To trust or not: A security signaling game between service provider and client

Abstract

In this paper, we investigate the interactions between a service provider (SP) and a client, where the client does not have complete information about the security conditions of the service provider. The environment includes several resources of the service provider, a client who sends requests to the service provider, and the signal generated by the service provider and delivered to the client. By taking into account potential attacks on the service provider, we develop an extended signaling game model, where the prior probability of the signaling game is determined by the outcome of a normal form game between an attacker and the service provider as a defender. Our results show different equilibria of the game as well as conditions under which these equilibria can take place. This will eventually help the defender to select the best defense mechanism against potential attacks, given his knowledge about the type of the attacker.