Visible to the public On the Security-Privacy Tradeoff in Collaborative Security: A Quantitative Information Flow Game Perspective

TitleOn the Security-Privacy Tradeoff in Collaborative Security: A Quantitative Information Flow Game Perspective
Publication TypeJournal Article
Year of Publication2019
AuthorsJin, R., He, X., Dai, H.
JournalIEEE Transactions on Information Forensics and Security
Volume14
Pagination3273–3286
ISSN1556-6021
KeywordsCollaboration, collaboration gain, collaborative entities, collaborative security, collaborative security schemes, cyber-attacks, data privacy, game theory, game-theoretic analysis, Games, Human Behavior, information exchange, information sharing process, information theoretic security, Intrusion detection, Loss measurement, Metrics, multiple security entities, policy-based governance, privacy, privacy concerns, privacy loss, pubcrawl, quantitative information flow, quantitative information flow game perspective, quantitative information flow games, Resiliency, Scalability, security decisions, security of data, security-privacy tradeoff, security-related information, sensitive information
AbstractTo contest the rapidly developing cyber-attacks, numerous collaborative security schemes, in which multiple security entities can exchange their observations and other relevant data to achieve more effective security decisions, are proposed and developed in the literature. However, the security-related information shared among the security entities may contain some sensitive information and such information exchange can raise privacy concerns, especially when these entities belong to different organizations. With such consideration, the interplay between the attacker and the collaborative entities is formulated as Quantitative Information Flow (QIF) games, in which the QIF theory is adapted to measure the collaboration gain and the privacy loss of the entities in the information sharing process. In particular, three games are considered, each corresponding to one possible scenario of interest in practice. Based on the game-theoretic analysis, the expected behaviors of both the attacker and the security entities are obtained. In addition, the simulation results are presented to validate the analysis.
DOI10.1109/TIFS.2019.2914358
Citation Keyjin_security-privacy_2019