Probabilistic anonymity via coalgebraic simulations

There is a growing concern on anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, importance of probabilistic aspect of anonymity is claimed recently by many authors. Among them are Bhargava and Palamidessi who present the definition of probabilistic anonymity for which, however, proof methods are not yet elaborated. In this paper we introduce a simulation-based proof method for probabilistic anonymity. It is a probabilistic adaptation of the method by Kawabe et al. for non-deterministic anonymity: anonymity of a protocol is proved by finding out a forward/backward simulation between certain automata. For the jump from non-determinism to probability we fully exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo and others. In particular, an appropriate notion of probabilistic simulations is obtained by instantiating a generic definition with suitable parameters.

[1]  Vitaly Shmatikov,et al.  Probabilistic Model Checking of an Anonymity System , 2004 .

[2]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[3]  Ling Cheung,et al.  Reconciling nondeterministic and probabilistic choices , 2006 .

[4]  Vitaly Shmatikov,et al.  Information Hiding, Anonymity and Privacy: a Modular Approach , 2004, J. Comput. Secur..

[5]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[6]  Ana Sokolova,et al.  Generic Trace Theory , 2006, CMCS.

[7]  Ken Mano,et al.  Theorem-proving anonymity of infinite-state systems , 2007, Inf. Process. Lett..

[8]  Rob J. van Glabbeek,et al.  The Linear Time-Branching Time Spectrum (Extended Abstract) , 1990, CONCUR.

[9]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[10]  Wolter Pieters,et al.  Provable anonymity , 2005, FMSE '05.

[11]  Sachin Lodha,et al.  Probabilistic Anonymity , 2007, PinKDD.

[12]  Vitaly Shmatikov Probabilistic analysis of an anonymity system , 2004, J. Comput. Secur..

[13]  Tom Chothia Securing pseudo identities in an anonymous peer-to-peer file-sharing network , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[14]  Prakash Panangaden,et al.  Probability of Error in Information-Hiding Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[15]  Ana Sokolova,et al.  Probabilistic Anonymity and Admissible Schedulers , 2007, ArXiv.

[16]  Nancy A. Lynch,et al.  Probabilistic Simulations for Probabilistic Processes , 1994, Nord. J. Comput..

[17]  Catuscia Palamidessi,et al.  A randomized encoding of the Pi-calculus with mixed choice , 2005, Theor. Comput. Sci..

[18]  Tom Chothia,et al.  Analysing the MUTE Anonymous File-Sharing System Using the Pi-Calculus , 2006, FORTE.

[19]  Ana Sokolova,et al.  Generic Trace Semantics via Coinduction , 2007, Log. Methods Comput. Sci..

[20]  Simona Orzan,et al.  A Framework for Automatically Checking Anonymity with mu CRL , 2006, TGC.

[21]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[22]  Nancy A. Lynch,et al.  Forward and Backward Simulations: I. Untimed Systems , 1995, Inf. Comput..

[23]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[24]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[25]  Dennis Volpano,et al.  Probabilistic noninterference in a concurrent language , 1999 .

[26]  Catuscia Palamidessi,et al.  Probable innocence revisited , 2006, Theor. Comput. Sci..

[27]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2005 .

[28]  Klaus Keimel,et al.  Semantic Domains for Combining Probability and Non-Determinism , 2005, Electronic Notes in Theoretical Computer Science.

[29]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[30]  M. Barr,et al.  Toposes, Triples and Theories , 1984 .

[31]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[32]  Andrei Serjantov,et al.  On the anonymity of anonymity systems , 2004 .

[33]  Ichiro Hasuo,et al.  Generic Forward and Backward Simulations , 2006, CONCUR.

[34]  Ichiro Hasuo,et al.  Context-Free Languages via Coalgebraic Trace Semantics , 2005, CALCO.

[35]  Roberto Segala,et al.  Modeling and verification of randomized distributed real-time systems , 1996 .

[36]  Catuscia Palamidessi,et al.  Probabilistic and Nondeterministic Aspects of Anonymity , 2006, MFPS.

[37]  Glynn Winskel,et al.  Distributing probability over non-determinism , 2006, Mathematical Structures in Computer Science.

[38]  Catuscia Palamidessi,et al.  Making Random Choices Invisible to the Scheduler , 2007, CONCUR.

[39]  N. Lynch,et al.  Forward and backward simulations , 1993 .

[40]  Catuscia Palamidessi,et al.  Probabilistic Asynchronous pi-Calculus , 2000, FoSSaCS.

[41]  Claudia Eckert On security models , 1996, SEC.

[42]  Luca Aceto,et al.  Structural Operational Semantics , 1999, Handbook of Process Algebra.