Advertisement

A Hypergame Analysis for ErsatzPasswords

  • Christopher N. GutierrezEmail author
  • Mohammed H. Almeshekah
  • Saurabh Bagchi
  • Eugene H. Spafford
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 529)

Abstract

A hypergame is a game theoretic model capturing the decisions of rational players in a conflict where misperceptions, from deception or information asymmetry, are present. We demonstrate how hypergames can model an actual security mechanism: ErsatzPassword, a defense mechanism to protect password hashes from offline brute-force attacks. Two ErsatzPassword defensive strategies are considered: to block the attacker and trigger an alarm, or to redirect the attacker into a honeynet for attack analysis. We consider the scenario where there is information asymmetry in the system and one side under-estimates or over-estimates the risk tolerance of the other side. We analyze plausible strategies for both attacker and defender and then solve 57,600 hypergame configurations to determine the optimal 1st line defense strategies under various levels of risk tolerance and misperceptions.

Keywords

Computer security Deception Game theory 

Notes

Acknowledgements

The authors acknowledge Jeffery Avery and Paul Wood for their insightful discussion on early versions of this work. Special thanks to the US National Science Foundation for supporting this research through EAGER Grant #1548114.

References

  1. 1.
    Almeshekah, M.H., Gutierrez, C.N., Atallah, M.J., Spafford, E.H.: Ersatzpasswords: ending password cracking and detecting password leakage. In: ACSAC, pp. 311–320 (2015). http://orcid.org/10.1145/2818000.2818015
  2. 2.
    Almeshekah, M.H., Spafford, E.H.: Planning and integrating deception into computer. In: Proceedings of the New Security Paradigms Workshop (NSPW) (2014)Google Scholar
  3. 3.
    Bennett, P.G., Dando, M.R.: Complex strategic analysis: a hypergame study of the fall of France. J. Oper. Res. Soc. 30(1), 23–32 (1979).  https://doi.org/10.1057/jors.1979.3MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bennett, P.G.: Toward a theory of hypergames. Omega 5(6), 749–751 (1977)CrossRefGoogle Scholar
  5. 5.
    Brumley, L.: HYPANT: a hypergame analysis tool Monash University. Ph.D. thesis, Monash University (2003)Google Scholar
  6. 6.
    Fraser, N., Hipel, K.: Conflict analysis: models and resolutions. North-Holland series in system science and engineering (1984)Google Scholar
  7. 7.
    Gibson, A.: Applied hypergame theory for network defense. Ph.D. thesis, Air Force Institue of TechnologyGoogle Scholar
  8. 8.
    Imamverdiyev, Y.: A hypergame model for information security. Int. J. Inf. Secur. Sci. 3(1), 148–155 (2014)Google Scholar
  9. 9.
    Juels, A., Rivest, R.L.: Honeywords: making password-cracking detectable. In: Proceedings of Computer and Communications Security, CCS 2013, pp. 145–160 (2013)Google Scholar
  10. 10.
    Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34266-0_12CrossRefzbMATHGoogle Scholar
  11. 11.
    Singh, A., Bu, Z.: Hot Knives Through Butter: Evading File-based Sandboxes. FireEye (2014)Google Scholar
  12. 12.
    Spitzner, L.: Honeypots: Tracking Hackers. Wesley, Boston (2002)Google Scholar
  13. 13.
    Takahashi, M.A., Fraser, N.M., Hipel, K.W.: A procedure for analyzing hypergames. Eur. J. Oper. Res. 18, 111–122 (1984).  https://doi.org/10.1016/0377-2217(84)90268-6MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Wang, M., Hipel, K.W., Fraser, N.M.: Modeling misperceptions in games. Behav. Sci. 33(3), 207–223 (1988)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: IEEE SMC Information Assurance Workshop, pp. 116–122, June 2004. http://orcid.org/10.1109/IAW.2004.1437806

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  1. 1.Center for Education and Research in Information Assurance and Security (CERIAS), Purdue UniversityWest LafayetteUSA
  2. 2.Department of Computer ScienceKing Saud UniversityRiyadhSaudi Arabia

Personalised recommendations