also important to say that IoT devices are usually limited in memory size and energy capacity, so some of the security techniques used in common systems are not suitable for IoT (the defender lost a strategy). Since these devices run in uncontrolled, potentially hostile environments, they are vulnerable to security and privacy attacks.

The vulnerabilities of IoT devices can emerge from plenty of reasons, such as human error or malice incentive and technical problems. To develop a secure IoT system, one should take into account all of the factors and characteristics mentioned above, and balance them against functionality and performance requirements. To address these issues consistently, an overview of the potential attacks and their countermeasures are required.

The goal of this project is to help IoT developers to detect the potential risks and produce the most optimal strategy for applying the countermeasures. In other words, to detect the potential strategies for both the attacker and the defender and help the defender apply the most optimal strategy to maximize their payoff.

PhD project

By: Alyzia-Maria Konsta

Section: Software Systems Engineering

Principal supervisor: Alberto Lluch Lafuente

Co-supervisor: Nicola Dragoni

Project title: IoT Security Risk Modelling and Assessment

Term: 01/02/2022 → 31/01/2025


Alyzia-Maria Konsta
PhD student
DTU Compute


Alberto Lluch Lafuente
Head of Section, Professor
DTU Compute
+45 45 25 37 36


Nicola Dragoni
DTU Compute
+45 45 25 37 31