Enhanced IoV Security Network by Using Blockchain Governance Game

Abstract

This paper deals with the design of the secure network in an Enhanced Internet of Vehicles by using the Blockchain Governance Game (BGG). The BGG is a system model of a stochastic game to find best strategies towards preparation of preventing a network malfunction by an attacker and the paper applies this game model into the connected vehicle security. Analytically tractable results for decision-making parameters enable to predict the moment for safety operations and to deliver the optimal combination of the number of reserved nodes with the acceptance probability of backup nodes to protect a connected car. This research helps for whom considers the enhanced secure IoV architecture with the BGG within a decentralized network.

1. Introduction

A connected car transfers data to others based on vehicle-to-vehicle (V2V) communication technologies and it typically means that cars are equipped for Internet access usually with wireless local area networks (WLANs). Cars have been evolved to support enhanced driving aids for full autonomous driving by using the artificial intelligence (AI) and its maneuvers [1]. The Internet of Vehicles (IoV) is a superset of a connected car which contains sensors, GPS, entertainment systems, brakes and throttles. The IoV is a moving network which is made up of IoT enabled cars through the usage of modern electronics and the integrated information to maintain traffic flow. Cars have evolved from mechanical transportation to the smart vehicles with varieties of communication and sensing capabilities. The IoV has developed over time from the conventional vehicular networks that connect the smart vehicles to the smart city with the development of Internet of Things (IoT) [2]. The IoV is designed to perform more effective fleet management and accident avoidance [3,4]. An ad-hoc network is applied to connect IoT components as nodes in a connected car [4]. Adapting the Blockchain technologies into IoV networks brings huge attentions from researchers and developers because of decentralization, anonymity, and trust characteristics [5,6,7]. Additionally, data sharing among vehicles is critical to improve driving safety and to enhance vehicular services in IoV networks. The studies in the security and the tractability of data sharing indicate that utilizing consensus schemes are as hard as establishing Blockchain enabled IoV (BIoV) [6]. Some other studies have proposed a decentralized trust management system for vehicle data credibility assessment using Blockchain with joint Proof-of-Work (PoW) and Proof-of-Stake (PoS) consensus schemes [7,8,9]. Vehicle manufacturers Volkswagen and Ford have filed the patents that enable secure inter-vehicle communication through Blockchain technologies [10,11]. In the view point of the IoT securities, several studies are dealing with similar topics regarding the Blockchain based IoT securities [6,12,13,14]. Most studies are surveys [12] but none of them are mathematically approached for developing a network architecture for a Blockchain based IoT [13,14].

The Enhanced BIoV (EBIoV) network, which has been conceptually introduced on public [15], is reloaded in this paper. The EBIoV is an IoV network architecture based on the Edge computing [16,17] with enabling the Blockchain Governance Game (BGG) [18,19] for improving network securities [15]. Although a public Blockchain is designed for empowering their decentralization [20], current public Blockchain based services including cybercurrencies are not fully safe from attacks especially based on the mining computation [18]. Hence, a private Blockchain which is a permission-based Blockchain [20] has been proposed for business or government usage [21,22]. Many peoples are interested in a private Blockchain technology even in a consortium Blockchain technology [20] but they are not comfortable with a level of control compared to the offered control level in a public decentralized network. More importantly, the control levels in a Blockchain network should be balanced to retain the strengths of a decentralized network to avoid all security matters what atypical centralized network contains [18]. By adapting the BGG, we do not need to concern about the computation power for mining (i.e., generating ledgers) without losing the strength from fully decentralized networks. A conventional BIoV model could be applied to trace the provenance of spare parts back through every step of the supply chain to its original manufacture date and location [15,23]. Car manufacturers concern that service centers and garages are knowingly fitting counterfeit spare parts to their vehicles of customers. Counterfeit parts shall damage a brand reputation when the parts become causes of accidents. Identifying genuinity of car parts by using the EBIoV has been studied and the network within car components shall be considered as an Edge network [16,17,24].

The Fog computing pushes information to the neighborhood area network amount of community knowledge at an IoT gateway and it could be combined with the Blockchain technology for enhancing security matters [17]. In the EBIoV network architecture, diagnosis equipment in car service centers is in a Fog network and the database in a headquarter (HQ) is positioned the level of the cloud network (see Figure 1). This paper provides the mathematical functional of the EBIoV network architecture for enhancing security particularly from counterfeits of car parts. The EBIoV security regarding counterfeits of car parts has already been studied [15] and this research is focused on avoiding conventional IoV attack in a decentralized network. The BGG is the game model that an attacker and a defender compete each other by building blocks in private and public chains as a sequence of stages to generate ledgers [18,19]. The historical strategies and the probabilistic stage transitions can be observed by both an attacker and a defender. Hence, the interaction between an attacker and a defender can be modeled as a stochastic game [18,19,25]. This joint functional between two players of the predicted time of the first observed threshold to cross the half of the total nodes along with values of each component upon this time. The defender (a car company) could take a preliminary action (i.e., request to add honest nodes as a safety mode) for protecting the Blockchain in a vehicle.

This paper is organized as follows: Section 2 presents the Enhanced BIoV (EBIoV) network and it describes how to construct EBIoV architecture by using the BGG model which is a stochastic game between an attacker and a defender. Once a dishonest blocks are generated, the model predicts how many blocks will be generated and finds the moment when more than the half of nodes are covered by an attacker. The framework for setting up the mixed strategic game is provided in Section 3. The optimal values of an EBIoV network for the memoryless case are analytically calculated in Section 4. The memoryless property implies that a defender does not spend additional resources to store past information. Lastly, Section 5 provides the conclusion of the paper.

2. Stochastic Game for BIOV Network Security

The Blockchain Governance Game (BGG) [18,19] has been adapted the BIoV network architecture to defend against the attacks [15]. This system model consists of one attacker (i.e., the miner which intends to fork a private chain) and one defender (the miner which honestly mines on the public chain) [25]. This explicit function (Theorem BGG-1) from the BGG (Blockchain Governance Game) gives the predicted moment of one step prior to an attack [18].

2.1. Enhanced IoV Network Structure

The proposed BIoV network structure [15] is explored in detail in this section. The components in a vehicle, the equipment of a service center and a HQ database are hooked up as one Blockchain network (see Figure 2). Each smart components in a connected car could mechanically or electronically generate random values and share these values with other smart components. Tires, brakes, an engine, a transmitter in a car could be the smart components which shall be capable to communicate with other components and to construct ledgers. Connected car components beside a CPU (smart controller) generate values based on their mechanical actions and these generated values are sharing with all other components including assigned service centers and a company headquarter. Each values from car components is unique and randomly generated. And sharing these generated number is a transaction in a conventional Blockchain network. A service center has a database which contains information from cars which are served by service centers. The unique value based on a registered car database are generated and sharing with other nodes including a company headquarter.

Unlike conventional Blockchain networks, an EBIoV network does not have any reward system which requires a heavy computational power for being a miner to generate ledgers. All nodes even in a service center and a HQ have same contribution power and the equal chance to be a miner. For instance, a node of a CPU is same as nodes of other car parts although a CPU controls other car parts. The verifiable random function (VRF) which maps inputs to verifiable pseudorandom outputs is applied to select a node for generating ledgers [26,27]. The VRF has been applied to perform secret cryptographic solution to select committees to run the consensus protocol [28,29]. By applying the VRF, all nodes in the EBIoV network shall have the equal chance to become a miner who generates ledgers without requiring heavy computational powers. The mechanism for protecting an EBIoV network is exactly same as the mechanism of the BGG. The governance in a Blockchain network is followed by the decision making parameters which include the prior time before catching more than half of total nodes by an attacker. Any action shall not be taken until one step prior to the time when it passes the first passage time. It still has the chance that all nodes are governed by an attacker although an attacker catches less than the half of nodes.

2.2. BGG Model for Enhanced BIoV Network

To apply the BGG model into the BIoV network structure, the antagonistic game of two players (called “A” and “H”) are introduced to describe the Blockchain network in a connected car as a defender and an attacker. Both players compete to build the blocks either for honest or false nodes. Let ($\Omega$, $\mathcal{F}\left(\Omega \right)$,$P)$ be probability space ${\mathcal{F}}_A,$${\mathcal{F}}_H,{\mathcal{F}}_{\tau }\subseteq \mathcal{F}\left(\Omega \right)$ be independent $\sigma$-subalgebras. Suppose:

$$\mathcal{A}:={\sum }_{k\ge 0}{X}_k{\epsilon }_{s_k},s_0\left(=0\right)<s_1<s_2<\cdots ,\mathrm{a}.\mathrm{s}.$$

(1)

$$\mathcal{H}:={\sum }_{j\ge 0}{Y}_j{\epsilon }_{t_j},t_0\left(=0\right)<t_1<t_2<\cdots ,\mathrm{a}.\mathrm{s}.$$

(2)

are ${\mathcal{F}}_A$-measurable and ${\mathcal{F}}_H$-measurable marked Poisson processes (${\epsilon }_w$ is a point mass at w) with respective intensities ${\lambda }_a$ and ${\lambda }_h$. These two values are related with the computing performance for generating blocks for attackers and honest nodes in the blockchain network. They will represent the actions of player A (an attacker) and H (a defender). Player A builds the blocks with fake information and sustain respective build the blocks of magnitudes $X_1,$$X_2,\dots$ formalized by the process. Similarly, player H generates the blocks with authorized information with the blocks of magnitudes $Y_1,$$Y_2,\dots$ Both players compete each other to build their blocks (either genuine or fake). The processes $\mathcal{A}$ and $\mathcal{H}$ are specified by their transforms

$$\mathbb{E}\left[g^{\mathcal{A}\left(s\right)}\right]=e^{{\lambda }_{a}s\left(g-1\right)},\mathbb{E}\left[z^{\mathcal{H}\left(t\right)}\right]=e^{{\lambda }_{h}t\left(z-1\right)}.$$

(3)

The game is observed at random times in accordance with the point process and it is equivalent with the duration of the PoW (Proof-of-Work) completion in a Blockchain based network:

$$\mathcal{T}:={\sum }_{i\ge 0}{\epsilon }_{{\tau }_i},{\tau }_0\left(>0)\right),{\tau }_1,\dots ,$$

(4)

which is assumed to be delayed renewal process. The observation process could be formalized as

$${\mathcal{A}}_{\tau }\otimes {\mathcal{H}}_{\tau }:={\sum }_{k\ge 0}\left(X_k,Y_k\right){\epsilon }_{{\tau }_k},$$

(5)

and it is with position dependent marking and with $X_k$ and $Y_k$ being dependent with the notation

$${\Delta }_k:={\tau }_k-{\tau }_{k-1},k=0,1,\dots ,{\tau }_{-1}=0,$$

(6)

and

$$\gamma \left(g,z\right)=\mathbb{E}\left[g^{X_k}·z^{Y_k}\right],\parallel g\parallel \le 1,\parallel z\parallel \le 1.$$

(7)

By using the double expectation,

$$\gamma \left(g,z\right)=\delta \left({\lambda }_A\left(1-g\right)+{\lambda }_H\left(1-z\right)\right),$$

(8)

$${\gamma }_0\left(g,z\right)={\delta }_0\left({\lambda }_A\left(1-g\right)+{\lambda }_H\left(1-z\right)\right),$$

(9)

where

$$\delta \left(\theta \right)=\mathbb{E}\left[e^{-\theta {\Delta }_1}\right],{\delta }_0\left(\theta \right)=\mathbb{E}\left[e^{-\theta {\tau }_0}\right],$$

(10)

are the magical transform of increments ${\Delta }_1,{\Delta }_2,\dots$. This game contains a stochastic process ${\mathcal{A}}_{\tau }\otimes {\mathcal{H}}_{\tau }$ which describes the evolution of a conflict between players A and H known to an observation process $\mathcal{T}$=$\left\{{\tau }_0,{\tau }_1,\dots \right\}$. The process ends when on the k-th observation epoch ${\tau }_k$, the collateral building blocks to player H (or A) exceeds more than the half of the total nodes M in the regular operation or player A exceeds more than $\left(\frac{M}{2}\right)+B$ nodes under the safety mode. To further formalize the game, the exit indexes [18] are as follows:

$$\nu :=\inf \left\{k:A_k=A_0+X_1+\cdots +X_k\ge \left(\frac{M}{2}\right)+B\right\},$$

(11)

$$\mu :=\inf \left\{j:H_j=H_0+Y_1+\cdots +Y_j\ge \left(\frac{M}{2}\right)\right\}$$

(12)

where B is the number of the reserved honest nodes from a headquarter (HQ) which is depends on the availability from the HQ. Since, an attacker is win at time ${\tau }_{\nu },$ otherwise an honest node generates the correct blocks to share with others nodes. We are targeting the confined game in the view point of player A. The joint functional of the BIoV network model is as follows:

$$\mathrm{\Phi }\left(\zeta ;⌈\frac{M}{2}⌉+B,⌈\frac{M}{2}⌉\right)=\mathbb{E}\left[\mathbb{E}\left[{\zeta }^{\nu }·g_0^{A_{\nu -1}}·g_1^{A_{\nu }}·z_0^{H_{\nu -1}}·z_1^{H_{\nu }}{\mathbf{1}}_{\left\{\nu <\mu \right\}}|B\right]\right],$$

(13)

$$\parallel \zeta \parallel \le 1,\parallel g_0\parallel \le 1,\parallel g_1\parallel \le 1,\parallel z_0\parallel \le 1,\parallel z_1\parallel \le 1,$$

where M indicates the total number of nodes (or ledgers) in the BIoV network for each car (see Figure 2). The BGG-1 Theorem [18] establishes an explicit formula $\Phi \left(\xi ,⌈\frac{M}{2}⌉+B,⌈\frac{M}{2}⌉\right)$ and the functional (13) satisfies following expression:

$$\mathrm{\Phi }\left(\zeta ;⌈\frac{M}{2}⌉+B,⌈\frac{M}{2}⌉\right)={\mathfrak{D}}_{\left(u,v\right)}^{\left(⌈\frac{M}{2}⌉+B,⌈\frac{M}{2}⌉\right)}\left[{\mathrm{\Gamma }}_0^1-{\mathrm{\Gamma }}_0+\frac{\xi ·{\gamma }_0}{1-\xi \gamma }\left({\mathrm{\Gamma }}^1-\mathrm{\Gamma }\right)\right]$$

(14)

$$\gamma :=\gamma \left(g_0{g}_{1}u,z_0{z}_{1}v\right),{\gamma }_0:={\gamma }_0\left(g_0{g}_{1}u,z_0{z}_{1}v\right),$$

(15)

$$\mathrm{\Gamma }:=\gamma \left(g_{1}u,z_{1}v\right),{\mathrm{\Gamma }}_0:={\gamma }_0\left(g_{1}u,z_{1}v\right),$$

(16)

$${\mathrm{\Gamma }}^1:=\gamma \left(g_1,z_{1}v\right),{\mathrm{\Gamma }}_0^1:={\gamma }_0\left(g_1,z_{1}v\right).$$

(17)

Additionally, the operator ${\mathfrak{D}}_{(x,y)}^{(m,n)}$ in (14) is defined as follows [18]:

$$\begin{array}{c}{\mathfrak{D}}_{\left(x,y\right)}^{\left(m,n\right)}\left(•\right)=\left\{\begin{array}{cc}\left(\frac{1}{m!·n!}\right)\underset{\left(x,y\right)\to 0}{lim}\frac{{\partial }^m{\partial }^n}{\partial x^m\partial y^n}\frac{1}{\left(1-x\right)\left(1-y\right)}\left(•\right),\hfill & m,n\ge 0,\hfill \\ 0,\hfill & \mathrm{otherwise},\hfill \end{array}\right.\hfill \\ \left|\right|x\left|\right|<1,\left|\right|y\left|\right|<1,\hfill \end{array}$$

(18)

then we can find

$$g\left(m,n\right)={\mathfrak{D}}_{\left(x,y\right)}^{\left(m,n\right)}\left[{\mathcal{D}}_{\left(m,n\right)}\left\{g\left(m,n\right)\right\}\right],$$

(19)

where

$${\mathcal{D}}_{\left(m,n\right)}\left[g\left(m,n\right)\right]\left(x,y\right):=\left(1-x\right)\left(1-y\right){\sum }_{m\ge 0}{\sum }_{n\ge 0}g\left(m,n\right)x^m{y}^n,\left|\right|x\left|\right|<1,\left|\right|y\left|\right|<1.$$

(20)

It is noted that both operators $\mathfrak{D}$, $\mathcal{D}$ are originated from the first exceed theory [30,31]. We can find the PGFs (probability generating functions) of the exit index $\nu$ from (14):

$$\mathbb{E}\left[{\zeta }^{\nu }\right]=\mathbb{E}\left[\mathrm{\Phi }\left(\zeta ;⌈\frac{M}{2}⌉+B,⌈\frac{M}{2}⌉\right)|B\right]{|}_{\left(g_0,g_1,z_0,z_1\right)\to 1}$$

(21)

3. Strategies in Blockchain Governance Game

Let us consider a two-person mixed strategy game which is played by player H as a defender and player A as an attacker. Player H, who is mostly a car company in an EBIoV network, has two strategies at the observation moment when one step prior to complete for generating alternative chains with fake information. Basically, player H has the following strategies (i.e., operation modes): (1) Regular−regular operations which implicates that the BIoV network in a connected car are running as usual, and (2) Safety−the network is running under the safety mode for avoiding attacks by adding honest nodes from a HQ. Alternatively, player A (an attacker) might succeed to catch the blocks or fail to catch the honest nodes. Therefore, the response of player A would be either “Not Burst” or “Burst.” Let us assume that the cost for reserving additional honest nodes is $c_b$ where b is a set of the factors that related with the reserved nodes from a HQ and these related factors could be one or multiple values.

The headquarter of a car company reserves a certain portion of nodes for protecting the BIoV network integrity. If an attacker succeeds to generate alternative blocks within car parts, the network in a car is burst and the whole car value V is lost. It still has a chance to burst a car network although a defender (or a car company) adds honest nodes before catching blocks of an attacker. In this case, the lost cost includes not only a full car value but also a cost for additional reserved honest nodes. The normal form of a game is as follows:

$$\begin{array}{cc}.\mathrm{Players}:\hfill & \mathit{N}=\left\{\mathrm{A},H\right\},\hfill \\ .\mathrm{Strategy}\mathrm{sets}:\hfill & \\ \hfill & {\mathit{s}}_{\mathit{a}}=\left\{“\mathrm{NotBurst}”,“\mathrm{Burst}”\right\},\hfill \\ \hfill & {\mathit{s}}_{\mathit{h}}=\left\{“\mathrm{Regular}”,“\mathrm{Safety}”\right\}\hfill \end{array}$$

(22)

Based on the above conditions, the general cost matrix at ${\tau }_{\nu -1}$ when is the prior time just before bursting could be composed as shown in

Table 1. Cost matrix.

	NotBurst $\left(1-\mathit{q}\left({\mathit{s}}_{\mathit{h}}\right)\right)$	Burst $\left(\mathit{q}\left({\mathit{s}}_{\mathit{h}}\right)\right)$
Regular	0	V
Safety	$c_b$	$c_b+V$

where $q\left(s_h\right)$ is the probability of bursting a blockchain network (i.e., an attacker wins a game) and it depends on a strategic choice of player H:

$$q\left(s_h\right)=\left\{\begin{array}{cc}\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }\ge \frac{M}{2}\right\}}\right],\hfill & s_h=\left\{“\mathrm{Regular}”\right\},\hfill \\ \mathbb{E}\left[\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }\ge \frac{M}{2}+B\right\}}|B\right]\right],\hfill & s_h=\left\{“\mathrm{Safety}”\right\}.\hfill \end{array}\right.$$

(23)

It is noted that the cost for reserved nodes (i.e., the cost of “Safety” operation strategy by player H) should be smaller than the whole cost of the other strategy. Additionally, the number of reserved honest nodes from the HQ is random and this variable B shall have a certain probability distribution. Let us consider the number of reserved honest nodes has the binomial distribution with the success probability $\rho$ and the number of trial n. The PGF of the binomial distribution is as follows:

$${\sigma }_n=\mathbb{E}\left[b^B\right]={\left(\rho b-\left(1-\rho \right)\right)}^n.$$

(24)

The optimal number of reserved nodes $n^{*}$ which supported by the HQ depends on the cost function and the optimal value ${\rho }^{*}$ is the acceptance rate when the reserved honest nodes are requested to a HQ. The best combination $\left(n^{*},{\rho }^{*}\right)$ could be found as follows:

$$\left(n^{*},{\rho }^{*}\right)=\inf \left\{\left(n,\rho \right)\ge 0:{\mathfrak{S}}_{\mathrm{Reg}}\left(q^0\right)\ge {\mathfrak{S}}_{\mathrm{Safe}}\left(n,\rho \right)\right\},$$

(25)

where, at the moment ${\tau }_{\nu -1}$,

$${\mathfrak{S}}_{\mathrm{Reg}}\left(q^0\right)=V·q^0,$$

(26)

$${\mathfrak{S}}_{\mathrm{Safe}}\left(n,\rho \right)=c_{\left(n,\rho \right)}\left(1-q_{\eta }^1\right)+\left(c_{\left(n,\rho \right)}+V\right)q_{\left(n,\rho \right)}^1,$$

(27)

$$q^0=\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }\ge ⌈\frac{N}{2}⌉\right\}}\right],$$

(28)

$$q_{\left(n,\rho \right)}^1=\mathbb{E}\left[\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }\ge ⌈\frac{N}{2}⌉+B\right\}}|B\right]\right].$$

(29)

We would like to design the BGG adapted BIoV network that is capable to take the safety operation at the decision making moment ${\tau }_{\nu -1}$. The governance of the Blockchain network is driven by the BGG decision making parameters. It is noted that no safety actions are required until the time ${\tau }_{\nu -1}$. Additionally, it still has the chance that all nodes are governed by an attacker if the attacker catches more than the half of nodes at ${\tau }_{\nu -1}$ (i.e., $\left\{A_{\nu -1}\ge \frac{M}{2}\right\}$). If the attacker catches less than half of all nodes at ${\tau }_{\nu -1}$ (i.e., $\left\{A_{\nu -1}<\frac{M}{2}\right\}$), then the defender could run the safety mode to avoid the burst at ${\tau }_{\nu }$. The total cost for developing the enhanced BIoV network is as follows:

$$\begin{array}{c}\mathfrak{S}{\left(q^0;n,\rho \right)}_{\mathrm{Total}}=\mathbb{E}\left[{\mathfrak{S}}_{\mathrm{Safe}}\left(n,\rho \right)·{\mathbf{1}}_{\left\{A_{\nu -1}<\frac{M}{2}\right\}}+{\mathfrak{S}}_{\mathrm{Reg}}\left(q^0\right)·{\mathbf{1}}_{\left\{A_{\nu -1}\ge \frac{M}{2}\right\}}\right]\\ =\left\{c_{\left(n,\rho \right)}\left(1-q_{\left(n,\rho \right)}^1\right)+\left(c_{\left(n,\rho \right)}+n\rho \right)q_{\left(n,\rho \right)}^1\right\}{p}_{A_{-1}}+B·q^0\left(1-p_{A_{-1}}\right)\end{array}$$

(30)

where

$$p_{A_{-1}}=\mathit{P}\left\{A_{\nu -1}<\frac{M}{2}\right\}={\sum }_{k=0}^{⌊\frac{M}{2}⌋}\mathit{P}\left\{A_{\nu -1}=k\right\}.$$

(31)

3.1. Memoryless BGG Observation Process for EBIoV Networks

It is assumed that the observation process has the memoryless properties. This might be a special condition but very practical for actual implementation of a Blockchain Governance Game [18]. It implies that a defender does not spend additional cost for storing past information. After building a cost function of a BGG network, we could find explicit solutions of $q^0$, $p_{A_{-1}}$ and the moment of decision making after finding the closed form (PGF) of the first exceed index $\nu$, each probability (generating function) of the number of blocks at the moment ${\tau }_{\nu }$$\left(\mathrm{i}.\mathrm{e}.,\mathbb{E}\left[g_1^{A_{\nu }}\right]\right)$ and ${\tau }_{\nu -1}$$\left(\mathrm{i}.\mathrm{e}.,\mathbb{E}\left[g_0^{A_{\nu -1}}\right]\right)$. The functional $\mathfrak{D}$ is defined on the space of all analytic functions at 0. Recalling from (7)–(10), we have:

$$\gamma \left(g,z\right)=\delta \left({\lambda }_a\left(1-g\right)+{\lambda }_h\left(1-z\right)\right)={\gamma }_a\left(g\right)·{\gamma }_h\left(z\right),$$

(32)

$${\gamma }_a\left(g\right)=\delta \left({\lambda }_a\left(1-g\right)\right),{\gamma }_h\left(z\right)=\delta \left({\lambda }_h\left(1-z\right)\right),$$

(33)

and

$${\gamma }_0\left(g,z\right)={\delta }_0\left({\lambda }_a\left(1-g\right)+{\lambda }_h\left(1-z\right)\right)={\gamma }_a^0\left(g\right)·{\gamma }_h^0\left(z\right),$$

(34)

$${\gamma }_a^0\left(g\right)=\mathbb{E}\left[g^{A_0}\right]={\delta }_0\left({\lambda }_a\left(1-g\right)\right),$$

(35)

$${\gamma }_h^0\left(z\right)=\mathbb{E}\left[z^{H_0}\right]={\delta }_0\left({\lambda }_h\left(1-z\right)\right),$$

(36)

from (15)–(17),

$$\gamma ={\gamma }_a·{\gamma }_h:={\gamma }_a\left(g_0{g}_{1}u\right){\gamma }_h\left(z_0{z}_{1}v\right),$$

(37)

$${\gamma }_0={\gamma }_a^0·{\gamma }_h^0:={\gamma }_a^0\left(g_0{g}_{1}u\right){\gamma }_h^0\left(z_0{z}_{1}v\right),$$

(38)

$$\mathrm{\Gamma }:={\gamma }_a\left(g_{1}u\right){\gamma }_h\left(z_{1}v\right),{\mathrm{\Gamma }}_0:={\gamma }_a^0\left(g_{1}u\right){\gamma }_h^0\left(z_{1}v\right),$$

(39)

$${\mathrm{\Gamma }}^1:={\gamma }_a\left(g_1\right){\gamma }_h\left(z_{1}v\right),{\mathrm{\Gamma }}_0^1:={\gamma }_a^0\left(g_1\right){\gamma }_h^0\left(z_{1}v\right).$$

(40)

The exit index (aka, the first exceed level index) is the most important factor to be fully analyzed because the decision making parameters including the marginal mean of ${\tau }_{\nu -1},$$A_{\nu }$ and $A_{\nu -1}$ could be calculated easily once the exit index is explicitly determined from (18) and (37)–(40):

$$\mathbb{E}\left[{\zeta }^{\nu }\right]:=L^1+L^2-L^3$$

(41)

where

$$L^1={\mathfrak{D}}_{\left(u,v\right)}^{\left(\frac{M}{2}+B,\frac{M}{2}\right)}\left[{\gamma }_h^0\left(v\right)-{\gamma }_a^0\left(u\right){\gamma }_h^0\left(v\right)\right],$$

(42)

$$L^2={\mathfrak{D}}_{\left(u,v\right)}^{\left(\frac{M}{2}+B,\frac{M}{2}\right)}\left[\frac{\zeta ·{\gamma }_a^0\left(u\right){\gamma }_h^0\left(v\right){\gamma }_{{}_h}\left(v\right)}{1-\zeta {\gamma }_a\left(u\right){\gamma }_h\left(v\right)}\right],$$

(43)

$$L^3={\mathfrak{D}}_{\left(u,v\right)}^{\left(\frac{M}{2}+B,\frac{M}{2}\right)}\left[\frac{\zeta ·{\gamma }_a^0\left(u\right){\gamma }_h^0\left(v\right){\gamma }_a\left(u\right){\gamma }_h\left(v\right)}{1-\zeta {\gamma }_a\left(u\right){\gamma }_h\left(v\right)}\right].$$

(44)

Since the observation process has the memoryless properties, the inter-arrival time for observation is exponentially distributed and the functionals (37)–(40) could be reconstructed as follows:

$${\gamma }_a^0\left(u\right)=\frac{{\beta }_a^0}{1-{\alpha }_a^0·u},{\gamma }_a\left(u\right)=\frac{{\beta }_a}{1-{\alpha }_a·u},{\gamma }_h^0\left(v\right)=\frac{{\beta }_h^0}{1-{\alpha }_h^0·v},{\gamma }_h\left(v\right)=\frac{{\beta }_h}{1-{\alpha }_h·v},$$

(45)

$${\beta }_a^0=\frac{1}{\left(1+\widetilde{{\delta }_0}{\lambda }_a\right)},{\alpha }_a^0=\frac{\widetilde{{\delta }_0}·{\lambda }_a}{\left(1+\widetilde{{\delta }_0}·{\lambda }_a\right)},{\beta }_a=\frac{1}{\left(1+\tilde{\delta }·{\lambda }_a\right)},{\alpha }_a=\frac{\widetilde{{\delta }_0}·{\lambda }_a}{\left(1+\tilde{\delta }·{\lambda }_a\right)},$$

(46)

$${\beta }_h^0=\frac{1}{\left(1+\widetilde{{\delta }_0}·{\lambda }_h\right)},{\alpha }_h^0=\frac{\widetilde{{\delta }_0}·{\lambda }_h}{\left(1+\widetilde{{\delta }_0}·{\lambda }_h\right)},{\beta }_h=\frac{1}{\left(1+\tilde{\delta }·{\lambda }_h\right)},{\alpha }_h=\frac{\widetilde{{\delta }_0}·{\lambda }_h}{\left(1+\tilde{\delta }·{\lambda }_h\right)},$$

(47)

where

$$\widetilde{{\delta }_0}=\mathbb{E}\left[{\tau }_0\right],\tilde{\delta }=\mathbb{E}\left[{\Delta }_k\right].$$

(48)

From (42),

$$\begin{array}{c}{L}^1={\mathfrak{D}}_{\left(u,v\right)}^{\left(\frac{M}{2}+B,\frac{M}{2}\right)}\left[{\gamma }_h^0\left(v\right)\right]-{\mathfrak{D}}_{\left(u,v\right)}^{\left(\frac{M}{2}+B,\frac{M}{2}\right)}\left[{\gamma }_a^0\left(u\right){\gamma }_h^0\left(v\right)\right]\\ ={\beta }_h^0\left[\frac{1-{\left({\alpha }_h^0\right)}^{\frac{M}{2}+1}}{1-\left({\alpha }_h^0\right)}\right]\left(1-{\beta }_A^0\left[\frac{1-{\left({\alpha }_a^0\right)}^{\frac{M}{2}+B+1}}{1-\left({\alpha }_a^0\right)}\right]\right)\end{array}$$

(49)

and, from (43),

$$\begin{array}{c}{L}^2={\mathfrak{D}}_{\left(u,v\right)}^{\left(\frac{M}{2}+B,\frac{M}{2}\right)}\left[\frac{\zeta ·{\gamma }_a^0\left(u\right){\gamma }_a^0\left(v\right){\gamma }_h\left(v\right)}{1-\zeta {\gamma }_a\left(u\right){\gamma }_h\left(v\right)}\right]\\ ={\sum }_{n\ge 0}{\zeta }^{n+1}\left\{\left({\beta }_a^0·{\left(\beta a\right)}^n\right)·{\sum }_{j=0}^{\frac{M}{2}+B}\left\{{\left({\alpha }_a\right)}^j{\psi }_{n-1}^a\left(j\right)\right\}\right\}·\left\{\left({\beta }_h^0·{\left({\beta }_h\right)}^{n+1}\right)·{\sum }_{k=0}^{\frac{M}{2}}\left\{{\left({\alpha }_h\right)}^k{\psi }_n^h\left(k\right)\right\}\right\}\end{array}$$

(50)

and, from (44),

$$\begin{array}{c}{L}^3=\left(\zeta {\beta }_a^0{\beta }_h^0{\beta }_a{\beta }_h\right)\left[{\sum }_{n\ge 0}{\left(\zeta {\beta }_a{\beta }_h\right)}^n{\Xi }_n^a\left(\frac{M}{2}+B\right)·{\Xi }_n^h\left(\frac{M}{2}\right)\right]\\ ={\sum }_{n\ge 0}{\zeta }^{n+1}\left\{\left({\beta }_a^0·{\left(\beta a\right)}^{n+1}\right)·{\sum }_{j=0}^{\frac{M}{2}+B}\left\{{\left({\alpha }_a\right)}^j{\psi }_n^a\left(j\right)\right\}\right\}·\left\{\left({\beta }_h^0·{\left({\beta }_h\right)}^{n+1}\right)·{\sum }_{k=0}^{\frac{M}{2}}\left\{{\left({\alpha }_h\right)}^k{\psi }_n^h\left(k\right)\right\}\right\}\end{array}$$

(51)

where

$${\Xi }_n^a\left(m\right)={\sum }_{j=0}^m\left\{{\left({\alpha }_a\right)}^j{\psi }_n^a\left(j\right)\right\},{\Xi }_n^h\left(m\right)={\sum }_{k=0}^m\left\{{\left({\alpha }_h\right)}^k{\psi }_n^h\left(k\right)\right\},$$

(52)

$${\psi }_n^a\left(j\right)=\left(\sum _{i=0}^j\left(\begin{array}{c}n+i\\ i\end{array}\right){\left(\frac{{\alpha }_a^0}{{\alpha }_a}\right)}^i\right),{\psi }_n^h\left(k\right)=\left(\sum _{i=0}^k\left(\begin{array}{c}n+i\\ i\end{array}\right){\left(\frac{{\alpha }_h^0}{{\alpha }_h}\right)}^i\right).$$

(53)

From (49)–(53), the PGF of the exit index $\nu$ satisfies the following formula from the lemma in the BGG [18]:

$$\begin{array}{c}\mathbb{E}\left[{\zeta }^{\nu }\right]={\beta }_h^0\left[\frac{1-{\left({\alpha }_h^0\right)}^{\frac{M}{2}+1}}{1-\left({\alpha }_h^0\right)}\right]\left(1-{\beta }_A^0·\mathbb{E}\left[\frac{1-{\left({\alpha }_a^0\right)}^{\frac{M}{2}+B+1}}{1-\left({\alpha }_a^0\right)}\right]\right)\\ +{\sum }_{n\ge 0}{\zeta }^{n+1}\left[\left({\beta }_a^0{\beta }_h^0{\beta }_h\right){\left({\beta }_a{\beta }_h\right)}^n{\Xi }_n^h\left(\frac{M}{2}\right)·\mathbb{E}\left[{\Xi }_{n-1}^a\left(\frac{M}{2}+B\right)-{\Xi }_n^a\left(\frac{M}{2}+B\right){\beta }_a\right]\right]\end{array}$$

(54)

and

$$\mathbb{E}\left[\nu \right]=\left({\beta }_a^0{\beta }_h^0{\beta }_h\right){\sum }_{n\ge 1}n\left\{{\left({\beta }_a{\beta }_h\right)}^n{\Xi }_{n-1}^h\left(\frac{M}{2}\right)\mathbb{E}\left[{\Xi }_{n-2}^a\left(\frac{M}{2}+B\right)-{\Xi }_{n-1}^a\left(\frac{M}{2}+B\right){\beta }_a\right]\right\}$$

(55)

where

$${\Xi }_{-1}^a\left(m\right)=0,{\Xi }_{-2}^a\left(m\right)=0,{\Xi }_{-1}^h\left(m\right)=0.$$

(56)

3.2. Marginal Means of EBIoV Decision Making Parameters

In the EBIoV network, conventional decision making parameters are $\nu ,{\tau }_{\nu -1},$$A_{\nu }$ and $A_{\nu -1}$. Although all decision making parameters could be fully analyzed, using a marginal mean of each parameter is occasionally more efficient than finding the explicit PGFs of parameters. The marginal means of EBIoV decision making parameters could be found as follows:

$$\mathbb{E}\left[\nu \right]=\frac{\partial }{\partial \zeta }\mathbb{E}\left[\Phi \left(\zeta ;⌈\frac{M}{2}⌉+B,⌈\frac{M}{2}⌉\right)|B\right]{|}_{\left(\zeta ,g_0,g_1,z_0,z_1\right))\to 1},$$

(57)

$$\mathbb{E}\left[{\tau }_{\nu -1}\right]=\mathbb{E}\left[{\tau }_0\right]+\mathbb{E}\left[{\Delta }_1\right]\left(\mathbb{E}\left[\nu \right]-1\right),$$

(58)

$$\mathbb{E}\left[A_{\nu }\right]=\mathbb{E}\left[A_0\right]+\mathbb{E}[\nu -1]\mathbb{E}\left[X_k\right],$$

(59)

$$\mathbb{E}\left[A_{\nu -1}\right]=\mathbb{E}\left[A_0\right]+\mathbb{E}[\nu -2]\mathbb{E}\left[X_k\right].$$

(60)

Recalling from (23), the probability of bursting a Blockchain network (i.e., an attacker wins a game) under the memoryless properties becomes a Poisson compound process:

$$q\left(s_h\right)={\sum }_{k>\frac{M}{2}}\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }=k\right\}}\right],s_h=\left\{“\mathrm{Regular}”\right\},$$

(61)

or

$$q\left(s_h\right)=\mathbb{E}\left[{\sum }_{k>\frac{M}{2}+B}\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }=k\right\}}\right]|B\right],s_h=\left\{“\mathrm{Safety}”\right\},$$

(62)

where

$$\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }=k\right\}}\right]=\mathbb{E}\left[\frac{{\lambda }_a{\tau }_{\nu }}{k!}·e^{-{\lambda }_a{\tau }_{\nu }}\right].$$

(63)

4. The EBIoV Optimization Practice

This section deals with the BIoV network security optimization practice in a connected car. The strategy for protecting the EBIoV network is supporting additional nodes to give the less chance that an attacker catches blocks with false control requests. The example in this paper is targeting a connected car which consists 16 IoV components in a BIoV network (15 nodes from car parts and 1 node from a service center) and the estimated car value is around 50,000 USD (see

Table 2. Initial conditions for the cost function.

Name	Value	Description
M	16 [Component]	Total number of the nodes in each BIoV network
V	50,000 [USD]	Average value of a BIoV enabled connected car
$c\left(n,\rho \right)$	=$25·n·\rho$ [USD]	Cost for reserving nodes to avoid attacks per each car
$\mathbb{E}\left[A_0\right]$	2 [Blocks]	Total number of blocks that changed by an attacker at ${\tau }_0(=$$0)$
$B_M$	32 [Nodes]	Maximum number of honest nodes supported from the HQ

).

It is noted that the values on Table 2 are artificially made up for demonstration purposes only. Since the BGG adapted IoV network (EBIoV) has been analytically solved, finding optimal values of a cost function and calculating a probability distribution of a model are straight forward. However, software implementation by using a programming language is still required for solving a LP (Linear Programming) problem. Based on the above conditions, a LP model could be described as follows from (25) and (28):

$$\begin{array}{c}\mathrm{Objective}:\hfill \\ G=min\mathfrak{S}{\left(n,\rho \right)}_{\mathrm{Total}}\hfill \end{array}$$

(64)

$$\begin{array}{c}\mathrm{Subject}\mathrm{to}:\hfill \\ n\ge \frac{c_{\left(n,\rho \right)}}{V·q^0-c\left(n,\rho \right)};\hfill \end{array}$$

(65)

From (28), the total cost $\mathfrak{S}{\left(n,\rho \right)}_{Total}$ is as follows:

$$\mathfrak{S}{\left(n,\rho \right)}_{Total}=\left\{c\left(n,\rho \right)\left(1-q_{\left(n,\rho \right)}^1\right)+\left(c\left(n,\rho \right)+V\right)q_{\left(n,\rho \right)}^1\right\}{p}_{A_{-1}}+V{q}^0·\left(1-p_{A_{-1}}\right)$$

(66)

where

$$\begin{array}{cc}{p}_{A_{-1}}\hfill & =\mathit{P}\left\{A_{\nu -1}<\frac{M}{2}\right\}\simeq \mathit{P}\left\{A_{\nu }<\frac{M}{2}-{\lambda }_a\tilde{\delta }\right\}\hfill \\ \hfill & ={\sum }_{k=0}^{\left\{\frac{M}{2}-{\lambda }_a\tilde{\delta }\right\}}\left(\frac{{\left\{{\lambda }_a\left(\widetilde{{\delta }_0}+\mathbb{E}\left[\nu -1\right]\tilde{\delta }\right)\right\}}^k}{k!}·e^{-{\lambda }_a\left(\widetilde{{\delta }_0}+\mathbb{E}\left[\nu -1\right]\tilde{\delta }\right)}\right),\hfill \end{array}$$

(67)

$$q^0\simeq 1-{\sum }_{k=0}^{\frac{M}{2}}\left(\frac{{\left\{{\lambda }_a\left(\widetilde{{\delta }_0}+\mathbb{E}\left[\nu -1\right]\tilde{\delta }\right)\right\}}^k}{k!}·e^{-{\lambda }_a\left(\widetilde{{\delta }_0}+\mathbb{E}\left[\nu -1\right]\tilde{\delta }\right)}\right),$$

(68)

$$q_{\left(n,\rho \right)}^1={\sum }_{j=0}^n{\sum }_{\left\{k\ge \frac{M}{2}+B+j\right\}}\left(\frac{{\lambda }_a\left(\widetilde{{\delta }_0}+\mathbb{E}\left[\nu -1\right]\tilde{\delta }\right)}{k!}·e^{-{\lambda }_a\left(\tilde{\delta }+\mathbb{E}\left[\nu -1\right]\tilde{\delta }\right)}\right)P_j,$$

(69)

$$P_j=\left(\begin{array}{c}n\\ j\end{array}\right){\rho }^j{\left(1-\rho \right)}^{n-j}.$$

(70)

The total cost $\mathfrak{S}{\left(n,\rho \right)}_{\mathrm{Total}}$ could be minimized by the given parameter set $\left(n,\rho \right)$ and the parameter set $\left(n^{*},{\rho }^{*}\right)$ is the optimal combination of an acceptance rate and the number of total backup nodes which are supported from the HQ. The below illustration in Figure 3 is the conventional graph that shows the optimal result of the BGG based BIoV (EBIoV) network based on the given initial conditions in Table 2.

It is noted that the total cost for reserving backup nodes should be more than the car value when an EBIoV network is burst. Hence, the limitation of the success probability for adding nodes is as follows:

$$\frac{V·q^0}{c\left(n,\rho \right)·\left(B_M-1\right)}\le 1,$$

(71)

where $B_M$ is the maximum available reserved nodes per a connected car. According to this demonstration (based on Table 2), the optimal cost is 1700 USD (per a car) when the defender reserves 4 additional nodes per each car with the 82.6% acceptance rate for managing the risk from attackers (i.e., $n^{*}=4$, ${\rho }^{*}=0.826$). The moment of requesting the additional nodes will be the time ${\tau }_{\nu -1}$ when is one step prior to the moment when an attacker catches more than the half of whole blocks.

5. Conclusions

This paper establishes the enhanced Blockchain based IoV network architecture by bringing a theoretical model in stochastic modeling. The Enhanced Blockchain enabled Internet of Vehicles (EBIoV) is an advanced secure IoT network architecture for protecting a connected car from attackers. This new architecture has been designed for a decentralized network by adapting the Blockchain Governance Game (BGG) to improve the connected car security. The BGG is a mathematically proven game model to develop optimal defense strategies to protect systems from attackers. The practical case in the paper demonstrates how an EBIoV network could be implemented for connected car securities. The EBIoV network is the first research that applies a BGG model into the IoV security domain. The BGG model shall be extended to various Blockchain based cybersecurity areas including IoT security and secured decentralized service network design.