Elsevier

Information Sciences

Volume 250, 20 November 2013, Pages 215-226
Information Sciences

A rational framework for secure communication

https://doi.org/10.1016/j.ins.2013.06.027Get rights and content

Abstract

In this paper, we review the classical secure communication issues, which is always described as a set of interactive rules following a specified sequence, in the perspective of game theory. By introducing rational communication participants, we model the secure communication process in the manner of game theory to capture the interactions of distrusted communication parties. More specifically, we propose a formal framework to provide a precise description of the computation and communication rules in a secure communication game. Each player tends to behave in a way that maximizes their profits in this framework. Following the framework, the fairness of a protocol is presented according to Nash equilibrium of the communication game, as well as the equivalence condition towards a fair protocol. To verify the effectiveness of this framework, we design and implement a series of experiments. The experimental results show that our rational framework is more secure and closer to the practice compared with traditional cryptographic models, which can be a promising analysis solution for future cryptographic protocols.

Introduction

Secure communications can be interpreted as that two entities can communicate with each other without interventions of a third party, i.e., their communications are free of eavesdropping or interception. In order to achieve the intervention-free communication, a conventional way is to adopt various cryptographic protocols in the process of message interactions, such that multiple essential properties of secure communications are able to be guaranteed, including correctness, confidentiality, and authentication. To this end, a cryptographic protocol specifies series of computation and communication rules to regulate actions of the two communication parties, thus ensuring the security of the communication system.

However, the current communication model only partitions the communication parties into two types, either “good” or “bad”. A “good” party faithfully follows the rules of the protocol, whereas a “bad” party always tries to cheat other parties by using any possible manners. Yet, the role of a communication party is not immutable in all rounds of message interactions, which actually depends on the benefits earned by the party, or the “price” the party has to pay during communications. In pursuit of an appropriate “price”, a “good” party may breach the protocol rules, while a “bad” guy may choose to obey protocols rigorously. To depict behaviors of the communication parties in the affects of dynamic benefits, it is necessary to introduce new math techniques to rebuild the model of secure communications.

Game theory, as a prestigious branch of mathematical theory, mainly focuses on the problem of the multi-person decisions, especially for the complicated analysis involved with tangly conflicts and cooperations, which is common in the financial activities. By using game theory, the stakeholders are trying to find the best actions they should adopt regarding their own gains to deal with the complex situations. More specifically, a game consists of a list of alternative actions stakeholders have to choose with different preferences, which correspondingly result in different outcomes or benefits stakeholders may earn. Hence, a game model generally assumes that the players are rational, i.e., self-interested, which further means that the players wish to maximize their payoffs, thus behaving rationally towards the maximum profits.

As mentioned before, a secure communication can be seen as a set of interactive rules of computation and communication following a specified sequence for exchanged messages. To achieve a secure communication on the meaning of correctness, confidentiality and authentication, each player must implement an appropriate action at each round of message exchange. On the perspective of game theory, we can view the secure communication process as an extensive game, called as a secure communication game. In such a game, the players are the adversary and the communication environment (namely, all other protocols running in the communication system). For each player, there may three available actions he can choose at any time, either the player can quit the game, or he can send the message to the other player, or he can receive the message from the other player. The game is played repeatedly in rounds of message transmissions, correspondingly, an action sequence is formed to record actions chosen by the player during the message transmission.

More specifically, in the secure communication game, each player maintains a local state to present all information that the player has obtained after the action sequence. Also, we set a series of player functions to specify state transition rules in the game, which determines players’ actions in the next round. In terms of the profit that the players may gain in the game, it varies along with the roles of players. For the normal communication parties, the profits consists of the utility of the adversary to acquire the secret information, the overhead of their communication and computation, and the utility of the message sender/receiver’s identification authentication. For the adversary of the game, its profits are determined by the overhead of computation and the utility to successfully steal the secret information. The final goal that drives the players to do the action choose is to maximize profits in the communication game.

As a prestigious mathematical tool regarding the strategic decision making, game theory is widely used to study the conflict and cooperation between intelligent rational decision-makers. Thus, many researchers were inspired to introduce game theory, especially the classical concept of rationality, into the analysis of cryptographic protocols to investigate what different insights we may achieve when modeling the secure communication as a game between rational parties. To pave the way between the cryptographic protocols and games, the seminal work can trace back to 1993 [16], in which, Fischer and Wright introduced game theoretic techniques to analyze some multiparty cryptographic protocols in secret exchanges. Later, [14] proposed a solution to determine the existence of a two-person game whose payoffs are comparable to those obtained. Besides, another two important contributions to elaborate cryptographic protocols and games are [19], [10]. [19] proves that every correlated equilibrium of an original infinitely repeated game can be implemented through public communications only, whereas [19] leverages cryptographic primitives to provide correctness and privacy in distributed mechanisms.

Based on the knowledge between cryptography and game theory, researchers started to introduce the rationality, the most critical concept in game theory, into cryptographic primitives to investigate the resulting affections on the analysis of cryptographic protocols. Firstly, Anderson and Moore summarized the problems of the economics of information security in [3]. In cryptography communities, researchers tried to adopted the manner of the rationality into the general security implementations, such as the rational secret sharing [20], [18], [1], [23], [24], [25], [2], the fair cryptographic primitives exchange, and the analysis of cryptographic protocols. In terms of the rational secret sharing, Halpern and Teague [20] characterized the features of the rational secret sharing, in which every party is selfish and wants to make decisions according to their preference and utility. Based on their work, Tian et al. [29] analyzed the distribution and reconstruction of the secret by using game theory, and proposed their mechanisms in response to the potential non-cooperation during the process. As for the rational information exchange, the concept was firstly raised in [9] in the perspective of Nash equilibrium, in which, the authors proved that a fair exchange implies rational exchanges but not the reverse. Moreover, [4] illustrated a formal security model for fair signature exchange in a game by defining fairness in a probabilistic way. Regarding the protocol analysis, [12] initiated the game-theoretical approach to study several cryptographic protocols in a rational view, which allows the representation of protocols and possible misbehaviors of communication parties.

By virtue of game theory in decision making, it is emerging in more and more security analysis as an efficient mathematical tool. The first example is to leverage game theory as a formal tool to validate the proof of the cryptographic protocols regarding the fairness between communication parties [17], [8], or to model specific protocols [22], [28], [11]. In the seminal work of Merkle [26] and Diffie and Hellman [15], the private and authenticated key establishment problem was reduced to establishing a communication in which messages are authenticated. Public key cryptosystems such as RSA [27] further reduce to the establishment of an authenticated public key. Bellovin and Merritt [6], [7] first proposed the password-based authenticated key agreement, whose security was proven by Bellare et al. [5] in the random oracle model. Another protocol, provably secure in the standard model, was proposed by Katz et al. [21]. Vaudenay [31] proposed a way to establish peer-to-peer authenticated communications over an insecure channel by using an extra channel which can authenticate very short strings. This approach offers an alternative to public key infrastructures. Tian et al. [30] proposed group communication model within the universally composable framework. Zhao and Gu [32] proposed a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible. Domingo-Ferrer and Gonzalez-Nicolas [13] analyzed single-hop P2P profile obfuscation systems using game theory.

We can summarize that, most current researches mainly employ the game theory approach in the secret sharing scheme and the secure multiparty computation protocols, but overlook behaviors of rational parties in a secure communication, which is actually the fundamental issue to model a cryptographic protocol. In the following sections, we will details how to introduce the rationality concept of game theory into a secure communication system, to investigate the potential affects of game theory in the analysis and design of traditional secure communication schemes.

In this paper, we aim to study the secure communication in the game theory viewpoint. More specifically, we propose a brand new model by using the game theory method to describe a secure communication between several rational parties. In this model, a communication scenario is seen as a communication game, in which every rational communication party makes its own decision based on a utility function to make sure a maximum benefit. Our model is prone to provide a precise description of the computation and communication rules specified in a secure communication system. The detailed contributions are listed as follows:

  • 1.

    We study the rational secure communication in an extensive game model and propose the first rational framework, which is Nash equilibrium of the game. Different from protocols mentioned in [9], which is only a single protocol game running in isolation, multiple communication protocols are able to run concurrently within the framework.

  • 2.

    Based on the extensive game, we propose a rational model of the secure communication, including the player set, the information set, available actions, the action sequence, player functions, and utility functions. Also, we formally define the rational secure communication in terms of the Nash equilibrium of an extensive game.

  • 3.

    In the established rational framework, we then study the fairness issue between multiple communication participants of a protocol. According to this framework, we present the (α, β, )-approximation fairness. It entails that, the adversary Eve can get the secret message with the negligible probability , the sender Alice ensures that the receiver Bob may receive the secret message with probability β, and the receiver Bob ensures that the sender Alice may send the secret message with probability α.

  • 4.

    To verify the effectiveness of the framework in modelling the secure communication, we design a series of experiments to evaluate the corresponding network performance. The experimental results provide an economic explanation for existing secure communication models, and demonstrate the feasibility and salient advantages of the rational framework.

The rest of this paper is organized as follows. Section 2 briefly introduces the notations and definitions of an extensive game. Then, we models the communication game in Section 3. A formal framework of secure communications is presented in Section 4. Our experimental setup and results are described in Section 5. Finally, we conclude this paper in Section 6.

Section snippets

Preliminaries

In this section, we introduce some basic definitions that we will be used later.

Modeling communication game

A secure two-party or multiparty protocol could be seen as some sets of computation and communication rules among these parties. During the communication, they must follow these rules all the time to achieve some communication purpose, like privacy. Any violation of the rules will compromise the communication. For the sake of an intuitive understanding, we here consider a simple communication game, in which, Alice sends a message m to Bob in a secure manner. The communication system is shown in

Formal definition of secure communication

In this section, we intend to adopt the game tree to describe and analyze a communication game example, thereby derive the formal definition of communication games.

Experiments

To verify the effectiveness of this framework, we then design a series of experiments to implement a rational secure communication game with encryption, signature and signcryption schemes.

For simplicity, we denote an encryption scheme by a triple (G, E, D) of probabilistic polynomial-time algorithms(Here is different from the notion of encryption in Section 3, but it is not essential.) satisfying two conditions:

  • (1)

    On input 1k, where k is the secure parameter, algorithm G outputs a pair of bit

Conclusion

In this paper, we studied the secure communication in the perspective of game theory by introducing rational communication participants. We modeled the secure communication as an extensive game and proposed a formal framework to describe the extensive game. In this framework, we discussed the properties of utility functions, presented a critical concept of approximation fairness, as well as the equivalence condition towards fair protocols. To verify the framework, we designed and implemented a

Acknowledgements

We would like to thank the anonymous reviewers for their valuable suggestions. This work is supported by Program for Changjiang Scholars and Innovative Research Team in University under Grant No. IRT1078; the Major national S&T program of China under Grant No. 2011ZX03005-002; The National Natural Science Foundation of China under Grant Nos. 61170280, 61272398, and 61262073; China Postdoctoral Science Foundation under Grant No. 2013M530705; The Natural Science Foundation of Guizhou of China

References (32)

  • P. Caballero-Gil et al.

    A rational approach to cryptographic protocols

    Mathematical and Computer Modelling

    (2007)
  • J. Domingo-Ferrer et al.

    Rational behavior in peer-to-peer profile obfuscation for anonymous keyword search

    Information Sciences

    (2012)
  • J. Zhao et al.

    Provably secure three-party password-based authenticated key exchange protocol

    Information Sciences

    (2012)
  • I. Abraham et al.

    Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation

  • G. Asharov, Y. Lindell, Utility dependence in correct and fair rational secret sharing, in: S. Halevi, (Ed.),...
  • R. Anderson et al.

    The economics of information security: a survey and open questions

    Science

    (2006)
  • N. Asokan et al.

    Optimistic fair exchange of digital signatures

    IEEE Journal on Selected Areas in Communications

    (2000)
  • M. Bellare et al.

    Authenticated key exchange secure against dictionary attacks

  • S.M. Bellovin et al.

    Encrypted key exchange: password-based protocols secure against dictionary attacks

  • S.M. Bellovin et al.

    Augmented encrypted key exchange

  • L. Buttyan, J. Hubaux, Toward a Formal Model of Fair Exchange – A Game Theoretic Approach, Technical Report EPFL...
  • L. Buttyan, J. Hubaux, Rational exchange – a formal model based on game theory, in: 2nd International Workshop on...
  • F. Brandt, T. Sandholm, Correctness and privacy in distributed mechanisms, in: Proceedings of the Agent-Mediated...
  • R. Chadha et al.

    Contract signing, optimism and advantage

  • Y. Dodis et al.

    A cryptographic solution to a game theoretic problem

  • W. Diffie et al.

    New directions in cryptography

    IEEE Transactions on Information Theory

    (1976)
  • Cited by (0)

    View full text