pith. sign in

arxiv: 2506.04634 · v3 · submitted 2025-06-05 · 💻 cs.CR

Incentivizing Collaboration for Detection of Credential Database Breaches

Mridu Nanda , Michael K. Reiter This is my paper

Pith reviewed 2026-05-19 11:43 UTC · model grok-4.3

classification 💻 cs.CR
keywords honeywordscredential stuffingbreach detectionfavor exchangemodel checkingcollaboration incentivespassword securitymonitoring ecosystem
0
0 comments X

The pith

Sites improve their own breach detection by increasing monitoring of honeywords at other sites via favor exchanges.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes an algorithm for websites to exchange monitoring favors focused on honeywords, which are decoy passwords that flag breaches when used in logins. Model-checking analysis shows that a site detects its own credential database breach more effectively when it devotes greater monitoring effort to checking for its honeywords at peer sites. This mechanism addresses the incentive gap that previously discouraged collaborative monitoring against credential stuffing, where attackers test stolen passwords elsewhere to avoid triggering alerts. Evaluation on a real breached credential dataset demonstrates that the approach scales effectively and quantifies how parameters like monitoring volume shape results. A sympathetic reader would care because it turns mutual monitoring into a self-reinforcing practice that could raise the bar for attackers reusing passwords across sites.

Core claim

Through a model-checking analysis, a site can improve its ability to detect its own breach when it increases the monitoring effort it expends for others, using an algorithm by which sites exchange monitoring favors for honeyword detection at other sites.

What carries the argument

The favor-exchange algorithm that lets sites trade monitoring efforts, with model checking used to verify that higher effort for others yields better own-site detection.

If this is right

  • Sites that increase their monitoring effort for others achieve higher rates of detecting their own breaches.
  • Detection effectiveness scales with parameters such as total monitoring volume and number of participating sites.
  • The favor-exchange approach maintains performance when tested against real-world breached credential datasets.
  • Quantified parameter effects support practical decisions on deploying a shared monitoring ecosystem.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Wider adoption could reduce the overall success of credential stuffing by making cross-site checks routine.
  • The system might extend to automated protocols that penalize non-reporting to strengthen long-term participation.
  • Similar favor-exchange ideas could apply to other collaborative security tasks like sharing indicators of compromise.

Load-bearing premise

Sites can reliably detect and report honeyword usage at other sites and will follow the favor-exchange protocol without strategic deviation or false reports.

What would settle it

A simulation or deployment where participating sites either fail to report honeyword detections accurately or deviate from the agreed favor exchanges, resulting in no measurable gain in breach detection rates.

Figures

Figures reproduced from arXiv: 2506.04634 by Michael K. Reiter, Mridu Nanda.

Figure 1
Figure 1. Figure 1: Distribution of s ∗ .normRisk(r ′ ) per s ∗ .pop, s ∗ .capC including s ∗ e and s ∗ p . Each box spans 25th-75th per￾centile; whisker spans 5th-95th percentile; diamond shows the mean; red line shows the median. s ∗ .normRisk(r ′ ) decreased with higher s ∗ .capC and lower s ∗ .pop. advFreqθ fracAdvθ s ∗ .cutline s ∗ .foresight slack slack 1 2 3 ∞ 1 2 3 ∞ false 0 0.518 0.510 0.482 0.483 0.083 0.081 0.077 0… view at source ↗
Figure 2
Figure 2. Figure 2: Comparison of exhaustive and proportional strategies across θ constraints defined by combinations of s ∗ e .cutline, s ∗ e .foresight, and slack. The left table shows advFreqθ (Eqn. (7)) and the right table shows fracAdvθ (Eqn. (9)). Setting θ ← s ∗ e .cutline = false, s ∗ e .foresight = 0, slack = ∞ diminished advFreqθ and fracAdvθ. 3.6.2 Unpopular sites still receive protection [PITH_FULL_IMAGE:figures/… view at source ↗
Figure 3
Figure 3. Figure 3: Each cell shows absAdvψ∗ with lighter cells in￾dicating less exhaustive advantage. We omit s ∗ .pop < 0.75 and privLvl = psica, due to space, though trends are similar. absAdvψ∗ peaked when s ∗ .capC ≪ s.capC, and minimally improved at higher s ∗ e .lookahead. guard against peers abruptly shifting allocations to maximize their own slot returns. However, under ψ constraints, we found that s.smf value employ… view at source ↗
Figure 5
Figure 5. Figure 5: Mean s ∗ .normCostCum(+10) for a.aggression = 0.75, privLvl = psi. Lighter cells show lower cost. to maximize the expected number of users in s ∗ .users for whom it successfully stuffed an account at a site in S \ {s ∗ } with a password its user reused at s ∗ , which we denote s ∗ .costCum(+r). We also define s ∗ .normCostCum(+r) = s ∗ .costCum(+r) |s ∗ .vulnUsers| (12) We largely adopt the same experiment… view at source ↗
Figure 6
Figure 6. Figure 6: Mean s ∗ .normCostCum(+10) for a.aggression = 1.0. Lighter cells indicate lower s ∗ .normCostCum(+10). instead simulated a greedy attacker that approximates opti￾mal behavior through a series of locally optimal choices. We set a.foresight = 0 and a.lookahead = 1, giving the attacker a 10-bid stuffing window after each site placed at least one bid under P2b, following the setup in §4.3. After the r ′ -th (e… view at source ↗
Figure 7
Figure 7. Figure 7: Performance of proportional bidding each peer s ′ ∈ S \ {s} takes to update its slot allocations from s in step P1b, denoted time(P1b), accumulated over all peers—so, (n − 1) × time(P1b). This bid induces ad￾ditional computation on the peer sites S \ {s}, however, to create monitoring requests per the Amnesia protocol, to fulfill the allocation each receives in this bidding step. We denote the time to gene… view at source ↗
Figure 8
Figure 8. Figure 8: Pass￾word reuse rate The processed Cit0day dataset in￾cludes 74,268,368 users across 7,914 sites and 53,241,884 unique pass￾words. Site sizes vary widely (see Fig. 9c). However, a site’s popularity does not directly translate to greater risk. From the site’s own perspec￾tive, the number of users it shares with other sites—its only observable signal of stuffing risk—correlates only weakly with site size (r … view at source ↗
Figure 9
Figure 9. Figure 9: Exploration of Cit0day Dataset Appendix C. Performance Optimizations To place a bid according to P2b, s must determine s.avgRisk(s ′ ) from all s ′ ∈ S \ {s}. However, calculating s.avgRisk(s ′ ) involves computing the optimal number f of stuffing attempts by an attacker which maximizes Eqn. (1) assuming k = s ′ .allocTo(s). A naive implementation could iterate over all the possible values of f, which is u… view at source ↗
read the original abstract

Decoy passwords, or ``honeywords,'' alert a site to its breach if entered in a login attempt on that site. However, an attacker can identify a user-chosen password from among the decoys, without alerting the site to its breach, via credential stuffing, i.e., entering the stolen passwords at another site where a user reused her password. Prior work thus proposed that sites monitor for the entry of their honeywords at other sites, but the incentives for sites to participate in this monitoring remain unclear. In this paper, we propose and evaluate an algorithm by which sites can exchange monitoring favors. Through a model-checking analysis, we show that a site can improve its ability to detect its own breach when it increases the monitoring effort it expends for others. We quantify how key parameters impact detection effectiveness and their implications for deploying a monitoring ecosystem. Finally, we evaluate our algorithm on a breached credential dataset, demonstrating effectiveness at scale.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper proposes an algorithm for credential-storing sites to exchange monitoring favors for honeyword detections to counter credential-stuffing attacks. Through model-checking of a game-theoretic protocol, it claims that a site improves its own breach detection probability by increasing the monitoring effort it expends on behalf of other sites. The work quantifies the impact of key parameters on detection effectiveness and evaluates the algorithm on a real-world breached-credential dataset to demonstrate scalability.

Significance. If the central claim holds under realistic conditions, the result supplies a formal incentive mechanism for collaborative monitoring that could strengthen ecosystem-wide breach detection. The manuscript earns credit for employing model-checking to provide machine-checked support for the incentive property and for performing an independent evaluation on a large breached-credential dataset that shows effectiveness at scale.

major comments (1)
  1. [Abstract and evaluation sections] Abstract and evaluation sections: the model-checking analysis establishes the improvement claim only under the assumption that sites reliably detect honeyword usage at remote sites and submit reports honestly without strategic deviation or false positives. The transition rules and payoff functions embed this premise directly, yet no additional robustness checks or alternative strategies (e.g., withholding reports or injecting false positives) are explored; if such deviations are admitted, the verified property may cease to hold and the central claim becomes conditional on unverified behavioral assumptions.
minor comments (1)
  1. [Abstract] Abstract: error bars, sensitivity analysis with respect to monitoring-effort levels, and handling of false-positive reports are not mentioned, leaving gaps in the reported robustness.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback. The major comment correctly identifies the scope of our modeling assumptions, which we address below.

read point-by-point responses

  1. Referee: [Abstract and evaluation sections] Abstract and evaluation sections: the model-checking analysis establishes the improvement claim only under the assumption that sites reliably detect honeyword usage at remote sites and submit reports honestly without strategic deviation or false positives. The transition rules and payoff functions embed this premise directly, yet no additional robustness checks or alternative strategies (e.g., withholding reports or injecting false positives) are explored; if such deviations are admitted, the verified property may cease to hold and the central claim becomes conditional on unverified behavioral assumptions.

    Authors: We agree that the model-checking analysis verifies the incentive property only under the assumptions of reliable honeyword detection and honest reporting, as directly encoded in the transition rules and payoff functions. The central claim of the paper is that, within this model, a site improves its own breach detection by increasing monitoring effort for others. We did not perform robustness checks against strategic deviations such as withholding reports or injecting false positives, because the work focuses on establishing the basic collaborative incentive mechanism rather than a full adversarial game. We will revise the abstract and evaluation sections to more explicitly state these assumptions and add a short discussion paragraph noting that analysis of strategic misbehavior is an important avenue for future work. revision: partial

Circularity Check

0 steps flagged

No significant circularity; model-checking derives property from explicitly defined game rules

full rationale

The central claim is established by model-checking a game with explicitly stated transition rules, payoff functions, and monitoring protocols. The verification result follows from the model definition rather than reducing to a fitted parameter or self-citation chain. The separate evaluation on an external breached-credential dataset provides an independent check. No load-bearing step equates the output to the input by construction, and the paper does not invoke prior self-authored uniqueness theorems or smuggle ansatzes.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The paper relies on standard assumptions from game theory and security modeling plus one dataset; no new physical entities or ad-hoc constants are introduced beyond typical monitoring-rate parameters.

free parameters (1)
  • monitoring effort level
    The amount of monitoring a site expends for others is treated as a tunable parameter whose effect on own detection probability is quantified.
axioms (1)
  • domain assumption Sites can accurately detect and attribute honeyword usage at other sites
    Invoked in the model-checking analysis to link monitoring effort to breach detection.

pith-pipeline@v0.9.0 · 5686 in / 1237 out tokens · 27022 ms · 2026-05-19T11:43:15.241886+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

94 extracted references · 94 canonical work pages · 1 internal anchor

  1. [1]

    Abdallah, P

    M. Abdallah, P. Naghizadeh, A. R. Hota, T. Cason, S. Bagchi, and S. Sundaram. Behavioral and game-theoretic security investments in interdependent systems modeled by attack graphs. IEEE Transactions on Control of Network Systems , 7(4):1585–1596, 2020

    work page 2020

  2. [2]

    Abdallah, D

    M. Abdallah, D. Woods, P. Naghizadeh, I. Khalil, T. Cason, S. Sun- daram, and S. Bagchi. Tasharok: Using mechanism design for enhancing security resource allocation in interdependent systems. In IEEE Symposium on Security and Privacy , pages 249–266, 2022

    work page 2022

  3. [3]

    Abraham, P

    I. Abraham, P. Jovanovic, M. Maller, S. Meiklejogn, G. Stern, and A. Tomescu. Reaching consensus for asynchronous distributed key generation. In 40th ACM Symposium on Principles of Distributed Computing, pages 363–373, 2021

    work page 2021

  4. [4]

    Abraham, P

    I. Abraham, P. Jovanovic, M. Maller, S. Meiklejohn, and G. Stern. Bingo: Adaptivity and asynchrony in verifiable secret sharing and distributed key generation. In Advances in Cryptology – CRYPTO 2023, volume 14081 of Lecture Notes in Computer Science , August 2023

    work page 2023

  5. [5]

    Chang, A

    Akshima, D. Chang, A. Goel, S. Mishra, and S. K. Sanadhya. Gen- eration of secure and reliable honeywords, preventing false detection. IEEE Transactions on Dependable and Secure Computing, 16(5):757– 769, 2019

    work page 2019

  6. [6]

    AlSabah, G

    M. AlSabah, G. Oligeri, and R. Riley. Your culture is in your password: An analysis of a demographically-diverse password dataset. Computers & Security, 77:427–441, 2018

    work page 2018

  7. [7]

    Bandarupalli, A

    A. Bandarupalli, A. Bhat, S. Bagchi, A. Kate, and M. K. Reiter. Random beacons in Monte Carlo: E fficient asynchronous random beacon without threshold cryptography. In 31st ACM Conference on Computer and Communications Security , 2024

    work page 2024

  8. [8]

    Birnbaum, N

    B. Birnbaum, N. R. Devanur, and L. Xiao. Distributed algorithms via gradient descent for Fisher markets. In 12th ACM Conference on Electronic Commerce, pages 127–136, 2011

    work page 2011

  9. [9]

    Br ˆanzei, N

    S. Br ˆanzei, N. Devanur, and Y . Rabani. Proportional dynamics in exchange economies. In 22nd ACM Conference on Economics and Computation, pages 180–201, 2021

    work page 2021

  10. [10]

    Cachin, K

    C. Cachin, K. Kursawe, and V . Shoup. Random oracles in Con- stantinople: Practical asynchronous Byzantine agreement using cryp- tography. In 19th ACM Symposium on Principles of Distributed Computing, 2000

    work page 2000

  11. [11]

    Chakraborty, J

    N. Chakraborty, J. Li, V . C. M. Leung, S. Mondal, Y . Pan, C. Luo, and M. Mukherjee. Honeyword-based authentication techniques for protecting passwords: A survey. ACM Computing Surveys , 55:1–37, 2022

    work page 2022

  12. [12]

    Y . K. Cheung, R. Cole, and Y . Tao. Dynamics of distributed updating in Fisher markets. In 19th ACM Conference on Economics and Computation, pages 351–368, 2018

    work page 2018

  13. [13]

    C. Cimpanu. 23,600 hacked databases have leaked from a defunct ’data breach index’ site. https: //www.zdnet.com /article /23600-hac ked-databases-have-leaked-from-a-defunct-data-breach-index-site /, November 2020

    work page 2020

  14. [14]

    B. Cohen. Incentives build robustness in BitTorrent. http: //bittorrent .org/bittorrentecon.pdf, May 2003

    work page 2003

  15. [15]

    A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang. The tangled web of password reuse. In 21st ISOC Network and Distributed System Security Symposium, 2014

    work page 2014

  16. [16]

    S. Das, Z. Xiang, L. Kokoris-Kogias, and L. Ren. Practical asyn- chronous high-threshold distributed key generation and distributed polynomial sampling. In 32nd USENIX Security Symposium , August 2023

    work page 2023

  17. [17]

    S. Das, T. Yurek, Z. Xiang, A. Miller, L. Kokoris-Kogias, and L. Ren. Practical asynchronous distributed key generation. In 43rd IEEE Symposium on Security and Privacy , pages 2518–2534, 2022

    work page 2022

  18. [18]

    Kruskal-Wallis-test

    DATAtab Team. Kruskal-Wallis-test. https: //datatab.net/tutorial/kru skal-wallis-test

    work page

  19. [19]

    Davidson and C

    A. Davidson and C. Cid. An e fficient toolkit for computing private set operations. In 22nd Australasian Conference on Information Security and Privacy , volume 10343 of Lecture Notes in Computer Science , pages 261–278, July 2017

    work page 2017

  20. [20]

    De Cristofaro, P

    E. De Cristofaro, P. Gasti, and G. Tsudik. Fast and private computa- tion of cardinality of set intersection and union. In 11th International Conference on Cryptology and Network Security , volume 7712 of Lecture Notes in Computer Science , pages 218–231, 2012

    work page 2012

  21. [21]

    L. F. de Souza, P. Kuznetsov, and A. Tonkikh. Distributed randomness from approximate agreement. In 36th International Conference on Distributed Computing, October 2022

    work page 2022

  22. [22]

    DeBlasio, S

    J. DeBlasio, S. Savage, G. M. V oelker, and A. C. Snoeren. Tripwire: Inferring internet site compromise. In 17th Internet Measurement Conference, pages 341–354, 2017

    work page 2017

  23. [23]

    S. K. Debnath and R. Dutta. Secure and e fficient private set intersec- tion cardinality using Bloom filter. In 18th International Conference on Information Security , volume 9290 of Lecture Notes in Computer Science, pages 209–226, September 2015

    work page 2015

  24. [24]

    Dionysiou, V

    A. Dionysiou, V . Vassiliades, and E. Athanasopoulos. Honeygen: generating honeywords using representation learning. In 16th ACM Symposium on Information, Computer and Communications Security , 2021

    work page 2021

  25. [25]

    C. Duma, M. Karresand, N. Shahmehri, and G. Caronni. A trust- aware, P2P-based overlay for intrusion detection. In 17th International Workshop on Database and Expert Systems Applications , pages 692– 697, 2006

    work page 2006

  26. [26]

    Egert, M

    R. Egert, M. Fischlin, D. Gens, S. Jacob, M. Senker, and J. Till- manns. Privately computing set-union and set-intersection cardinality via Bloom filters. In 20th Australasian Conference on Information Security and Privacy , volume 9144 of Lecture Notes in Computer Science, 2015

    work page 2015

  27. [27]

    D. Endler. How much data was leaked to cybercriminals in 2020 — and what they’re doing with it. https: //www.forbes.com/councils/fo rbestechcouncil /2021/04/20/how-much-data-was-leaked-to-cybercr iminals-in-2020---and-what-theyre-doing-with-it /, April 2021

    work page 2020

  28. [28]

    I. Erguler. Achieving flatness: Selecting the honeywords from existing user passwords. IEEE Transactions on Parallel and Distributed Systems, 13(2), 2016

    work page 2016

  29. [29]

    C. Fung. Design and Management of Collaborative Intrusion Detec- tion Networks. PhD thesis, University of Waterloo, 2013

    work page 2013

  30. [30]

    C. J. Fung and Q. Zhu. FACID: A trust-based collaborative decision framework for intrusion detection networks. Ad Hoc Networks , 53:17–31, 2016

    work page 2016

  31. [31]

    Y . Gao, Y . Lu, Z. Lu, Q. Tang, J. Xu, and Z. Zhang. E fficient asynchronous Byzantine agreement without private setups. In 42nd IEEE International Conference on Distributed Computing Systems , pages 246–257, July 2022

    work page 2022

  32. [32]

    Garbinato and I

    B. Garbinato and I. Rickebusch. Impossibility results on fair ex- change. In 10th International Conference on Innovative Internet Community Systems, pages 507–518, 2010

    work page 2010

  33. [33]

    Gaw and E

    S. Gaw and E. W. Felten. Password management strategies for online accounts. In 2ndSymposium on Usable Privacy and Security , pages 44–55, 2006

    work page 2006

  34. [34]

    Gennaro, S

    R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Secure distributed key generation for discrete-log based cryptosystems. Journal of Cryptology, 20:51–83, 2007

    work page 2007

  35. [35]

    DFINITY Technology Overview Series, Consensus System

    T. Hanke, M. Movahedi, and D. Williams. DFINITY technology overview series, consensus system. arXiv:1805.04548 [cs.DC], 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  36. [36]

    A. R. Hota, A. A. Clements, S. Bagchi, and S. Sundaram. A game- theoretic framework for securing interdependent assets in networks. In Game Theory for Security and Risk Management , pages 157–184. Springer, 2018

    work page 2018

  37. [37]

    Huang, L

    Z. Huang, L. Bauer, and M. K. Reiter. The impact of exposed pass- words on honeyword e fficacy. In 33rd USENIX Security Symposium , August 2024

    work page 2024

  38. [38]

    T. Hunt. Have I been pwned? https: //haveibeenpwned.com

    work page

  39. [39]

    T. Hunt. Here’s why [insert thing here] is not a password killer. https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-pas sword-killer/, 05 November 2018

    work page 2018

  40. [40]

    T. Hunt. Inside the cit0day breach collection. https: //www.troyhunt .com/inside-the-cit0day-breach-collection /, November 2020

    work page 2020

  41. [41]

    Cost of a data breach report 2024

    IBM. Cost of a data breach report 2024. https: //www.ibm.com/repo rts/data-breach, 2024

    work page 2024

  42. [42]

    R. W. Janakiraman, M. Waldvogel, and Q. Zhang. Indra: A peer-to- peer approach to network intrusion detection and prevention. In 12th IEEE International Workshop on Enabling Technologies: Infrastruc- ture for Collaborative Enterprises , June 2003

    work page 2003

  43. [43]

    Jiang, V

    L. Jiang, V . Anantharam, and J. Walrand. How bad are selfish invest- ments in network security? IEEE/ACM Transactions on Networking , 19(2):549–560, 2010

    work page 2010

  44. [44]

    Juels and R

    A. Juels and R. L. Rivest. Honeywords: Making password-cracking detectable. In 20th ACM Conference on Computer and Communica- tions Security, pages 145–160, 2013

    work page 2013

  45. [45]

    Kate and I

    A. Kate and I. Goldberg. Distributed key generation for the Internet. In 29th IEEE International Conference on Distributed Computing Systems, June 2009

    work page 2009

  46. [46]

    Kelsey, L

    J. Kelsey, L. T. A. N. Brand ˜ao, R. Peralta, and H. Booth. A reference for randomness beacons: Format and protocol version 2. https: //doi. org/10.6028/NIST.IR.8213-draft, May 2019

    work page doi:10.6028/nist.ir.8213-draft 2019

  47. [47]

    J. Kim, M. Song, M. Seo, Y . Jin, and S. Shin. P assREfinder: Credential stu ffing risk prediction by representing password reuse between websites on a graph. In 45th IEEE Symposium on Security and Privacy, May 2024

    work page 2024

  48. [48]

    Kissner and D

    L. Kissner and D. Song. Privacy-preserving set operations. In Advances in Cryptology – CRYPTO 2005 , volume 3621 of Lecture Notes in Computer Science , pages 241–257, August 2005

    work page 2005

  49. [49]

    Kokoris-Kogias, D

    E. Kokoris-Kogias, D. Malkhi, and A. Spiegelman. Asynchronous distributed key generation for computationally secure randomness, consensus, and threshold signatures. In 27th ACM Conference on Computer and Communications Security , pages 1751–1767, Novem- ber 2020

    work page 2020

  50. [50]

    Kolumbus, M

    Y . Kolumbus, M. Levy, and N. Nisan. Asynchronous proportional response dynamics: Convergence in markets with adversarial schedul- ing. In 37th Conference on Neural Information Processing Systems , pages 25409–25434, 2023

    work page 2023

  51. [51]

    Kunreuther and G

    H. Kunreuther and G. Heal. Interdependent security. Journal of Risk and Uncertainty, 26:231–249, 2003

    work page 2003

  52. [52]

    Kwiatkowska, G

    M. Kwiatkowska, G. Norman, and D. Parker. PRISM 4.0: Verification of probabilistic real-time systems. In International Conference on Computer Aided Verification, 2011

    work page 2011

  53. [53]

    K. Lai, L. Rasmusson, E. Adar, L. Zhang, and B. A. Huberman. Tycoon: An implementation of a distributed, market-based resource allocation system. Multiagent and Grid Systems, 1(3):169–182, 2005

    work page 2005

  54. [54]

    Lauter, S

    K. Lauter, S. Kannepalli, K. Laine, and R. C. Moreno. Password Monitor: Safeguarding passwords in Microsoft Edge. https: //www. microsoft.com /en-us /research /blog/password-monitor-safeguardin g-passwords-in-microsoft-edge /, 21 January 2021

    work page 2021

  55. [55]

    Lelarge and J

    M. Lelarge and J. Bolot. A local mean field analysis of security investments in networks. In 3rd Workshop on Economics of Networked Systems, pages 25–30, 2008

    work page 2008

  56. [56]

    R. Lemos. Credential stu ffing reaches 193 billion login attempts annually. https: //www.darkreading.com /cloud-security /credential -stuffing-reaches-193-billion-login-attempts-annually, 19 May 2021

    work page 2021

  57. [57]

    Levin, K

    D. Levin, K. LaCurts, N. Spring, and B. Bhattacharjee. BitTorrent is an auction: Analyzing and improving BitTorrent’s incentives. InACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications , pages 243–254, 2008

    work page 2008

  58. [58]

    G. Ling, P. Tang, and W. Qiu. E fficient updatable PSI from asym- metric PSI and PSU. Cryptology ePrint Archive, Paper 2024 /1712, 2024

    work page 2024

  59. [59]

    J. Lou, A. M. Smith, and Y . V orobeychik. Multidefender security games. IEEE Intelligent Systems , 32(1):50–60, 2017

    work page 2017

  60. [60]

    Malkhi and M

    D. Malkhi and M. K. Reiter. An architecture for survivable coordina- tion in large distributed systems. IEEE Transactions on Knowledge and Data Engineering , 12(2), March /April 2000

    work page 2000

  61. [61]

    Mayer, J

    P. Mayer, J. Kirchner, and M. V olkamer. A second look at password composition policies in the wild: Comparing samples from 2010 and

    work page 2010

  62. [62]

    In 13thSymposium on Usable Privacy and Security , pages 13– 28, 2017

    work page 2017

  63. [63]

    Mayer, C

    P. Mayer, C. W. Munyendo, M. L. Mazurek, and A. J. Aviv. Why users (don’t) use password managers at a large educational institution. August 2022

    work page 2022

  64. [64]

    R. A. Miura-Ko, B. Yolken, J. Mitchell, and N. Bambos. Security decision-making among interdependent organizations. In 21st IEEE Computer Security Foundations Symposium , pages 66–80, 2008

    work page 2008

  65. [65]

    K. C. Nguyen, T. Alpcan, and T. Basar. Stochastic games for security in networks with interdependent nodes. In 1st International Conference on Game Theory for Networks , pages 697–703, 2009

    work page 2009

  66. [66]

    About isacs

    National Council of ISACs. About isacs. https: //www.nationalisacs. org/about-isacs, 2025

    work page 2025

  67. [67]

    OneCloud. What is the average response time to detect a cyber breach in 2024? https: //www.onecloud.com.au/resources/what-is-the-avera ge-response-time-to-detect-a-cyber-breach-in-2024 /, 4 September 2024

    work page 2024

  68. [68]

    P. S. Oruganti, P. Naghizadeh, and Q. Ahmed. The impact of network design interventions on the security of interdependent systems. IEEE Transactions on Control of Network Systems , 11(1):173–184, 2023

    work page 2023

  69. [69]

    Pagnia and F

    H. Pagnia and F. C. G ¨artner. On the impossibility of fair exchange without a trusted third party. Technical Report TUD-BS-1999-02, De- partment of Computer Science, Darmstadt University of Technology, March 1999

    work page 1999

  70. [70]

    B. Pal, M. Islam, M. Sanusi, N. Sullivan, L. Valenta, T. Whalen, C. Wood, T. Ristenpart, and R. Chattejee. Might I get pwned: A second generation compromised credential checking service. In 31st USENIX Security Symposium , August 2022

    work page 2022

  71. [71]

    Pearman, J

    S. Pearman, J. Thomas, P. E. Naeini, H. Habib, L. Bauer, N. Christin, L. F. Cranor, S. Egelman, and A. Forget. Let’s go in for a closer look: Observing passwords in their natural habitat. In 24th ACM Conference on Computer and Communications Security , October 2017

    work page 2017

  72. [72]

    Pfitzmann and M

    A. Pfitzmann and M. Waidner. Networks without user observability. Computers & Security, 6(2):158–166, April 1987

    work page 1987

  73. [73]

    Pinkas, T

    B. Pinkas, T. Schneider, and M. Zohner. Scalable private set inter- section based on OT extension. ACM Transactions on Privacy and Security, 21(2), 2018

    work page 2018

  74. [74]

    Pullman, K

    J. Pullman, K. Thomas, and E. Bursztein. Protect your accounts from data breaches with Password Checkup. https: //security.googleblog.co m/2019/02/protect-your-accounts-from-data.html, 5 February 2019

    work page 2019

  75. [75]

    Membership

    REN-ISAC. Membership. https: //www.ren-isac.net /membership /m embertypes.html

    work page

  76. [76]

    Business churn rate by industry

    Recurly Research. Business churn rate by industry. https: //recurly.co m/research/churn-rate-benchmarks/, 2024

    work page 2024

  77. [77]

    H. Robbins. A remark on Stirling’s formula. The American Mathe- matical Monthly, 62(1):26–29, 1955

    work page 1955

  78. [78]

    Sandholm and X

    T. Sandholm and X. Wang. (Im)possibility of safe exchange mech- anism design. In 18th AAAI Conference on Artificial Intelligence , pages 338–344, 2002

    work page 2002

  79. [79]

    Stobert and R

    E. Stobert and R. Biddle. The password life cycle. ACM Transactions on Privacy and Security , 21(3):1–32, 2018

    work page 2018

  80. [80]

    R. Terry. Honey accounts explained. https: //www.crowdstrike.com/en -us/cybersecurity-101 /identity-protection /honey-account /, 7 January 2025

    work page 2025

Showing first 80 references.