Results 1 - 10
of
35
Protecting Location Privacy: Optimal Strategy against Localization Attacks
"... The mainstream approachtoprotectingthelocation-privacy of mobile users in location-based services (LBSs) is to alter the users ’ actual locations in order to reduce the location information exposed to the service provider. The location obfuscation algorithm behind an effective location-privacy prese ..."
Abstract
-
Cited by 16 (3 self)
- Add to MetaCart
(Show Context)
The mainstream approachtoprotectingthelocation-privacy of mobile users in location-based services (LBSs) is to alter the users ’ actual locations in order to reduce the location information exposed to the service provider. The location obfuscation algorithm behind an effective location-privacy preserving mechanism (LPPM) must consider three fundamental elements: the privacy requirements of the users, the adversary’s knowledge and capabilities, and the maximal tolerated service quality degradation stemming from the obfuscation of true locations. We propose the first methodology, to the best ofour knowledge, that enables adesigner tofindthe optimal LPPM for a LBS given each user’s service quality constraints against an adversary implementing the optimal inference algorithm. Such LPPM is the one that maximizes the expected distortion (error) that the optimal adversary incurs in reconstructing the actual location of a user, while fulfilling the user’s service-quality requirement. We formalize the mutual optimization of user-adversary objectives (location privacy vs. correctness of localization) by using the framework of Stackelberg Bayesian games. In such setting, we develop two linear programs that output the best LPPM strategyanditscorrespondingoptimalinferenceattack. Our optimal user-centric LPPM can be easily integrated in the users ’ mobile devices they use to access LBSs. We validate the efficacy of our game theoretic method against real location traces. Our evaluation confirms that the optimal LPPM strategy is superior to a straightforward obfuscation method, and that the optimal localization attack performs better compared to a Bayesian inference attack.
A Survey of Interdependent Security Games
, 2012
"... Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the security-related decisions of other connected systems. ..."
Abstract
-
Cited by 9 (5 self)
- Add to MetaCart
(Show Context)
Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the security-related decisions of other connected systems. Therefore, defending networked systems relies on the correlated action of the system operators or users. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies and present solution methods. Our goal is to distill the main insights from the state-of-theart and to identify the areas that need more attention from the research community. 1
M.: Game-Theoretic Resource Allocation for Malicious Packet Detection in Computer Networks
- In: Proc. of The 11th International Conference on Autonomous Agents and Multiagent Systems (AAMAS
, 2012
"... ABSTRACT We study the problem of optimal resource allocation for packet selection and inspection to detect potential threats in large computer networks with multiple computers of differing importance. An attacker tries to harm these targets by sending malicious packets from multiple entry points of ..."
Abstract
-
Cited by 9 (4 self)
- Add to MetaCart
(Show Context)
ABSTRACT We study the problem of optimal resource allocation for packet selection and inspection to detect potential threats in large computer networks with multiple computers of differing importance. An attacker tries to harm these targets by sending malicious packets from multiple entry points of the network; the defender thus needs to optimally allocate her resources to maximize the probability of malicious packet detection under network latency constraints. We formulate the problem as a graph-based security game with multiple resources of heterogeneous capabilities and propose a mathematical program for finding optimal solutions. We also propose Grande, a novel polynomial time algorithm that uses an approximated utility function to circumvent the limited scalability caused by the attacker's large strategy space and the non-linearity of the aforementioned mathematical program. Grande computes solutions with bounded error and scales up to problems of realistic sizes.
Are We Compromised? Modelling Security Assessment Games ⋆
"... Abstract. Security assessments are an integral part of organisations’ strategies for protecting their digital assets and critical IT infrastructure. In this paper we propose a game-theoretic modelling of a particular form of security assessment – one which addresses the question “are we compromised? ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
Abstract. Security assessments are an integral part of organisations’ strategies for protecting their digital assets and critical IT infrastructure. In this paper we propose a game-theoretic modelling of a particular form of security assessment – one which addresses the question “are we compromised?”. We do so by extending the recently proposed game “FlipIt”, which itself can be used to model the interaction between defenders and attackers under the Advanced Persistent Threat (APT) scenario. Our extension gives players the option to “test ” the state of the game before making a move. This allows one to study the scenario in which organisations have the option to perform periodic security assessments of such nature, and the benefits they may bring. 1
1Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools
"... Abstract. One of the unique features of the digital currency Bitcoin is that new cash is introduced by so-called miners carrying out resource-intensive proof-of-work operations. To increase their chances of obtaining freshly minted bitcoins, miners typically join pools to collaborate on the computat ..."
Abstract
-
Cited by 6 (2 self)
- Add to MetaCart
(Show Context)
Abstract. One of the unique features of the digital currency Bitcoin is that new cash is introduced by so-called miners carrying out resource-intensive proof-of-work operations. To increase their chances of obtaining freshly minted bitcoins, miners typically join pools to collaborate on the computations. However, intense competition among mining pools has recently manifested in two ways. Miners may invest in additional com-puting resources to increase the likelihood of winning the next mining race. But, at times, a more sinister tactic is also employed: a mining pool may trigger a costly distributed denial-of-service (DDoS) attack to lower the expected success outlook of a competing mining pool. We explore the trade-off between these strategies with a series of game-theoretical models of competition between two pools of varying sizes. We consider differences in costs of investment and attack, as well as uncertainty over whether a DDoS attack will succeed. By characterizing the game’s equi-libria, we can draw a number of conclusions. In particular, we find that pools have a greater incentive to attack large pools than small ones. We also observe that larger mining pools have a greater incentive to attack than smaller ones.
Overcoming Adversaries in Sensor Networks: A Survey of Theoretical Models and Algorithmic Approaches for Tolerating Malicious Interference
, 2011
"... Interference is an unavoidable property of the wireless communication medium and, in sensor networks, such interference is exacerbated due to the energy-starved nature of the network devices themselves. In the presence of antagonistic interference, reliable communication insensor networks becomes an ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
Interference is an unavoidable property of the wireless communication medium and, in sensor networks, such interference is exacerbated due to the energy-starved nature of the network devices themselves. In the presence of antagonistic interference, reliable communication insensor networks becomes anextremely challenging problem that, inrecent years, has attractedsignificant attention from the research community. This survey presents the current state of affairs in the formulation of theoretical models for adversarial interference in sensor networks and the different algorithmic remedies developed by the research community. There is a particular focus on jamming adversaries and Byzantine faults as these capture a wide range of benign faults as well as malicious attacks. The models in the literature are examined and contrasted with the aim of discerning the underlying assumptions that dictate analytical bounds with regards to feasibility and a number of performance metrics such as communication complexity, latency, and energy efficiency. Limitations are also highlighted with a focus on how various results impact real world applications and, conversely, how the current sensor network technology informs newer models. Finally, directions for future research are discussed.
Stochastic Game Approach for Replay Attack Detection
"... Abstract — The existing tradeoff between control system performance and the detection rate for replay attacks highlights the need to provide an optimal control policy that balances the security overhead with control cost. We employ a finite horizon, zero-sum, nonstationary stochastic game approach t ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
Abstract — The existing tradeoff between control system performance and the detection rate for replay attacks highlights the need to provide an optimal control policy that balances the security overhead with control cost. We employ a finite horizon, zero-sum, nonstationary stochastic game approach to minimize the worst-case control and detection cost, and obtain an optimal control policy for switching between controlcost optimal (but nonsecure) and secure (but cost-suboptimal) controllers in presence of replay attacks. To formulate the game, we quantify game parameters using knowledge of the system dynamics, controller design and utilized statistical detector. We show that the optimal strategy for the system exists, and present a suboptimal algorithm used to calculate the system’s strategy by combining robust game techniques and a finite horizon stationary stochastic game algorithm. Our approach can be generalized for any system with multiple finite cost, time-invariant linear controllers/estimators/intrusion detectors. I.
Defending Against the Unknown Enemy: Applying FLIPIT to System Security
"... Most cryptographic systems carry the basic assumption that entities are able to preserve the secrecy of their keys. With attacks today showing ever increasing sophistication, however, this tenet is eroding. “Advanced Persistent Threats” (APTs), for instance, leverage zero-day exploits and extensive ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
Most cryptographic systems carry the basic assumption that entities are able to preserve the secrecy of their keys. With attacks today showing ever increasing sophistication, however, this tenet is eroding. “Advanced Persistent Threats” (APTs), for instance, leverage zero-day exploits and extensive system knowledge to achieve full compromise of cryptographic keys and other secrets. Such compromise is often silent, with defenders failing to detect the loss of private keys critical to protection of their systems. The growing virulence of today’s threats clearly calls for new models of defenders’ goals and abilities. In this paper, we explore applications of FLIPIT, a novel game-theoretic model of system defense introduced in [17]. In FLIPIT, an attacker periodically gains complete control of a system, with the unique feature that system compromises are stealthy, i.e., not immediately detected by the system owner, called the defender. We distill out several lessons from our study of FLIPIT and demonstrate their application to several real-world problems, including password reset policies, key rotation, VM refresh and cloud auditing.
Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools
"... Abstract. One of the unique features of the digital currency Bitcoin is that new cash is introduced by so-called miners carrying out resource-intensive proof-of-work operations. To increase their chances of obtaining freshly minted bitcoins, miners typically join pools to collaborate on the computat ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Abstract. One of the unique features of the digital currency Bitcoin is that new cash is introduced by so-called miners carrying out resource-intensive proof-of-work operations. To increase their chances of obtaining freshly minted bitcoins, miners typically join pools to collaborate on the computations. However, intense competition among mining pools has recently manifested in two ways. Miners may invest in additional com-puting resources to increase the likelihood of winning the next mining race. But, at times, a more sinister tactic is also employed: a mining pool may trigger a costly distributed denial-of-service (DDoS) attack to lower the expected success outlook of a competing mining pool. We explore the trade-off between these strategies with a series of game-theoretical models of competition between two pools of varying sizes. We consider differences in costs of investment and attack, as well as uncertainty over whether a DDoS attack will succeed. By characterizing the game’s equi-libria, we can draw a number of conclusions. In particular, we find that pools have a greater incentive to attack large pools than small ones. We also observe that larger mining pools have a greater incentive to attack than smaller ones.
