Integrity assurance in resource-bounded systems through stochastic message authentication

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI:10.1145/2746194.2746195

Aron Laszka, Yevgeniy Vorobeychik, X. Koutsoukos

{"title":"Integrity assurance in resource-bounded systems through stochastic message authentication","authors":"Aron Laszka, Yevgeniy Vorobeychik, X. Koutsoukos","doi":"10.1145/2746194.2746195","DOIUrl":null,"url":null,"abstract":"Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used towards this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. We propose a formal game-theoretic framework for optimal stochastic message authentication, providing provable integrity guarantees for resource-bounded systems based on an existing MAC scheme. We use our framework to investigate attacker deterrence, as well as optimal design of stochastic message authentication schemes when deterrence is impossible. Finally, we provide experimental results on the computational performance of our framework in practice.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2746194.2746195","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used towards this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. We propose a formal game-theoretic framework for optimal stochastic message authentication, providing provable integrity guarantees for resource-bounded systems based on an existing MAC scheme. We use our framework to investigate attacker deterrence, as well as optimal design of stochastic message authentication schemes when deterrence is impossible. Finally, we provide experimental results on the computational performance of our framework in practice.

查看原文本刊更多论文

随机消息认证在资源有限系统中的完整性保证

确保通信完整性是安全领域的核心问题。然而，与用于此目的的加密原语相关的开销成本为资源有限的系统(如网络物理系统)带来了重大的实际实现挑战。例如，许多控制系统建立在计算有限但具有严格时间约束的遗留组件上。如果完整性保护是一个二元决策，那么在这样的系统中引入完整性保护可能是不可行的;但是，如果没有它，攻击者就可以伪造恶意消息，从而造成重大的物理或经济损失。我们提出了一个形式化的博弈论框架，用于最优随机消息认证，为基于现有MAC方案的资源有限系统提供可证明的完整性保证。我们使用我们的框架来研究攻击者的威慑，以及在无法威慑时随机消息认证方案的优化设计。最后，我们在实践中提供了我们的框架的计算性能的实验结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

自引率

0.00%

发文量