Skip to main content
Springer Nature Link
Log in

How to Dynamically Incentivize Sufficient Level of IoT Security

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12063))

Included in the following conference series:

Abstract

This paper propose an incentive mechanism to secure large numbers of devices through the use of insurance based on smart contracts. It consists of the automated security evaluation of enterprise IoT devices and the creation of a dynamic insurance premium. To automate the security evaluation of enterprise IoT devices, we collect and store IoT device status data with privacy preservation on blockchain. Then, we track and assess the risk associated with IoT devices with the use of a smart contract. By monitoring this risk over time, we present a means to incentivize the resolution of vulnerabilities by measuring the latent risk in an environment as well as the vigilance of the devices’ managers in resolving these vulnerabilities. In this way, we produce a dynamic cyber insurance premium that more accurately captures the risk profile associated with an environment than existing cyber insurance. Through the use blockchain and smart contracts, this framework also provides public verification for both insured and insurer and provides a level of risk management for the insurer. We also present regulatory considerations in order for this scheme to meet supervisory requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    U.S. direct premiums written for cyber risk coverage were approximately 2.03 billion dollars in 2018, a 10% increase over 2017’s 1.84 billion.

  2. 2.

    It is not to say that insurance companies cannot adjust premiums based on security improvements that are observed in a client’s environment, but that there is usually no practical way to access this information in a reliable way that provides a faithful representation of the client’s efforts or accomplishments.

  3. 3.

    A smart cyber insurance scheme could be more difficult to understand than a traditional one. From policyholder protection perspective, regulators might ask insurers to refrain from using complex pricing model especially when the products are sold to individuals.

  4. 4.

    As an example, The EU-U.S. Insurance Dialogue Project began as an initiative by multiple organization including EIOPA, FIO and NAIC to enhance mutual understanding and cooperation between the European Union (EU) and the United States for the benefit of insurance consumers and business.

References

  1. Information technology - security techniques - cybersecurity and ISO and IEC standards. Report ISO/IEC TR 27103:2018, ISO/IEC JTC1 (2018)

    Google Scholar 

  2. Baer, W.: Rewarding it security in the marketplace. Contemp. Secur. Policy 24(1), 190–208 (2003)

    Article  Google Scholar 

  3. Bellare, M., Yilek, S.: Encryption schemes secure under selective opening attack. Cryptology ePrint Archive, Report 2009/101. https://eprint.iacr.org/2009/101 (2009)

  4. Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_30

  5. Boneh, D., Kushilevitz, E., Ostrovsky, R., Skeith, W.E.: Public key encryption that allows PIR queries. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 50–67. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_4

  6. Cao, N., O’Neill, A., Zaheri, M.: Toward RSA-OAEP without random oracles. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12110, pp. 279–308. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45374-9_10

  7. Finck, M.: Blockchain Regulation and Governance in Europe. Cambridge University Press, Cambridge (2018)

    Google Scholar 

  8. Hoang, V.T., Katz, J., O’Neill, A., Zaheri, M.: Selective-Opening Security in the Presence of Randomness Failures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 278–306. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_10

  9. Hofheinz, D., Weinreb, E.: Searchable encryption with decryption in the standard model.IACR Cryptology ePrint Archive, 2008:423. (2008)

    Google Scholar 

  10. Corvus Insurance. Insurtech corvus launches smart cyber excess insurance with \$10mlimit. Insurance Journal (2019)

    Google Scholar 

  11. European Insurance and Occupational Pensions Authority. Understanding cyber insurance – a structured dialogue with insurance companies (2018). https://eiopa.europa.eu/Publications/Reports

  12. Jevtic, P., Lanchier, N.: Smart contract insurance. https://blockchain.asu.edu/smart-contract-insurance/

  13. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Cryptography Mailing list (2009). https://metzdowd.com

  14. National Association of Insurance Commissioners. Report on the cybersecurity insurance and identity theft coverage supplement (2019). https://content.naic.org

  15. International Association of Insurance Supervisors. Application paper on supervision of insurer cybersecurity (2018). https://www.iaisweb.org/page/supervisory-material/application-papers

  16. Ostrovsky, R., Skeith, W.E.: Private searching on streaming data. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 223–240. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_14

  17. EU-U.S. Insurance Dialogue Project. The cyber insurance market (2018). https://eiopa.europa.eu/Publications

  18. Romanosky, S., Ablon, L., Kuehn, A., Jones, T.: Content analysis of cyber insurance policies: How do carriers write policies and price cyber risk? SSRN Electron. J. (2017)

    Google Scholar 

  19. Woods, D., Agrafiotis, I., Nurse, J.R.C., Creese, S.: Mapping the coverage of security controls in cyber insurance proposal forms. J. Internet Serv. Appl. 8(1), 1–13 (2017). https://doi.org/10.1186/s13174-017-0059-y

  20. Woods, D., Simpson, A.: Policy measures and cyber insurance: a framework. J. Cyber Policy 2(2), 209–226 (2017)

    Google Scholar 

  21. Yurcik, W., Doss, D.: Cyber insurance: a market solution to the internet security market failure. In Proceedings of The 1st Workshop on the Economics of Information Security (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Georgetown University, Washington, D.C., USA

    Jianan Su, Michael Bartholic, Andrew Stange, Ryosuke Ushida & Shin’ichiro Matsuo

Authors
  1. Jianan Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Bartholic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrew Stange
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ryosuke Ushida
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Shin’ichiro Matsuo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianan Su .

Editor information

Editors and Affiliations

  1. University of Michigan–Ann Arbor, Ann Arbor, USA

    Matthew Bernhard

  2. Computing Science and Mathematics, University of Stirling, Stirling, UK

    Andrea Bracciali

  3. Computer Science Department, Indiana University, Bloomington, USA

    L. Jean Camp

  4. Department of Computer Science, Georgetown University, Washington, WA, USA

    Shin'ichiro Matsuo

  5. Western Sydney University, Parramatta, Australia

    Alana Maurushat

  6. Maison du Nombre, University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter B. Rønne

  7. Dipartimento di Matematica, University of Trento, Trento, Trento, Italy

    Massimiliano Sala

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Su, J., Bartholic, M., Stange, A., Ushida, R., Matsuo, S. (2020). How to Dynamically Incentivize Sufficient Level of IoT Security. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-54455-3_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-54454-6

  • Online ISBN: 978-3-030-54455-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy