Accueil Publications Articles de revues

Ziad Ismaïl, Christophe Kiennert, Jean Leneutre, Lin Chen

Transactions on Information Forensics and Security (IEEE). Pages: 1685-1699, Volume: 11, Issue: 8, , Aug. 2016.
DOI:10.1109/TIFS.2016.2549002

Abstract: The new developments in cloud computing have introduced significant security challenges to guarantee the confidentiality, integrity, and availability of outsourced data. A service level agreement (SLA) is usually signed between the cloud provider (CP) and the customer. For redundancy purposes, it is important to verify the CP’s compliance with data backup requirements in the SLA. There exist a number of security mechanisms to check the integrity and availability of outsourced data. This task can be performed by the customer or be delegated to an independent entity that we will refer to as the verifier. However, checking the availability of data introduces extra costs, which can discourage the customer of performing data verification too often. The interaction between the verifier and the CP can be captured using game theory in order to find an optimal data verification strategy. In this paper, we formulate this problem as a two player non-cooperative game. We consider the case in which each type of data is replicated a number of times, which can depend on a set of parameters including, among others, its size and sensitivity. We analyze the strategies of the CP and the verifier at the Nash equilibrium and derive the expected behavior of both the players. Finally, we validate our model numerically on a case study and explain how we evaluate the parameters in the model.

Ziad Ismaïl, Jean Leneutre, David Bateman, Lin Chen

Journal on Selected Areas in Communications (IEEE). Pages: 1486-1499, Volume: 32, Issue: 7, Jul. 2014.
DOI:10.1109/JSAC.2014.2332095

Abstract: The widespread deployment of smart meters in the advanced metering infrastructure (AMI) raises privacy concerns. Analyzing the data collected from smart meters can expose habits and can be potentially used to predict consumers’ behaviors. In this paper, we analyze the confidentiality of information in the AMI consisting of nodes with interdependent correlated security assets. On each node, the defender can choose one of several security modes available. We try to answer the following questions: 1) What is the expected behavior of a rational attacker?; 2) What is the optimal strategy of the defender?; and 3) Can we configure the security modes on each node to discourage the attacker from launching any attacks? In this paper, we formulate the problem as a noncooperative game and analyze the behavior of the attacker and the defender at the Nash equilibrium. The attacker chooses his targets in order to collect the maximum amount of data on consumers, and the defender chooses the encryption level of outbound data on each device in the AMI. Using our model, we derive the minimum defense resources required and the optimal strategy of the defender. Finally, we show how our framework can be applied in a real-world scenario via a case study.