Gaming security by obscurity

Shannon sought security against the attacker with unlimited computational powers: if an information source conveys some information, then Shannon's attacker will surely extract that information. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that if there is an algorithm that can break the system, then the attacker will surely find that algorithm. The attacker is not viewed as an omnipotent computer any more, but he is still construed as an omnipotent programmer. The ongoing hackers' successes seem to justify this view. So the Diffie-Hellman step from unlimited to limited computational powers has not been extended into a step from unlimited to limited logical or programming powers. Is the assumption that all feasible algorithms will eventually be discovered and implemented really different from the assumption that everything that is computable will eventually be computed? The present paper explores some ways to refine the current models of the attacker, and of the defender, by taking into account their limited logical and programming powers. If the adaptive attacker actively queries the system to seek out its vulnerabilities, can the system gain some security by actively learning attacker's methods, and adapting to them?

[1]  S. Zamir,et al.  Formulation of Bayesian analysis for games with incomplete information , 1985 .

[2]  Bernhard K. Aichernig,et al.  Formal Methods at the Crossroads. From Panacea to Foundational Support , 2003, Lecture Notes in Computer Science.

[3]  Leonid A. Levin,et al.  Randomness Conservation Inequalities; Information and Independence in Mathematical Theories , 1984, Inf. Control..

[4]  Elwyn R. Berlekamp,et al.  Winning Ways for Your Mathematical Plays, Volume 2 , 2003 .

[5]  Martin Meier,et al.  On the relationship between hierarchy and type morphisms , 2011 .

[6]  Paul M. B. Vitányi,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 1993, Graduate Texts in Computer Science.

[7]  Ray J. Solomonoff,et al.  A Formal Theory of Inductive Inference. Part II , 1964, Inf. Control..

[8]  P. D. Groote,et al.  The Curry-Howard isomorphism , 1995 .

[9]  C.-H. Luke Ong,et al.  On Full Abstraction for PCF: I, II, and III , 2000, Inf. Comput..

[10]  C. A. R. Hoare Programs are predicates , 1984, Philosophical Transactions of the Royal Society of London. Series A, Mathematical and Physical Sciences.

[11]  Manfred Kochen,et al.  On the economics of information , 1972, J. Am. Soc. Inf. Sci..

[12]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.

[13]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[14]  Marcus Hutter,et al.  Algorithmic Information Theory , 1977, IBM J. Res. Dev..

[15]  Stephen Hargitay,et al.  Categories of software , 1991 .

[16]  Andrei N. Kolmogorov,et al.  On Tables of Random Numbers (Reprinted from "Sankhya: The Indian Journal of Statistics", Series A, Vol. 25 Part 4, 1963) , 1998, Theor. Comput. Sci..

[17]  Dusko Pavlovic,et al.  A Semantical Approach to Equilibria and Rationality , 2009, CALCO.

[18]  Dusko Pavlovic,et al.  Maps II: Chasing Diagrams in Categorical Proof Theory , 1996, Log. J. IGPL.

[19]  Ray J. Solomonoff,et al.  A Formal Theory of Inductive Inference. Part I , 1964, Inf. Control..

[20]  S. Kleene Realizability: A retrospective survey , 1973 .

[21]  Dusko Pavlovic,et al.  Constructions and Predicates , 1991, Category Theory and Computer Science.

[22]  John C. Harsanyi,et al.  Games with Incomplete Information Played by "Bayesian" Players, I-III: Part I. The Basic Model& , 2004, Manag. Sci..

[23]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[24]  E. Rowland Theory of Games and Economic Behavior , 1946, Nature.

[25]  Dusko Pavlovic,et al.  Semantics of First Order Parametric Specifications , 1999, World Congress on Formal Methods.

[26]  Gösta Grahne Incomplete Information , 2009, Encyclopedia of Database Systems.

[27]  Charles H. Bennett Logical depth and physical complexity , 1988 .

[28]  José Luiz Fiadeiro Categories for software engineering , 2005 .

[29]  Till Mossakowski Relating CASL with other specification languages: the institution level , 2002, Theor. Comput. Sci..

[30]  Tyler Moore,et al.  Would a 'cyber warrior' protect us: exploring trade-offs between attack and defense of information systems , 2010, NSPW '10.

[31]  Robert J. Aumann,et al.  Chapter 43 Incomplete information , 2002 .

[32]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[33]  Radha Jagadeesan,et al.  Full Abstraction for PCF , 2000, Inf. Comput..

[34]  R. Herken,et al.  A half-century survey on The Universal Turing Machine , 1988 .

[35]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[36]  A. Copeland Review: John von Neumann and Oskar Morgenstern, Theory of games and economic behavior , 1945 .

[37]  L. Levin,et al.  THE COMPLEXITY OF FINITE OBJECTS AND THE DEVELOPMENT OF THE CONCEPTS OF INFORMATION AND RANDOMNESS BY MEANS OF THE THEORY OF ALGORITHMS , 1970 .

[38]  Dusko Pavlovic,et al.  Guarded Transitions in Evolving Specifications , 2002, AMAST.

[39]  K. Siegrist How to Gamble If You Must , 2008 .

[40]  Dusko Pavlovic,et al.  Software Development by Refinement , 2002, 10th Anniversary Colloquium of UNU/IIST.

[41]  A. Troelstra,et al.  Constructivism in Mathematics: An Introduction , 1988 .

[42]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[43]  J. Stiglitz The market for 'lemons': quality uncertainty and the market mechanism , 2002 .

[44]  Charles H. Bennett,et al.  The thermodynamics of computation—a review , 1982 .

[45]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[46]  E. Berlekamp,et al.  Winning Ways for Your Mathematical Plays , 1983 .

[47]  William E. Dean Pitfalls in the Use of Imperfect Information , 1988 .

[48]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[49]  J. Harsanyi Games with Incomplete Information Played by 'Bayesian' Players, Part III. The Basic Probability Distribution of the Game , 1968 .

[50]  M. Spence Job Market Signaling , 1973 .

[51]  Gregory H. Harris,et al.  Review of "Abstract state machines: a method for high-level system design and analysis" by Egon Börger and Robert Stärk. Springer-Verlag 2003. , 2004, SOEN.

[52]  Manindra Agrawal,et al.  PRIMES is in P , 2004 .

[53]  Christopher Krügel,et al.  Analysis of a Botnet Takeover , 2011, IEEE Security & Privacy.