Calculating Probabilistic Anonymity from Sampled Data

This paper addresses the problem of calculating the anonymity of a system statistically from a number of trial runs. We show that measures of anonymity based on capacity can be estimated, by showing that the Blahut-Arimoto algorithm converges for sampled data. We obtain bounds on the error of the estimated value by calculating the distribution of mutual information when one distribution is known and one unknown. This leads to finding the variance of the estimation of anonymity in terms of the numbers of samples, inputs and possible observations, which in turn tells us what kinds of systems can and cannot be accurately analysed using a statistical approach. We demonstrate our method on an implementation of the Dining Cryptographers protocol and on a Mixminion anonymous remailer node.

[1]  Gerald Matz,et al.  Information geometric formulation and interpretation of accelerated Blahut-Arimoto-type algorithms , 2004, Information Theory Workshop.

[2]  T. Bayes An essay towards solving a problem in the doctrine of chances , 2003 .

[3]  Heiko Mantel,et al.  Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels , 2008, Formal Aspects in Security and Trust.

[4]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2006, Inf. Comput..

[5]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[6]  Wei Yu,et al.  Blahut-Arimoto algorithms for computing channel capacity and rate-distortion with side information , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[7]  Riccardo Bettati,et al.  Anonymity vs. Information Leakage in Anonymity Systems , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[8]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[9]  Annabelle McIver,et al.  A probabilistic approach to information hiding , 2003 .

[10]  Paul Syverson,et al.  Quasi-Anonymous Channels , 2003 .

[11]  Marcus Hutter,et al.  Distribution of Mutual Information , 2001, NIPS.

[12]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[13]  Hans-Andrea Loeliger,et al.  A Generalization of the Blahut–Arimoto Algorithm to Finite-State Channels , 2008, IEEE Transactions on Information Theory.

[14]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[15]  Michael Backes,et al.  Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks , 2008, ESORICS.

[16]  Richard E. Blahut,et al.  Computation of channel capacity and rate-distortion functions , 1972, IEEE Trans. Inf. Theory.

[17]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[18]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[19]  Prakash Panangaden,et al.  On the Bayes risk in information-hiding protocols , 2008, J. Comput. Secur..

[20]  Liam Paninski,et al.  Estimation of Entropy and Mutual Information , 2003, Neural Computation.

[21]  R. Moddemeijer On estimation of entropy and mutual information of continuous distributions , 1989 .

[22]  P. Bickel,et al.  Mathematical Statistics: Basic Ideas and Selected Topics , 1977 .

[23]  George Danezis,et al.  A Survey of Anonymous Communication Channels , 2008 .

[24]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[25]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..