Multi-User Guesswork and Brute Force Security

Multi-User Guesswork and Brute Force Security

The guesswork problem was originally motivated by a desire to quantify computational security for single user systems. Leveraging recent results from its analysis, we extend the remit and utility of the framework to the quantification of the computational security of multi-user systems. In particula...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on information theory 2015-12, Vol.61 (12), p.6876-6886
Hauptverfasser: Christiansen, Mark M., Duffy, Ken R., du Pin Calmon, Flavio, Medard, Muriel
Format: Artikel
Sprache:eng
Schlagworte:
Cybersecurity
Electronic mail
Encoding
Entropy
Force
Object recognition
Probability
Random variables
Security
Statistics
Stochastic models
Systems design
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 6886
container_issue 12
container_start_page 6876
container_title IEEE transactions on information theory
container_volume 61
creator Christiansen, Mark M.
Duffy, Ken R.
du Pin Calmon, Flavio
Medard, Muriel
description The guesswork problem was originally motivated by a desire to quantify computational security for single user systems. Leveraging recent results from its analysis, we extend the remit and utility of the framework to the quantification of the computational security of multi-user systems. In particular, assume that V users independently select strings stochastically from a finite, but potentially large, list. An inquisitor who does not know which strings have been selected wishes to identify U of them. The inquisitor knows the selection probabilities of each user and is equipped with a method that enables the testing of each (user, string) pair, one at a time, for whether that string had been selected by that user. Here, we establish that, unless U=V, there is no general strategy that minimizes the distribution of the number of guesses, but in the asymptote as the strings become long we prove the following: by construction, there is an asymptotically optimal class of strategies; the number of guesses required in an asymptotically optimal strategy satisfies a large deviation principle with a rate function, which is not necessarily convex, that can be determined from the rate functions of optimally guessing individual users' strings; if all users' selection statistics are identical, the exponential growth rate of the average guesswork as the string-length increases is determined by the specific Rényi entropy of the string-source with parameter (V-U+1)/(V-U+2), generalizing the known V=U=1 case; and that the Shannon entropy of the source is a lower bound on the average guesswork growth rate for all U and V, thus providing a bound on computational security for multi-user systems. Examples are presented to illustrate these results and their ramifications for systems design.
doi_str_mv 10.1109/TIT.2015.2482972
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_7293174</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7293174</ieee_id><sourcerecordid>3877292991</sourcerecordid><originalsourceid>FETCH-LOGICAL-c333t-bcf12c581ca33dcdcf547e83dbe3882164004899c8f1f609405c7c280efc9fbb3</originalsourceid><addsrcrecordid>eNo9kE1LAzEQhoMouFbvgpcFz6mZfGySoxZbCxUPtuewm53A1tqtyS7Sf--WLZ6Gged9Z3gIuQc2BWD2ab1cTzkDNeXScKv5BclAKU1toeQlyRgDQ62U5prcpLQdVqmAZ4S-97uuoZuEMV_0mNJvG7_ycl_nL7HvMJ-30WP-ib6PTXe8JVeh3CW8O88J2cxf17M3uvpYLGfPK-qFEB2tfADulQFfClH72gclNRpRVyiM4VBIxqSx1psAoWBWMuW154Zh8DZUlZiQx7H3ENuf4avObds-7oeTDrQopNQMxECxkfKxTSlicIfYfJfx6IC5kxQ3SHEnKe4sZYg8jJEGEf9xza0ALcUfOABcFg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1736447013</pqid></control><display><type>article</type><title>Multi-User Guesswork and Brute Force Security</title><source>IEEE Electronic Library (IEL)</source><creator>Christiansen, Mark M. ; Duffy, Ken R. ; du Pin Calmon, Flavio ; Medard, Muriel</creator><creatorcontrib>Christiansen, Mark M. ; Duffy, Ken R. ; du Pin Calmon, Flavio ; Medard, Muriel</creatorcontrib><description>The guesswork problem was originally motivated by a desire to quantify computational security for single user systems. Leveraging recent results from its analysis, we extend the remit and utility of the framework to the quantification of the computational security of multi-user systems. In particular, assume that V users independently select strings stochastically from a finite, but potentially large, list. An inquisitor who does not know which strings have been selected wishes to identify U of them. The inquisitor knows the selection probabilities of each user and is equipped with a method that enables the testing of each (user, string) pair, one at a time, for whether that string had been selected by that user. Here, we establish that, unless U=V, there is no general strategy that minimizes the distribution of the number of guesses, but in the asymptote as the strings become long we prove the following: by construction, there is an asymptotically optimal class of strategies; the number of guesses required in an asymptotically optimal strategy satisfies a large deviation principle with a rate function, which is not necessarily convex, that can be determined from the rate functions of optimally guessing individual users' strings; if all users' selection statistics are identical, the exponential growth rate of the average guesswork as the string-length increases is determined by the specific Rényi entropy of the string-source with parameter (V-U+1)/(V-U+2), generalizing the known V=U=1 case; and that the Shannon entropy of the source is a lower bound on the average guesswork growth rate for all U and V, thus providing a bound on computational security for multi-user systems. Examples are presented to illustrate these results and their ramifications for systems design.</description><identifier>ISSN: 0018-9448</identifier><identifier>EISSN: 1557-9654</identifier><identifier>DOI: 10.1109/TIT.2015.2482972</identifier><identifier>CODEN: IETTAW</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Cybersecurity ; Electronic mail ; Encoding ; Entropy ; Force ; Object recognition ; Probability ; Random variables ; Security ; Statistics ; Stochastic models ; Systems design</subject><ispartof>IEEE transactions on information theory, 2015-12, Vol.61 (12), p.6876-6886</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Dec 2015</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c333t-bcf12c581ca33dcdcf547e83dbe3882164004899c8f1f609405c7c280efc9fbb3</citedby><cites>FETCH-LOGICAL-c333t-bcf12c581ca33dcdcf547e83dbe3882164004899c8f1f609405c7c280efc9fbb3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7293174$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27903,27904,54736</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7293174$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Christiansen, Mark M.</creatorcontrib><creatorcontrib>Duffy, Ken R.</creatorcontrib><creatorcontrib>du Pin Calmon, Flavio</creatorcontrib><creatorcontrib>Medard, Muriel</creatorcontrib><title>Multi-User Guesswork and Brute Force Security</title><title>IEEE transactions on information theory</title><addtitle>TIT</addtitle><description>The guesswork problem was originally motivated by a desire to quantify computational security for single user systems. Leveraging recent results from its analysis, we extend the remit and utility of the framework to the quantification of the computational security of multi-user systems. In particular, assume that V users independently select strings stochastically from a finite, but potentially large, list. An inquisitor who does not know which strings have been selected wishes to identify U of them. The inquisitor knows the selection probabilities of each user and is equipped with a method that enables the testing of each (user, string) pair, one at a time, for whether that string had been selected by that user. Here, we establish that, unless U=V, there is no general strategy that minimizes the distribution of the number of guesses, but in the asymptote as the strings become long we prove the following: by construction, there is an asymptotically optimal class of strategies; the number of guesses required in an asymptotically optimal strategy satisfies a large deviation principle with a rate function, which is not necessarily convex, that can be determined from the rate functions of optimally guessing individual users' strings; if all users' selection statistics are identical, the exponential growth rate of the average guesswork as the string-length increases is determined by the specific Rényi entropy of the string-source with parameter (V-U+1)/(V-U+2), generalizing the known V=U=1 case; and that the Shannon entropy of the source is a lower bound on the average guesswork growth rate for all U and V, thus providing a bound on computational security for multi-user systems. Examples are presented to illustrate these results and their ramifications for systems design.</description><subject>Cybersecurity</subject><subject>Electronic mail</subject><subject>Encoding</subject><subject>Entropy</subject><subject>Force</subject><subject>Object recognition</subject><subject>Probability</subject><subject>Random variables</subject><subject>Security</subject><subject>Statistics</subject><subject>Stochastic models</subject><subject>Systems design</subject><issn>0018-9448</issn><issn>1557-9654</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kE1LAzEQhoMouFbvgpcFz6mZfGySoxZbCxUPtuewm53A1tqtyS7Sf--WLZ6Gged9Z3gIuQc2BWD2ab1cTzkDNeXScKv5BclAKU1toeQlyRgDQ62U5prcpLQdVqmAZ4S-97uuoZuEMV_0mNJvG7_ycl_nL7HvMJ-30WP-ib6PTXe8JVeh3CW8O88J2cxf17M3uvpYLGfPK-qFEB2tfADulQFfClH72gclNRpRVyiM4VBIxqSx1psAoWBWMuW154Zh8DZUlZiQx7H3ENuf4avObds-7oeTDrQopNQMxECxkfKxTSlicIfYfJfx6IC5kxQ3SHEnKe4sZYg8jJEGEf9xza0ALcUfOABcFg</recordid><startdate>201512</startdate><enddate>201512</enddate><creator>Christiansen, Mark M.</creator><creator>Duffy, Ken R.</creator><creator>du Pin Calmon, Flavio</creator><creator>Medard, Muriel</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201512</creationdate><title>Multi-User Guesswork and Brute Force Security</title><author>Christiansen, Mark M. ; Duffy, Ken R. ; du Pin Calmon, Flavio ; Medard, Muriel</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c333t-bcf12c581ca33dcdcf547e83dbe3882164004899c8f1f609405c7c280efc9fbb3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Cybersecurity</topic><topic>Electronic mail</topic><topic>Encoding</topic><topic>Entropy</topic><topic>Force</topic><topic>Object recognition</topic><topic>Probability</topic><topic>Random variables</topic><topic>Security</topic><topic>Statistics</topic><topic>Stochastic models</topic><topic>Systems design</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Christiansen, Mark M.</creatorcontrib><creatorcontrib>Duffy, Ken R.</creatorcontrib><creatorcontrib>du Pin Calmon, Flavio</creatorcontrib><creatorcontrib>Medard, Muriel</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on information theory</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Christiansen, Mark M.</au><au>Duffy, Ken R.</au><au>du Pin Calmon, Flavio</au><au>Medard, Muriel</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Multi-User Guesswork and Brute Force Security</atitle><jtitle>IEEE transactions on information theory</jtitle><stitle>TIT</stitle><date>2015-12</date><risdate>2015</risdate><volume>61</volume><issue>12</issue><spage>6876</spage><epage>6886</epage><pages>6876-6886</pages><issn>0018-9448</issn><eissn>1557-9654</eissn><coden>IETTAW</coden><abstract>The guesswork problem was originally motivated by a desire to quantify computational security for single user systems. Leveraging recent results from its analysis, we extend the remit and utility of the framework to the quantification of the computational security of multi-user systems. In particular, assume that V users independently select strings stochastically from a finite, but potentially large, list. An inquisitor who does not know which strings have been selected wishes to identify U of them. The inquisitor knows the selection probabilities of each user and is equipped with a method that enables the testing of each (user, string) pair, one at a time, for whether that string had been selected by that user. Here, we establish that, unless U=V, there is no general strategy that minimizes the distribution of the number of guesses, but in the asymptote as the strings become long we prove the following: by construction, there is an asymptotically optimal class of strategies; the number of guesses required in an asymptotically optimal strategy satisfies a large deviation principle with a rate function, which is not necessarily convex, that can be determined from the rate functions of optimally guessing individual users' strings; if all users' selection statistics are identical, the exponential growth rate of the average guesswork as the string-length increases is determined by the specific Rényi entropy of the string-source with parameter (V-U+1)/(V-U+2), generalizing the known V=U=1 case; and that the Shannon entropy of the source is a lower bound on the average guesswork growth rate for all U and V, thus providing a bound on computational security for multi-user systems. Examples are presented to illustrate these results and their ramifications for systems design.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TIT.2015.2482972</doi><tpages>11</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0018-9448
ispartof IEEE transactions on information theory, 2015-12, Vol.61 (12), p.6876-6886
issn 0018-9448
1557-9654
language eng
recordid cdi_ieee_primary_7293174
source IEEE Electronic Library (IEL)
subjects Cybersecurity
Electronic mail
Encoding
Entropy
Force
Object recognition
Probability
Random variables
Security
Statistics
Stochastic models
Systems design
title Multi-User Guesswork and Brute Force Security
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T03%3A53%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Multi-User%20Guesswork%20and%20Brute%20Force%20Security&rft.jtitle=IEEE%20transactions%20on%20information%20theory&rft.au=Christiansen,%20Mark%20M.&rft.date=2015-12&rft.volume=61&rft.issue=12&rft.spage=6876&rft.epage=6886&rft.pages=6876-6886&rft.issn=0018-9448&rft.eissn=1557-9654&rft.coden=IETTAW&rft_id=info:doi/10.1109/TIT.2015.2482972&rft_dat=%3Cproquest_RIE%3E3877292991%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1736447013&rft_id=info:pmid/&rft_ieee_id=7293174&rfr_iscdi=true