A game-theoretic approach for integrity assurance in resource-bounded systems

Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used toward this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited, but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. To bridge the gap between such binary decisions, we propose a stochastic message authentication approach that can explicitly trade computational cost off for security. We introduce a formal game-theoretic framework for optimal stochastic message authentication, providing provable guarantees for resource-bounded systems based on an existing message authentication scheme. We use our framework to investigate attacker deterrence, as well as optimal stochastic message authentication when deterrence is impossible, in both short-term and long-term equilibria. Additionally, we propose two schemes for implementing stochastic message authentication in practice, one for saving computation only at the receiver and one for saving computation at both ends, and demonstrate the associated computational savings using an actual implementation.

[1]  Gustavus J. Simmons,et al.  Authentication Theory/Coding Theory , 1985, CRYPTO.

[2]  Alok Aggarwal,et al.  Lightweight Cryptographic Primitives for Mobile Ad Hoc Networks , 2012, SNDS.

[3]  Yevgeniy Vorobeychik,et al.  Integrity assurance in resource-bounded systems through stochastic message authentication , 2015, HotSoS.

[4]  Nei Kato,et al.  A Lightweight Message Authentication Scheme for Smart Grid Communications , 2011, IEEE Transactions on Smart Grid.

[5]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[6]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[7]  Yevgeniy Vorobeychik,et al.  Optimal interdiction of attack plans , 2013, AAMAS.

[8]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[9]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[10]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[11]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[12]  Amir Moradi,et al.  Lightweight Cryptography and DPA Countermeasures: A Survey , 2010, Financial Cryptography Workshops.

[13]  Mikael Gidlund,et al.  Future research challenges in wireless sensor and actuator networks targeting industrial automation , 2011, 2011 9th IEEE International Conference on Industrial Informatics.

[14]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[15]  K. Baskaran,et al.  Securing the smart grid network: A review , 2016 .

[16]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[17]  Juliane Hahn,et al.  Security And Game Theory Algorithms Deployed Systems Lessons Learned , 2016 .

[18]  Diana Maimut,et al.  Lightweight Cryptography for RFID Tags , 2012, IEEE Security & Privacy.

[19]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[20]  Damith C. Ranasinghe Lightweight cryptography for low cost RFID , 2008 .

[21]  Daniel W. Engels,et al.  The Hummingbird-2 Lightweight Authenticated Encryption Algorithm , 2011, RFIDSec.

[22]  Sean W. Smith,et al.  YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems , 2008, SEC.

[23]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[24]  Xi Fang,et al.  3. Full Four-channel 6.3-gb/s 60-ghz Cmos Transceiver with Low-power Analog and Digital Baseband Circuitry 7. Smart Grid — the New and Improved Power Grid: a Survey , 2022 .

[25]  Richard J. Campbell The Smart Grid and Cybersecurity: Regulatory Policy and Issues , 2011 .

[26]  Ronald L. Krutz,et al.  The CISSP Prep Guide: Mastering the Ten Domains of Computer Security , 2001 .

[27]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[28]  Guang Gong,et al.  Hummingbird: Ultra-Lightweight Cryptography for Resource-Constrained Devices , 2010, Financial Cryptography Workshops.

[29]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[30]  Andrey Bogdanov,et al.  APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography , 2014, FSE.