# A game-theoretic approach for integrity assurance in resource-bounded systems

## Abstract

Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used toward this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited, but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. To bridge the gap between such binary decisions, we propose a stochastic message authentication approach that can explicitly trade computational cost off for security. We introduce a formal game-theoretic framework for optimal stochastic message authentication, providing provable guarantees for resource-bounded systems based on an existing message authentication scheme. We use our framework to investigate attacker deterrence, as well as optimal stochastic message authentication when deterrence is impossible, in both short-term and long-term equilibria. Additionally, we propose two schemes for implementing stochastic message authentication in practice, one for saving computation only at the receiver and one for saving computation at both ends, and demonstrate the associated computational savings using an actual implementation.

## Keywords

Message authentication Game theory Economics of security Resource-bounded system## Notes

### Acknowledgements

This work is supported in part by the National Science Foundation (CNS-1238959), the Air Force Research Laboratory (FA 8750-14-2-0180), and by NIST (70NANB15H263).

## References

- 1.Akerberg, J., Gidlund, M., Bjorkman, M.: Future research challenges in wireless sensor and actuator networks targeting industrial automation. In: Proceedings of the 9th IEEE International Conference on Industrial Informatics (INDIN), pp. 410–415 (2011)Google Scholar
- 2.Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: APE: Authenticated permutation-based encryption for lightweight cryptography. In: Proceedings of the 21st International Workshop on Fast Software Encryption (FSE), pp. 168–186. Springer (2014)Google Scholar
- 3.Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Proceedings of the 16th Annual Crypto Conference (CRYPTO), pp. 1–15 (1996)Google Scholar
- 4.Campbell, K., Gordon, L.A., Loeb, M.P., Zhou, L.: The economic cost of publicly announced information security breaches: empirical evidence from the stock market. J. Comput. Secur.
**11**(3), 431–448 (2003)CrossRefGoogle Scholar - 5.Campbell, R.J.: The smart grid and cybersecurity: regulatory policy and issues. Congressional Research Service Report for Congress. http://fas.org/sgp/crs/misc/R41886.pdf (2011). Accessed 01 May 2015
- 6.Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Proceedings of the 3rd USENIX Workshop on Hot Topics in Security (HotSec) (2008)Google Scholar
- 7.Cisco Systems, Inc.: Securing the smart grid. White Paper. http://www.cisco.com/web/strategy/docs/energy/SmartGridSecurity_wp.pdf (2009). Accessed 01 May 2015
- 8.Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput.
**24**(6), 522–533 (2007). doi: 10.1109/MDT.2007.178 CrossRefGoogle Scholar - 9.Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Hummingbird: ultra-lightweight cryptography for resource-constrained devices. In: Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC), pp. 3–18. Springer (2010)Google Scholar
- 10.Engels, D., Saarinen, M.J.O., Schweitzer, P., Smith, E.M.: The Hummingbird-2 lightweight authenticated encryption algorithm. In: Proceedings of the 7th International Workshop, RFIDSec, Revised selected papers, pp. 19–31 (2011)Google Scholar
- 11.Fang, X., Misra, S., Xue, G., Yang, D.: Smart gridthe new and improved power grid: a survey. IEEE Commun. Surv. Tutor.
**14**(4), 944–980 (2012)CrossRefGoogle Scholar - 12.Fouda, M.M., Fadlullah, Z.M., Kato, N., Lu, R., Shen, X.: A lightweight message authentication scheme for smart grid communications. IEEE Trans. Smart Grid
**2**(4), 675–685 (2011)CrossRefGoogle Scholar - 13.Ghena, B., Beyer, W., Hillaker, A., Pevarnek, J., Halderman, J.A.: Green lights forever: analyzing the security of traffic infrastructure. In: Proceedings of the 8th USENIX Workshop on Offensive Technologies (WOOT’14). USENIX Association (2014)Google Scholar
- 14.Gong, Z., Nikova, S., Law, Y.W.: KLEIN: A new family of lightweight block ciphers. In: Proceedings of the 7th Workshop on RFID Security and Privacy (RFIDSec), Revised selected papers, pp. 1–18 (2011)Google Scholar
- 15.Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. Nash in security games: an extended investigation of interchangeability, equivalence, and uniqueness. J. Artifi. Intell. Res.
**41**(2), 297–327 (2011)MathSciNetzbMATHGoogle Scholar - 16.Krutz, R.L., Vines, R.D.: The CISSP Prep Guide: Mastering the ten domains of Computer Security. Wiley, New York (2001)Google Scholar
- 17.Kumar, A., Aggarwal, A.: Lightweight cryptographic primitives for mobile ad hoc networks. In: Proceedings of the 2012 International Conference on Security in Computer Networks and Distributed Systems (SNDS), pp. 240–251 (2012)Google Scholar
- 18.Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Integrity assurance in resource-bounded systems through stochastic message authentication. In: Proceedings of the 2nd Symposium and Bootcamp on the Science of Security, (HotSoS), pp. 1–12 (2015)Google Scholar
- 19.Letchford, J., Vorobeychik, Y.: Optimal interdiction of attack plans. In: Proceedings of the 12th International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pp. 199–206 (2013)Google Scholar
- 20.Maimut, D., Ouafi, K.: Lightweight cryptography for RFID tags. IEEE Secur. Priv.
**10**(2), 76–79 (2012)CrossRefGoogle Scholar - 21.Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. (CSUR)
**45**(3), 25 (2013)CrossRefzbMATHGoogle Scholar - 22.Merkle, R.C.: Secrecy, authentication, and public key systems. Ph.D. thesis, Stanford University, Stanford (1979)Google Scholar
- 23.Moradi, A., Poschmann, A.: Lightweight cryptography and DPA countermeasures: a survey. In: Proceedings of the 1st International Workshop on Lightweight Cryptography for Resource-Constrained Devices (WLC), pp. 68–79 (2010)Google Scholar
- 24.Ranasinghe, D.C.: Lightweight cryptography for low cost RFID. In: Networked RFID Systems and Lightweight Cryptography, pp. 311–346. Springer, Berlin (2008)Google Scholar
- 25.Simmons, G.J.: Game theory model of digital message authentication. Tech rep., Sandia National Labs, Albuquerque (1981)Google Scholar
- 26.Simmons, G.J.: Authentication theory/coding theory. In: Blakley, G.R., Chaum, D. (eds.) Advances in Cryptology. CRYPTO 1984. Lecture Notes in Computer Science, vol. 196, pp. 411–431. Springer, Berlin, Heidelberg (1985)Google Scholar
- 27.Sridhar, S., Hahn, A., Govindarasu, M.: Cyber-physical system security for the electric power grid. Proc. IEEE
**100**(1), 210–224 (2012)CrossRefGoogle Scholar - 28.Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)CrossRefzbMATHGoogle Scholar
- 29.Tsang, P.P., Smith, S.W.: YASIR: A low-latency, high-integrity security retrofit for legacy SCADA systems. In: Proceeding of the IFIP TC 11 23rd International Information Security Conference (IFIP SEC), pp. 445–459. Springer (2008)Google Scholar
- 30.Wang, D., Wang, P.: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw.
**20**, 1–15 (2014)CrossRefGoogle Scholar - 31.Wang, D., Wang, P.: Two birds with one stone: Two-factor authentication with security beyond conventional bound. In: IEEE Transactions on Dependable and Secure Computing (2016)Google Scholar