Statistical Measurement of Information Leakage

Information theory provides a range of useful methods to analyse probability distributions and these techniques have been successfully applied to measure information flow and the loss of anonymity in secure systems. However, previous work has tended to assume that the exact probabilities of every action are known, or that the system is non-deterministic. In this paper, we show that measures of information leakage based on mutual information and capacity can be calculated, automatically, from trial runs of a system alone. We find a confidence interval for this estimate based on the number of possible inputs, observations and samples. We have developed a tool to automatically perform this analysis and we demonstrate our method by analysing a Mixminon anonymous remailer node.

[1]  Carmela Troncoso,et al.  The bayesian traffic analysis of mix networks , 2009, CCS.

[2]  Michael Backes,et al.  Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks , 2008, ESORICS.

[3]  A. R. Ganji,et al.  Introduction to Engineering Experimentation , 1995 .

[4]  Heiko Mantel,et al.  Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels , 2008, Formal Aspects in Security and Trust.

[5]  Wei Yu,et al.  Blahut-Arimoto algorithms for computing channel capacity and rate-distortion with side information , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[6]  Jun Pang,et al.  Measuring Anonymity with Relative Entropy , 2006, Formal Aspects in Security and Trust.

[7]  Paul Syverson,et al.  Quasi-Anonymous Channels , 2003 .

[8]  Pasquale Malacaria,et al.  Quantifying maximal loss of anonymity in protocols , 2009, ASIACCS '09.

[9]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[10]  Konstantinos Chatzikokolakis Calculating Probabilistic Anonymity from Sampled Data , 2009 .

[11]  Prakash Panangaden,et al.  On the Bayes risk in information-hiding protocols , 2008, J. Comput. Secur..

[12]  Annabelle McIver,et al.  A probabilistic approach to information hiding , 2003 .

[13]  Suguru Arimoto,et al.  An algorithm for computing the capacity of arbitrary discrete memoryless channels , 1972, IEEE Trans. Inf. Theory.

[14]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[15]  T. Bayes An essay towards solving a problem in the doctrine of chances , 2003 .

[16]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.

[17]  Marcus Hutter,et al.  Distribution of Mutual Information , 2001, NIPS.

[18]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[19]  Gerald Matz,et al.  Information geometric formulation and interpretation of accelerated Blahut-Arimoto-type algorithms , 2004, Information Theory Workshop.

[20]  Thomas M. Cover,et al.  Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing) , 2006 .

[21]  Richard E. Blahut,et al.  Computation of channel capacity and rate-distortion functions , 1972, IEEE Trans. Inf. Theory.

[22]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[23]  Riccardo Bettati,et al.  Anonymity vs. Information Leakage in Anonymity Systems , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[24]  David R. Brillinger,et al.  Some data analyses using mutual information , 2004 .

[25]  Liam Paninski,et al.  Estimation of Entropy and Mutual Information , 2003, Neural Computation.

[26]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[27]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[28]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[29]  Carolyn Pillers Dobler,et al.  Mathematical Statistics , 2002 .

[30]  R. Moddemeijer On estimation of entropy and mutual information of continuous distributions , 1989 .

[31]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[32]  Hans-Andrea Loeliger,et al.  A Generalization of the Blahut–Arimoto Algorithm to Finite-State Channels , 2008, IEEE Transactions on Information Theory.

[33]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[34]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..