Computational Security Subject to Source Constraints, Guesswork and Inscrutability

Guesswork forms the mathematical framework for quantifying computational security subject to brute-force determination by query. In this paper, we consider guesswork subject to a per-symbol Shannon entropy budget. We introduce inscrutability rate to quantify the asymptotic difficulty of guessing U out of V secret strings drawn from the string-source and prove that the inscrutability rate of any string-source supported on a finite alphabet X, if it exists, lies between the per-symbol Shannon entropy constraint and log |X|. We show that for a stationary string-source, the inscrutability rate of guessing any fraction (1 - ϵ) of the V strings for any fixed ϵ > 0, as V grows, approaches the per-symbol Shannon entropy constraint (which is equal to the Shannon entropy rate for the stationary string-source). This corresponds to the minimum inscrutability rate among all string-sources with the same per-symbol Shannon entropy. We further prove that the inscrutability rate of any finite-order Markov string-source with hidden statistics remains the same as the unhidden case, i.e., the asymptotic value of hiding the statistics per each symbol is vanishing. On the other hand, we show that there exists a string-source that achieves the upper limit on the inscrutability rate, i.e., log |X|, under the same Shannon entropy budget

Centralized vs Decentralized Multi-Agent Guesswork

We study a notion of guesswork, where multiple agents intend to launch a coordinated brute-force attack to find a single binary secret string, and each agent has access to side information generated through either a BEC or a BSC. The average number of trials required to find the secret string grows exponentially with the length of the string, and the rate of the growth is called the guesswork exponent. We compute the guesswork exponent for several multi-agent attacks. We show that a multi-agent attack reduces the guesswork exponent compared to a single agent, even when the agents do not exchange information to coordinate their attack, and try to individually guess the secret string using a predetermined scheme in a decentralized fashion. Further, we show that the guesswork exponent of two agents who do coordinate their attack is strictly smaller than that of any finite number of agents individually performing decentralized guesswork.Comment: Accepted at IEEE International Symposium on Information Theory (ISIT) 201

Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization

In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20\% of total network attacks, making them the most prevalent type of attack ex-aequo with browser based vulnerabilities. These attacks have sometimes catastrophic consequences, and understanding their fundamental limits may play an important role in the risk assessment of password-secured systems, and in the design of better security protocols. While some solutions exist to prevent online brute-force attacks that arise from one single IP address, attacks performed by botnets are more challenging. In this paper, we analyze these distributed attacks by using a simplified model. Our aim is to understand the impact of distribution and asynchronization on the overall computational effort necessary to breach a system. Our result is based on Guesswork, a measure of the number of queries (guesses) required of an adversary before a correct sequence, such as a password, is found in an optimal attack. Guesswork is a direct surrogate for time and computational effort of guessing a sequence from a set of sequences with associated likelihoods. We model the lack of synchronization by a worst-case optimization in which the queries made by multiple adversarial agents are received in the worst possible order for the adversary, resulting in a min-max formulation. We show that, even without synchronization, and for sequences of growing length, the asymptotic optimal performance is achievable by using randomized guesses drawn from an appropriate distribution. Therefore, randomization is key for distributed asynchronous attacks. In other words, asynchronous guessers can asymptotically perform brute-force attacks as efficiently as synchronized guessers.Comment: Accepted to IEEE Transactions on Information Forensics and Securit

Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization

In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20% of total network attacks, making them the most prevalent type of attack ex-aequo with browser based vulnerabilities. These attacks have sometimes catastrophic consequences, and understanding their fundamental limits may play an important role in the risk assessment of password-secured systems, and in the design of better security protocols. While some solutions exist to prevent online brute-force attacks that arise from one single IP address, attacks performed by botnets are more challenging. In this paper, we analyze these distributed attacks by using a simplified model. Our aim is to understand the impact of distribution and asynchronization on the overall computational effort necessary to breach a system. Our result is based on Guesswork, a measure of the number of password queries (guesses) before the correct one is found in an optimal attack, which is a direct surrogate for the time and the computational effort. We model the lack of synchronization by a worst-case optimization in which the queries are received in the worst possible order, resulting in a min-max formulation. We show that even without synchronization and for sequences of growing length, the asymptotic optimal performance is achievable by using randomized guesses drawn from an appropriate distribution. Therefore, randomization is key for distributed asynchronous attacks. In other words, asynchronous guessers can asymptotically perform brute-force attacks as efficiently as synchronized guessers.Comment: 13 pages, 4 figure

Soft Guessing Under Log-Loss Distortion Allowing Errors

This paper deals with the problem of soft guessing under log-loss distortion (logarithmic loss) that was recently investigated by [Wu and Joudeh, IEEE ISIT, pp. 466--471, 2023]. We extend this problem to soft guessing allowing errors, i.e., at each step, a guesser decides whether to stop the guess or not with some probability and if the guesser stops guessing, then the guesser declares an error. We show that the minimal expected value of the cost of guessing under the constraint of the error probability is characterized by smooth R\'enyi entropy. Furthermore, we carry out an asymptotic analysis for a stationary and memoryless source

Quantifying computational security subject to source constraints, guesswork and inscrutability

Guesswork forms the mathematical framework for quantifying computational security subject to brute-force determination by query. In this paper, we consider guesswork subject to a per-symbol Shannon entropy budget. We introduce inscrutability rate to quantify the asymptotic difficulty of guessing U out of V secret strings drawn from the string-source and prove that the inscrutability rate of any string-source supported on a finite alphabet X , if it exists, lies between the per-symbol Shannon entropy constraint and log |X|. We show that for a stationary string-source, the inscrutability rate of guessing any fraction (1 - ε) of the V strings for any fixed ε > 0, as V grows, approaches the per-symbol Shannon entropy constraint (which is equal to the Shannon entropy rate for the stationary string-source). This corresponds to the minimum inscrutability rate among all string-sources with the same per-symbol Shannon entropy. We further prove that the inscrutability rate of any finite-order Markov string-source with hidden statistics remains the same as the unhidden case, i.e., the asymptotic value of hiding the statistics per each symbol is vanishing. On the other hand, we show that there exists a string-source that achieves the upper limit on the inscrutability rate, i.e., log |X|, under the same Shannon entropy budget. Index Terms—Brute-force attack; Guesswork; Inscrutability; Renyi entropy; Universal methods; Large deviation