Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach

In this paper, we aim to establish a holistic framework that integrates the cyber-physical layers of a cloud-enabled Internet of Controlled Things (IoCT) through the lens of contract theory. At the physical layer, the device uses cloud services to operate the system. The quality of cloud services is unknown to the device, and hence the device designs a menu of contracts to enable a reliable and incentive-compatible service. Based on the received contracts, the cloud service provider (SP) serves the device by determining its optimal cyber defense strategy. A contract-based FlipCloud game is used to assess the security risk and the cloud quality of service (QoS) under advanced persistent threats. The contract design approach creates a pricing mechanism for on-demand security as a service for cloud-enabled IoCT. By focusing on high and low QoS types of cloud SPs, we find that the contract design can be divided into two regimes (regimes I and II) with respect to the provided cloud QoS. Specifically, the physical devices whose optimal contracts are in regime I always request the best possible cloud security service. In contrast, the device only asks for a cloud security level that can stabilize the system when the optimal contracts lie in regime II. We illustrate the obtained results via case studies of a cloud-enabled smart home.

[1]  Mehdi Maasoumy Modeling and Optimal Control Algorithm Design for HVAC Systems in Energy Efficient Buildings , 2014 .

[2]  Ming Zhang,et al.  A Game Theoretic Model for Defending Against Stealthy Attacks with Limited Resources , 2015, GameSec.

[3]  Tamer Basar,et al.  Optimal control of LTI systems over unreliable communication links , 2006, Autom..

[4]  B. Pederson,et al.  Continuous Ventricular Volume Assessment for Diagnosis and Pacemaker Control , 1984, Pacing and clinical electrophysiology : PACE.

[5]  Qiang Chen,et al.  Value-centric design of the internet-of-things solution for food supply chain: Value creation, sensor portfolio and information fusion , 2012, Information Systems Frontiers.

[6]  Sudhir Rao Rupanagudi,et al.  A novel cloud computing based smart farming system for early detection of borer insects in tomatoes , 2015, 2015 International Conference on Communication, Information & Computing Technology (ICCICT).

[7]  Mohamed Hamdi,et al.  Game-based adaptive security in the Internet of Things for eHealth , 2014, 2014 IEEE International Conference on Communications (ICC).

[8]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[9]  Luigi Martirano A smart lighting control to save energy , 2011, Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems.

[10]  Alan Borning,et al.  Patients, pacemakers, and implantable defibrillators: human values and security for wireless implantable medical devices , 2010, CHI.

[11]  Volodymyr Babich,et al.  Supply Disruptions, Asymmetric Information, and a Backup Production Option , 2009, Manag. Sci..

[12]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[13]  Christopher Leckie,et al.  A Game Theoretical Approach to Defend Against Co-Resident Attacks in Cloud Computing: Preventing Co-Residence Using Semi-Supervised Learning , 2016, IEEE Transactions on Information Forensics and Security.

[14]  Christoph Meinel,et al.  Advanced persistent threats: Behind the scenes , 2016, 2016 Annual Conference on Information Science and Systems (CISS).

[15]  Xi Fang,et al.  Managing smart grid information in the cloud: opportunities, model, and applications , 2012, IEEE Network.

[16]  Guoqiang Hu,et al.  Cloud robotics: architecture, challenges and applications , 2012, IEEE Network.

[17]  Ross Brewer,et al.  Advanced persistent threats: minimising the damage , 2014, Netw. Secur..

[18]  Dimitri P. Bertsekas,et al.  Dynamic Programming and Optimal Control, Vol. II , 1976 .

[19]  Quanyan Zhu,et al.  Optimal Contract Design Under Asymmetric Information for Cloud-Enabled Internet of Controlled Things , 2016, GameSec.

[20]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[21]  Quanyan Zhu,et al.  Resilient and decentralized control of multi-level cooperative mobile networks to maintain connectivity under adversarial environment , 2015, 2016 IEEE 55th Conference on Decision and Control (CDC).

[22]  C. Corbett,et al.  A Supplier's Optimal Quantity Discount Policy Under Asymmetric Information , 2000 .

[23]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[24]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[25]  R. Myerson Incentive Compatibility and the Bargaining Problem , 1979 .

[26]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[27]  Klaus M. Schmidt,et al.  Fairness and contract design , 2007 .

[28]  Prahlad Patel Modeling and optimal control algorithm design for HVAC systems in energy efficient buildings , 2013 .

[29]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[30]  Quanyan Zhu,et al.  Cross-layer secure cyber-physical control system design for networked 3D printers , 2016, 2016 American Control Conference (ACC).

[31]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[32]  Prasant Mohapatra,et al.  Dynamic defense strategy against advanced persistent threat with insiders , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[33]  K. J. Ray Liu,et al.  A contract-based approach for ancillary services in V2G networks: Optimality and learning , 2013, 2013 Proceedings IEEE INFOCOM.

[34]  Albert G. Greenberg,et al.  The cost of a cloud: research problems in data center networks , 2008, CCRV.

[35]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[36]  Arkady B. Zaslavsky,et al.  Sensing as a service model for smart cities supported by Internet of Things , 2013, Trans. Emerg. Telecommun. Technol..

[37]  Quanyan Zhu,et al.  Interdependent network formation games with an application to critical infrastructures , 2016, 2016 American Control Conference (ACC).

[38]  Hsiao-Hwa Chen,et al.  An Energy-Aware Trust Derivation Scheme With Game Theoretic Approach in Wireless Sensor Networks for IoT Applications , 2014, IEEE Internet of Things Journal.

[39]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[40]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[41]  Eric Cole,et al.  Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization , 2012 .

[42]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.