Gaming security by obscurity

Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, then the attacker will surely find that algorithm*. The attacker is not viewed as an omnipotent computer any more, but he is still construed as an omnipotent programmer. So the Diffie-Hellman step from unlimited to limited computational powers has not been extended into a step from unlimited to limited logical or programming powers. Is the assumption that all feasible algorithms will eventually be discovered and implemented really different from the assumption that everything that is computable will eventually be computed? The present paper explores some ways to refine the current models of the attacker, and of the defender, by taking into account their limited logical and programming powers. If the adaptive attacker actively queries the system to seek out its vulnerabilities, can the system gain some security by actively learning attacker's methods, and adapting to them?Comment: 15 pages, 9 figures, 2 tables; final version appeared in the Proceedings of New Security Paradigms Workshop 2011 (ACM 2011); typos correcte

On the limits of engine analysis for cheating detection in chess

The integrity of online games has important economic consequences for both the gaming industry and players of all levels, from professionals to amateurs. Where there is a high likelihood of cheating, there is a loss of trust and players will be reluctant to participate — particularly if this is likely to cost them money. Chess is a game that has been established online for around 25 years and is played over the Internet commercially. In that environment, where players are not physically present “over the board” (OTB), chess is one of the most easily exploitable games by those who wish to cheat, because of the widespread availability of very strong chess-playing programs. Allegations of cheating even in OTB games have increased significantly in recent years, and even led to recent changes in the laws of the game that potentially impinge upon players’ privacy. In this work, we examine some of the difficulties inherent in identifying the covert use of chess-playing programs purely from an analysis of the moves of a game. Our approach is to deeply examine a large collection of games where there is confidence that cheating has not taken place, and analyse those that could be easily misclassified. We conclude that there is a serious risk of finding numerous “false positives” and that, in general, it is unsafe to use just the moves of a single game as prima facie evidence of cheating. We also demonstrate that it is impossible to compute definitive values of the figures currently employed to measure similarity to a chess-engine for a particular game, as values inevitably vary at different depths and, even under identical conditions, when multi-threading evaluation is used

The XBOX 360 and Steganography: How Criminals and Terrorists Could Be Going Dark

Video game consoles have evolved from single-player embedded systems with rudimentary processing and graphics capabilities to multipurpose devices that provide users with parallel functionality to contemporary desktop and laptop computers. Besides offering video games with rich graphics and multiuser network play, today\u27s gaming consoles give users the ability to communicate via email, video and text chat; transfer pictures, videos, and file;, and surf the World-Wide-Web. These communication capabilities have, unfortunately, been exploited by people to plan and commit a variety of criminal activities. In an attempt to cover the digital tracks of these unlawful undertakings, anti-forensic techniques, such as steganography, may be utilized to hide or alter evidence. This paper will explore how criminals and terrorists might be using the Xbox 360 to convey messages and files using steganographic techniques. Specific attention will be paid to the going dark problem and the disjoint between forensic capabilities for analyzing traditional computers and forensic capabilities for analyzing video game consoles. Forensic approaches for examining Microsoft\u27s Xbox 360 will be detailed and the resulting evidentiary capabilities will be discussed. Keywords: Digital Forensics, Xbox Gaming Console, Steganography, Terrorism, Cyber Crim

Security-by-experiment: lessons from responsible deployment in cyberspace

Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safetyrelated, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, dversarial agents (attackers)may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies

Immigrants and Billion Dollar Startups

Immigrants play a key role in creating new, fast-growing companies, as evidenced by the prevalence of foreignborn founders and key personnel in the nation's leading privately-held companies. Immigrants have started more than half (44 of 87) of America's startup companies valued at $1 billion dollars or more and are key members of management or product development teams in over 70 percent (62 of 87) of these companies. The research finds that among the billion dollar startup companies, immigrant founders have created an average of approximately 760 jobs per company in the United States. The collective value of the 44 immigrant-founded companies is$168 billion, which is close to half the value of the stock markets of Russia or Mexico.The research involved conducting interviews and gathering information on the 87 U.S. startup companies valued at over $1 billion (as of January 1, 2016) that have yet to become publicly traded on the U.S. stock market and are tracked by The Wall Street Journal and Dow Jones VentureSource. The companies, all privately-held and with the potential to become publicly traded on the stock market, are today each valued at$1 billion or more and have received venture capital (equity) financing

Is it Meaningless to Talk About \u27the Internet\u27?

This paper suggests that there is no longer any fixed meaning to the term \u27Internet\u27. Instead, the Internet is created anew in the hands of each individual user and reflects their prioritie!i and interests. At the same time, the dynamism of Internet innovation and development is such that a burgeoning range of options has become available, allowing Internet users to customise and create their online environment to approxima.te a personal manifestation of what we might call, in a generic sense, \u27their Internet\u27. In part, this shift has been reflected in something as mundane as the everyday usage of the word. Just a few years ago, the word \u27internet\u27 would have been identified by MS Word as an error, unless it had a capital \u271\u27. Now that word-without the capital letter-is accepted. [This journal still prefers \u27Internet\u27. Ed.] The Internet is no longer a proper noun, like a place: instead, the word \u27Internet\u27 is more frequently used as an adjective or a noun-a general category of thing, as in \u27internet shopping\u27 and \u27internet research\u27. This paper looks at whether we can still have a shared meaning around the concept of \u27the Internet\u27 and, if so, what that meaning is and how and where it is confounded in everyday and emerging usage. \u27It argues that the meaningfulness of the term \u27Internet\u27 is now highly compromised and that the specificity it once enjoyed has now become subsumed within a generality equivalent to the notion of \u27the book\u27, or of \u27communication\u27