7 research outputs found
Some Useful Integral Representations for Information-Theoretic Analyses
This work is an extension of our earlier article, where a well-known integral
representation of the logarithmic function was explored, and was accompanied
with demonstrations of its usefulness in obtaining compact, easily-calculable,
exact formulas for quantities that involve expectations of the logarithm of a
positive random variable. Here, in the same spirit, we derive an exact integral
representation (in one or two dimensions) of the moment of a nonnegative random
variable, or the sum of such independent random variables, where the moment
order is a general positive noninteger real (also known as fractional moments).
The proposed formula is applied to a variety of examples with an
information-theoretic motivation, and it is shown how it facilitates their
numerical evaluations. In particular, when applied to the calculation of a
moment of the sum of a large number, , of nonnegative random variables, it
is clear that integration over one or two dimensions, as suggested by our
proposed integral representation, is significantly easier than the alternative
of integrating over dimensions, as needed in the direct calculation of the
desired moment.Comment: Published in Entropy, vol. 22, no. 6, paper 707, pages 1-29, June
2020. Available at: https://www.mdpi.com/1099-4300/22/6/70
Centralized vs Decentralized Targeted Brute-Force Attacks: Guessing with Side-Information
According to recent empirical studies, a majority of users have the same, or
very similar, passwords across multiple password-secured online services. This
practice can have disastrous consequences, as one password being compromised
puts all the other accounts at much higher risk. Generally, an adversary may
use any side-information he/she possesses about the user, be it demographic
information, password reuse on a previously compromised account, or any other
relevant information to devise a better brute-force strategy (so called
targeted attack). In this work, we consider a distributed brute-force attack
scenario in which adversaries, each observing some side information,
attempt breaching a password secured system. We compare two strategies: an
uncoordinated attack in which the adversaries query the system based on their
own side-information until they find the correct password, and a fully
coordinated attack in which the adversaries pool their side-information and
query the system together. For passwords of length , generated
independently and identically from a distribution , we establish an
asymptotic closed-form expression for the uncoordinated and coordinated
strategies when the side-information are generated
independently from passing through a memoryless channel ,
as the length of the password goes to infinity. We illustrate our results
for binary symmetric channels and binary erasure channels, two families of
side-information channels which model password reuse. We demonstrate that two
coordinated agents perform asymptotically better than any finite number of
uncoordinated agents for these channels, meaning that sharing side-information
is very valuable in distributed attacks