A game-theoretic approach for integrity assurance in resource-bounded systems

A game-theoretic approach for integrity assurance in resource-bounded systems
Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos

Citation
Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos. "A game-theoretic approach for integrity assurance in resource-bounded systems". International Journal of Information Security, January 2017.

Abstract
Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used towards this end introduce significant practical implementation challenges for resource-bounded systems, such as cyberphysical systems. For example, many control systems are built on legacy components which are computationally limited but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. To bridge the gap between such binary decisions, we propose a stochastic message authentication approach that can explicitly trade computational cost off for security. We introduce a formal game-theoretic framework for optimal stochastic message authentication, providing provable guarantees for resource-bounded systems based on an existing message authentication scheme. We use our framework to investigate attacker deterrence, as well as optimal stochastic message authentication when deterrence is impossible, in both short-term and long-term equilibria. Additionally, we propose two schemes for implementing stochastic message authentication in practice, one for saving computation only at the receiver and one for saving computation at both ends, and demonstrate the associated computational savings using an actual implementation.

Electronic downloads

http://aronlaszka.com/papers/laszka_game.pdf

Citation formats

HTML

Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos. <a
href="http://www.cps-forces.org/pubs/238.html"
>A game-theoretic approach for integrity assurance in
resource-bounded systems</a>, <i>International
Journal of Information Security</i>, January 2017.

Plain text

Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos.
"A game-theoretic approach for integrity assurance in
resource-bounded systems". <i>International
Journal of Information Security</i>, January 2017.

BibTeX

@article{LaszkaVorobeychikKoutsoukos17_GametheoreticApproachForIntegrityAssuranceInResourcebounded,
    author = {Aron Laszka and Yevgeniy Vorobeychik and Xenofon
              Koutsoukos},
    title = {A game-theoretic approach for integrity assurance
              in resource-bounded systems},
    journal = {International Journal of Information Security},
    month = {January},
    year = {2017},
    abstract = {Assuring communication integrity is a central
              problem in security. However, overhead costs
              associated with cryptographic primitives used
              towards this end introduce significant practical
              implementation challenges for resource-bounded
              systems, such as cyberphysical systems. For
              example, many control systems are built on legacy
              components which are computationally limited but
              have strict timing constraints. If integrity
              protection is a binary decision, it may simply be
              infeasible to introduce into such systems; without
              it, however, an adversary can forge malicious
              messages, which can cause significant physical or
              financial harm. To bridge the gap between such
              binary decisions, we propose a stochastic message
              authentication approach that can explicitly trade
              computational cost off for security. We introduce
              a formal game-theoretic framework for optimal
              stochastic message authentication, providing
              provable guarantees for resource-bounded systems
              based on an existing message authentication
              scheme. We use our framework to investigate
              attacker deterrence, as well as optimal stochastic
              message authentication when deterrence is
              impossible, in both short-term and long-term
              equilibria. Additionally, we propose two schemes
              for implementing stochastic message authentication
              in practice, one for saving computation only at
              the receiver and one for saving computation at
              both ends, and demonstrate the associated
              computational savings using an actual
              implementation.},
    URL = {http://cps-forces.org/pubs/238.html}
}

Posted by Waseem Abbas on 2 Mar 2017.
Groups: forces
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.