Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

52 CHAPTER 2 Game Theory for Infrastructure Security: The Power of Intent-Based Adversary Models 8. Suppose that by compromising n 0 current Tor nodes in the system, an adversary has a prob- ability of p to successfully launch an entry- exit linking attack against a Tor circuit. Let p be the probability for (another) adversary to successfully launch an entry-exit linking attack against a Tor circuit after adding n compromised nodes into the system. Is p > p or p < p ? three rounds of the repeated arms race between the two players, and derived three design prin- ciples: stratified path selection, bandwidth order selection, and adaptive exit selection, which can effectively reduce the success probability of the attack without substantially affecting the band- width of the constructed Tor paths. Open Research Problems. There are some open problems requiring further effort. For example, how to establish defender's reputation in a broader range of applications such as anony- mous communication and distributed data shar- ing systems? In some cases, adversarial threats may arise from multiple adversaries. Even worse, adversaries sometimes could collude with one another. Thus, an interesting problem would be how to extend the intent-based adversary model to address those cases. It would also be interest- ing to study how to defend against attacks other than entry-exit linking attacks popular anony- REFERENCES [1] N. Zhang, W. Yu, X. Fu, S.K. Das, Gpath: A game-theoretic path selection algorithm to protect ´ tor's anonymity, in: T. Alpcan, L. Butty an, J.S. Baras (Eds.), Proceedings of the Conference on Decision and Game Theory for Security (GameSec), Springer, New York, NY, 2010, pp. 58­71. [2] ----, Maintaining defenders reputation in anomaly detection against insider attacks, IEEE Trans. Syst. Man Cybern. B Cybern. 40 (2010) 597­611.