Теоретико-ігровий підхід до проблеми безпеки мереж

В даній роботі здійснено огляд основних напрямків застосування теоретико-ігрового підходу до розв’язання актуальних проблем безпеки. Теорія ігор досліджує взаємодію раціональних агентів за умов конфлікту та невизначеності. Моделі теорії ігор успішно застосовуються для вивчення процесів у економіці, біології, комп’ютерних мережах та інших. Застосування до забезпечення безпеки – відносно новий напрямок, який дозволяє представити проблему захисту у вигляді гри, та застосувати розвинені методи ігрового аналізу. Описано сучасний стан області, виділені основні напрямки загроз та відповідні моделі і методи теорії ігор. Запропоновано класифікацію ігрових підходів у області кібербезпеки та проведено порівняння різних класифікацій. Окремо розглядаються атаки на відмову, які є одним з найбільш небезпечним напрямком розвитку кіберзлочинності. Побудовані ігрові моделі таких атак, та проведений аналіз вразливості стратегій захисту. Виділені майбутні тренди застосування ігрового підходу в області кібербезпеки.В данной работе приведен обзор основных направлений применения теоретико-игрового подхода к решению актуальных проблем безопасности. Теория игр исследует взаимодействие рациональных агентов в условиях конфликта и неопределенности. Модели теории игр успешно применяются в экономике, биологии, компьютерных сетях и многих других. Применение в области безопасности – относительно новое направление, которое позволяет представить проблему защиты в виде игры и применить развитые методы анализа. Описано современное состояние области, выделены основные угрозы и соответствующие модели и методы теории игр. Предложено классификацию игровых подходов и проведено сравнение существующих классификаций. Отдельно исследованы атаки типа отказ в обслуживании, которые являются одним из наиболее опасных видов кибер­преступности. Построены игровые модели таких атак и проведен анализ уязвимости существующих стратегий защиты. Выделены вероятные будущие тренды в применении игрового подхода к проблемам кибербезопасности.In this paper we present an overview of the main applications of the game-theoretic approach to the network security. The game theory explores the interaction of rational agents in conflict and uncertainty. Models of game theory are successfully applied in economics, biology, computer networks and many others. Application in the field of security is a relatively new direction that allows us to present the problem of protection in the form of a game and apply advanced analysis methods. We describe main threats and corresponding models and methods of game theory in this field of science. A classification of game-theoretic approaches is proposed and a comparison of existing classifications is made. Denial of service attacks which are one of the most dangerous types of cybercrime are investigated separately. Game models of such attacks are built and the vulnerability of existing defense strategies is analyzed. Possible future trends in the application of the game approach to the problems of cybersecurity are identified and described

Oceanic Games: Centralization Risks and Incentives in Blockchain Mining

To participate in the distributed consensus of permissionless blockchains, prospective nodes -- or miners -- provide proof of designated, costly resources. However, in contrast to the intended decentralization, current data on blockchain mining unveils increased concentration of these resources in a few major entities, typically mining pools. To study strategic considerations in this setting, we employ the concept of Oceanic Games, Milnor and Shapley (1978). Oceanic Games have been used to analyze decision making in corporate settings with small numbers of dominant players (shareholders) and large numbers of individually insignificant players, the ocean. Unlike standard equilibrium models, they focus on measuring the value (or power) per entity and per unit of resource} in a given distribution of resources. These values are viewed as strategic components in coalition formations, mergers and resource acquisitions. Considering such issues relevant to blockchain governance and long-term sustainability, we adapt oceanic games to blockchain mining and illustrate the defined concepts via examples. The application of existing results reveals incentives for individual miners to merge in order to increase the value of their resources. This offers an alternative perspective to the observed centralization and concentration of mining power. Beyond numerical simulations, we use the model to identify issues relevant to the design of future cryptocurrencies and formulate prospective research questions.Comment: [Best Paper Award] at the International Conference on Mathematical Research for Blockchain Economy (MARBLE 2019

A Survey on PoW-based Consensus

We provide a historical overview of proof-of-work techniques and the fields in which it plunges its roots. We are interested in PoW-techniques applied to blockchain technology and therefore we survey the state-of-the-art protocols employing these methods for consensus algorithms, emphasizing the differences between the efficient hashcash systems and the promising bread pudding protocols. Afterwards, the consensus mechanisms are discussed and some interesting known attacks to these algorithms are collected and classified according to their underlying ideas

Cryptocurrency Mining Games with Economic Discount and Decreasing Rewards

In the consensus protocols used in most cryptocurrencies, participants called miners must find valid blocks of transactions and append them to a shared tree-like data structure. Ideally, the rules of the protocol should ensure that miners maximize their gains if they follow a default strategy, which consists on appending blocks only to the longest branch of the tree, called the blockchain. Our goal is to understand under which circumstances are miners encouraged to follow the default strategy. Unfortunately, most of the existing models work with simplified payoff functions, without considering the possibility that rewards decrease over time because of the game rules (like in Bitcoin), nor integrating the fact that a miner naturally prefers to be paid earlier than later (the economic concept of discount). In order to integrate these factors, we consider a more general model where issues such as economic discount and decreasing rewards can be set as parameters of an infinite stochastic game. In this model, we study the limit situation in which a miner does not receive a full reward for a block if it stops being in the blockchain. We show that if rewards are not decreasing, then miners do not have incentives to create new branches, no matter how high their computational power is. On the other hand, when working with decreasing rewards similar to those in Bitcoin, we show that miners have an incentive to create such branches. Nevertheless, this incentive only occurs when a miner controls a proportion of the computational power which is close to half of the computational power of the entire network

Mind the Mining

In this paper we revisit the mining strategies in proof of work based cryptocurrencies and propose two strategies, we call smart and smarter mining, that in many cases strictly dominate honest mining. In contrast to other known attacks, like selfish mining, which induce zero-sum games among the miners, the strategies proposed in this paper increase miners' profit by reducing their variable costs (i.e., electricity). Moreover, the proposed strategies are viable for much smaller miners than previously known attacks, and surprisingly, an attack performed by one miner is profitable for all other miners as well. While saving electricity power is very encouraging for the environment, it is less so for the coin's security. The smart/smarter strategies expose the coin to under 50\% attacks and this vulnerability might only grow when new miners join the coin as a response to the increase in profit margins induced by these strategies

Socially Optimal Mining Pools

Mining for Bitcoins is a high-risk high-reward activity. Miners, seeking to reduce their variance and earn steadier rewards, collaborate in pooling strategies where they jointly mine for Bitcoins. Whenever some pool participant is successful, the earned rewards are appropriately split among all pool participants. Currently a dozen of different pooling strategies (i.e., methods for distributing the rewards) are in use for Bitcoin mining. We here propose a formal model of utility and social welfare for Bitcoin mining (and analogous mining systems) based on the theory of discounted expected utility, and next study pooling strategies that maximize the social welfare of miners. Our main result shows that one of the pooling strategies actually employed in practice--the so-called geometric pay pool--achieves the optimal steady-state utility for miners when its parameters are set appropriately. Our results apply not only to Bitcoin mining pools, but any other form of pooled mining or crowdsourcing computations where the participants engage in repeated random trials towards a common goal, and where "partial" solutions can be efficiently verified