Results 1  10
of
39
On NonCooperative Location Privacy: A GameTheoretic Analysis
"... In mobile networks, authentication is a required primitive of the majority of security protocols. However, an adversary can track the location of mobile nodes by monitoring pseudonyms used for authentication. A frequently proposed solution to protect location privacy suggests that mobile nodes colle ..."
Abstract

Cited by 37 (10 self)
 Add to MetaCart
(Show Context)
In mobile networks, authentication is a required primitive of the majority of security protocols. However, an adversary can track the location of mobile nodes by monitoring pseudonyms used for authentication. A frequently proposed solution to protect location privacy suggests that mobile nodes collectively change their pseudonyms in regions called mix zones. Because this approach is costly, selfinterested mobile nodes might decide not to cooperate and could thus jeopardize the achievable location privacy. In this paper, we analyze the noncooperative behavior of mobile nodes with a gametheoretic model, where each player aims at maximizing its location privacy at a minimum cost. We first analyze the Nash equilibria in nplayer complete information games. Because mobile nodes in a privacysensitive system do not know their opponents ’ payoffs, we then consider incomplete information games. We establish that symmetric BayesianNash equilibria exist with simple threshold strategies in nplayer games and derive the equilibrium strategies. By means of numerical results, we show that mobile nodes become selfish when the cost of changing pseudonym is small, whereas they cooperate more when the cost of changing pseudonym increases. Finally, we design a protocol the PseudoGame protocol based on the results of our analysis.
Game Theory Meets Network Security and Privacy
"... This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by gametheoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address dif ..."
Abstract

Cited by 33 (5 self)
 Add to MetaCart
This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by gametheoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address different forms of security and privacy problems in computer networks and mobile applications. The presented works are classified into six main categories based on their topics: security of the physical and MAC layers, application layer security in mobile networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography. In each category, security problems, players, and game models are identified and the main results of selected works, such as equilibrium analysis and security mechanism designs are summarized. In addition, a discussion on advantages, drawbacks, and the future direction of using game theory in this field is provided. In this survey, we aim to provide a better understanding of the different research approaches for applying game theory to network security. This survey can also help researchers from various fields develop gametheoretic solutions to current and emerging security problems in computer networking. Categories and Subject Descriptors: C.2.0 [ComputerCommunication Networks]: General—
Efficient rational secret sharing in standard communication networks
 In TCC
, 2010
"... We propose a new methodology for rational secret sharing leading to various instantiations (in both the twoparty and multiparty settings) that are simple and efficient in terms of computation, share size, and round complexity. Our protocols do not require physical assumptions or simultaneous chann ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
We propose a new methodology for rational secret sharing leading to various instantiations (in both the twoparty and multiparty settings) that are simple and efficient in terms of computation, share size, and round complexity. Our protocols do not require physical assumptions or simultaneous channels, and can even be run over asynchronous, pointtopoint networks. We also propose new equilibrium notions (namely, computational versions of strict Nash equilibrium and stability with respect to trembles) and prove that our protocols satisfy them. These notions guarantee, roughly speaking, that at each point in the protocol there is a unique legal message a party can send. This, in turn, ensures that protocol messages cannot be used as subliminal channels, something achieved in prior work only by making strong assumptions on the communication network. 1
Fairness with an honest minority and a rational majority. Cryptology ePrint Archive, Report 2008/097
, 2008
"... Abstract. We provide a simple protocol for secret reconstruction in any threshold secret sharing scheme, and prove that it is fair when executed with many rational parties together with a small minority of honest parties. That is, all parties will learn the secret with high probability when the hone ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We provide a simple protocol for secret reconstruction in any threshold secret sharing scheme, and prove that it is fair when executed with many rational parties together with a small minority of honest parties. That is, all parties will learn the secret with high probability when the honest parties follow the protocol and the rational parties act in their own selfinterest (as captured by a setNash analogue of trembling hand perfect equilibrium). The protocol only requires a standard (synchronous) broadcast channel, tolerates both early stopping and incorrectly computed messages, and only requires 2 rounds of communication. Previous protocols for this problem in the cryptographic or economic models have either required an honest majority, used strong communication channels that enable simultaneous exchange of information, or settled for approximate notions of security/equilibria. They all also required a nonconstant number of rounds of communication.
Utility Dependence in Correct and Fair Rational Secret Sharing
, 2009
"... The problem of carrying out cryptographic computations when the participating parties are rational in a gametheoretic sense has recently gained much attention. One problem that has been studied considerably is that of rational secret sharing. In this setting, the aim is to construct a mechanism (pr ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
The problem of carrying out cryptographic computations when the participating parties are rational in a gametheoretic sense has recently gained much attention. One problem that has been studied considerably is that of rational secret sharing. In this setting, the aim is to construct a mechanism (protocol) so that parties behaving rationally have incentive to cooperate and provide their shares in the reconstruction phase, even if each party prefers to be the only one to learn the secret. Although this question was only recently asked by Halpern and Teague (STOC 2004), a number of works with beautiful ideas have been presented to solve this problem. However, they all have the property that the protocols constructed need to know the actual utility values of the parties (or at least a bound on them). This assumption is very problematic because the utilities of parties are not public knowledge. We ask whether this dependence on the actual utility values is really necessary and prove that in the case of two parties, rational secret sharing cannot be achieved without it. On the positive side, we show that in the multiparty case it is possible to construct a single mechanism that works for all (polynomial) utility functions. Our protocol has
Sequential Rationality in Cryptographic Protocols
"... Much of the literature on rational cryptography focuses on analyzing the strategic properties of cryptographic protocols. However, due to the presence of computationallybounded players and the asymptotic nature of cryptographic security, a definition of sequential rationality for this setting has th ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Much of the literature on rational cryptography focuses on analyzing the strategic properties of cryptographic protocols. However, due to the presence of computationallybounded players and the asymptotic nature of cryptographic security, a definition of sequential rationality for this setting has thus far eluded researchers. We propose a new framework for overcoming these obstacles, and provide the first definitions of computational solution concepts that guarantee sequential rationality. We argue that natural computational variants of subgame perfection are too strong for cryptographic protocols. As an alternative, we introduce a weakening called threatfree Nash equilibrium that is more permissive but still eliminates the undesirable “empty threats ” of nonsequential solution concepts. To demonstrate the applicability of our framework, we revisit the problem of implementing a mediator for correlated equilibria (DodisHaleviRabin, Crypto’00), and propose a variant of their protocol that is sequentially rational for a nontrivial class of correlated equilibria. Our treatment provides a better understanding of the conditions
Towards a game theoretic view of secure computation
 In 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques EUROCRYPT (2011
"... We demonstrate how Game Theoretic concepts and formalism can be used to capture cryptographic notions of security. In the restricted but indicative case of twoparty protocols in the face of malicious failstop faults, we first show how the traditional notions of secrecy and correctness of protocols ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
We demonstrate how Game Theoretic concepts and formalism can be used to capture cryptographic notions of security. In the restricted but indicative case of twoparty protocols in the face of malicious failstop faults, we first show how the traditional notions of secrecy and correctness of protocols can be captured as properties of Nash equilibria in games for rational players. Next, we concentrate on fairness. Here we demonstrate a Game Theoretic notion and two different cryptographic notions that turn out to all be equivalent. In addition, we provide a simulation based notion that implies the previous three. All four notions are weaker than existing cryptographic notions of fairness. In particular, we show that they can be met in some
FLIPIT: The Game of “Stealthy Takeover”
, 2012
"... Recent targeted attacks have increased significantly in sophistication, undermining the fundamental assumptions on which most cryptographic primitives rely for security. For instance, attackers launching an Advanced Persistent Threat (APT) can steal full cryptographic keys, violating the very secrec ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Recent targeted attacks have increased significantly in sophistication, undermining the fundamental assumptions on which most cryptographic primitives rely for security. For instance, attackers launching an Advanced Persistent Threat (APT) can steal full cryptographic keys, violating the very secrecy of “secret ” keys that cryptographers assume in designing secure protocols. In this article, we introduce a gametheoretic framework for modeling various computer security scenarios prevalent today, including targeted attacks. We are particularly interested in situations in which an attacker periodically compromises a system or critical resource completely, learns all its secret information and is not immediately detected by the system owner or defender. We propose a twoplayer game between an attacker and defender called FL I PIT or The Game of “Stealthy Takeover. ” In FL I PIT, players compete to control a shared resource. Unlike most existing games, FL I PIT allows players to move at any given time, taking control of the resource. The identity of the player controlling the resource, however, is not revealed until a player actually moves. To move, a player pays a certain move cost. The objective of each player is to control the resource a large fraction of time, while minimizing his total move cost. FL I PIT provides a simple and elegant framework in which we can formally reason about the interaction between attackers and defenders in practical scenarios.
Fair Computation with Rational Players
 In http://eprint.iacr.org/2011/396.pdf
"... We consider the problem of fair twoparty computation, where fairness (informally) means that both parties should learn the correct output. A seminal result of Cleve (STOC 1986) shows that fairness is, in general, impossible to achieve for malicious parties. Here, we treat the parties as rational an ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
We consider the problem of fair twoparty computation, where fairness (informally) means that both parties should learn the correct output. A seminal result of Cleve (STOC 1986) shows that fairness is, in general, impossible to achieve for malicious parties. Here, we treat the parties as rational and seek to understand what can be done. Asharov et al. (Eurocrypt 2011) recently considered this problem and showed impossibility of rational fair computation for a particular function and a particular set of utilities. We observe, however, that in their setting the parties have no incentive to compute the function even in an ideal world where fairness is guaranteed. Revisiting the problem, we show that rational fair computation is possible (for arbitrary functions and utilities) as long as the parties have a strict incentive to compute the function in the ideal world. This gives a new example where game theory can be used to circumvent impossibility results in cryptography.
J.P.: Revocation games in ephemeral networks
 In: Proceedings of the 16th ACM conference on Computer and communications security
, 2008
"... A frequently proposed solution to node misbehavior in mobile ad hoc networks is to use reputation systems. But in ephemeral networks a new breed of mobile networks where contact times between nodes are short and neighbors change frequently reputations are hard to build. In this case, local revocat ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
A frequently proposed solution to node misbehavior in mobile ad hoc networks is to use reputation systems. But in ephemeral networks a new breed of mobile networks where contact times between nodes are short and neighbors change frequently reputations are hard to build. In this case, local revocation is a faster and more efficient alternative. In this paper, we define a gametheoretic model to analyze the various local revocation strategies. We establish and prove the conditions leading to subgameperfect equilibria. We also derive the optimal parameters for votingbased schemes. Then we design a protocol based on our analysis and the practical aspects that cannot be captured in the model. With realistic simulations on ephemeral networks we compare the performance and economic costs of the different techniques.