iSTRICT: An Interdependent Strategic Trust Mechanism for the Cloud-Enabled Internet of Controlled Things

The cloud-enabled Internet of controlled things (IoCT) envisions a network of sensors, controllers, and actuators connected through a local cloud in order to intelligently control physical devices. Because cloud services are vulnerable to advanced persistent threats (APTs), each device in the IoCT must strategically decide whether to trust cloud services that may be compromised. In this paper, we present iSTRICT, an interdependent strategic trust mechanism for the cloud-enabled IoCT. iSTRICT is composed of three interdependent layers. In the cloud layer, iSTRICT uses FlipIt games to conceptualize APTs. In the communication layer, it captures the interaction between devices and the cloud using signaling games. In the physical layer, iSTRICT uses optimal control to quantify the utilities in the higher level games. Best response dynamics link the three layers in an overall “game-of-games,” for which the outcome is captured by a concept called Gestalt Nash equilibrium (GNE). We prove the existence of a GNE under a set of natural assumptions and develop an adaptive algorithm to iteratively compute the equilibrium. Finally, we apply iSTRICT to trust management for autonomous vehicles that rely on measurements from remote sources. We show that strategic trust in the communication layer achieves a worst-case probability of compromise for any attack and defense costs in the cyber layer.

[1]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[2]  David M. Kreps,et al.  Signaling Games and Stable Equilibria , 1987 .

[3]  Quanyan Zhu,et al.  Strategic Trust in Cloud-Enabled Cyber-Physical Systems With an Application to Glucose Control , 2017, IEEE Transactions on Information Forensics and Security.

[4]  Yu Peng,et al.  Review on cyber-physical systems , 2017, IEEE/CAA Journal of Automatica Sinica.

[5]  Quanyan Zhu,et al.  Interdependent strategic cyber defense and robust switching control design for wind energy systems , 2017, 2017 IEEE Power & Energy Society General Meeting.

[6]  Erich Schikuta,et al.  SLA Validation in Layered Cloud Infrastructures , 2010, GECON.

[7]  Enzo Baccarelli,et al.  Distributed and adaptive resource management in Cloud-assisted Cognitive Radio Vehicular Networks with hard reliability guarantees , 2015, Veh. Commun..

[8]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[9]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[10]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[11]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[12]  Oskar Levander,et al.  Autonomous ships on the high seas , 2017, IEEE Spectrum.

[13]  Renfa Li,et al.  Security-aware signal packing algorithm for CAN-based automotive cyber-physical systems , 2015, IEEE/CAA Journal of Automatica Sinica.

[14]  Andrea Zanella,et al.  Padova Smart City: An urban Internet of Things experimentation , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[15]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[16]  Houbing Song,et al.  Internet of Things and Big Data Analytics for Smart and Connected Communities , 2016, IEEE Access.

[17]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[18]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[19]  Quan Z. Sheng,et al.  Reputation Attacks Detection for Effective Trust Assessment among Cloud Services , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[20]  Drew Fudenberg,et al.  Game theory (3. pr.) , 1991 .

[21]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.

[22]  Shanlin Yang,et al.  A novel two-stage model for cloud service trustworthiness evaluation , 2014, Expert Syst. J. Knowl. Eng..

[23]  Gene F. Franklin,et al.  Digital control of dynamic systems , 1980 .

[24]  Chunhua Zhang,et al.  The application of small unmanned aerial systems for precision agriculture: a review , 2012, Precision Agriculture.

[25]  S. Kakutani A generalization of Brouwer’s fixed point theorem , 1941 .

[26]  Quanyan Zhu,et al.  Quantitative models of imperfect deception in network security using signaling games with evidence [IEEE CNS 17 Poster] , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[27]  Quanyan Zhu,et al.  Modeling and Analysis of Leaky Deception Using Signaling Games With Evidence , 2018, IEEE Transactions on Information Forensics and Security.

[28]  Marimuthu Palaniswami,et al.  An Information Framework for Creating a Smart City Through Internet of Things , 2014, IEEE Internet of Things Journal.

[29]  B. J. Fogg,et al.  The elements of computer credibility , 1999, CHI '99.

[30]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[31]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[32]  MengChu Zhou,et al.  A Domain Partition-Based Trust Model for Unreliable Clouds , 2018, IEEE Transactions on Information Forensics and Security.

[33]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.

[34]  Quanyan Zhu,et al.  Secure and Resilient Control Design for Cloud Enabled Networked Control Systems , 2015, CPS-SPC '15.

[35]  M. Hoagland,et al.  Feedback Systems An Introduction for Scientists and Engineers SECOND EDITION , 2015 .

[36]  Gábor Horváth,et al.  FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources , 2014, GameSec.

[37]  Jie Zhang,et al.  A Multifaceted Approach to Modeling Agent Trust for Effective Communication in the Application of Mobile Ad Hoc Vehicular Networks , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[38]  Quanyan Zhu,et al.  Optimal Contract Design Under Asymmetric Information for Cloud-Enabled Internet of Controlled Things , 2016, GameSec.

[39]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[40]  Hamidreza Navidi,et al.  Identifying fake feedback in cloud trust management systems using feedback evaluation component and Bayesian game model , 2017, The Journal of Supercomputing.

[41]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[42]  Victor C. M. Leung,et al.  An Authenticated Trust and Reputation Calculation , 2017 .

[43]  Melanie Swan,et al.  Sensor Mania! The Internet of Things, Wearable Computing, Objective Metrics, and the Quantified Self 2.0 , 2012, J. Sens. Actuator Networks.