6. The Skill of Cybersecurity: Adversarial Thinking 137 6.3 Behavioral Game Theory “I’ll tell you in a minute. First, let’s drink. Me from my glass, and you from yours.” - Vizzini in The Princess Bride film One of the underlying assumptions of game theory is player perfect rationality. This means that players behave perfectly rationally when making strategic choices. This assumption makes it possible to analyze and solve games mathematically. It assumes that players will work through all the options logically. In this section, we are going to learn about behavioral game theory which challenges this assumption. The Traveling Hacker’s Dilemma Two black hats, Veryl and Ruth Ann, are traveling back from a hacking conference in Las Vegas. At the conference they both purchased a special purpose code cracking device from a hacking tools dealer. Fittingly, the dealer only accepted cash and did not provide receipts. At the airport they reluctantly agreed to check their devices because they were not allowed to carry them on the airplane—the ticket counter agent deemed them suspicious-looking. Unfortunately, when they arrived at their home airport, they found themselves in the luggage claim office because their devices never made it to the baggage claim carousel. After determining the devices disappeared without a trace and there was no hope of recovery, the luggage claim agent offered to compensate them for their losses. Unfortunately, Veryl and Ruth Ann did not have receipts, and the agent had no way of verifying how much the devices were really worth. So he came up with a plan. He gave Veryl and Ruth Ann each a piece of paper and asked them to separately write down the value of the code cracking device. He knew the devices were worth no more than $500 and no less than $100, but his goal was to determine their actual value. If they both put down the same number, he would accept that as the value and pay it out to both of them. However, if they put down different numbers, he would consider the true value the lesser amount, and he would reward the person who put down the lower number for being honest with a $50 bonus and penalize the other for being deceitful by reducing his or her payout by $50. Rather than putting down the amount he actually paid, Veryl saw an opportunity to make a little extra cash! His first thought was to put down $500 thinking that Ruth Ann would probably do the same—then they could both take home $500. But, on the other hand, being a hacker and thinking deviously, if he knew Ruth Ann would go with $500, he should actually write down $499. This would result in him taking home the $50 bonus and $549 overall. But what if Ruth Ann was even more devious and submitted $498? That would mean if Veryl wrote down $499, he would get only $448 because he would have to absorb the $50 penalty. Maybe Veryl should write down $497 just to be on the safe side, but again, what if Ruth Ann was thinking the same thing!
RkJQdWJsaXNoZXIy MTM4ODY=