Abstract
This paper revisits the conventional notion of security, and champions a paradigm shift in the way that security should be viewed: we argue that the fundamental notion of security should naturally be one that actively aims for the root of the security problem: the malicious (human-terminated) adversary. To that end, we propose the notion of adversarial security where non-malicious parties and the security mechanism are allowed more activeness; we discuss framework ideas based on factors affecting the (human) adversary, and motivate approaches to designing adversarial security systems. Indeed, while security research has in recent years begun to focus on human elements of the legitimate user as part of the security system’s design e.g. the notion of ceremonies; our adversarial security notion approaches general security design by considering the human elements of the malicious adversary.
Part of this work adversarially motivated by coffee.
Chapter PDF
Similar content being viewed by others
References
Chapman, D.B., Zwicky, E.D., Russell, D.: Building Internet Firewalls. O’Reilly & Associates, Inc., Sebastopol (1995)
Hernandez-Castro, C.J., Ribagorda, A.: Remotely telling humans and computers apart: An unsolved problem. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2009. IFIP Advances in Information and Communication Technology, vol. 309, pp. 9–26. Springer, Heidelberg (2009)
Kerr, C., Phaal, R., Probert, D.: A Framework for Strategic Military Capabilities in Defense Transformation. In: International Command and Control Research and Technology Symposium (2006)
BBC News. Political Hacktivists Turn To Web Attacks (2010), http://news.bbc.co.uk/1/hi/technology/8506698.stm; This is an electronic document. Date of publication: February 10, 2010. Date retrieved: February 10, 2010. Date last modified: February 10, 2010
Wu, C.-H., Huang, C.-C.A., Irwin, J.D.: Using Identity-Based Privacy-Protected Access Control Filter (IPACF) to Against Denial Of Service Attacks and Protect User Privacy. In: Proc. SpringSim 2007, San Diego, CA, USA, pp. 362–369 (2007)
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)
Anderson, R., Moore, T.: The Economics of Information Security. Science 314(5799), 610–613 (2006)
Barak, B., Herzberg, A., Naor, D., Shai, E.: The Proactive Security Toolkit and Applications. In: Proc. ACM CCS 1999, pp. 18–27 (1999)
Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)
Bluetooth SIG, Bluetooth Core Specifications v4.0 (December 17, 2009)
Buchegger, S., Le Boudec, J.Y.: Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks. In: Proc. PDP 2002, pp. 403–410 (2002)
Cohen, F.: Managing Network Security: Returning Fire. Network Security 1999(2), 11–15 (1999)
Dodis, Y., Franklin, M.K., Katz, J., Yung, M.: Intrusion-resilient public-key encryption. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 19–32. Springer, Heidelberg (2003)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated public key cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)
Ellison, C.: UPnP Security Ceremonies: Design Document (October 2003), http://www.upnp.org/download/standardizeddcps/UPnPSecurityCeremonies_1_0secure.pdf
Gengler, B.: Strikeback. Computer Fraud & Security 1999(1), 8–9 (1999)
Johnson, B., Hirsch, A.: Facebook Backtracks after Online Privacy Protest (February 19, 2009), http://Guardian.co.uk
Karlof, C., Tygar, J.D., Wagner, D.: Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication. In: Proc. NDSS 2009 (2009)
Karlof, C., Tygar, J.D., Wagner, D.: Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication. In: Proc. SOUPS 2009 (2009)
Jayawal, V., Yurcik, W., Doss, D.: Internet Hack Back: Counter Attacks as Self-Defense or Vigilantism? In: Proc. ISTAS 2002 (2002)
Matsuura, J.H.: “Digital Victim or ”Vigilante”: Legal and Ethical Limits to Online Self-Defense. In: Proc. Ethicomp 2004, pp. 629–634 (2004)
Naor, M.: Verification of a Human in the Loop, or Identification via the Turing Test (September 1996), http://www.wisdom.weizmann.ac.il/~naor/PAPERS/human_abs.html
Phan, R.C.-W., Choo, K.-K.R., Heng, S.-H.: Security of a leakage-resilient protocol for key establishment and mutual authentication. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 169–177. Springer, Heidelberg (2007)
Schneier, B.: The Psychology of Security. Communications of the ACM 50(5), 128 (2007)
Schneier, B.: How the Human Brain Buys Security. IEEE Security & Privacy 6(4), 80 (2008)
Shin, S., Kobara, K., Imai, H.: Leakage-resilient authenticated key establishment protocols. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 155–172. Springer, Heidelberg (2003)
Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Walfish, M., Balakrishnan, H., Karger, D., Shenker, S.: DoS: Fighting Fire with Fire. In: Proc. HotNets 2005 (2005)
Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS Defense by Offense. ACM SIGCOMM Computer Communication Review 36(4), 303–314 (2006)
Welch, D.J., Buchheit, N., Ruocco, A.: Strike Back: Offensive Actions in Information Warfare. In: Proc. NSPW 1999, pp. 47–52 (1999)
Zhang, Y., Lou, W., Fang, Y.: SIP: a Secure Incentive Protocol against Selfishness in Mobile Ad Hoc Networks. In: Proc. IEEE WCNC 2004, pp. 1679–1684 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Phan, R.C.W., Whitley, J.N., Parish, D.J. (2011). Adversarial Security: Getting to the Root of the Problem. In: Camenisch, J., Kisimov, V., Dubovitskaya, M. (eds) Open Research Problems in Network Security. iNetSec 2010. Lecture Notes in Computer Science, vol 6555. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19228-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-19228-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19227-2
Online ISBN: 978-3-642-19228-9
eBook Packages: Computer ScienceComputer Science (R0)