Evaluation of anonymity and confidentiality protocols using theorem proving

Anonymity and confidentiality protocols constitute crucial parts in many network applications as they ensure anonymous communications between entities in a network or provide security in insecure communication channels. Evaluating the properties of these protocols is therefore of paramount importance, especially in the case of safety-critical applications. However, traditional analysis techniques, like simulation, cannot ascertain accurate analysis in this domain. We propose to overcome this limitation by conducting an information leakage analysis of anonymity and cryptographic protocols within the trusted kernel of a higher-order-logic theorem prover. For this purpose, we first introduce two novel measures of information leakage, namely the information leakage degree and the conditional information leakage degree and then present a higher-order-logic formalization of information measures and the underlying required theories of measure, probability and information. For illustration purposes, we use the proposed framework to evaluate the security properties of the one-time pad encryption system as well as the properties of an anonymity-based single MIX. We show how this formal analysis allowed us to find a counter-example for a theorem that was reported in the literature to describe the leakage properties of this single MIX.

[1]  Sofiène Tahar,et al.  Formalization of Entropy Measures in HOL , 2011, ITP.

[2]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[3]  Lawrence C. Paulson,et al.  ML for the working programmer (2. ed.) , 1996 .

[4]  Aaron Richard Coble,et al.  Formalized Information-Theoretic Proofs of Privacy Using the HOL4 Theorem-Prover , 2008, Privacy Enhancing Technologies.

[6]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[7]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[8]  Lawrence Charles Paulson,et al.  ML for the working programmer , 1991 .

[9]  Jun Pang,et al.  Measuring Anonymity with Relative Entropy , 2006, Formal Aspects in Security and Trust.

[10]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[11]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[12]  Alonzo Church,et al.  A formulation of the simple theory of types , 1940, Journal of Symbolic Logic.

[13]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[14]  Sofiène Tahar,et al.  Quantitative Analysis of Information Flow Using Theorem Proving , 2012, ICFEM.

[15]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[16]  Sofiène Tahar,et al.  On the Formalization of the Lebesgue Integration Theory in HOL , 2010, ITP.

[17]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2006, Inf. Comput..

[18]  John Harrison,et al.  Handbook of Practical Logic and Automated Reasoning , 2009 .

[19]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[20]  R. Goldberg Methods of Real Analysis , 1964 .

[21]  Michael J. C. Gordon,et al.  Mechanizing programming logics in higher order logic , 1989 .

[22]  A. Kolmogoroff Grundbegriffe der Wahrscheinlichkeitsrechnung , 1933 .

[23]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..

[24]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[25]  Peter B. Andrews An introduction to mathematical logic and type theory - to truth through proof , 1986, Computer science and applied mathematics.

[26]  Riccardo Bettati,et al.  Information Leakage as a Model for Quality of Anonymity Networks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[27]  Marta Z. Kwiatkowska,et al.  Quantitative Analysis With the Probabilistic Model Checker PRISM , 2006, QAPL.

[28]  Aaron Richard Coble,et al.  Anonymity, information, and machine-assisted proof , 2010 .