Jean Leneutre

A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks

Due to the dynamic, distributed, and heterogeneous nature of todays networks, intrusion detection systems (IDSs) have become a necessary addition to the security infrastructure and are widely deployed as a complementary line of defense to classical security approaches. In this paper, we address the intrusion detection problem in heterogeneous networks consisting of nodes with different noncorrelated security assets. In our study, two crucial questions are: What are the expected behaviors of rational attackers? What is the optimal strategy of the defenders (IDSs)? We answer the questions by formulating the network intrusion detection as a noncooperative game and performing an in-depth analysis on the Nash equilibrium and the engineering implications behind. Based on our game theoretical analysis, we derive the expected behaviors of rational attackers, the minimum monitor resource requirement, and the optimal strategy of the defenders. We then provide guidelines for IDS design and deployment. We also show how our game theoretical framework can be applied to configure the intrusion detection strategies in realistic scenarios via a case study. Finally, we evaluate the proposed game theoretical framework via simulations. The simulation results show both the correctness of the analytical results and the effectiveness of the proposed guidelines.

Conflicts and Incentives in Wireless Cooperative Relaying: A Distributed Market Pricing Framework

Extensive research in recent years has shown the benefits of cooperative relaying in wireless networks, where nodes overhear and cooperatively forward packets transmitted between their neighbors. Most existing studies focus on physical-layer optimization of the effective channel capacity for a given transmitter-receiver link; however, the interaction among simultaneous flows between different endpoint pairs, and the conflicts arising from their competition for a shared pool of relay nodes, are not yet well understood. In this paper, we study a distributed pricing framework, where sources pay relay nodes to forward their packets, and the payment is shared equally whenever a packet is successfully relayed by several nodes at once. We formulate this scenario as a Stackelberg (leader-follower) game, in which sources set the payment rates they offer, and relay nodes respond by choosing the flows to cooperate with. We provide a systematic analysis of the fundamental structural properties of this generic model. We show that multiple follower equilibria exist in general due to the nonconcave nature of their game, yet only one equilibrium possesses certain continuity properties that further lead to a unique system equilibrium among the leaders. We further demonstrate that the resulting equilibria are reasonably efficient in several typical scenarios.

Fight jamming with jamming - A game theoretic analysis of jamming attack in wireless networks and defense strategy

In wireless networks, jamming is an easily mountable attack with detrimental effects on the victim network. Existing defense strategies mainly consist of retreating from the jammer or rerouting traffic around the jammed area. In this paper, we tackle the problem from a different angle. Motivated by the high energy-consuming nature of jamming, we propose our defense strategy to defeat the jammer by draining its energy as fast as possible. To gain an in-depth insight on jamming and to evaluate the proposed defense strategy, we model the interaction between the jammer and the victim network as a non-cooperative game which is proven to admit two equilibria. We demonstrate analytically that the proposed defense strategy can eliminate the undesirable equilibrium from the networks perspective and increase the jammers energy consumption at the remaining equilibrium without degrading the performance of the victim network. We also investigate the game dynamics by developing the update mechanism for the players to adjust their strategies based on only observable channel information. Numerical study is then conducted to evaluate the performance of the proposed strategy. Results demonstrate its effectiveness in defeating jamming, especially when the jammer is aggressive.

A Policy Management Framework for Self-Protection of Pervasive Systems

Although highly promising to meet the challenges of pervasive network security, self-managed protection has been little addressed in this setting. This paper adopts a policy-based management approach to the problem, and presents a policy-driven security framework called ASPF. Enforced authorization policies in a device are adapted according to the security context, both at the network and device levels. ASPF describes how an autonomic security manager may control OS-level authorization mechanisms supporting multiple classes of policies. Evaluationof an ASPF implementation shows that the design is applicable for effective and yet flexible self-protection of pervasive systems.

Virtual Security Kernel: A Component-Based OS Architecture for Self-Protection

This paper presents VSK, a lightweight adaptable OS authorization architecture suitable for self-protection of pervasive devices. A virtual management plane, separate from execution resources, is defined for full run-time control by applications of their execution environment. This plane also performs non-invasive and yet effective authorization thanks to optimized access request checking. The VSK component-based architecture provides flexibility both in the execution plane (for resource customization) and in the management plane (for run-time reconfiguration of authorization policies). Policy neutrality is achieved by adopting the attribute-based paradigm for access control enforcement. Evaluation results show that despite such flexibility, the overhead of this kernel architecture remains low.

A Game-Theoretical Model for Security Risk Management of Interdependent ICT and Electrical Infrastructures

The communication infrastructure is a key element for management and control of the power system in the smart grid. The communication infrastructure, which can include equipment using off-the-shelf vulnerable operating systems, has the potential to increase the attack surface of the power system. The interdependency between the communication and the power system renders the management of the overall security risk a challenging task. In this paper, we address this issue by presenting a mathematical model for identifying and hardening the most critical communication equipment used in the power system. Using non-cooperative game theory, we model interactions between an attacker and a defender. We derive the minimum defense resources required and the optimal strategy of the defender that minimizes the risk on the power system. Finally, we evaluate the correctness and the efficiency of our model via a case study.

Formal Analysis of Secure Device Pairing Protocols

The need to secure communications between personal devices is increasing nowadays, especially in the context of Internet of Things. Authentication between devices which have no prior common knowledge is a challenging problem. One solution consists in using a pre-authenticated auxiliary channel, human assisted or location limited, usually called out-of-band channel. A large number of device pairing protocols using an out-of-band channel were proposed, but they usually suffer from a lack of formal analysis. In this paper, we introduce a formal model, conceived as an extension of Strand Spaces, to analyze such protocols. We use it to analyze a device pairing protocol with unilateral out-of-band channel proposed by Wong & Stajano. This leads us to discover some vulnerabilities in this protocol. We propose a modified version of the protocol together with a correctness proof in our model.

Security Solutions in Mobile Autonomic Networks

Most of ad-hoc network features encourage self- management. This paper introduces security solutions for ad-hoc networks, taking into consideration their need for an autonomic nature. After defining autonomic networks, we present the MAutoNet (mobile autonomic network) which is our specific type of ad-hoc networks. Our general objective is to build an autonomic security system for MAutoNets. We introduce here a security-based network structure, according to which such system can control a MAutoNet. We then elaborate a relevant access control model that we call SRBAC (secure-relation-based access control). It is a variant of RBAC enhanced with trust management, which is required in autonomic communications.

A DSL for specifying autonomic security management strategies

Existing self-protection frameworks so far hardly addressed the specification of autonomic security adaptation strategies which guide risk-aware selection or reconfiguration of security mechanisms. Domain-Specific Languages (DSL) present many benefits to achieve this goal in terms of simplicity, automated strategy verification, and run-time integration. This paper presents a DSL to describe security adaptation policies. The DSL is based on the condition-action approach and on a taxonomy of threats and applicable reactions. The DSL also allows to capture trade-offs between security and other concerns such as energy efficiency during the decision making phase. A translation mechanism to refine the DSL into a run-time representation, and integrate adaptation policies within legacy self-protection frameworks is also presented.

Data Integrity and Availability Verification Game in Untrusted Cloud Storage

The recent trends towards outsourcing data to the Cloud as well as various concerns regarding data integrity and availability created an increasing interest in enabling secure Cloud data-centers. Many schemes addressing data integrity issues and complying with various requirements came to place: high scheme efficiency, stateless verification, unbounded use of queries and retrievability of data. Yet, a critical question remains: how to use these schemes efficiently, i.e. how often should data be verified. Constantly checking is a clear waste of resources but only checking at times increases risks. This paper attempts to resolve this thorny issue by formulating the data integrity check problem as a non-cooperative game and by performing an in-depth analysis on the Nash Equilibrium and the engineering implications behind. Based on our game theoretical analysis, the course of action was to anticipate the Cloud provider’s behavior; we then derive the minimum verification resource requirement, and the optimal strategy of the verifier. Finally, our game theoretical model is validated by showing correctness of the analytical results via simulation on a case study.