5G and beyond 5G low power wireless networks make Internet of Things (IoT) and Cyber-Physical Systems (CPS) applications capable of serving massive amounts of devices and machines. Due to the broadcast nature of wireless networks, it is crucial to secure the communication between these devices and machines from spoofing and interception attacks. This paper is concerned with the security of carrier frequency offset (CFO) based continuous physical layer authentication. The interaction between an attacker and a defender is modeled as a dynamic discrete leader-follower game with imperfect information. In the considered model, a legitimate user (Alice) communicates with the defender/operator (Bob) and is authorized by her CFO continuously. The attacker (Eve), by listening/eavesdropping the communication between Alice and Bob, tries to learn the CFO characteristics of Alice and aims to inject malicious packets to Bob by impersonating Alice. First, by showing that the optimal attacker strategy is a threshold policy, an optimization problem of the attacker with exponentially growing action space is reduced to a tractable integer optimization problem with a single parameter, then the corresponding defender cost is derived. Extensive simulations illustrate the characteristics of optimal strategies/utilities of the players depending on the actions, and show that the defender's optimal false positive rate causes attack success probabilities to be in the order of 0.99. The results show the importance of the parameters while finding the balance between system security and efficiency.

In this study, Nash and Stackelberg equilibria of single-stage and multi-stage quadratic signaling games between an encoder and a decoder are investigated. In the considered setup, the objective functions of the encoder and the decoder are misaligned, there is a noisy channel between the encoder and the decoder, the encoder has a soft power constraint, and the decoder has also noisy observation of the source to be estimated. We show that there exist only linear encoding and decoding strategies at the Stackelberg equilibrium, and derive the equilibrium strategies and costs. Regarding the Nash equilibrium, we explicitly characterize affine equilibria for the single-stage setup and show that the optimal encoder (resp. decoder) is affine for an affine decoder (resp. encoder) for the multi-stage setup. On the decoder side, between the information coming from the encoder and noisy observation of the source, our results describe what should be the combining ratio of these two channels. Regarding the encoder, we derive the conditions under which it is meaningful to transmit a message.

This paper investigates a moving target defense strategy based on detector threshold switching against stealthy sensor attacks. We model the interactions between the attacker and the defender as a game. While the attacker wants to remain stealthy and maximize its impact, the defender wants to minimize both the cost for investigating false alarms and the attack impact. We define the moving target defense as a mixed strategy Nash equilibrium and are able to formulate an equivalent finite matrix game of the original game. We provide a necessary and sufficient condition for the existence of a moving target defense strategy. A globally optimal moving target defense strategy is obtained via a linear optimization problem by exploiting the structure of the matrix game. Simulations with a four tank system verify that by applying an optimal moving target defense strategy, the defender reduces its cost compared to the optimally chosen fixed detector threshold. 

This study investigates the relationship between resilience of control systems to attacks and the information available to malicious attackers. Specifically, it is shown that control systems are guaranteed to be secure in an asymptotic manner by rendering reactions against potentially harmful actions covert. The behaviors of the attacker and the defender are analyzed through a repeated signaling game with an undisclosed belief under covert reactions. In the typical setting of signaling games, reactions conducted by the defender are supposed to be public information and the measurability enables the attacker to accurately trace transitions of the defender's belief on existence of a malicious attacker. In contrast, the belief in the game considered in this paper is undisclosed and hence common equilibrium concepts can no longer be employed for the analysis. To surmount this difficulty, a novel framework for decision of reasonable strategies of the players in the game is introduced. Based on the presented framework, it is revealed that any reasonable strategy chosen by a rational malicious attacker converges to the benign behavior as long as the reactions performed by the defender are unobservable to the attacker. The result provides an explicit relationship between resilience and information, which indicates the importance of covertness of reactions for designing secure control systems.

This paper considers dynamic (multi-stage) signaling games involving an encoder and a decoder who have subjective models on the cost functions. We consider both Nash (simultaneous-move) and Stackelberg (leader-follower) equilibria of dynamic signaling games under quadratic criteria. For the multi-stage scalar cheap talk, we show that the final stage equilibrium is always quantized and under further conditions the equilibria for all time stages must be quantized. In contrast, the Stackelberg equilibria are always fully revealing. In the multi-stage signaling game where the transmission of a Gauss-Markov source over a memoryless Gaussian channel is considered, affine policies constitute an invariant subspace under best response maps for Nash equilibria; whereas the Stackelberg equilibria always admit linear policies for scalar sources but such policies may be nonlinear for multi-dimensional sources. We obtain an explicit recursion for optimal linear encoding policies for multi-dimensional sources, and derive conditions under which Stackelberg equilibria are informative.

This paper is concerned with the problem of fault-tolerant estimation in cyber-physical systems. In cyber-physical systems, such as critical infrastructures, networked embedded sensors are widely used for monitoring and can be exploited by an adversary to deceive the control center by modifying measured values. The deception is modeled as a bias; i.e., there is a misalignment between the objective functions of the control center and the adversarial sensor. Different from previous studies, a Stackelberg equilibrium of a cheap talk setup is adapted to the attacker-defender game setting for the first time. That is, the defender (control center), as a receiver, is the leader, and the attacker (adversarial sensor), as a transmitter, is the follower. The equilibrium strategies and the associated costs are characterized for uniformly distributed variables and quadratic objective functions, and an analysis on the uniqueness of the equilibrium is provided. It is shown that the attacker and defender costs at the equilibrium are increasing with the bias and decreasing with the number of quantization levels. Our results surprisingly show that, under certain conditions, the attacker prefers a public bias rather than a private one.

Identity theft through phishing and session hijacking attacks has become a major attack vector in recent years, and is expected to become more frequent due to the pervasive use of mobile devices. Continuous authentication based on the characterization of user behavior, both in terms of user interaction patterns and usage patterns, is emerging as an effective solution for mitigating identity theft, and could become an important component of defense-in-depth strategies in cyber-physical systems as well. In this paper, the interaction between an attacker and an operator using continuous authentication is modeled as a stochastic game. In the model, the attacker observes and learns the behavioral patterns of an authorized user whom it aims at impersonating, whereas the operator designs the security measures to detect suspicious behavior and to prevent unauthorized access while minimizing the monitoring expenses. It is shown that the optimal attacker strategy exhibits a threshold structure, and consists of observing the user behavior to collect information at the beginning, and then attacking (rather than observing) after gathering enough data. From the operator’s side, the optimal design of the security measures is provided. Numerical results are used to illustrate the intrinsic trade-off between monitoring cost and security risk, and show that continuous authentication can be effective in minimizing security risk.

Many communication, sensor network, and networked control problems involve agents (decision makers) which have either misaligned objective functions or subjective probabilistic models. In the context of such setups, we consider binary signaling problems in which the decision makers (the transmitter and the receiver) have subjective priors and/or misaligned objective functions. Depending on the commitment nature of the transmitter to his policies, we formulate the binary signaling problem as a Bayesian game under either Nash or Stackelberg equilibrium concepts and establish equilibrium solutions and their properties. We show that there can be informative or non-informative equilibria in the binary signaling game under the Stackelberg and Nash assumptions, and derive the conditions under which an informative equilibrium exists for the Stackelberg and Nash setups. For the corresponding team setup, however, an equilibrium typically always exists and is always informative. Furthermore, we investigate the effects of small perturbations in priors and costs on equilibrium values around the team setup (with identical costs and priors), and show that the Stackelberg equilibrium behavior is not robust to small perturbations whereas the Nash equilibrium is.

We investigate the equilibrium behavior for the decentralized quadratic cheap talk problem in which an encoder and a decoder, viewed as two decision makers, have misaligned objective functions. In prior work, we have shown that the number of bins under any equilibrium has to be at most countable, generalizing a classical result due to Crawford and Sobel who considered sources with density supported on [0, 1]. In this paper, we refine this result in the context of exponential and Gaussian sources. For exponential sources, a relation between the upper bound on the number of bins and the misalignment in the objective functions is derived, the equilibrium costs are compared, and it is shown that there also exist equilibria with infinitely many bins under certain parametric assumptions. For Gaussian sources, it is shown that there exist equilibria with infinitely many bins.