Skip to Main content Skip to Navigation
Conference papers

A Hypergame Analysis for ErsatzPasswords

Abstract : A hypergame is a game theoretic model capturing the decisions of rational players in a conflict where misperceptions, from deception or information asymmetry, are present. We demonstrate how hypergames can model an actual security mechanism: ErsatzPassword, a defense mechanism to protect password hashes from offline brute-force attacks. Two ErsatzPassword defensive strategies are considered: to block the attacker and trigger an alarm, or to redirect the attacker into a honeynet for attack analysis. We consider the scenario where there is information asymmetry in the system and one side under-estimates or over-estimates the risk tolerance of the other side. We analyze plausible strategies for both attacker and defender and then solve 57,600 hypergame configurations to determine the optimal 1st line defense strategies under various levels of risk tolerance and misperceptions.
Document type :
Conference papers
Complete list of metadatas

Cited literature [16 references]  Display  Hide  Download

https://hal.inria.fr/hal-02023738
Contributor : Hal Ifip <>
Submitted on : Thursday, February 21, 2019 - 4:37:54 PM
Last modification on : Thursday, February 21, 2019 - 4:40:00 PM
Long-term archiving on: : Wednesday, May 22, 2019 - 9:04:41 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2021-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Christopher Gutierrez, Mohammed Almeshekah, Saurabh Bagchi, Eugene Spafford. A Hypergame Analysis for ErsatzPasswords. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.47-61, ⟨10.1007/978-3-319-99828-2_4⟩. ⟨hal-02023738⟩

Share

Metrics

Record views

62