Advanced Search
Turn off MathJax
Article Contents
CAI Juesong, YAN Yingjian, WANG Jindong. A Behavioral Economics-Based Game Model for Side-Channel Security Attack and Defense Strategies[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT260121
Citation: CAI Juesong, YAN Yingjian, WANG Jindong. A Behavioral Economics-Based Game Model for Side-Channel Security Attack and Defense Strategies[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT260121

A Behavioral Economics-Based Game Model for Side-Channel Security Attack and Defense Strategies

doi: 10.11999/JEIT260121 cstr: 32379.14.JEIT260121
  • Accepted Date: 2026-06-30
  • Rev Recd Date: 2026-06-30
  • Available Online: 2026-07-13
  •   Objective  The field of side-channel security currently lacks a systematic, quantifiable, and reproducible model for guiding the selection of attack and defense strategies, particularly in real-world engineering contexts where resource constraints necessitate informed cost-benefit trade-offs. The absence of such a framework impedes the practical realization of the “appropriate security” principle, often leading to either over-protection or under-protection of cryptographic modules. Traditional approaches to evaluating attack and defense costs rely heavily on subjective expert judgments, which are inherently arbitrary, difficult to replicate, and lack a structured multi-dimensional assessment. To bridge this critical gap, this research proposes an interdisciplinary model that integrates game theory, behavioral economics, and the Analytic Hierarchy Process (AHP). The primary objective is to establish a holistic decision-support system that not only quantifies the multi-faceted costs of various side-channel strategies but also incorporates the psychological dimensions of decision-making under risk, thereby enabling dynamic and economically rational security strategy selection tailored to specific asset values and security levels.  Methods  This study constructs a multi-layered modeling framework based on a static non-cooperative game with incomplete information. First, the side-channel analyst and the defense designer are formally defined as rational players, each possessing a finite set of strategies: the attacker may choose from non-modeling attacks such as DPA/CPA, modeling-based attacks like template attacks, or emerging deep learning-based side-channel analysis; the defender may adopt countermeasures including time hiding, amplitude hiding, or masking/blinding techniques. To systematically quantify the often-overlooked cost dimension, an AHP-based structured cost model is introduced. Through pairwise comparison matrices, the model decomposes costs into multiple criteria—such as time, data storage, computational resources, expertise, and hardware overhead—and assigns objective weights to each criterion, thereby replacing subjective cost estimates with a reproducible, hierarchical evaluation system. Furthermore, to reflect real-world decision-making behavior, key concepts from behavioral economics are integrated: Prospect Theory models how gains and losses are perceived relative to a reference point, while risk aversion coefficients capture players’ tolerance for uncertainty. These behavioral parameters are explicitly linked to the security level of the cryptographic module, allowing the model to adapt to different operational contexts. The resulting behavioral-augmented Bayesian game is then solved using the concept of Bayes-Nash Equilibrium, wherein each player’s optimal mixed strategy is derived based on their private type (behavioral profile) and beliefs about the opponent. To ensure engineering relevance, the As Low As Reasonably Practicable principle is incorporated as a constraint, enforcing that any selected defense strategy must be justifiable in terms of risk reduction versus cost incurred. Numerical solutions are obtained via a customized sequential quadratic programming algorithm implemented in Python.  Results and Discussions  A comprehensive experimental evaluation was conducted to validate the proposed model’s consistency, sensitivity, and practical utility. The AHP-based cost quantification demonstrated strong internal consistency, with all consistency ratios below the 0.1 threshold, confirming the reliability of the judgment matrices. The derived weight distributions revealed intuitive priorities: attackers placed greater emphasis on technical barriers and computational cost, whereas defenders prioritized design complexity and performance overhead. The behavioral adjustment layer successfully modulated perceived costs according to security levels: under low-security conditions (high risk aversion), costs were perceptually inflated, leading to conservative strategy choices; under high-security conditions, decision-making aligned more closely with objectively quantified costs. Equilibrium analysis across varying asset values and security levels yielded interpretable and rational strategy profiles. For low-value assets, both players exhibited a strong tendency toward low-cost or “no action” strategies, adhering to the lower bound of the ALARP region. As asset value increased, a clear threshold effect was observed, triggering a shift toward high-cost, high-efficacy strategies such as deep learning-based attacks and masking-based defenses. Sensitivity analysis further confirmed that defense strategy probabilities increased monotonically with asset value, validating the model’s ability to capture the non-linear relationship between protection intensity and asset criticality. These findings underscore the model’s capacity to support context-aware, adaptive security decision-making that balances risk, cost, and psychological factors.  Conclusions  This research presents a novel, behaviorally informed game-theoretic model for side-channel security strategy selection, addressing a significant void in existing literature regarding structured cost-benefit assessment. By integrating AHP-based objective cost quantification, behaviorally adjusted subjective valuations, and ALARP-driven engineering constraints, the proposed framework offers a multi-dimensional, reproducible, and context-sensitive tool for analyzing attack-defense interactions. The model advances the field by explicitly linking security levels to behavioral parameters, enabling dynamic strategy adaptation in response to both asset value and decision-makers’ risk perceptions. Although the current implementation relies partially on expert-defined parameters and operates within a static game setting, it establishes a critical foundation for transitioning from heuristic-based security decisions to quantitatively grounded, interdisciplinary analysis. Future work will focus on parameter calibration using real-world attack/defense datasets, extension to multi-stage dynamic games to capture strategic evolution over time, and empirical validation in industrial cryptographic evaluation scenarios. This study contributes the first systematic methodology for cost-aware, behaviorally realistic strategy optimization in side-channel security, offering both theoretical insights and practical guidance toward achieving “appropriate security” in cryptographic engineering.
  • loading
  • [1]
    KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. 19th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 1999: 388–397. doi: 10.1007/3-540-48405-1_25.
    [2]
    QUISQUATER J J and SAMYDE D. ElectroMagnetic analysis (EMA): Measures and counter-measures for smart cards[C]. Smart Card Programming and Security International Conference on Research in Smart Cards, Cannes, France, 2001: 200–210. doi: 10.1007/3-540-45418-7_17.
    [3]
    KOCHER P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C]. 16th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 1996: 104–113. doi: 10.1007/3-540-68697-5_9.
    [4]
    ISO. ISO/IEC 17825: 2024 Information technology—security techniques—testing methods for the mitigation of non-invasive attack classes against cryptographic modules[S]. Geneva: ISO, 2024.
    [5]
    YD/T 6305-2024. 数字内容保护技术要求[S]. 北京: 邮电部标准出版社, 2024. (查阅网上资料, 未找到本条文献信息, 请确认).
    [6]
    姚剑波, 张涛. 基于互信息博弈的侧信道攻击安全风险评估[J]. 计算机科学, 2012, 39(S1): 69–71.

    YAO Jianbo and ZHANG Tao. Side channel risk evaluation based on mutual information game[J]. Computer Science, 2012, 39(S1): 69–71.
    [7]
    WANG Bing, LOU Wenjing, and HOU Y T. Modeling the side-channel attacks in data deduplication with game theory[C]. 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy, 2015: 200–208. doi: 10.1109/CNS.2015.7346829.
    [8]
    GENG Hui, KWIAT K A, KAMHOUA C A, et al. On random dynamic voltage scaling for internet-of-things: A game-theoretic approach[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018, 37(1): 123–132. doi: 10.1109/TCAD.2017.2717780.
    [9]
    HALPERN J and TEAGUE V. Rational secret sharing and multiparty computation: Extended abstract[C]. Proceedings of the Thirty-sixth Annual ACM Symposium on Theory of Computing, Chicago, USA, 2004: 623–632. doi: 10.1145/1007352.1007447.
    [10]
    彭长根, 田有亮, 刘海, 等. 密码学与博弈论的交叉研究综述[J]. 密码学报, 2017, 4(1): 1–15. doi: 10.13868/j.cnki.jcr.000158.

    PENG Changgen, TIAN Youliang, LIU Hai, et al. A survey on the intersection of cryptography and game theory[J]. Journal of Cryptologic Research, 2017, 4(1): 1–15. doi: 10.13868/j.cnki.jcr.000158.
    [11]
    刘小虎, 张恒巍, 张玉臣, 等. 基于博弈论的网络攻防行为建模与态势演化分析[J]. 电子与信息学报, 2021, 43(12): 3629–3638. doi: 10.11999/JEIT200628.

    LIU Xiaohu, ZHANG Hengwei, ZHANG Yuchen, et al. Modeling of network attack and defense behavior and analysis of situation evolution based on game theory[J]. Journal of Electronics & Information Technology, 2021, 43(12): 3629–3638. doi: 10.11999/JEIT200628.
    [12]
    SUN Haiyan, SHAO Chenglong, ZHANG Jianwei, et al. Evolution analysis of network attack and defense situation based on game theory[J]. Computers, Materials and Continua, 2025, 83(1): 1451–1470. doi: 10.32604/cmc.2025.059724.
    [13]
    BAI Xue and BAI Yongguo. Equilibrium strategy of attack and defense in computer networks based on Markov signal game theory[J]. Journal of Cyber Security and Mobility, 2025, 14(1): 127–153. doi: 10.13052/jcsm2245-1439.1416.
    [14]
    ZHENG Tianshuai, DU Ye, HUA Kaisheng, et al. Predictive analytics for cyber-attack timing in power Internet of Things: A FlipIt game-theoretic approach[J]. Internet of Things, 2025, 30: 101522. doi: 10.1016/j.iot.2025.101522.
    [15]
    ZHU Zinan and ZHOU Lin. Application of complex network attack and defense time game model in network security defense decision[J]. Journal of Cyber Security and Mobility, 2025, 14(2): 311–337. doi: 10.13052/jcsm2245-1439.1423.
    [16]
    HE Long, SUN Geng, Niyato D, et al. Generative AI for game theory-based mobile networking[J]. IEEE Wireless Communications, 2025, 32(1): 122–130. doi: 10.1109/MWC.007.2400133.
    [17]
    MAO Shaoguang, CAI Yuzhe, XIA Yan, et al. ALYMPICS: LLM agents meet game theory[C]. Proceedings of the 31st International Conference on Computational Linguistics, Abu Dhabi, UAE, 2025: 2845–2866.
    [18]
    TARIQ A, SALLABI F, SERHANI M A, et al. Leveraging game theory and XAI for data quality-driven sample and client selection in trustworthy split federated learning[J]. IEEE Transactions on Consumer Electronics, 2025, 71(2): 6686–6699. doi: 10.1109/TCE.2025.3543209.
    [19]
    PIRHOSSEINI H, ZAREI E, REZVANI M H, et al. Game-theoretic methods for edge/fog/cloud computation offloading: A systematic review[J]. Computing, 2025, 107(8): 166. doi: 10.1007/s00607-025-01515-x.
    [20]
    张鸿, 廖彧歆, 王汝言, 等. 面向密集场景的空天地网络资源分配算法[J]. 电子与信息学报, 2024, 46(5): 1968–1976. doi: 10.11999/JEIT231086.

    ZHANG Hong, LIAO Yuxin, WANG Ruyan, et al. Resource allocation algorithm of space-air-ground integrated network for dense scenarios[J]. Journal of Electronics & Information Technology, 2024, 46(5): 1968–1976. doi: 10.11999/JEIT231086.
    [21]
    冯·诺伊曼, 摩根斯特恩, 王文玉, 王宇, 译. 博弈论与经济行为[M]. 北京: 三联书店, 2004.

    VON NEUMANN J, MORGENSTERN O, WANG Wenyu, WANG Yu, translation. Theory of Games and Economic Behavior[M]. Beijing: SDX Joint Publishing Company, 2004. (查阅网上资料, 未找到本条文献的页码信息, 请补充).
    [22]
    SAATY T L. A scaling method for priorities in hierarchical structures[J]. Journal of Mathematical Psychology, 1977, 15(3): 234–281. doi: 10.1016/0022-2496(77)90033-5.
    [23]
    SAATY R W. The analytic hierarchy process—what it is and how it is used[J]. Mathematical Modelling, 1987, 9(3/5): 161–176. doi: 10.1016/0270-0255(87)90473-8.
    [24]
    KAHNEMAN D and TVERSKY A. Prospect theory: An analysis of decision under risk[M]. MacLean L C and Ziemba W T. World Scientific Handbook in Financial Economics Series: Handbook of the Fundamentals of Financial Decision Making, 2013: 99–127. doi: 10.1142/9789814417358_0006.(查阅网上资料,未找到本条文献的出版地和出版者信息,请确认).
    [25]
    OŻGA S A. Aspects of the theory of risk-bearing[J]. Economica, 1966, 33(130): 251–252. doi: 10.2307/2552628.
    [26]
    国家密码管理局. GM/T 0083-2020 密码模块非入侵式攻击缓解技术指南[S]. 北京: 中国标准出版社, 2021.

    State Cryptography Administration. GM/T 0083-2020 Guideline for the mitigation of non-invasive attacks against cryptographic modules[S]. Beijing: Standards Press of China, 2021. (查阅网上资料, 未找到本条文献作者英文信息, 请确认).
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(5)  / Tables(3)

    Article Metrics

    Article views (40) PDF downloads(6) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return