illegitimi non carborundum - international association for ... · illegitimi non carborundum...
TRANSCRIPT
![Page 1: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/1.jpg)
Illegitimi non carborundum
(Don’t let the bastards grind you down!)
Ronald L. Rivest
Viterbi Professor of EECSMIT, Cambridge, MA
CRYPTO 20112011-08-15
1
![Page 2: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/2.jpg)
Illegitimi non carborundum(Don’t let the bastards grind you down!)
Ronald L. Rivest
Viterbi Professor of EECSMIT, Cambridge, MA
CRYPTO 20112011-08-15
2
![Page 3: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/3.jpg)
Illegitimi non carborundum(Don’t let the bastards grind you down!)
Ronald L. Rivest
Viterbi Professor of EECSMIT, Cambridge, MA
CRYPTO 20112011-08-15
3
![Page 4: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/4.jpg)
Outline
Overview and Context
The Game of “FLIPIT”
Non-Adaptive Play
Adaptive Play
Lessons and Open Questions
4
![Page 5: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/5.jpg)
Cryptography
Cryptography is mostly about usingmathematics and secrets to achieve
confidentiality, integrity, or other securityobjectives.
5
![Page 6: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/6.jpg)
Assumptions
We make assumptions as necessary, such asability of parties to generate unpredictable keys
and to keep them secret, or inability ofadversary to perform certain computations.
6
![Page 7: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/7.jpg)
Murphy’s Law: “If anything can go wrong, it will!”
7
![Page 8: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/8.jpg)
Assumptions may fail, badly. (Maginot Line)
8
![Page 9: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/9.jpg)
Even worse...
In an adversarial situation, assumption may failrepeatedly...
(ref Advanced Persistent Threats)9
![Page 10: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/10.jpg)
Most crypto is like Maginot line...
We work hard to make up good keys anddistribute them properly, then we sit back and
wait for the attack.
There is a line we assume adversary can notcross (theft of keys).
10
![Page 11: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/11.jpg)
Partial key theft
Much research allows adversary to steal someportion of key(s).
I secret-sharing [S79,...]I proactive crypto [HJKY95,...]I signer-base intrusion-resilience [IR04,...]I leakage-resilient crypto [MR04,...]
But adversary isn’t allowed to steal everything,all at once. (Some exceptions, e.g.intrusion-resilient secure channels [IMR’05])
This just moves the line in the digital sand a bit...
11
![Page 12: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/12.jpg)
Total key loss
To be a good security professional, thereshouldn’t be limits on your paranoia!
(The adversary won’t respect such limits...)Are we being sufficiently paranoid??
12
![Page 13: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/13.jpg)
Lincoln’s Riddle
Q: “If I call the dog’s tail a leg, how many legs does ithave?”
A: “Four. It doesn’t matter what you call the tail; it is still atail.”
13
![Page 14: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/14.jpg)
Lincoln’s Riddle
Q: “If I call the dog’s tail a leg, how many legs does ithave?”
A: “Four. It doesn’t matter what you call the tail; it is still atail.”
14
![Page 15: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/15.jpg)
Corollary to Lincoln’s Riddle
Calling a bit-string a “secret key” doesn’tactually make it secret...
Rather, it just identifies it as an interesting targetfor the adversary!
15
![Page 16: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/16.jpg)
Corollary to Lincoln’s Riddle
Calling a bit-string a “secret key” doesn’tactually make it secret...
Rather, it just identifies it as an interesting targetfor the adversary!
16
![Page 17: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/17.jpg)
Our goal
To develop new models for scenarios involvingtotal key loss.
Especially those scenarios where theft isstealthy or covert
(not immediately noticed by good guys).
17
![Page 18: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/18.jpg)
FLIPIT
The Game of “FLIPIT”(aka “Stealthy Takeover”)
joint work withAri Juels, Alina Oprea, Marten van Dijk
of RSA Labs
18
![Page 19: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/19.jpg)
FLIPIT is a two-player game
Defender = Player 0 = Blue
Attacker = Player 1 = Red
FLIPIT is rather symmetric, and we say“player i ” to refer to an arbitrary player.
19
![Page 20: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/20.jpg)
FLIPIT is a two-player game
Defender = Player 0 = Blue
Attacker = Player 1 = Red
FLIPIT is rather symmetric, and we say“player i ” to refer to an arbitrary player.
20
![Page 21: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/21.jpg)
There is a contested critical secret or resource
Examples:I A passwordI A digital signature keyI A computer systemI A mountain pass
21
![Page 22: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/22.jpg)
There is a contested critical secret or resource
Examples:I A password
I A digital signature keyI A computer systemI A mountain pass
22
![Page 23: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/23.jpg)
There is a contested critical secret or resource
Examples:I A passwordI A digital signature key
I A computer systemI A mountain pass
23
![Page 24: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/24.jpg)
There is a contested critical secret or resource
Examples:I A passwordI A digital signature keyI A computer system
I A mountain pass
24
![Page 25: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/25.jpg)
There is a contested critical secret or resource
Examples:I A passwordI A digital signature keyI A computer systemI A mountain pass
25
![Page 26: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/26.jpg)
State of secret or resource is binary
Good | Bad
Secret | Guessed or StolenClean | Compromised
Controlled by Defender | Controlled by AttackerBlue | Red
26
![Page 27: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/27.jpg)
State of secret or resource is binary
Good | BadSecret | Guessed or Stolen
Clean | CompromisedControlled by Defender | Controlled by Attacker
Blue | Red
27
![Page 28: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/28.jpg)
State of secret or resource is binary
Good | BadSecret | Guessed or StolenClean | Compromised
Controlled by Defender | Controlled by AttackerBlue | Red
28
![Page 29: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/29.jpg)
State of secret or resource is binary
Good | BadSecret | Guessed or StolenClean | Compromised
Controlled by Defender | Controlled by Attacker
Blue | Red
29
![Page 30: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/30.jpg)
State of secret or resource is binary
Good | BadSecret | Guessed or StolenClean | Compromised
Controlled by Defender | Controlled by AttackerBlue | Red
30
![Page 31: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/31.jpg)
A player can “move” (take control) at any time
Defender move puts resource into Good state
= Initialize Reset Recover Dis-infect
Attacker move puts resource into Bad state= Compromise Corrupt Steal Infect
Time is continuous, not discrete.Players move at same time with probability 0.
31
![Page 32: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/32.jpg)
A player can “move” (take control) at any time
Defender move puts resource into Good state= Initialize Reset Recover Dis-infect
Attacker move puts resource into Bad state= Compromise Corrupt Steal Infect
Time is continuous, not discrete.Players move at same time with probability 0.
32
![Page 33: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/33.jpg)
A player can “move” (take control) at any time
Defender move puts resource into Good state= Initialize Reset Recover Dis-infect
Attacker move puts resource into Bad state
= Compromise Corrupt Steal Infect
Time is continuous, not discrete.Players move at same time with probability 0.
33
![Page 34: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/34.jpg)
A player can “move” (take control) at any time
Defender move puts resource into Good state= Initialize Reset Recover Dis-infect
Attacker move puts resource into Bad state= Compromise Corrupt Steal Infect
Time is continuous, not discrete.Players move at same time with probability 0.
34
![Page 35: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/35.jpg)
A player can “move” (take control) at any time
Defender move puts resource into Good state= Initialize Reset Recover Dis-infect
Attacker move puts resource into Bad state= Compromise Corrupt Steal Infect
Time is continuous, not discrete.
Players move at same time with probability 0.
35
![Page 36: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/36.jpg)
A player can “move” (take control) at any time
Defender move puts resource into Good state= Initialize Reset Recover Dis-infect
Attacker move puts resource into Bad state= Compromise Corrupt Steal Infect
Time is continuous, not discrete.Players move at same time with probability 0.
36
![Page 37: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/37.jpg)
Examples of moves:
Create new password or signing key.Steal password or signing key.
Re-install system software.Use zero-day attack to install rootkit.
Send soldiers to mountain pass.Send soldiers to mountain pass.
37
![Page 38: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/38.jpg)
Examples of moves:
Create new password or signing key.Steal password or signing key.
Re-install system software.Use zero-day attack to install rootkit.
Send soldiers to mountain pass.Send soldiers to mountain pass.
38
![Page 39: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/39.jpg)
Examples of moves:
Create new password or signing key.Steal password or signing key.
Re-install system software.Use zero-day attack to install rootkit.
Send soldiers to mountain pass.Send soldiers to mountain pass.
39
![Page 40: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/40.jpg)
Continual back-and-forth warfare...
I Note that Attacker can take over at any time.
I There is no “perfect defense”.I Only option for Defender is to re-take control
later by moving again.I The game may go on forever...
40
![Page 41: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/41.jpg)
Continual back-and-forth warfare...
I Note that Attacker can take over at any time.I There is no “perfect defense”.
I Only option for Defender is to re-take controllater by moving again.
I The game may go on forever...
41
![Page 42: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/42.jpg)
Continual back-and-forth warfare...
I Note that Attacker can take over at any time.I There is no “perfect defense”.I Only option for Defender is to re-take control
later by moving again.
I The game may go on forever...
42
![Page 43: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/43.jpg)
Continual back-and-forth warfare...
I Note that Attacker can take over at any time.I There is no “perfect defense”.I Only option for Defender is to re-take control
later by moving again.I The game may go on forever...
43
![Page 44: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/44.jpg)
Moves are “stealthy”
I In practice, compromise is oftenundetected...
I In FLIPIT,players do not immediately know when theother player makes a move!(Very unusual in game theory literature!)
I Player’s uncertainty about system stateincreases with time since his last move.
I A move may take control (“flip”) or have noeffect (“flop”).
I Uncertainty means flops are unavoidable.
44
![Page 45: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/45.jpg)
Moves are “stealthy”
I In practice, compromise is oftenundetected...
I In FLIPIT,players do not immediately know when theother player makes a move!(Very unusual in game theory literature!)
I Player’s uncertainty about system stateincreases with time since his last move.
I A move may take control (“flip”) or have noeffect (“flop”).
I Uncertainty means flops are unavoidable.
45
![Page 46: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/46.jpg)
Moves are “stealthy”
I In practice, compromise is oftenundetected...
I In FLIPIT,players do not immediately know when theother player makes a move!(Very unusual in game theory literature!)
I Player’s uncertainty about system stateincreases with time since his last move.
I A move may take control (“flip”) or have noeffect (“flop”).
I Uncertainty means flops are unavoidable.
46
![Page 47: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/47.jpg)
Moves are “stealthy”
I In practice, compromise is oftenundetected...
I In FLIPIT,players do not immediately know when theother player makes a move!(Very unusual in game theory literature!)
I Player’s uncertainty about system stateincreases with time since his last move.
I A move may take control (“flip”) or have noeffect (“flop”).
I Uncertainty means flops are unavoidable.
47
![Page 48: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/48.jpg)
Moves are “stealthy”
I In practice, compromise is oftenundetected...
I In FLIPIT,players do not immediately know when theother player makes a move!(Very unusual in game theory literature!)
I Player’s uncertainty about system stateincreases with time since his last move.
I A move may take control (“flip”) or have noeffect (“flop”).
I Uncertainty means flops are unavoidable.
48
![Page 49: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/49.jpg)
Moves may be informative
I A player learns the state of the system onlywhen he moves.
I In basic FLIPIT, each move has feedbackthat reveals all previous moves.
I In variants, move reveals only current state,or time since other player last moved...
49
![Page 50: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/50.jpg)
Moves may be informative
I A player learns the state of the system onlywhen he moves.
I In basic FLIPIT, each move has feedbackthat reveals all previous moves.
I In variants, move reveals only current state,or time since other player last moved...
50
![Page 51: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/51.jpg)
Moves may be informative
I A player learns the state of the system onlywhen he moves.
I In basic FLIPIT, each move has feedbackthat reveals all previous moves.
I In variants, move reveals only current state,or time since other player last moved...
51
![Page 52: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/52.jpg)
Cost of moves and gains for being in control
I Moves aren’t for free!
I Player i pays ki points per move:Defender pays k0, Attacker pays k1
I Being in control yields gain!I Player earns one point for each second he is
in control.
52
![Page 53: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/53.jpg)
Cost of moves and gains for being in control
I Moves aren’t for free!I Player i pays ki points per move:
Defender pays k0, Attacker pays k1
I Being in control yields gain!I Player earns one point for each second he is
in control.
53
![Page 54: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/54.jpg)
Cost of moves and gains for being in control
I Moves aren’t for free!I Player i pays ki points per move:
Defender pays k0, Attacker pays k1
I Being in control yields gain!
I Player earns one point for each second he isin control.
54
![Page 55: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/55.jpg)
Cost of moves and gains for being in control
I Moves aren’t for free!I Player i pays ki points per move:
Defender pays k0, Attacker pays k1
I Being in control yields gain!I Player earns one point for each second he is
in control.
55
![Page 56: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/56.jpg)
How well are you playing? (Notation)
I Let Ni(t) denote number moves by player iup to time t . His average rate of play is
αi(t) = Ni(t)/t .
I Let Gi(t) denote the number of secondsplayer i is in control, up to time t .His rate of gain up to time t as
γi(t) = Gi(t)/t .
56
![Page 57: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/57.jpg)
How well are you playing? (Notation)
I Let Ni(t) denote number moves by player iup to time t . His average rate of play is
αi(t) = Ni(t)/t .
I Let Gi(t) denote the number of secondsplayer i is in control, up to time t .His rate of gain up to time t as
γi(t) = Gi(t)/t .
57
![Page 58: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/58.jpg)
How well are you playing? (Notation)
I Score (net benefit) Bi(t) up to time t isTimeInControl - CostOfMoves:
Bi(t) = Gi(t)− ki · Ni(t)
I Benefit rate is
βi(t) = Bi(t)/t= γi(t)− ki · αi(t)
I Player wishes to maximize βi = limt→∞ βi(t).
58
![Page 59: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/59.jpg)
Movie of FLIPIT Game – Global View
59
![Page 60: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/60.jpg)
Movie of FLIPIT Game – Defender View
60
![Page 61: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/61.jpg)
How to play well?
61
![Page 62: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/62.jpg)
Non-Adaptive Play
62
![Page 63: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/63.jpg)
Non-adaptive strategies
I A non-adaptive strategy plays on blindly,independent of other player’s moves.
I In principle, a non-adaptive player canpre-compute his entire (infinite!) list ofmoves before the game starts.
I Some interesting non-adaptive strategies:
I Periodic playI Exponential (memoryless) playI Renewal strategies: iid intermove times
63
![Page 64: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/64.jpg)
Non-adaptive strategies
I A non-adaptive strategy plays on blindly,independent of other player’s moves.
I In principle, a non-adaptive player canpre-compute his entire (infinite!) list ofmoves before the game starts.
I Some interesting non-adaptive strategies:
I Periodic playI Exponential (memoryless) playI Renewal strategies: iid intermove times
64
![Page 65: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/65.jpg)
Non-adaptive strategies
I A non-adaptive strategy plays on blindly,independent of other player’s moves.
I In principle, a non-adaptive player canpre-compute his entire (infinite!) list ofmoves before the game starts.
I Some interesting non-adaptive strategies:
I Periodic playI Exponential (memoryless) playI Renewal strategies: iid intermove times
65
![Page 66: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/66.jpg)
Non-adaptive strategies
I A non-adaptive strategy plays on blindly,independent of other player’s moves.
I In principle, a non-adaptive player canpre-compute his entire (infinite!) list ofmoves before the game starts.
I Some interesting non-adaptive strategies:I Periodic play
I Exponential (memoryless) playI Renewal strategies: iid intermove times
66
![Page 67: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/67.jpg)
Non-adaptive strategies
I A non-adaptive strategy plays on blindly,independent of other player’s moves.
I In principle, a non-adaptive player canpre-compute his entire (infinite!) list ofmoves before the game starts.
I Some interesting non-adaptive strategies:I Periodic playI Exponential (memoryless) play
I Renewal strategies: iid intermove times
67
![Page 68: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/68.jpg)
Non-adaptive strategies
I A non-adaptive strategy plays on blindly,independent of other player’s moves.
I In principle, a non-adaptive player canpre-compute his entire (infinite!) list ofmoves before the game starts.
I Some interesting non-adaptive strategies:I Periodic playI Exponential (memoryless) playI Renewal strategies: iid intermove times
68
![Page 69: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/69.jpg)
Periodic play
Player i may play periodicallywith rate αi and period 1/αi
E.g. for α0 = 1/3, we might have:
t
It is convenient to assume that periodic playinvolves miniscule amounts of jitter or drift; playis effectively periodic but will drift out of phasewith truly periodic.
69
![Page 70: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/70.jpg)
Periodic play
Player i may play periodicallywith rate αi and period 1/αi
E.g. for α0 = 1/3, we might have:
t
It is convenient to assume that periodic playinvolves miniscule amounts of jitter or drift; playis effectively periodic but will drift out of phasewith truly periodic.
70
![Page 71: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/71.jpg)
Periodic play
Player i may play periodicallywith rate αi and period 1/αi
E.g. for α0 = 1/3, we might have:
t
It is convenient to assume that periodic playinvolves miniscule amounts of jitter or drift; playis effectively periodic but will drift out of phasewith truly periodic.
71
![Page 72: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/72.jpg)
Adaptive play against a periodic opponent
An adaptive Attacker can easily learn the periodand phase of a periodic Defender, so thatperiodic play is useless against an adaptiveopponent, unless it is very fast.Examples:
I a sentry make his regular roundsI 90-day password reset
72
![Page 73: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/73.jpg)
Periodic Attacker
TheoremIf Attacker moves periodically at rate α1 (andperiod 1/α1, with unknown phase), thenoptimum non-adaptive Defender strategy is
I if α1 > 1/2k0, don’t play(!),I if α1 = 1/2k0, play periodically at any rate α0,
0 ≤ α0 ≤ 1/2k0,I if α1 < 1/2k0, play periodically at rate
α0 =
√α1
2k0> α1
73
![Page 74: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/74.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
74
![Page 75: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/75.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
75
![Page 76: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/76.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
76
![Page 77: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/77.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
77
![Page 78: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/78.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefit
if α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
78
![Page 79: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/79.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
79
![Page 80: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/80.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefit
if α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
80
![Page 81: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/81.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
81
![Page 82: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/82.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
82
![Page 83: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/83.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
83
![Page 84: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/84.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
84
![Page 85: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/85.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
85
![Page 86: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/86.jpg)
Graph for Periodic Attacker and Periodic Defender(k0 = 1, k1 = 1.5)
α023
12
13
16
α1
23
12
13
16
if α1 >1
2k0Attacker too fast for Defender
if α1 = 12k0
Defender can play with 0 benefitif α1 <1
2k0
Defender maximizes benefit withα0 =
√α12k0
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 13 ,
29 )
(γ0, γ1) = ( 23 ,
13 )
(β0, β1) = ( 13 ,0)
86
![Page 87: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/87.jpg)
Exponential Attacker
If Attacker plays exponentially with rate α1, thenhis moves form a memoryless Poisson process;he plays independently in each interval of timeof size dt with probability α1 dt
Probability that intermove delay is at most x is
1− e−α1x
For α1 = 0.5, we might have:
t
87
![Page 88: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/88.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
88
![Page 89: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/89.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
89
![Page 90: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/90.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
90
![Page 91: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/91.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
91
![Page 92: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/92.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
92
![Page 93: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/93.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
93
![Page 94: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/94.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
94
![Page 95: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/95.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
95
![Page 96: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/96.jpg)
Graph for Exponential Attacker and Defender)(k0 = 1, k1 = 1.5)
α012
313
α1
1
23
13
Attacker too fast if α1 > 1
Optimal Defender play for α1 < 1
α0 =√
α1k0− α1
Optimal Attacker play
Nash equilibrium at (α0, α1) = ( 625 ,
425 )
(γ0, γ1) = ( 35 ,
25 )
(β0, β1) = ( 925 ,
625 )
96
![Page 97: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/97.jpg)
Renewal Strategies
A renewal strategy is one with iid intermovedelays for player i ’s moves:
Pr(delay ≤ x) = Fi(x)
for some distribution Fi .
Renewal strategies form a very large class of(non-adaptive) strategies; periodic, exponential,etc. are special cases...Origin of term: player’s moves form a renewalprocess.
97
![Page 98: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/98.jpg)
Optimal (renewal) play against a renewal strategy.
One of our major results is the following:
TheoremThe optimal renewal strategy against anyrenewal strategy is either periodic or not playing.
98
![Page 99: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/99.jpg)
Proof notes
Average time between buses6=
Average waiting time for a bus
Proof considers size-biased interval sizes...
Note that a periodic strategy minimizes varianceof interval sizes, and thus minimizes size-biasedinterval size.
99
![Page 100: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/100.jpg)
Proof notes
Average time between buses6=
Average waiting time for a bus
Proof considers size-biased interval sizes...
Note that a periodic strategy minimizes varianceof interval sizes, and thus minimizes size-biasedinterval size.
100
![Page 101: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/101.jpg)
Proof notes
Average time between buses6=
Average waiting time for a bus
Proof considers size-biased interval sizes...
Note that a periodic strategy minimizes varianceof interval sizes, and thus minimizes size-biasedinterval size.
101
![Page 102: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/102.jpg)
Adaptive Play
102
![Page 103: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/103.jpg)
Adaptive Strategies
I Periodic strategy not very effective againstadaptive Attacker, who can learn to movejust after each Defender move.
I FLIPIT with adaptive strategies can becomplicated – generalizes iterated Prisoner’sDilemma—e.g. for periodic play:
slow(α1 = 0.1) fast(α1 = 0.2)slow(α0 = 0.1) 0.40,0.40 -0.10,0.55fast(α0 = 0.2) 0.55,-0.10 0.30,0.30
103
![Page 104: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/104.jpg)
Adaptive Strategies
I Periodic strategy not very effective againstadaptive Attacker, who can learn to movejust after each Defender move.
I FLIPIT with adaptive strategies can becomplicated – generalizes iterated Prisoner’sDilemma—e.g. for periodic play:
slow(α1 = 0.1) fast(α1 = 0.2)slow(α0 = 0.1) 0.40,0.40 -0.10,0.55fast(α0 = 0.2) 0.55,-0.10 0.30,0.30
104
![Page 105: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/105.jpg)
Adaptive Strategies
I Periodic strategy not very effective againstadaptive Attacker, who can learn to movejust after each Defender move.
I FLIPIT with adaptive strategies can becomplicated – generalizes iterated Prisoner’sDilemma—e.g. for periodic play:
slow(α1 = 0.1) fast(α1 = 0.2)slow(α0 = 0.1) 0.40,0.40 -0.10,0.55fast(α0 = 0.2) 0.55,-0.10 0.30,0.30
105
![Page 106: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/106.jpg)
Exponential works well even against adaptivestrategies
TheoremThe optimal strategy (of any sort, even adaptive)against an exponential strategy is either periodicor not playing.
Defender can always play exponential strategyagainst a potentially adaptive Attacker; Attackercan’t then do better than playing periodically (ornot playing).
106
![Page 107: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/107.jpg)
Defender’s (α0 = 0.25) net benefit β0
against optimal (periodic) Attacker (α1variable)
α123
13
β0
23
13
Periodic Attacker
Periodic Defender
⇓Adaptive Attacker
Exponential Defender
∃ ? Better Defender ?
107
![Page 108: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/108.jpg)
Defender’s (α0 = 0.25) net benefit β0
against optimal (adaptive) Attacker (α1variable)
α123
13
β0
23
13
Periodic Attacker
Periodic Defender
⇓Adaptive Attacker
Exponential Defender
∃ ? Better Defender ?
108
![Page 109: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/109.jpg)
Defender’s (α0 = 0.25) net benefit β0
against optimal (adaptive) Attacker (α1variable)
α123
13
β0
23
13
Periodic Attacker
Periodic Defender
⇓Adaptive Attacker
Exponential Defender
∃ ? Better Defender ?
109
![Page 110: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/110.jpg)
Lessons and Open Questions
110
![Page 111: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/111.jpg)
Lessons
I Be prepared to deal with continual repeatedfailure (loss of control).
I Play fast! Aim to make opponent drop out!(Agility!)
I Arrange game so that your moves cost muchless than your opponent’s!(Cheap to refresh passwords or keys, easyto reset system to pristine state (as with avirtual machine))
111
![Page 112: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/112.jpg)
Lessons
I Be prepared to deal with continual repeatedfailure (loss of control).
I Play fast! Aim to make opponent drop out!(Agility!)
I Arrange game so that your moves cost muchless than your opponent’s!(Cheap to refresh passwords or keys, easyto reset system to pristine state (as with avirtual machine))
112
![Page 113: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/113.jpg)
Lessons
I Be prepared to deal with continual repeatedfailure (loss of control).
I Play fast! Aim to make opponent drop out!(Agility!)
I Arrange game so that your moves cost muchless than your opponent’s!(Cheap to refresh passwords or keys, easyto reset system to pristine state (as with avirtual machine))
113
![Page 114: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/114.jpg)
Open question 1
Conjecture: The optimal non-adaptive strategyagainst a renewal strategy is periodic.
(We only proved that optimal renewal strategy isperiodic.)
114
![Page 115: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/115.jpg)
Open question 2
What is “optimal” renewal strategy against anadaptive rate-limited Attacker?(e.g. N1(t)/t ≤ α1 for all t)?
That is, how to balance trade-off betweenperiodic play, which has low-variance intervalsbut is predictable, and exponential, which hashigh-variance intervals but is veryunpredictable?
Perhaps using gamma-distributed intervals ordelayed exponentials?
115
![Page 116: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/116.jpg)
Open question 2
What is “optimal” renewal strategy against anadaptive rate-limited Attacker?(e.g. N1(t)/t ≤ α1 for all t)?
That is, how to balance trade-off betweenperiodic play, which has low-variance intervalsbut is predictable, and exponential, which hashigh-variance intervals but is veryunpredictable?
Perhaps using gamma-distributed intervals ordelayed exponentials?
116
![Page 117: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/117.jpg)
Open question 3
Are there information-theoretic bounds on howwell a rate-limited Attacker can do against afixed renewal strategy by Defender?
117
![Page 118: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/118.jpg)
Open question 4
What learning theory algorithms yield adaptivestrategies provably optimal against renewalstrategies?
118
![Page 119: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/119.jpg)
Open questions 5, 6, 7, ...
5 Multi-player FLIPIT6 Other feedback models (e.g. add low-cost
“check”)7 How to structure PKI when any party
(including CA’s) may get “hacked” at anytime?
... ...
119
![Page 120: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/120.jpg)
Online version of FLIPIT
More information on FLIPIT, including anonline interactive version of the game, will beavailable in the next few weeks at:
www.rsa.com/flipit
Enjoy!
120
![Page 121: Illegitimi non carborundum - International Association for ... · Illegitimi non carborundum (Don’t let the bastards grind you down!) Ronald L. Rivest Viterbi Professor of EECS](https://reader030.vdocument.in/reader030/viewer/2022041001/5ea25cf581408978bf513240/html5/thumbnails/121.jpg)
The End
121