A Behavioral Economics-Based Game Model for Side-Channel Security Attack and Defense Strategies
-
摘要: 为解决侧信道安全领域暂无系统化攻防策略选择模型的现状,通过引入行为经济学和层次分析法,构建了一种侧信道攻防策略结构化成本量化模型。首先,从博弈论基本要素出发,将侧信道分析者与防护设计者映射为博弈双方,建立策略空间与收益函数。随后,提出基于层次分析法的成本量化框架,通过构建多维度判断矩阵,系统量化攻防策略的客观成本,克服传统主观赋值法的随意性与不可复现性。在此基础上,创新性地引入前景理论和风险规避理论,建立不完全信息静态博弈模型,并采用贝叶斯-纳什均衡求解最优策略。进一步结合安全工程ALARP原则,提出安全等级依赖的动态决策模型。结果表明,该模型能够为不同安全等级的场景提供基于风险偏好和成本效益原则量化的策略选择指导,明确识别出资产价值与防护强度的非线性临界关系,有效实现防护强度与资产价值的自适应匹配。通过构建“心理-经济-工程”三重维度的决策框架,不仅为侧信道攻防策略选择提供了首个系统化、可复现的理论模型,也为密码模块的“适度安全”设计提供了跨学科的量化决策依据。Abstract:
Objective The field of side-channel security currently lacks a systematic, quantifiable, and reproducible model for guiding the selection of attack and defense strategies, particularly in real-world engineering contexts where resource constraints necessitate informed cost-benefit trade-offs. The absence of such a framework impedes the practical realization of the “appropriate security” principle, often leading to either over-protection or under-protection of cryptographic modules. Traditional approaches to evaluating attack and defense costs rely heavily on subjective expert judgments, which are inherently arbitrary, difficult to replicate, and lack a structured multi-dimensional assessment. To bridge this critical gap, this research proposes an interdisciplinary model that integrates game theory, behavioral economics, and the Analytic Hierarchy Process (AHP). The primary objective is to establish a holistic decision-support system that not only quantifies the multi-faceted costs of various side-channel strategies but also incorporates the psychological dimensions of decision-making under risk, thereby enabling dynamic and economically rational security strategy selection tailored to specific asset values and security levels. Methods This study constructs a multi-layered modeling framework based on a static non-cooperative game with incomplete information. First, the side-channel analyst and the defense designer are formally defined as rational players, each possessing a finite set of strategies: the attacker may choose from non-modeling attacks such as DPA/CPA, modeling-based attacks like template attacks, or emerging deep learning-based side-channel analysis; the defender may adopt countermeasures including time hiding, amplitude hiding, or masking/blinding techniques. To systematically quantify the often-overlooked cost dimension, an AHP-based structured cost model is introduced. Through pairwise comparison matrices, the model decomposes costs into multiple criteria—such as time, data storage, computational resources, expertise, and hardware overhead—and assigns objective weights to each criterion, thereby replacing subjective cost estimates with a reproducible, hierarchical evaluation system. Furthermore, to reflect real-world decision-making behavior, key concepts from behavioral economics are integrated: Prospect Theory models how gains and losses are perceived relative to a reference point, while risk aversion coefficients capture players’ tolerance for uncertainty. These behavioral parameters are explicitly linked to the security level of the cryptographic module, allowing the model to adapt to different operational contexts. The resulting behavioral-augmented Bayesian game is then solved using the concept of Bayes-Nash Equilibrium, wherein each player’s optimal mixed strategy is derived based on their private type (behavioral profile) and beliefs about the opponent. To ensure engineering relevance, the As Low As Reasonably Practicable principle is incorporated as a constraint, enforcing that any selected defense strategy must be justifiable in terms of risk reduction versus cost incurred. Numerical solutions are obtained via a customized sequential quadratic programming algorithm implemented in Python. Results and Discussions A comprehensive experimental evaluation was conducted to validate the proposed model’s consistency, sensitivity, and practical utility. The AHP-based cost quantification demonstrated strong internal consistency, with all consistency ratios below the 0.1 threshold, confirming the reliability of the judgment matrices. The derived weight distributions revealed intuitive priorities: attackers placed greater emphasis on technical barriers and computational cost, whereas defenders prioritized design complexity and performance overhead. The behavioral adjustment layer successfully modulated perceived costs according to security levels: under low-security conditions (high risk aversion), costs were perceptually inflated, leading to conservative strategy choices; under high-security conditions, decision-making aligned more closely with objectively quantified costs. Equilibrium analysis across varying asset values and security levels yielded interpretable and rational strategy profiles. For low-value assets, both players exhibited a strong tendency toward low-cost or “no action” strategies, adhering to the lower bound of the ALARP region. As asset value increased, a clear threshold effect was observed, triggering a shift toward high-cost, high-efficacy strategies such as deep learning-based attacks and masking-based defenses. Sensitivity analysis further confirmed that defense strategy probabilities increased monotonically with asset value, validating the model’s ability to capture the non-linear relationship between protection intensity and asset criticality. These findings underscore the model’s capacity to support context-aware, adaptive security decision-making that balances risk, cost, and psychological factors. Conclusions This research presents a novel, behaviorally informed game-theoretic model for side-channel security strategy selection, addressing a significant void in existing literature regarding structured cost-benefit assessment. By integrating AHP-based objective cost quantification, behaviorally adjusted subjective valuations, and ALARP-driven engineering constraints, the proposed framework offers a multi-dimensional, reproducible, and context-sensitive tool for analyzing attack-defense interactions. The model advances the field by explicitly linking security levels to behavioral parameters, enabling dynamic strategy adaptation in response to both asset value and decision-makers’ risk perceptions. Although the current implementation relies partially on expert-defined parameters and operates within a static game setting, it establishes a critical foundation for transitioning from heuristic-based security decisions to quantitatively grounded, interdisciplinary analysis. Future work will focus on parameter calibration using real-world attack/defense datasets, extension to multi-stage dynamic games to capture strategic evolution over time, and empirical validation in industrial cryptographic evaluation scenarios. This study contributes the first systematic methodology for cost-aware, behaviorally realistic strategy optimization in side-channel security, offering both theoretical insights and practical guidance toward achieving “appropriate security” in cryptographic engineering. -
表 1 行为增强的贝叶斯-纳什均衡求解算法
算法1 行为增强的贝叶斯-纳什均衡求解算法 Input:资产价值$ V $,安全等级$ \text{SL} $,成本矩阵$ \mathbf{C} $,成功率矩阵P,信念分布$ \{{\beta }_{A},{\beta }_{D}\} $ Output:均衡策略$ (\sigma _{A}^{*},\sigma _{D}^{*}) $ 1 确定行为参数:$ {\alpha }_{D}(\text{SL}),{\alpha }_{A}(\text{SL}),{\lambda }_{D}(\text{SL}),{\lambda }_{A}(\text{SL}),{R}_{0,D},{R}_{0,A} $; 2 计算调整后成本:$ \mathbf{{C}^{\prime}}\leftarrow \text{AdjustCost}(\mathbf{C},\text{SL},V) $ //公式(15) 3 计算风险调整收益:$ {U}^{\text{risk}}\leftarrow \text{RiskAdjust}(\mathbf{P},V,\mathbf{{C}^{\prime}},{\alpha }_{D},{\alpha }_{A}) $ 4 应用前景理论调整:$ {U}^{\text{PT}}\leftarrow \text{ProspectAdjust}({U}^{\text{risk}},{\lambda }_{D},{\lambda }_{A},{R}_{0,D},{R}_{0,A}) $ 5 应用ALARP约束:$ {S}_{\text{feasible}}\leftarrow \text{ALARPFiliter}({U}^{\text{PT}},\mathbf{{C}^{\prime}},V,{\Theta }^{\text{ALARP}}) $ 6 构建优化问题: 7 目标函数:$ {\max }_{{{\sigma }_{D}},{{\sigma }_{A}}}\left(\displaystyle\sum \nolimits_{{s}_{d}}{\sigma }_{D}({s}_{d})\cdot {\text{EU}}_{D}({s}_{d})+\displaystyle\sum \nolimits_{{s}_{a}}{\sigma }_{A}({s}_{a})\cdot {\text{EU}}_{A}({s}_{a})\right) $ 8 约束条件:$ \sum {\sigma }_{D}=1, \sum {\sigma }_{A}=1, {\sigma }_{i}\geq 0, {s}_{i}\in {S}_{\text{feasible}} $ 9 使用SLSQP算法求解上述优化问题; 10 验证BNE条件:检查是否满足公式(27)和(28); 11 If 验证失败 then 12 | 调整初始点,重新执行步骤7-9求解优化问题; 13 end 14 return $ (\sigma _{A}^{*},\sigma _{D}^{*}) $; 表 2 攻击成功率矩阵$ {P}_{A}({s}_{a},{s}_{d}) $
pA\防御策略 A(无防护) B(时间隐藏) C(振幅隐藏) D(掩码/盲化) a(不攻击) 0.00 0.00 0.00 0.00 b(DPA/CPA) 0.60 0.40 0.10 0.20 c(TA) 0.80 0.10 0.25 0.30 d(DLSCA) 0.90 0.30 0.35 0.50 表 3 安全等级依赖的行为参数设定
安全等级 风险规避系数$ \alpha $ 损失厌恶系数$ \lambda $ ALARP边界$ [{\theta }_{\min },{\theta }_{\max }] $ $ \rho $ 参考点$ {R}_{0} $ SL=1 1.50(攻) 1.20(防) 2.50(攻) 2.00(防) [0.05, 0.10](攻) [0.10, 0.20](防) 1.20 0 SL=2 0.80(攻) 0.60(防) 1.80(攻) 1.50(防) [0.10, 0.30](攻) [0.15, 0.40](攻) 1.00 0 SL=3 0.30(攻) 0.20(防) 1.20(攻) 1.00(防) [0.30, 0.80](攻) [0.25, 0.60](攻) 0.80 0 -
[1] KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. 19th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 1999: 388–397. doi: 10.1007/3-540-48405-1_25. [2] QUISQUATER J J and SAMYDE D. ElectroMagnetic analysis (EMA): Measures and counter-measures for smart cards[C]. Smart Card Programming and Security International Conference on Research in Smart Cards, Cannes, France, 2001: 200–210. doi: 10.1007/3-540-45418-7_17. [3] KOCHER P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C]. 16th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 1996: 104–113. doi: 10.1007/3-540-68697-5_9. [4] ISO. ISO/IEC 17825: 2024 Information technology—security techniques—testing methods for the mitigation of non-invasive attack classes against cryptographic modules[S]. Geneva: ISO, 2024. [5] YD/T 6305-2024. 数字内容保护技术要求[S]. 北京: 邮电部标准出版社, 2024. (查阅网上资料, 未找到本条文献信息, 请确认). [6] 姚剑波, 张涛. 基于互信息博弈的侧信道攻击安全风险评估[J]. 计算机科学, 2012, 39(S1): 69–71.YAO Jianbo and ZHANG Tao. Side channel risk evaluation based on mutual information game[J]. Computer Science, 2012, 39(S1): 69–71. [7] WANG Bing, LOU Wenjing, and HOU Y T. Modeling the side-channel attacks in data deduplication with game theory[C]. 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy, 2015: 200–208. doi: 10.1109/CNS.2015.7346829. [8] GENG Hui, KWIAT K A, KAMHOUA C A, et al. On random dynamic voltage scaling for internet-of-things: A game-theoretic approach[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018, 37(1): 123–132. doi: 10.1109/TCAD.2017.2717780. [9] HALPERN J and TEAGUE V. Rational secret sharing and multiparty computation: Extended abstract[C]. Proceedings of the Thirty-sixth Annual ACM Symposium on Theory of Computing, Chicago, USA, 2004: 623–632. doi: 10.1145/1007352.1007447. [10] 彭长根, 田有亮, 刘海, 等. 密码学与博弈论的交叉研究综述[J]. 密码学报, 2017, 4(1): 1–15. doi: 10.13868/j.cnki.jcr.000158.PENG Changgen, TIAN Youliang, LIU Hai, et al. A survey on the intersection of cryptography and game theory[J]. Journal of Cryptologic Research, 2017, 4(1): 1–15. doi: 10.13868/j.cnki.jcr.000158. [11] 刘小虎, 张恒巍, 张玉臣, 等. 基于博弈论的网络攻防行为建模与态势演化分析[J]. 电子与信息学报, 2021, 43(12): 3629–3638. doi: 10.11999/JEIT200628.LIU Xiaohu, ZHANG Hengwei, ZHANG Yuchen, et al. Modeling of network attack and defense behavior and analysis of situation evolution based on game theory[J]. Journal of Electronics & Information Technology, 2021, 43(12): 3629–3638. doi: 10.11999/JEIT200628. [12] SUN Haiyan, SHAO Chenglong, ZHANG Jianwei, et al. Evolution analysis of network attack and defense situation based on game theory[J]. Computers, Materials and Continua, 2025, 83(1): 1451–1470. doi: 10.32604/cmc.2025.059724. [13] BAI Xue and BAI Yongguo. Equilibrium strategy of attack and defense in computer networks based on Markov signal game theory[J]. Journal of Cyber Security and Mobility, 2025, 14(1): 127–153. doi: 10.13052/jcsm2245-1439.1416. [14] ZHENG Tianshuai, DU Ye, HUA Kaisheng, et al. Predictive analytics for cyber-attack timing in power Internet of Things: A FlipIt game-theoretic approach[J]. Internet of Things, 2025, 30: 101522. doi: 10.1016/j.iot.2025.101522. [15] ZHU Zinan and ZHOU Lin. Application of complex network attack and defense time game model in network security defense decision[J]. Journal of Cyber Security and Mobility, 2025, 14(2): 311–337. doi: 10.13052/jcsm2245-1439.1423. [16] HE Long, SUN Geng, Niyato D, et al. Generative AI for game theory-based mobile networking[J]. IEEE Wireless Communications, 2025, 32(1): 122–130. doi: 10.1109/MWC.007.2400133. [17] MAO Shaoguang, CAI Yuzhe, XIA Yan, et al. ALYMPICS: LLM agents meet game theory[C]. Proceedings of the 31st International Conference on Computational Linguistics, Abu Dhabi, UAE, 2025: 2845–2866. [18] TARIQ A, SALLABI F, SERHANI M A, et al. Leveraging game theory and XAI for data quality-driven sample and client selection in trustworthy split federated learning[J]. IEEE Transactions on Consumer Electronics, 2025, 71(2): 6686–6699. doi: 10.1109/TCE.2025.3543209. [19] PIRHOSSEINI H, ZAREI E, REZVANI M H, et al. Game-theoretic methods for edge/fog/cloud computation offloading: A systematic review[J]. Computing, 2025, 107(8): 166. doi: 10.1007/s00607-025-01515-x. [20] 张鸿, 廖彧歆, 王汝言, 等. 面向密集场景的空天地网络资源分配算法[J]. 电子与信息学报, 2024, 46(5): 1968–1976. doi: 10.11999/JEIT231086.ZHANG Hong, LIAO Yuxin, WANG Ruyan, et al. Resource allocation algorithm of space-air-ground integrated network for dense scenarios[J]. Journal of Electronics & Information Technology, 2024, 46(5): 1968–1976. doi: 10.11999/JEIT231086. [21] 冯·诺伊曼, 摩根斯特恩, 王文玉, 王宇, 译. 博弈论与经济行为[M]. 北京: 三联书店, 2004.VON NEUMANN J, MORGENSTERN O, WANG Wenyu, WANG Yu, translation. Theory of Games and Economic Behavior[M]. Beijing: SDX Joint Publishing Company, 2004. (查阅网上资料, 未找到本条文献的页码信息, 请补充). [22] SAATY T L. A scaling method for priorities in hierarchical structures[J]. Journal of Mathematical Psychology, 1977, 15(3): 234–281. doi: 10.1016/0022-2496(77)90033-5. [23] SAATY R W. The analytic hierarchy process—what it is and how it is used[J]. Mathematical Modelling, 1987, 9(3/5): 161–176. doi: 10.1016/0270-0255(87)90473-8. [24] KAHNEMAN D and TVERSKY A. Prospect theory: An analysis of decision under risk[M]. MacLean L C and Ziemba W T. World Scientific Handbook in Financial Economics Series: Handbook of the Fundamentals of Financial Decision Making, 2013: 99–127. doi: 10.1142/9789814417358_0006.(查阅网上资料,未找到本条文献的出版地和出版者信息,请确认). [25] OŻGA S A. Aspects of the theory of risk-bearing[J]. Economica, 1966, 33(130): 251–252. doi: 10.2307/2552628. [26] 国家密码管理局. GM/T 0083-2020 密码模块非入侵式攻击缓解技术指南[S]. 北京: 中国标准出版社, 2021.State Cryptography Administration. GM/T 0083-2020 Guideline for the mitigation of non-invasive attacks against cryptographic modules[S]. Beijing: Standards Press of China, 2021. (查阅网上资料, 未找到本条文献作者英文信息, 请确认). -
下载: