A Hypergame Analysis for ErsatzPasswords - ICT Systems Security and Privacy Protection
Conference Papers Year : 2018

A Hypergame Analysis for ErsatzPasswords

Abstract

A hypergame is a game theoretic model capturing the decisions of rational players in a conflict where misperceptions, from deception or information asymmetry, are present. We demonstrate how hypergames can model an actual security mechanism: ErsatzPassword, a defense mechanism to protect password hashes from offline brute-force attacks. Two ErsatzPassword defensive strategies are considered: to block the attacker and trigger an alarm, or to redirect the attacker into a honeynet for attack analysis. We consider the scenario where there is information asymmetry in the system and one side under-estimates or over-estimates the risk tolerance of the other side. We analyze plausible strategies for both attacker and defender and then solve 57,600 hypergame configurations to determine the optimal 1st line defense strategies under various levels of risk tolerance and misperceptions.
Fichier principal
Vignette du fichier
472722_1_En_4_Chapter.pdf (588.46 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02023738 , version 1 (21-02-2019)

Licence

Identifiers

Cite

Christopher N. Gutierrez, Mohammed H. Almeshekah, Saurabh Bagchi, Eugene H. Spafford. A Hypergame Analysis for ErsatzPasswords. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.47-61, ⟨10.1007/978-3-319-99828-2_4⟩. ⟨hal-02023738⟩
102 View
107 Download

Altmetric

Share

More