On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach

Open-access blockchains based on proof-of-work protocols have gained tremendous popularity for their capabilities of providing decentralized tamper-proof ledgers and platforms for data-driven autonomous organization. Nevertheless, the proof-of-work based consensus protocols are vulnerable to cyber-attacks such as double-spending. In this paper, we propose a novel approach of cyber risk management for blockchain-based service. In particular, we adopt the cyber-insurance as an economic tool for neutralizing cyber risks due to attacks in blockchain networks. We consider a blockchain service market, which is composed of the infrastructure provider, the blockchain provider, the cyber-insurer, and the users. The blockchain provider purchases from the infrastructure provider, e.g., a cloud, the computing resources to maintain the blockchain consensus, and then offers blockchain services to the users. The blockchain provider strategizes its investment in the infrastructure and the service price charged to the users, in order to improve the security of the blockchain and thus optimize its profit. Meanwhile, the blockchain provider also purchases a cyber-insurance from the cyber-insurer to protect itself from the potential damage due to the attacks. In return, the cyber-insurer adjusts the insurance premium according to the perceived risk level of the blockchain service. Based on the assumption of rationality for the market entities, we model the interaction among the blockchain provider, the users, and the cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider and the cyber-insurer lead to set their pricing/investment strategies, and then the users follow to determine their demand of the blockchain service. Specifically, we consider the scenario of double-spending attacks and provide a series of analytical results about the Stackelberg equilibrium in the market game

Joint pricing and security investment for cloud-insurance : a security interdependency perspective

Cyber insurance has been introduced as the mean to transfer cyber risks to an insurance company, namely, insurer. The users are thus covered by the insurance to alleviate the damage from cyber threats. In this paper, we investigate the joint pricing and security investment in a cloud-insurance market. The market is composed of users, cloud providers, and cloud-insurers. The users subscribes to use the cloud service (platform) from the cloud providers. To protect from the damage, the users can buy a cloud-insurance product from the cloud-insurers which will pay a claim to the users if an attack happens to the cloud service. The users are interdependent in which they can take advantage of the positive security effects generated by other users' investments in security. We assume that the cloud provider and cloud-insurer are the business partners. Therefore, the cloud-insurers can invest in the cloud platform to improve the security level, i.e., quality, of the cloud service and hence reduce the probability of paying claim. Our proposed model consists of two stages, i.e., the Stackelberg game. In the first stage, cloud-insurers set the price charging to the users and decide on the investment for improving the cloud security quality. In the second stage, the users decide on the amount of these cloud-insurances to purchase based on the observed prices and qualities. The existence and uniqueness for the equilibrium of the Stackelberg game are proved analytically. The performance evaluation shows some interesting results. For example, when the users have strong interdependency, the price of the cloud-insurance becomes lower. This is from the fact that the users can be influenced more easily by their peers, when one cloud-insurer decreases the price, it can attract more users easily.NRF (Natl Research Foundation, S’pore)MOE (Min. of Education, S’pore)Accepted versio