Assuring the safety of asymmetric social protocols

Abstract

Most studies of security protocols in the literature refer to interactions between computers. Nowadays, however, more and more fraud (such as phishing, Nigerian scams and the like) is carried out by abusing social protocols—that is to say, computer-mediated interactions between human subjects. We call a social protocol “asymmetric” when the initial sender benefits from execution of the protocol but the recipient is not guaranteed against dishonesty of the sender. Can a recipient ever safely engage in an asymmetric social protocol? Over the past decade or two, computer-mediated communications and purchasing transactions have become pervasive among the general public. As a consequence, attacks on social protocols have grown in prominence and value. We need a principled and systemic response to this problem, rather than ad-hoc patches. Our contribution is to introduce a framework, the “marketplace of social protocol insurers”, in which specialised providers compete to offer safety guarantees, for a fee, to subjects who wish to engage in social protocols. Providers need to develop accurate classifiers for rating protocol inputs as safe or dangerous, and the providers with the most accurate classifiers can price their insurance premiums more competitively, thereby winning a greater share of the customers. Our solution offers, through competition amongst providers, aligned incentives for the development and deployment of accurate classifiers to distinguish fraudulent and legitimate inputs and it offers a safe way for ordinary users to engage in asymmetric social protocols without having to become experts at detecting fraudulent proposals.