Advertisement

International Journal of Information Security

, Volume 17, Issue 2, pp 221–242 | Cite as

A game-theoretic approach for integrity assurance in resource-bounded systems

  • Aron Laszka
  • Yevgeniy Vorobeychik
  • Xenofon Koutsoukos
Regular Contribution

Abstract

Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used toward this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited, but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. To bridge the gap between such binary decisions, we propose a stochastic message authentication approach that can explicitly trade computational cost off for security. We introduce a formal game-theoretic framework for optimal stochastic message authentication, providing provable guarantees for resource-bounded systems based on an existing message authentication scheme. We use our framework to investigate attacker deterrence, as well as optimal stochastic message authentication when deterrence is impossible, in both short-term and long-term equilibria. Additionally, we propose two schemes for implementing stochastic message authentication in practice, one for saving computation only at the receiver and one for saving computation at both ends, and demonstrate the associated computational savings using an actual implementation.

Keywords

Message authentication Game theory Economics of security Resource-bounded system 

Notes

Acknowledgements

This work is supported in part by the National Science Foundation (CNS-1238959), the Air Force Research Laboratory (FA 8750-14-2-0180), and by NIST (70NANB15H263).

References

  1. 1.
    Akerberg, J., Gidlund, M., Bjorkman, M.: Future research challenges in wireless sensor and actuator networks targeting industrial automation. In: Proceedings of the 9th IEEE International Conference on Industrial Informatics (INDIN), pp. 410–415 (2011)Google Scholar
  2. 2.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: APE: Authenticated permutation-based encryption for lightweight cryptography. In: Proceedings of the 21st International Workshop on Fast Software Encryption (FSE), pp. 168–186. Springer (2014)Google Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Proceedings of the 16th Annual Crypto Conference (CRYPTO), pp. 1–15 (1996)Google Scholar
  4. 4.
    Campbell, K., Gordon, L.A., Loeb, M.P., Zhou, L.: The economic cost of publicly announced information security breaches: empirical evidence from the stock market. J. Comput. Secur. 11(3), 431–448 (2003)CrossRefGoogle Scholar
  5. 5.
    Campbell, R.J.: The smart grid and cybersecurity: regulatory policy and issues. Congressional Research Service Report for Congress. http://fas.org/sgp/crs/misc/R41886.pdf (2011). Accessed 01 May 2015
  6. 6.
    Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Proceedings of the 3rd USENIX Workshop on Hot Topics in Security (HotSec) (2008)Google Scholar
  7. 7.
    Cisco Systems, Inc.: Securing the smart grid. White Paper. http://www.cisco.com/web/strategy/docs/energy/SmartGridSecurity_wp.pdf (2009). Accessed 01 May 2015
  8. 8.
    Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 24(6), 522–533 (2007). doi: 10.1109/MDT.2007.178 CrossRefGoogle Scholar
  9. 9.
    Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Hummingbird: ultra-lightweight cryptography for resource-constrained devices. In: Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC), pp. 3–18. Springer (2010)Google Scholar
  10. 10.
    Engels, D., Saarinen, M.J.O., Schweitzer, P., Smith, E.M.: The Hummingbird-2 lightweight authenticated encryption algorithm. In: Proceedings of the 7th International Workshop, RFIDSec, Revised selected papers, pp. 19–31 (2011)Google Scholar
  11. 11.
    Fang, X., Misra, S., Xue, G., Yang, D.: Smart gridthe new and improved power grid: a survey. IEEE Commun. Surv. Tutor. 14(4), 944–980 (2012)CrossRefGoogle Scholar
  12. 12.
    Fouda, M.M., Fadlullah, Z.M., Kato, N., Lu, R., Shen, X.: A lightweight message authentication scheme for smart grid communications. IEEE Trans. Smart Grid 2(4), 675–685 (2011)CrossRefGoogle Scholar
  13. 13.
    Ghena, B., Beyer, W., Hillaker, A., Pevarnek, J., Halderman, J.A.: Green lights forever: analyzing the security of traffic infrastructure. In: Proceedings of the 8th USENIX Workshop on Offensive Technologies (WOOT’14). USENIX Association (2014)Google Scholar
  14. 14.
    Gong, Z., Nikova, S., Law, Y.W.: KLEIN: A new family of lightweight block ciphers. In: Proceedings of the 7th Workshop on RFID Security and Privacy (RFIDSec), Revised selected papers, pp. 1–18 (2011)Google Scholar
  15. 15.
    Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. Nash in security games: an extended investigation of interchangeability, equivalence, and uniqueness. J. Artifi. Intell. Res. 41(2), 297–327 (2011)MathSciNetzbMATHGoogle Scholar
  16. 16.
    Krutz, R.L., Vines, R.D.: The CISSP Prep Guide: Mastering the ten domains of Computer Security. Wiley, New York (2001)Google Scholar
  17. 17.
    Kumar, A., Aggarwal, A.: Lightweight cryptographic primitives for mobile ad hoc networks. In: Proceedings of the 2012 International Conference on Security in Computer Networks and Distributed Systems (SNDS), pp. 240–251 (2012)Google Scholar
  18. 18.
    Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Integrity assurance in resource-bounded systems through stochastic message authentication. In: Proceedings of the 2nd Symposium and Bootcamp on the Science of Security, (HotSoS), pp. 1–12 (2015)Google Scholar
  19. 19.
    Letchford, J., Vorobeychik, Y.: Optimal interdiction of attack plans. In: Proceedings of the 12th International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pp. 199–206 (2013)Google Scholar
  20. 20.
    Maimut, D., Ouafi, K.: Lightweight cryptography for RFID tags. IEEE Secur. Priv. 10(2), 76–79 (2012)CrossRefGoogle Scholar
  21. 21.
    Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. (CSUR) 45(3), 25 (2013)CrossRefzbMATHGoogle Scholar
  22. 22.
    Merkle, R.C.: Secrecy, authentication, and public key systems. Ph.D. thesis, Stanford University, Stanford (1979)Google Scholar
  23. 23.
    Moradi, A., Poschmann, A.: Lightweight cryptography and DPA countermeasures: a survey. In: Proceedings of the 1st International Workshop on Lightweight Cryptography for Resource-Constrained Devices (WLC), pp. 68–79 (2010)Google Scholar
  24. 24.
    Ranasinghe, D.C.: Lightweight cryptography for low cost RFID. In: Networked RFID Systems and Lightweight Cryptography, pp. 311–346. Springer, Berlin (2008)Google Scholar
  25. 25.
    Simmons, G.J.: Game theory model of digital message authentication. Tech rep., Sandia National Labs, Albuquerque (1981)Google Scholar
  26. 26.
    Simmons, G.J.: Authentication theory/coding theory. In: Blakley, G.R., Chaum, D. (eds.) Advances in Cryptology. CRYPTO 1984. Lecture Notes in Computer Science, vol. 196, pp. 411–431. Springer, Berlin, Heidelberg (1985)Google Scholar
  27. 27.
    Sridhar, S., Hahn, A., Govindarasu, M.: Cyber-physical system security for the electric power grid. Proc. IEEE 100(1), 210–224 (2012)CrossRefGoogle Scholar
  28. 28.
    Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)CrossRefzbMATHGoogle Scholar
  29. 29.
    Tsang, P.P., Smith, S.W.: YASIR: A low-latency, high-integrity security retrofit for legacy SCADA systems. In: Proceeding of the IFIP TC 11 23rd International Information Security Conference (IFIP SEC), pp. 445–459. Springer (2008)Google Scholar
  30. 30.
    Wang, D., Wang, P.: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw. 20, 1–15 (2014)CrossRefGoogle Scholar
  31. 31.
    Wang, D., Wang, P.: Two birds with one stone: Two-factor authentication with security beyond conventional bound. In: IEEE Transactions on Dependable and Secure Computing (2016)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.University of CaliforniaBerkeleyUSA
  2. 2.Vanderbilt UniversityNashvilleUSA

Personalised recommendations