Gaming security by obscurity

Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, then the attacker will surely find that algorithm*. The attacker is not viewed as an omnipotent computer any more, but he is still construed as an omnipotent programmer. So the Diffie-Hellman step from unlimited to limited computational powers has not been extended into a step from unlimited to limited logical or programming powers. Is the assumption that all feasible algorithms will eventually be discovered and implemented really different from the assumption that everything that is computable will eventually be computed? The present paper explores some ways to refine the current models of the attacker, and of the defender, by taking into account their limited logical and programming powers. If the adaptive attacker actively queries the system to seek out its vulnerabilities, can the system gain some security by actively learning attacker's methods, and adapting to them?Comment: 15 pages, 9 figures, 2 tables; final version appeared in the Proceedings of New Security Paradigms Workshop 2011 (ACM 2011); typos correcte

Imperfect-Recall Abstractions with Bounds in Games

Imperfect-recall abstraction has emerged as the leading paradigm for practical large-scale equilibrium computation in incomplete-information games. However, imperfect-recall abstractions are poorly understood, and only weak algorithm-specific guarantees on solution quality are known. In this paper, we show the first general, algorithm-agnostic, solution quality guarantees for Nash equilibria and approximate self-trembling equilibria computed in imperfect-recall abstractions, when implemented in the original (perfect-recall) game. Our results are for a class of games that generalizes the only previously known class of imperfect-recall abstractions where any results had been obtained. Further, our analysis is tighter in two ways, each of which can lead to an exponential reduction in the solution quality error bound. We then show that for extensive-form games that satisfy certain properties, the problem of computing a bound-minimizing abstraction for a single level of the game reduces to a clustering problem, where the increase in our bound is the distance function. This reduction leads to the first imperfect-recall abstraction algorithm with solution quality bounds. We proceed to show a divide in the class of abstraction problems. If payoffs are at the same scale at all information sets considered for abstraction, the input forms a metric space. Conversely, if this condition is not satisfied, we show that the input does not form a metric space. Finally, we use these results to experimentally investigate the quality of our bound for single-level abstraction

Timing of Messages and the Aumann Conjecture: A multiple-Selves Approach

The Aumann (1990) conjecture states that cheap-talk messages do not necessarily help to coordinate on efficient Nash equilibria. In an experimental test of Aumann’s conjecture, Charness (2000) found that cheap-talk messages facilitate coordination when they precede the action, but not when they follow the action. Standard game-theoretical modeling abstracts from this timing effect, and therefore cannot account for it. To allow for a formal analysis of the timing effect, I study the sequential equilibria of the signaling game in which the sender is modeled as comprising two selves: an acting self and a signaling self. I interpret Aumann’s argument in this context to imply that all of the equilibria in this game are ‘babbling’ equilibria, in which the message conveys no information and does not affect the behavior of the receiver. Using this framework, I show that a fully communicative equilibrium exists—only if the message precedes the action but not when the message follows the action. In the latter case, no information is transmitted in any equilibrium. This result provides a game-theoretical explanation for the puzzling experimental results obtained by Charness (2000). I discuss other explanations for this timing-of-message effect and their relationship to the current analysis.pre-play communication, Nash equilibrium, coordination games, multiple selves

Repeated Games Played in a Network

Delayed perfect monitoring in an infinitely repeated discounted game is modelled by letting the players form a connected and undirected network. Players observe their immediate neighbors' behavior only, but communicate over time the repeated game's history truthfully throughout the network. The Folk Theorem extends to this setup, although for a range of discount factors strictly below 1, the set of sequential equilibria and the corresponding payoff set may be reduced. A general class of games is analyzed without imposing restrictions on the dimensionality of the payoff space. This and the bilateral communication structure allow for limited results under strategic communication only. As a by-product this model produces a network result; namely, the level of cooperation in this setup depends on the network's diameter, and not on its clustering coefficient as in other models.Repeated Game, Network, Delayed Perfect Monitoring, Communication

Repeated Games Played in a Network

Delayed perfect monitoring in an infinitely repeated discounted game is modelled by allocating the players to a connected and undirected network. Players observe their immediate neighbors’ behavior only, but communicate over time the repeated game’s history truthfully throughout the network. The Folk Theorem extends to this setup, although for a range of discount factors strictly below 1, the set of sequential equilibria and the corresponding payoff set may be reduced. A general class of games is analyzed without imposing restrictions on the dimensionality of the payoff space. Due to this and the bilateral communication structure, truthful communication arises endogenously only under additional conditions. The model also produces a network result; namely, the level of cooperation in this setup depends on the network’s diameter, and not on its clustering coefficient as in other models.Repeated Game, Delayed Perfect Monitoring, Network, Communication