An Attack-Defense Game Theoretic Analysis of Multi-Band Wireless Covert Timing Networks

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. An Attack-Defense Game Theoretc Analyss of Mult-Band Wreless Covert Tmng Networks S. Anand Department of ECE Stevens Insttute of Technology Hoboken, NJ 07030 Emal: asanthan@stevens.edu S. Sengupta Department of Mathematcs & Computer Scence John Jay College, Cty Unversty of New York New York, NY 10019 Emal: ssengupta@ay.cuny.edu R. Chandramoul Department of ECE Stevens Insttute of Technology Hoboken, NJ 07030 Emal: moul@stevens.edu Abstract We dscuss malcous nterference based denal of servce (DoS attacks n mult-band covert tmng networks usng an adversaral game theoretc approach. A covert tmng network operatng on a set of multple spectrum bands s consdered. Each band has an assocated utlty whch represents the crtcal nature of the covert data transmtted n the band. A malcous attacker wshes to cause a DoS attack by sensng and creatng malcous nterference on some or all of the bands. The covert tmng network deploys camouflagng resources to approprately defend the spectrum bands. A two ter game theoretc approach s proposed to model ths scenaro. The frst ter of the game s the sensng game n whch, the covert tmng network determnes the amount of camouflagng resources to be deployed n each band and the malcous attacker determnes the optmal sensng resources to be deployed n each band. In the second ter of the game, the malcous attacker determnes the optmal transmt powers on each spectral band t chooses to attack. We prove the exstence of Nash equlbrums for the games. We compare the performance of our proposed game theoretc mechansm wth that of other well known heurstc mechansms and demonstrate the effectveness of the proposed approach. Index Terms Tactcal covert network, attack, defense, adversaral game, prcng, Nash equlbrum. I. INTRODUCTION Covert channels [1 refer to transfer of nformaton n a stealthy manner by hdng the communcaton as an underlay to another applcaton lke voce over nternet protocol (VoIP, fle transfer protocol (FTP, hyper-text transfer protocol (HTTP, etc. The stealth n data transfer can be acheved by deployng covert storage channels [2, [3 where the transmtter modfes certan bts n the headers of packets or modfes certan data n some memory locatons to convey nformaton to the recever. Another means of covert data transfer s the tmng channel [4-[8 (and the references theren, n whch a transmtter transmts covert nformaton by modfyng the nter-packet delays of the overlay applcaton. As an example, transmtters could delay overlay packets by an amount of tme, t 1 to transmt a covert one bt and a tme amount, t 0, to transmt a covert zero bt. Dependng on the overlay applcaton, the performance of the covert tmng channel can be enhanced. Capacty analyss of covert tmng channels s presented n [4, where bounds are provded for the achevable capacty. Ths was extended by Wang and Lee [5 to nclude the synchronzaton overheads. Transfer of covert nformaton usng arrval tmes n queues s presented n [6. In [7, Wagner and Anantharam consder the exponental servce tmng channel (ESTC and compute the zero relablty rate and propose a dstance metrc to acheve bounds on the probablty of error. Addtonal references on covert tmng channels can be found n [8. A maor threat aganst wreless mult-band covert tmng networks s the ammng based denal of servce (DoS attack. In order to effect such a DoS attack, a malcous attacker acts n two steps. In the frst step, called the sensng step, the attacker senses each band to detect anomales n the tme delays between packets. Upon successful detecton of anomales correspondng to covert communcaton n a spectrum band, the attacker ams the band n the second step called the ammng step. The transmtter and the recever of the covert tmng channel can then swtch the frequency of operaton. The recent developments n cogntve rado enabled dynamc spectrum access (DSA networks [9 enables the mplementaton of such a system. The effectveness can further be enhanced when, n addton to the flexblty provded by DSA, the other nodes n the covert tmng network camouflage the covert tmng communcaton by conductng auxlary communcatons. In order to llustrate ths, we present the results of experments conducted by mplementng a cogntve rado prototype based on a software abstracton layer over off-the-shelf IEEE 802.11 a/b/g supported by Atheros hardware chp sets. The detals of the test bed mplementaton can be found n [8. To llustrate the dfference between normal data traffc and covert tmng data traffc, we conducted two experments: ( standard FTP communcaton wthout any underlay covert tmng data and ( FTP wth underlay covert tmng traffc. Fg. 1 presents the packet count dstrbuton at varous nter-arrval tme ntervals for a sngle-transmtter-sngle-recever system n the absence of underlay tmng channel. It s observed that the packet count resembles a Gaussan dstrbuton. We then ntroduce the underlay covert tmng communcaton n the testbed and snff the nter-arrval tmng of the packets n the network. In order to effect covert tmng communcaton, packets are transmtted wth two dstnct nter-packet delays. Fg. 2 presents the packet count dstrbuton n the presence of underlay covert tmng communcaton. Two dstnct Gaussan- 978-1-4244-5837-0/10/$26.00 2010 IEEE

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. lke dstrbutons are observed. Thus, t s nferred that sensng the nter-arrval tme of the packets n the network can reveal the exstence of a covert tmng channel n the network. Packet count n the network 600 500 400 300 200 100 0 0 20 40 60 80 100 120 Inter arrval tme of the packets (ms. Fg. 1. Packet count dstrbuton for dfferent nter-packet tme delays n a sngle-transmtter-sngle-recever system wth no underlay covert tmng traffc. Packet count n the network 700 600 500 400 300 200 100 0 0 20 40 60 80 100 120 140 Inter arrval tme of the packets (ms. Fg. 2. Packet count dstrbuton for dfferent nter-packet tme delays n a sngle-transmtter-sngle-recever system wth underlay covert tmng traffc. We then deploy multple transmtters and recevers communcatng n separate spectrum bands (e.g., for the llustraton consdered here, we use 2.462 GHz and 5.28 GHz bands. One of the transmt-receve pars share a covert tmng channel and the other communcatons are auxlary communcatons to camouflage the tmng channel. Fg. 3 presents the dstrbuton of the packet count when 5 camouflagng auxlary communcatons are deployed. It s observed that the dstrbuton s smlar to the case when no underlay covert tmng channel s present. Thus, t s dffcult for the attacker to detect the presence of tmng anomales when the covert tmng channel s camouflaged by auxlary communcatons. Sarkar et al [10 presented an nformaton concealng game to model ammng n mult-band networks, when the attacker has more nformaton about the spectrum bands than the Observed Packet count by the attacker 10 9 8 7 6 5 4 3 2 1 0 0 20 40 60 80 100 120 140 Inter arrval tme of the packets (ms. Fg. 3. Packet count dstrbuton for dfferent nter-packet tme delays as observed by an attacker n a sensng wndow of 1 second n the presence of 5 auxlary communcatons. defendng nodes. The defendng nodes dd not have a means of preventng the attacker from learnng about the network. In mult-band covert tmng networks consdered here, the tactcal covert network and the attacker have the same nformaton about the spectrum bands. Moreover, the covert tmng network can deploy camouflagng resources to prevent the covert communcaton from beng detected by the attacker. In [8, we studed the DoS n DSA based mult-band covert tmng networks wth a sngle pont of attack. The attacker senses the spectrum bands and the covert tmng network deploys camouflagng resources n the form of auxlary communcatons n the dfferent spectrum bands. After sensng the spectrum bands, the attacker attacks at most one of the spectrum bands by transmttng spurous sgnals. Ths attack-defense scenaro was modeled as a two-ter game namely sensng and ammng game. In ths paper, we present the more generalzed mult-pont attack scenaro. We extend our model n [8 to study the problem n whch an attacker can am multple spectrum bands n the system. We determne the Nash equlbrums of the sensng and ammng games. In the sensng game, the Nash equlbrum s the optmal allocaton of the attacker s sensng resources and the covert tmng network s camouflagng resources n each spectrum band. In the ammng game the Nash equlbrum s the optmal transmt power used by the attacker on each spectrum band and the optmal probablty of attackng each spectrum band. We compare the performance of the proposed game theoretc approach wth that of other well known heurstcs to demonstrate the effectveness of the proposed mechansm. Whle the analyss presented n ths paper s vald for any system usng multple spectrum bands, t s partcularly applcable to DSA networks. Ths s because n most networks usng multple spectrum bands, there are network specfc polces and polcng mechansms that prevent the knd of attacks dscussed n ths paper. However, the flexblty provded by DSA (n admttng users from dfferent heterogeneous

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. networks nherently prevents the use of network specfc polces and hence makes DoS attacks as those dscussed n ths paper, easer to effect. The rest of the paper s organzed as follows. The system model s presented n Secton II. We descrbe the game theoretc model and the related analyss n Secton III. The numercal results are presented n Secton IV. Conclusons are drawn n Secton V. II. SYSTEM MODEL Consder a covert tmng workng on a set of N bands, specfed by N ={1, 2,,N}. A malcous agent or an attacker senses some or all of the N spectrum bands and decdes to attack a subset A of sze Ŝ S N bands, specfed by A ={ 1, 2,,Ŝ} N. S refers to the maxmum number of bands that the attacker can attack. Each spectrum band has a utlty assocated wth t, whch ndcates the crtcal nature of the covert tmng communcaton n the band. The network deploys camouflagng resources n some or all of the spectrum bands to protect the underlay covert tmng communcaton n the band. The camouflagng resources could be the amount of tme the covert tmng network uses auxlary communcatons n a frame. Alternatvely, the camouflagng resources could also be the number of auxlary communcatons assstng the covert communcaton. Thus, the network can deploy only a fnte amount of camouflagng resources. The attacker frst senses a subset of the N spectrum bands n order to detect the presence of nformaton. In order to sense the spectrum band, the attacker deploys sensng resources. The sensng resources could be the number of tme slots the attacker would spend sensng each spectrum band n a frame and hence, the total sensng resources avalable to the attacker s fnte. Upon sensng the bands, the attacker determnes the subset A of bands whch t shall attack. The attacker also determnes the optmal power t needs to spend on each band n A n order to successfully launch an attack. We model the above scenaro as a two-ter game. In the frst ter of the game (called the sensng game, the obectve s to determne the sensng resource the attacker deploys n each spectrum band and the camouflagng/protectve resource the covert tmng network deploys on each band. Ths s done by modelng the sensng game as a zero sum game played by the covert tmng network and the attacker. In the second ter of the game (called the ammng game, the obectve s to determne the optmal transmt powers the attacker uses on each spectrum band t decdes to attack. It s also essental to determne the optmal probabltes wth whch the attacker chooses to attack each spectrum band. In order to determne the optmal transmt powers and attack probabltes on each band, the ammng game s modeled as a non-zero sum game where the attacker acts as vrtual players (one correspondng to each spectrum band n the set A. The sensng and ammng stages are decoupled n the analyss. Ths s because, wreless devces operate n halfduplex mode,.e., at any nstant of tme, wreless devces can act as transmtters or recevers but cannot transmt as well as receve at the same tme. Therefore, the malcous attacker, whch s a wreless node, can act as a recever to perform the sensng or act as a transmtter to effect ammng on a spectrum band. Thus, n practce, t would not be possble to couple the sensng and the ammng stages. However, t s of nterest to provde a two-ter game framework to model the nter-play between the two stages. We make the followng assumptons to carry out the game theoretc analyss. The network deploys camouflagng resource M n the th spectrum band, 1 N. The total camouflagng resources avalable to the network s M. The attacker deploys sensng resource s on spectrum band,. The total sensng resources that can be deployed by the attacker s s III. GAME THEORETIC ANALYSIS The covert tmng network deploys camouflagng resource, M, n band and the attacker deploys sensng resource, s, n band. After successful sensng, the attacker attacks band wth probablty, π and power, P. We descrbe the sensng game n Secton III-A and the ammng game n Secton III-B. A. Sensng Game The th spectrum band has an assocated utlty, U, whch denotes the crtcal nature of the covert tmng data transmtted n the th band. As an example, f there s covert communcaton on band, then U can be wrtten as [4 ( ( H(q 0 H(q 1 q U = f ln 1+2 1 +q 0 1 + (1 q 0H(q 1 q 1 H(q 0, (1 q 1 + q 0 1 where H(x s the entropy of the output of a bnary symmetrc channel (BSC wth bt error rate (BER, x, f(α s an ncreasng, concave functon of α, q 0 s the probablty that the th transmtted bt s receved as a one when a zero s transmtted and q 1 s the probablty that the th transmtted bt s receved as a zero when a one s transmtted. The probablty of successful detecton of the covert communcaton n band depends on the sensng resource, s, deployed by the attacker and the camouflagng resource, M, deployed by the covert tmng network. In order to model the nter-play between s, M and p, we use the dose-responsemmunty model [11 whch s explaned as follows. Let the ablty of a drug to destroy a dsease be X 1 and let X 2 denote the mmunty parameter of the subect to the drug. Let the event Y =0denote the survval of a subect when a drug s used on the subect and let the event Y =1denote the death. Let X = [ X 1 X 2 T.Letβ = [ β1 β 2 T be the vector of regresson parameters. The negatve sgn for β 2 ndcates that the dose and the mmunty act aganst each other. If Pr{Y =1} = p =1 Pr{Y =0}, then, accordng

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. to the dose-response-mmunty model, p logt(p =ln = β T X. (2 1 p In the sensng game, the sensng resources are analogous to the dose of the drug and the camouflagng resources are analogous to the mmunty. The event Y = 1 (death of the subect n the dose-response-mmunty model models the successful detecton of covert communcaton and Y = 0 (. e., survval of the subect models the falure of the attacker to detect the covert communcaton n the band. Then, X = [ ln(s ln(m T. Hence, from the dose-responsemmunty model the probablty of successfully detectng the communcaton n band, p, can be obtaned from (2 as p =. (3 The probablty p should satsfy the followng propertes 1 When the attacker deploys no sensng resources n a spectrum band, t wll be unable to detect the covert communcaton n the band. Thus, s =0should result n p =0. 2 When the covert tmng network deploys no camouflagng resources n a band, the attacker wll be able to detect the presence of covert communcaton wth probablty 1. Thus M =0should result n p =1. The expresson for p n (3 satsfes the propertes mentoned above. As an example, let the attacker perform the sensng accordng to a Posson process, X 1, of rate, s, n the spectrum band. Smlarly, let the network deploy auxlary communnncatons at a tme X 2, whch s exponentally dstrbuted wth rate M. The attacker detects the covert communcaton successfully f the covert network deploys camouflagng resources after the attacker begns to sense. Thus, the sensng resource and camouflagng resources used n a band are the rate at whch the attacker senses the band and that at whch the network defends the band, respectvely. Then the probablty that the attacker successfully detects the covert communcaton n band, p,sp =Pr{X 1 <X 2 } = s s +M, whch can be obtaned from (3 when β 1 = β 2 =1. In general, the values β 1 and β 2 n (3 denote the attacker s anomaly detecton capablty and the covert tmng network s camouflagng capablty, respectvely. If the attacker uses more accurate detectng mechansms, t results n a larger β 1. Smlarly, a covert tmng network wth better strateges for auxlary communcatons represents a hgher value of β 2. The scenaro β 1 > β 2 represents a relatvely less effectve camouflagng capablty of the covert tmng network compared to the accuracy of the attacker n detectng the tmng anomales. β 1 = β 2 represents equal ablty for the attacker and the camouflagng network. The net utlty obtaned by the attacker by sensng band, whch s also the net mpact experenced by the covert tmng network f the attacker attacks band, E, can be wrtten as E = U p = U. (4 The expected mpact on the covert tmng network can then be wrtten as E = E = U. (5 A A The [ strategy for the covert tmng network s the vector, M = T M1 M 2 M 3 M N and that for the attacker s the vector, s = [ T s 1 s 2 s 3 s N. Note that the values of s are zero for / A. The optmal strategy of the attacker s the vector s that solves the optmzaton problem U, (6 max s,a N A subect to the constrants s s. (7 N The utlty for the covert tmng network s the negatve of that of the attacker because the covert tmng network loses n the form of mpact, whatever the attacker gans as utlty by ammng band. Thus, the optmal strategy for the covert tmng network can be determned by solvng the optmzaton problem max U, (8 mn M s,a N A subect to the constrants, M M. (9 Lemma 3.1: The attacker obtans maxmum utlty only when t uses all the sensng resources,. e., constrant (7 s met wth equalty. Proof: Consder a strategy s = [ s 1 s 2 s 3 s N, where for any chosen subset A Nof sze S, s = A s < s. Letφ = s s. Note that φ>0. Let the utlty obtaned by the attacker under strategy s be Ũ. Consder the strategy ŝ = [ ŝ 1 ŝ 2 ŝ 3 ŝ N, where, for any subset A N of sze S, ŝ = s + φ S, A. Note that A ŝ = s and ŝ > s, and hence, ( U A ŝ β1 ŝ β1 > ( U A Thus, s s a sub-optmal strategy..

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. Theorem 3.1: If  N such that Â, E > k A U k 1, A = N\Â, A S, then the attacker s optmal strategy s s k =0, k A. [ Proof: Let the attacker deploy a strategy s = T s1 s 2 s 3 s N where sk > 0, k A. Let s = k A s k. The utlty obtaned by the attacker under ths strategy s Ũ =   Ẽ + k A Ẽ k Ẽ + k A U k. (10 Consder the strategy, ŝ = [ T ŝ 1 ŝ 2 ŝ 3 ŝ N where ŝ k =0 k A for some Â, ŝ = s + s and Â,, ŝ = s. Thus the attacker deploys all ts sensng resources and hence, obeys Lemma 3.1. Let the mpact on band accordng to ths strategy be Ê. Note that Ê = Ẽ, Â, and Ê > Ẽ. The utlty obtaned by the attacker for ths strategy s Û = Â Ê + E >  Ẽ + k A U k (11 > Ũ. In the above, the second step follows from the hypothess whle the thrd follows from (10. Thus s s a sub-optmal strategy for the attacker. A Each spectrum band n  specfed n Theorem 3.1 represents a spectrum band whose mpact s much larger than the sum of the utltes of another set of bands. Thus, the set of bands n  denote a set of bands wth hghly crtcal covert communcaton. These bands thus form the crtcal bands of the covert tmng network. Theorem 3.1 then sgnfes the fact that the attacker perceves more benefts by deployng all ts sensng resources on crtcal spectrum bands nstead of dstrbutng them over all the bands. Followng the argument provded n the proof of Lemma 3.1, the followng lemma can be obtaned. Lemma 3.2: The covert tmng network perceves mnmum mpact only when t deploys all ts camouflagng resources,. e., constrant (9 s met wth equalty. [ Proof: Consder a strategy M = M 1 M2 M3 M N, where for any chosen subset M = M <s.letχ = M M. Note that χ>0. Let the utlty obtaned by the attacker under strategy M be Ũ. Consder the strategy ˆM = [ ˆM1 ˆM2 ˆM3 ˆM N, where, ˆM = M + χ N. Note that ˆM = M and ˆM > M, and hence, max U < max U s β2. + ˆM s β2 + M A 1 It s noted that t s possble that the set A s empty. In ths case, s > 0,. Thus, M s a sub-optmal strategy for the network. Theorem 3.2: Let  and A be as defned n Theorem 3.1. Then, the optmal strategy for the covert tmng network results n M k =0 k A. Proof: : The proof follows by applyng Lemma 3.2 and s dentcal to the proof of Lemma 1 n [8. Theorem 3.2 mples that the network must also deploy camouflagng resources only on the crtcal spectrum bands. After dentfyng the set of bands that need to be camouflaged by the covert tmng network and sensed by the attacker, t s essental to determne the optmal allocaton of the sensng and camouflagng resources among the bands n the set Â. Theorem 3.3 below provdes the relaton between the sensng and ammng resource deployed n each band n Â. Theorem 3.3: The equlbrum for the zero-sum sensng game occurs when s M = s M, Â. Proof: Let the equlbrum strateges be s =[s  and M =[M  for the attacker and the network, respectvely. Thus s s a soluton to the optmzaton problem (6 subect to the constrants (7 wth M = M. Smlarly, M s a soluton to the optmzaton problem (8 subect to the constrants (9 wth s = s. From Lemmas 3.1 and 3.2, constrants (7 and (9 are met wth equalty. Thus, wrtng the Lagrangan for the equalty constraned optmzaton problem specfed by (6 and (7 and applyng the frst order necessary condtons, we obtan ( 2 = M β2 M β2 1 sβ1 1, (12, Â. Smlarly, wrtng the Lagrangan for the equalty constraned optmzaton problem specfed by (8 and (9 and applyng the frst order necessary condtons, (, Â. From (12 and (13, 2 = M β2 1 M β2 1, (13 s M = s M, (14, Â. Applyng the constrants (7 and (9 and Lemmas s 3.1 and 3.2 to (14, M = s M, Â. Theorem 3.3 provdes a means for adustng the sensng and camouflagng resources accordng to the varyng utltes. In other words, f the utlty of a partcular band changes, then the sensng and camouflagng resources for that band are both scaled by the same factor to obtan a new equlbrum pont.

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. B. Jammng Game After sensng the spectrum bands and formng the subset  of bands whch the attacker decdes to attack, the obectve of the ammng game s to determne the optmal transmt powers on each spectrum band n order to successfully am the band. In order to formulate the ammng game, we lst the followng detals whch we consder about the system, n addton to those mentoned n Secton II. The attacker attacks band wth probablty π and transmt power, P. The attacker can spend a total power, P tot, n order to attack the spectrum bands. In the th spectrum band, there s one ntended and n 1 camouflagng transmtters correspondng [ to a recever. The channel gan vector h = T h1 h 2 h 3 h n, where h1 denotes the gan from the ntended transmtter and h 2...h n denote the gan from the camouflagng transmtters. The gan from the attacker to the recever s ĥ1. The channel nose s addtve whte Gaussan nose (AWGN wth nose power, W. The ntended transmtter on the th band transmts wth power e 1 and the camouflagng transmtters transmt wth powers, e 2, e 3,..., e n. The SIR on the th band perceved at the recever of the covert tmng communcaton due to the ntended transmtter of the covert tmng communcaton s τ and that at the recever of the covert tmng communcaton due to the attacker s transmsson s γ. Successful ammng takes place when the attacker transmts at power P on band such that t results n γ >τ [12. From the defnton of SIR n wreless networks [13, τ and γ can be wrtten as e 1 h 1 τ = W + 1 e (15 h P ĥ 1 γ = W + 1 e. (16 h The ammng problem can be formulated as a non-cooperatve game between S vrtual players. The strategy chosen by each player s the power transmtted and the probablty of attack on each band. It s essental to defne a utlty functon whch should be an ncreasng concave functon of the strategy [14. In order to lmt the transmt power appled by the attacker on each band, we also propose a penalty functon whch s an ncreasng functon of the transmt power and the probablty of attackng the band. Wth all these consderatons, we defne the followng net utlty functon, U net,nthe th band to be U net = a ln(1 + π E +λu(γ τ ln(γ τ μp π, (17 where E s gven by (4, u(y s the modfed unt step functon,. e., u(y = { 1 y>0 0 y 0, (18 a>0and λ>0are utlty parameters and μ>0s the prcng parameter. The expresson for the net utlty, U net n (17 s derved based on the followng consderatons. 1 The attacker can am band successfully only when γ > τ. 2 The attacker should obtan larger utlty when the SIR, γ s greater than τ by a larger margn,. e., the nformaton receved from the attacker s much larger than that receved from the transmtter. 3 The utlty should ncrease when the mpact created on the network ncreases and when the probablty of attackng the crtcal band s larger. 4 The penalty for transmttng hgher power should be more and that for attackng a band wth hgher probablty should be more. It s noted that the magntude of λ should be very small. Ths s to assure that the attacker does not have much ncentve n transmttng exorbtantly large power. Also, the magntude of μ should be very large so that the penalty for transmttng larger powers s large. Wth the above consderatons, the Nash equlbrum strategy for the ammng game can be obtaned as the soluton to the followng optmzaton problem max U net = max a ln(1 + π E + P,π P,π   λu(γ τ ln(γ τ μp π, (19 subect to the constrants P P tot, (20 and  π 1 (21  P 0 π 0. (22 In (19, P =[P  and π =[π Â. The followng theorem provdes a suffcent condton for exstence of a Nash equlbrum for the ammng game specfed by the optmzaton problem (19 subect to the constrants (20-(22. Theorem 3.4: Let ɛ = γ τ and ˆμ max = mn  ( ( λa τ ɛ e 1 ( E 1+E. (23 If μ<ˆμ max, then a unque Nash equlbrum exsts for the ammng game specfed by the optmzaton problem (19. Proof: The obectve functon for the ammng game s specfed by (17. The Hessan matrx for each term n the obectve functon, H, s gven by H = 2 U net P 2 2 U net P π, (24 U net 2 U net π P 2 U net π 2

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. whch, from (17, can be obtaned as 2 H = λ γ (γ τ 2 P μ. (25 μ ae2 (1+π E 2 From the above, the determnant of the Hessan matrx can be wrtten as 2 [ 2 λa τ E det(h = μ 2, (26 e 1 1+π E ɛ 2 whch s postve f μ<ˆμ max specfed n (23. Note from (25 that the trace of H s negatve. Thus, when μ<ˆμ max, the Hessan matrx H s negatve defnte, and hence U net (and, n turn,  U net s a concave functon. Hence, the optmzaton problem specfed by (19 has a unque Nash equlbrum [14. Corollary 3.1: When ɛ 0,, the ammng game has a unque Nash equlbrum. Proof: When ɛ 0, ˆμ max and the condton μ<ˆμ max n Theorem 3.4 s satsfed. Ths results n a unque Nash equlbrum. Although the condton n Theorem 3.4 provdes an upper bound on μ to result n a Nash equlbrum, t stll does not ensure that the Nash equlbrum thus determned satsfes the constrants (20-(22. The followng theorem provdes another upper bound and a lower bound on μ that determnes the value of the unque Nash equlbrum that satsfes the constrants (20-(22. Theorem 3.5: Let ɛ = ɛ, and let ɛ 0. Let and aĥ1e μ max = mn (27  e 1 h 1 a  μ mn = 1+  ĥ 1 e 1h 1 1. (28 E Then μ (μ mn,μ max, there exsts a unque Nash equlbrum for the ammng game that satsfes the constrants (20-(22. Proof: The Lagrangan, L, for the constraned optmzaton problem (19 subect to the constrants (20-(22 can be wrtten as 2 L = a ln(1 + π E + λ ln(γ τ + μp π ν 1 (α 2 P + P ν 2 (β 2 1+ π, (29 where ν 1 and ν 2 are the Lagrangan varables correspondng to the constrants and α, β are slack varables to account for the 2 In (29, ndcates Â. We omt ths detal n (29 for smplcty. nequalty n the constrants. Accordng to the Karush-Kuhn- Tucker (KKT condtons [15, t s essental to equate the partal dervatves of L wth respect to P, π, ν 1, ν 2, α and β to zero n order to determne the Nash equlbrum. The condton ɛ = ɛ 0, yelds P = e h 1. (30 ĥ 1 The value of P obtaned above satsfes P > 0 n (22. In order to satsfy (20, only those bands,  are chosen that satsfy e h 1 <P. (31 ĥ 1 In order to maxmze the number of bands that can be attacked and mnmze the total transmt power of the attacker, the attacker chooses the bands wth the smallest vales of eh1 ĥ 1 such that (31 s satsfed. Note that the choce of P that satsfes (31, also satsfes (20 wth nequalty and hence, ν 1 = 0. The condton n Theorem 3.4 results n ν 2 = 0. Thus, equatng the partal dervatve of L wth respect to π to zero, usng the fact that ν 1 = ν 2 =0and usng the expresson for P n (30, we obtan the optmal π as π = aĥ1 1. (32 μe 1 h 1 E When μ < μ max specfed n (27, the constrant π > 0 n (22. The condton μ>μ mn specfed n (28 satsfes the constrant (21. Thus, the Nash equlbrum satsfes the constrants. Remark 1: Snce μ s a parameter that can be modfed accordng to the network, one can choose μ that satsfes the condton provded n Theorem 3.5, and thus, obtan a unque Nash equlbrum for the ammng game. Remark 2: Note that, n order to apply Theorem 3.5, t s essental that for the chosen set of bands  such that μ max n (27> μ mn n (28. It s observed that ths s satsfed f only one band s chosen. However, when multple bands are chosen, t may not be true n general. Then, among the subset of bands chosen to determne the optmal P, a smaller subset s chosen whch satsfes μ mn < μ max. Ths gves a means to determne the maxmum number of spectrum bands that can be attacked. Remark 3: Note that π ncreases when ĥ1 h 1 ncreases and e 1 and E are fxed. Ths means that the attacker s more lkely to attack the band n whch t s closer to the recever, than the ntended transmtter. Remark 4: From (30 and (32, t s observed that for two bands wth the same mpact (E, the attacker s more lkely to attack the band n whch t has to use lesser power. Remark 5: From (32, t s also observed that between two bands on whch the attacker requres the same transmt power, t s more lkely to attack the one n whch t can create more mpact.

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. IV. RESULTS AND DISCUSSION We present the numercal results n two parts. The results for the sensng game are frst presented n Secton IV-A. Later, Secton IV-B present the results for the ammng game. We consder the followng numercal values n the computatons. The network has N =25spectrum bands [8 and the attacker can attack at most S =10spectrum bands. The utlty on each band s taken to be unformly dstrbuted n the nterval [100, 500. A. Sensng Game As mentoned n Secton III-A, we apply the dose-responsemmunty model to obtan the probablty of successfully detectng the covert communcaton n a spectrum band. We consder equally capable sensng and camouflagng abltes for the attacker and the covert tmng network, respectvely,. e., β 1 = β 2. For the numercal computatons, we consder β 1 = β 2 =1. Fg. 4 presents the expected mpact on the covert tmng network wth respect to the total avalable sensng resources, s, form = 150. In order to compare the proposed game theoretc allocaton of the sensng and camouflagng resources, we consder two well known schemes- ( the equal allocaton scheme where the sensng and camouflagng resources are equally dvded among all channels and ( the adaptve proportonal scheme where sensng and camouflagng resources are allocated to the th band accordng to the rato, U. U k k From Fg. 4, t s observed that the proposed game theoretc scheme results n lesser average mpact on the covert network than the adaptve proportonal and the unform allocaton schemes. As an example, for s = 100, the expected mpact on the covert tmng network caused by the proposed scheme s about 1500 whle that caused by the adaptve proportonal allocaton scheme s about 2000 and that caused by the unform allocaton scheme s about 2400. Thus, an mprovement of about 25% s acheved over the adaptve proportonal allocaton scheme and an mprovement of about 37.5% s acheved over the unform allocaton scheme. Smlar mprovements can be observed n Fg. 5, whch depcts the results when the total sensng resources, s = 150, and the total camouflagng resources, M, s vared. B. Jammng Game In order to perform the numercal computatons for the ammng game, we generate the channel gan vector, h and the channel gan ĥ1 from the attacker, usng the Jake s propagaton model [16. We run 100000 Lnux based smulaton experments and present the results averaged over these smulaton experments. Fg. 6 presents the average transmt power for the attacker for varyng values of the total sensng resources, s, wth M = 150. As n the sensng game, the performance s compared wth that of the adaptve proportonal and the equal resource allocaton schemes. It s observed that the average transmt power requred by the attacker to successfully am the covert tmng network s larger for the proposed game theoretc scheme than that for the adaptve Impact on the Tactcal Network, Σ E 3500 3000 2500 2000 1500 1000 500 Proposed Adaptve Proportonal Unform 0 0 20 40 60 80 100 120 140 160 180 200 Total Sensng Resources, s Fg. 4. Expected mpact on the covert tmng network when M = 150 and the utltes are unformly dstrbuted n [100, 500. Impact on the Tactcal Network, Σ E 4000 3500 3000 2500 2000 Proposed Adaptve Proportonal Unform 1500 0 20 40 60 80 100 120 140 160 180 200 Total Camouflagng Resources, M Fg. 5. Expected mpact on the covert tmng network when the s = 150 and the utltes are unformly dstrbuted n [100, 500. proportonal and the equal resource allocaton schemes. As an example, for s = 100, the proposed game theoretc scheme requres the attacker to transmt at an average power of about -18.5 dbm whle the adaptve proportonal scheme results n about -19.5 dbm and the equal allocaton scheme results n about -20 dbm. Thus the proposed scheme results n about 20% more average power than that of the adaptve proportonal scheme and about 30% addtonal power compared to the equal allocaton scheme. Ths s because, the condtons requred for μ mn <μ max (mentoned n remark 1 n Secton III-B s satsfed for fewer channels n the adaptve proportonal and the equal allocaton schemes thus reducng the values of π and hence, the average power, P π. Thus, the proposed scheme not only reduces the mpact on the covert tmng network but also forces the attacker to use larger average transmt powers. Smlar results can be observed for varyng M n Fg. 7. From Fgs. 6 and 7, t s observed that the average transmt power decreases wth ncreasng values of the total sensng resources, s, and ncreases wth ncreasng values of the total

Ths full text paper was peer revewed at the drecton of IEEE Communcatons Socety subect matter experts for publcaton n the IEEE INFOCOM 2010 proceedngs Ths paper was presented as part of the man Techncal Program at IEEE INFOCOM 2010. camouflagng resources, M. Ths s because, when s ncreases, the mpact on the covert tmng covert network ncreases. From (27, μ max ncreases. Ths allows larger values of the prcng parameter, μ, whch, n turn, forces the attacker to transmt at lower average powers. Smlarly, ncreasng the value of M reduces the mpact on the covert tmng network on each spectrum band, thus reducng μ max allowng smaller values of μ. Ths, n turn, results n larger average transmt power for the attacker. Average Transmt Power (dbm 16 16.5 17 17.5 18 18.5 19 19.5 20 20.5 Proposed Adaptve Proportonal Unform 21 20 40 60 80 100 120 140 160 180 200 Total Sensng resources, s Fg. 6. Average transmt power for the attacker when M = 150 and the utltes are unformly dstrbuted n [100, 500. Average Transmt power (dbm 18.5 19 19.5 20 20.5 21 Proposed Adaptve Proportonal Unform 21.5 50 100 150 200 Total Camouflagng Resources, M Fg. 7. Average transmt power for the attacker when s = 150 and the utltes are unformly dstrbuted n [100, 500. V. CONCLUSION We presented a two ter adversaral game theoretc approach to study malcous nterference based DoS attacks n multband covert tmng networks. Nash equlbrum strateges were obtaned for both the terss of the game. The followng key nferences are drawn from the analyss presented n ths paper. The attacker needs to deploy all ts sensng resources only on the crtcal bands. The covert tmng network needs to deploy all ts camouflagng resources only on the crtcal bands. At the equlbrum pont, the ratos between the sensng and the camouflagng resources deployed n all the crtcal bands are equal. Between two bands wth equal mpact, the attacker s more lkely to attack the band n whch t s requred to transmt at lesser power. Between two bands n whch t has to transmt equal power, the attacker s more lkely to attack the band whch perceves hgher mpact. The proposed game theoretc scheme can result n about 25-40% reduced mpact on the covert tmng network when compared to other well known heurstcs. The proposed game theoretc scheme results n about 20-30% ncreased transmt power for the attacker when compared to other well known heurstc schemes. VI. ACKNOWLEDGEMENT Ths research was partally funded by NSF # 0917008 and NSF # 0916180 and partally funded by 2009-92667-NJ-IJ. REFERENCES [1 B. W. Lampson, A note on the confnement problem, ACM Commun., 1973. [2 K. W. Eggers and P. W. Mallett, Characterzng network covert storage channels, Fourth Aerospace Comp. Securty Appl. Conf., Dec. 1988. [3 K. G. Lee, A. Savold, P. Guban, K. S. Lm, and S. Lee, Methodologes for detectng covert database, Intl. Conf. on Intellgent Info. Hdng and Multmeda Sgnal Proc., Aug. 2008. [4 I. S. Morskowtz and A. R. Mller, Smple tmng channels, Proc. IEEE Comp. Soc. Symposum on Research n Securty and Prvacy, 1994. [5 Z. Wang and R. B. Lee, Capacty estmaton of non-synchronous covert channels, 25th IEEE Intl. Conf. on Dstrbuted Computng Systems Workshops, Jun. 2005. [6 V. Anantharam and S. Verdu, Bts through queues, IEEE Trans. on Info. Theory, vol. 42, no. 1, pp. 4 18, Jan. 1996. [7 A. B. Wagner and V. Anantharam, Zero-rate relablty of the exponental-server tmng channel, IEEE Trans. on Info. Theory, vol. 51, no. 2, pp. 447 465, Mar. 2005. [8 S. Sengupta, S. Anand, K. Hong, and R. Chandramoul, On adversaral games n dynamc spectrum access based tmng covert channels, ACM Moble Computng and Communcatons Revew: Specal Issue on Cogntve Rado Technologes and Systems, vol. 13, no. 2, pp. 96 107, Apr. 2009. [9 M. Buddhkot, P. Kolodzy, S. Mller, K. Ryan, and J. Evans, Dmsumnet: New drectons n wreless networkng usng coordnated dynamc spectrum access, IEEE Intl. Symposum on a World of Wreless, Moble and Multmeda Networks (WoWMoM 2005, Nov. 2005. [10 S. Sarkar, E. Altman, R. El-Azouz, and Y. Hayel, Informaton concealng games, Proc., IEEE Intl. Conf. on Computer Commun. (INFOCOM 2008 mn-conference, Mar. 2008. [11 S. C. Chow, Encyclopeda of Bopharmaceutcal Statstcs. Informa Health Care, 2 nd Edton, 2003. [12 T. Basar, The Gaussan test channel wth an ntellgent ammer, IEEE Trans. on Info. Theory, vol. 29, no. 1, pp. 152 157, Jan. 1983. [13 A. J. Vterb, CDMA: Prncples of Spread Spectrum Communcaton. Addson-Wesley, 1995. [14 D. Fudenberg and J. Trole, Game Theory. MIT Press, 1991. [15 D. G. Luenberger, Lnear and Non-lnear Programmng. Kluwer Academc Publshers, 1984. [16 T. S. Rappaport, Wreless Communcatons: Prncples and Practce. Prentce Hall Inc., New Jersey, 1996.