Adversarial Security: Getting to the Root of the Problem

  • Raphael C. -W. Phan
  • John N. Whitley
  • David J. Parish
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6555)

Abstract

This paper revisits the conventional notion of security, and champions a paradigm shift in the way that security should be viewed: we argue that the fundamental notion of security should naturally be one that actively aims for the root of the security problem: the malicious (human-terminated) adversary. To that end, we propose the notion of adversarial security where non-malicious parties and the security mechanism are allowed more activeness; we discuss framework ideas based on factors affecting the (human) adversary, and motivate approaches to designing adversarial security systems. Indeed, while security research has in recent years begun to focus on human elements of the legitimate user as part of the security system’s design e.g. the notion of ceremonies; our adversarial security notion approaches general security design by considering the human elements of the malicious adversary.

Keywords

Security Mechanism Security Problem Attack Action Legitimate User Fair Play 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Chapman, D.B., Zwicky, E.D., Russell, D.: Building Internet Firewalls. O’Reilly & Associates, Inc., Sebastopol (1995)Google Scholar
  2. 2.
    Hernandez-Castro, C.J., Ribagorda, A.: Remotely telling humans and computers apart: An unsolved problem. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2009. IFIP Advances in Information and Communication Technology, vol. 309, pp. 9–26. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Kerr, C., Phaal, R., Probert, D.: A Framework for Strategic Military Capabilities in Defense Transformation. In: International Command and Control Research and Technology Symposium (2006)Google Scholar
  4. 4.
    BBC News. Political Hacktivists Turn To Web Attacks (2010), http://news.bbc.co.uk/1/hi/technology/8506698.stm; This is an electronic document. Date of publication: February 10, 2010. Date retrieved: February 10, 2010. Date last modified: February 10, 2010
  5. 5.
    Wu, C.-H., Huang, C.-C.A., Irwin, J.D.: Using Identity-Based Privacy-Protected Access Control Filter (IPACF) to Against Denial Of Service Attacks and Protect User Privacy. In: Proc. SpringSim 2007, San Diego, CA, USA, pp. 362–369 (2007)Google Scholar
  6. 6.
    von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Anderson, R., Moore, T.: The Economics of Information Security. Science 314(5799), 610–613 (2006)CrossRefGoogle Scholar
  8. 8.
    Barak, B., Herzberg, A., Naor, D., Shai, E.: The Proactive Security Toolkit and Applications. In: Proc. ACM CCS 1999, pp. 18–27 (1999)Google Scholar
  9. 9.
    Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Bluetooth SIG, Bluetooth Core Specifications v4.0 (December 17, 2009)Google Scholar
  11. 11.
    Buchegger, S., Le Boudec, J.Y.: Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks. In: Proc. PDP 2002, pp. 403–410 (2002)Google Scholar
  12. 12.
    Cohen, F.: Managing Network Security: Returning Fire. Network Security 1999(2), 11–15 (1999)CrossRefGoogle Scholar
  13. 13.
    Dodis, Y., Franklin, M.K., Katz, J., Yung, M.: Intrusion-resilient public-key encryption. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 19–32. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated public key cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Ellison, C.: UPnP Security Ceremonies: Design Document (October 2003), http://www.upnp.org/download/standardizeddcps/UPnPSecurityCeremonies_1_0secure.pdf
  16. 16.
    Gengler, B.: Strikeback. Computer Fraud & Security 1999(1), 8–9 (1999)Google Scholar
  17. 17.
    Johnson, B., Hirsch, A.: Facebook Backtracks after Online Privacy Protest (February 19, 2009), http://Guardian.co.uk
  18. 18.
    Karlof, C., Tygar, J.D., Wagner, D.: Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication. In: Proc. NDSS 2009 (2009)Google Scholar
  19. 19.
    Karlof, C., Tygar, J.D., Wagner, D.: Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication. In: Proc. SOUPS 2009 (2009)Google Scholar
  20. 20.
    Jayawal, V., Yurcik, W., Doss, D.: Internet Hack Back: Counter Attacks as Self-Defense or Vigilantism? In: Proc. ISTAS 2002 (2002)Google Scholar
  21. 21.
    Matsuura, J.H.: “Digital Victim or ”Vigilante”: Legal and Ethical Limits to Online Self-Defense. In: Proc. Ethicomp 2004, pp. 629–634 (2004)Google Scholar
  22. 22.
    Naor, M.: Verification of a Human in the Loop, or Identification via the Turing Test (September 1996), http://www.wisdom.weizmann.ac.il/~naor/PAPERS/human_abs.html
  23. 23.
    Phan, R.C.-W., Choo, K.-K.R., Heng, S.-H.: Security of a leakage-resilient protocol for key establishment and mutual authentication. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 169–177. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Schneier, B.: The Psychology of Security. Communications of the ACM 50(5), 128 (2007)CrossRefGoogle Scholar
  25. 25.
    Schneier, B.: How the Human Brain Buys Security. IEEE Security & Privacy 6(4), 80 (2008)CrossRefGoogle Scholar
  26. 26.
    Shin, S., Kobara, K., Imai, H.: Leakage-resilient authenticated key establishment protocols. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 155–172. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)Google Scholar
  28. 28.
    Walfish, M., Balakrishnan, H., Karger, D., Shenker, S.: DoS: Fighting Fire with Fire. In: Proc. HotNets 2005 (2005)Google Scholar
  29. 29.
    Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS Defense by Offense. ACM SIGCOMM Computer Communication Review 36(4), 303–314 (2006)CrossRefGoogle Scholar
  30. 30.
    Welch, D.J., Buchheit, N., Ruocco, A.: Strike Back: Offensive Actions in Information Warfare. In: Proc. NSPW 1999, pp. 47–52 (1999)Google Scholar
  31. 31.
    Zhang, Y., Lou, W., Fang, Y.: SIP: a Secure Incentive Protocol against Selfishness in Mobile Ad Hoc Networks. In: Proc. IEEE WCNC 2004, pp. 1679–1684 (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Raphael C. -W. Phan
    • 1
  • John N. Whitley
    • 1
  • David J. Parish
    • 1
  1. 1.High Speed Networks (HSN) Research Group, Electronic & Electrical EngineeringLoughborough UniversityUK

Personalised recommendations