Strategic Trust in Cloud-Enabled Cyber-Physical Systems with an Application to Glucose Control

Jeffrey Pawlick, Quanyan Zhu

Research output: Contribution to journalArticlepeer-review


Advances in computation, sensing, and networking have led to interest in the Internet of Things (IoT) and cyber-physical systems (CPS). Developments concerning the IoT and CPS will improve critical infrastructure, vehicle networks, and personal health products. Unfortunately, these systems are vulnerable to attack. Advanced persistent threats (APTs) are a class of long-term attacks in which well-resourced adversaries infiltrate a network and use obfuscation to remain undetected. In a CPS under APTs, each device must decide whether to trust other components that may be compromised. In this paper, we propose a concept of trust (strategic trust) that uses game theory to capture the adversarial and strategic nature of CPS security. Specifically, we model an interaction between the administrator of a cloud service, an attacker, and a device that decides whether to trust signals from the vulnerable cloud. Our framework consists of a simultaneous signaling game and the FlipIt game. The equilibrium outcome in the signaling game determines the incentives in the FlipIt game. In turn, the equilibrium outcome in the FlipIt game determines the prior probabilities in the signaling game. The Gestalt Nash equilibrium (GNE) characterizes the steady state of the overall macro-game. The novel contributions of this paper include proofs of the existence, uniqueness, and stability of the GNE. We also apply GNEs to strategically design a trust mechanism for a cloud-assisted insulin pump. Without requiring the use of historical data, the GNE obtains a risk threshold beyond which the pump should not trust messages from the cloud. Our framework contributes to a modeling paradigm called games-of-games.

Original languageEnglish (US)
Article number7972976
Pages (from-to)2906-2919
Number of pages14
JournalIEEE Transactions on Information Forensics and Security
Issue number12
StatePublished - Dec 2017


  • Internet of things
  • cyber-physical systems
  • cyber-security
  • perfect Bayesian Nash equilibrium
  • signaling game
  • trust

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Strategic Trust in Cloud-Enabled Cyber-Physical Systems with an Application to Glucose Control'. Together they form a unique fingerprint.

Cite this