Adversarial Security: Getting to the Root of the Problem

This paper revisits the conventional notion of security, and champions a paradigm shift in the way that security should be viewed: we argue that the fundamental notion of security should naturally be one that actively aims for the root of the security problem: the malicious (human-terminated) adversary. To that end, we propose the notion of adversarial security where non-malicious parties and the security mechanism are allowed more activeness; we discuss framework ideas based on factors affecting the (human) adversary, and motivate approaches to designing adversarial security systems. Indeed, while security research has in recent years begun to focus on human elements of the legitimate user as part of the security system's design e.g. the notion of ceremonies; our adversarial security notion approaches general security design by considering the human elements of the malicious adversary.

[1]  Elizabeth D. Zwicky,et al.  Building internet firewalls , 1995 .

[2]  Moni Naor,et al.  VERI CATION OF A HUMAN IN THE LOOP OR IDENTI CATION VIA THE TURING TEST , 1996 .

[3]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[4]  David Malakoff Fighting Fire With Fire , 1999, Science.

[5]  Barbara Gengler FTC rules for children on the Internet , 1999 .

[6]  Anthony Ruocco,et al.  Discussion: strike back: offensive actions in information warfare , 1999, NSPW '99.

[7]  Amir Herzberg,et al.  The proactive security toolkit and applications , 1999, CCS '99.

[8]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[9]  F. Cohen Feature: Managing network security: Returning fire , 1999 .

[10]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[11]  William Yurcik,et al.  Internet hack back: counter attacks as self-defense or vigilantism? , 2002, IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293).

[12]  Jean-Yves Le Boudec,et al.  Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks , 2002, Proceedings 10th Euromicro Workshop on Parallel, Distributed and Network-based Processing.

[13]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[14]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[15]  SeongHan Shin,et al.  Leakage-Resilient Authenticated Key Establishment Protocols , 2003, ASIACRYPT.

[16]  Matthew K. Franklin,et al.  Intrusion-Resilient Public-Key Encryption , 2003, CT-RSA.

[17]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[18]  Marc Joye,et al.  Topics in Cryptology — CT-RSA 2003 , 2003 .

[19]  Yuguang Fang,et al.  SIP: a secure incentive protocol against selfishness in mobile ad hoc networks , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[20]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[21]  Michael Walfish,et al.  DoS: Fighting fire with fire , 2005 .

[22]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[23]  Probert,et al.  A framework for strategic military capabilities in defense transformation , 2006 .

[24]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[25]  Michael Walfish,et al.  DDoS defense by offense , 2006, SIGCOMM 2006.

[26]  J. David Irwin,et al.  Using Identity-Based Privacy-Protected Access Control Filter (IPACF) to against denial of service attacks and protect user privacy , 2007, SpringSim '07.

[27]  Kim-Kwang Raymond Choo,et al.  Security of a Leakage-Resilient Protocol for Key Establishment and Mutual Authentication , 2007, ProvSec.

[28]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[29]  Bruce Schneier How the Human Brain Buys Security , 2008, IEEE Security & Privacy.

[30]  David A. Wagner,et al.  Conditioned-safe ceremonies and a user study of an application to web authentication , 2009, NDSS.

[31]  Arturo Ribagorda,et al.  Remotely Telling Humans and Computers Apart: An Unsolved Problem , 2009, iNetSeC.

[32]  Jan Camenisch,et al.  iNetSec 2009 – Open Research Problems in Network Security: IFIP WG 11.4 International Workshop, Zurich, Switzerland, April 23-24, 2009, Revised Selected Papers , 2009, iNetSec.