Skip to main content
SpringerLink
Log in
Book cover

Cambridge International Workshop on Security Protocols

Security Protocols 2017: Security Protocols XXV pp 38–48Cite as

Assuring the Safety of Asymmetric Social Protocols

  • Conference paper
  • First Online:

  • 572 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10476))

Abstract

Most studies of security protocols in the literature refer to interactions between computers. Nowadays, however, more and more fraud (such as phishing, Nigerian scams and the like) is carried out by abusing social protocols—that is to say, computer-mediated interactions between human subjects. We call a social protocol “asymmetric” when the initial sender benefits from execution of the protocol but the recipient is not guaranteed against dishonesty of the sender. Can a recipient ever safely engage in an asymmetric social protocol?

Over the past decade or two, computer-mediated communications and purchasing transactions have become pervasive among the general public. As a consequence, attacks on social protocols have grown in prominence and value. We need a principled and systemic response to this problem, rather than ad-hoc patches.

Our contribution is to introduce a framework, the “marketplace of social protocol insurers”, in which specialised providers compete to offer safety guarantees, for a fee, to subjects who wish to engage in social protocols. Providers need to develop accurate classifiers for rating protocol inputs as safe or dangerous, and the providers with the most accurate classifiers can price their insurance premiums more competitively, thereby winning a greater share of the customers.

Our solution offers, through competition amongst providers, aligned incentives for the development and deployment of accurate classifiers to distinguish fraudulent and legitimate inputs and it offers a safe way for ordinary users to engage in asymmetric social protocols without having to become experts at detecting fraudulent proposals.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Although we must accept the existence of irrational adversaries—the cyber equivalent of suicide bombers—whom such retribution mechanisms will not deter.

  2. 2.

    We maintain a subtle distinction between the offer maker, who creates the offer in the first place, and the offer sender who sends it to the recipient. These may be the same principal, as when a Nigerian operator sends a “419” to a victim, or not, as when a naïve user passes on the fake alert that the email password must be changed.

  3. 3.

    To avoid misunderstanding, the obvious definitions are as follows. True positive: the input was dangerous and was flagged as such. True negative: the input was not dangerous and was flagged as such. False positive: the input was flagged as dangerous despite not being dangerous. False negative: the input was flagged as not dangerous despite being dangerous.

  4. 4.

    Note that insurance and refund are only able to “undo the evil deed” for certain types of threats, such as those that result in financial loss, where the victim may be fully refunded. For others, such as those that result in confidentiality loss, compensation may still be offered but it is impossible to undo the disclosure and restore the state of the world to that before the occurrence of the attack. This is an inherent limit of any approach involving remedial compensation and is not specific to our framework. It should also be noted that our approach only resorts to compensation in the case of false negatives, but that in the case of true positives it employs prevention (not engaging in the protocol that would result in, say, confidentiality loss), which is much better. Note also that, as detailed in the following paragraph, the financial incentives for insurers in our framework are aligned to favour true positives against false negatives, which is precisely the intended outcome.

  5. 5.

    We are glossing over the obvious confidentiality problems, which would have to be addressed by an appropriate service level agreement. On the other hand, we observe that a not insignificant fraction of battle-hardened security researchers nonchalantly forward all their emails to Google or Yahoo without batting an eyelid.

  6. 6.

    The trust* protocol by Clarke et al. [1] also attempts to protect the recipient against spam by paying an insurance broker, but there it’s the sender who pays, rather than the recipient: the sender, who wishes her own mail to get through, pays the broker to offer a guarantee to the recipient that the mail is not spam. It is assumed that a recipient may choose not to open any emails that arrive without such guarantees. Until such a system becomes widespread, however, most emails will arrive without guarantees anyway (because senders won’t even know about the existence of the trust* scheme), so the recipient will have to decide for himself whether to open them without protection from the broker. In our system, by contrast, once the recipient establishes an insurance contract with a broker, the recipient is protected against all incoming emails, whether the senders play the game or not. This means the scheme in this paper offers its benefits to its early adopters even before it becomes mainstream.

  7. 7.

    Conceptually with a per-message charge, though commercially this might be more easily sold as flat-rate subscription with reasonable-use quotas.

  8. 8.

    Again, ideally per-message but potentially as a flat-rate subscription with quotas.

  9. 9.

    www.agari.com.

References

  1. Clarke, S., Christianson, B., Xiao, H.: Trust*: using local guarantees to extend the reach of trust. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 171–178. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36213-2_21

    Chapter  Google Scholar 

  2. Gligor, V., Wing, J.M.: Towards a theory of trust in networks of humans and computers. In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 223–242. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25867-1_22

    Chapter  Google Scholar 

  3. Kim, T.H.-J., Gligor, V., Perrig, A.: Street-level trust semantics for attribute authentication. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2012. LNCS, vol. 7622, pp. 96–115. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35694-0_12

    Chapter  Google Scholar 

  4. Konnikova, M.: The Confidence Game. Viking, New York City (2016)

    Google Scholar 

  5. Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Commun. ACM 54(3), 70–75 (2011). https://doi.org/10.1145/1897852.1897872

    Article  Google Scholar 

Download references

Acknowledgements

We are grateful to Trinity College and the Computer Laboratory for hosting Virgil Gligor for part of his sabbatical in summer 2016 while much of this research was carried out.

Author information

Authors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, PA, USA

    Virgil Gligor

  2. University of Cambridge, Cambridge, UK

    Frank Stajano

Authors
  1. Virgil Gligor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frank Stajano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Frank Stajano .

Editor information

Editors and Affiliations

  1. University of Cambridge, Cambridge, United Kingdom

    Frank Stajano

  2. Memorial University of Newfoundland, St. John’s, Newfoundland and Labrador, Canada

    Jonathan Anderson

  3. University of Hertfordshire, Hatfield, United Kingdom

    Bruce Christianson

  4. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gligor, V., Stajano, F. (2017). Assuring the Safety of Asymmetric Social Protocols. In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds) Security Protocols XXV. Security Protocols 2017. Lecture Notes in Computer Science(), vol 10476. Springer, Cham. https://doi.org/10.1007/978-3-319-71075-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71075-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71074-7

  • Online ISBN: 978-3-319-71075-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation