Bounds on the Leakage of the Input's Distribution in Information-Hiding Protocols

In information-hiding, an adversary that tries to infer the secret information has a higher probability of success if it knows the distribution on the secrets. We show that if the system leaks probabilistically some information about the secrets, (that is, if there is a probabilistic correlation between the secrets and some observables) then the adversary can approximate such distribution by repeating the observations. More precisely, it can approximate the distribution on the observables by computing their frequencies, and then derive the distribution on the secrets by using the correlation in the inverse direction. We illustrate this method, and then we study the bounds on the approximation error associated with it, for various natural notions of error. As a case study, we apply our results to Crowds, a protocol for anonymous communication.

[1]  Gavin Lowe,et al.  Quantifying information flow , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[2]  Michael R. Clarkson,et al.  Belief in information flow , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[3]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Keye Martin,et al.  A Monotonicity Principle for Information Theory , 2008, MFPS.

[5]  Alexander Vardy,et al.  On an Improvement over Rényi's Equivocation Bound , 2006, ArXiv.

[6]  Geoffrey Smith,et al.  Adversaries and Information Leaks (Tutorial) , 2007, TGC.

[7]  Catuscia Palamidessi,et al.  Probable innocence revisited , 2005, Theor. Comput. Sci..

[8]  Prakash Panangaden,et al.  Probability of Error in Information-Hiding Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[9]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[10]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[11]  H. Tijms Understanding Probability: Chance Rules in Everyday Life , 2004 .

[12]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[13]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..

[14]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[15]  Vitaly Shmatikov Probabilistic analysis of an anonymity system , 2004, J. Comput. Secur..

[16]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[17]  Vincent Danos,et al.  Transactions in RCCS , 2005, CONCUR.

[18]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[20]  David Clark,et al.  Quantified Interference for a While Language , 2005, QAPL.

[21]  Riccardo Bettati,et al.  Anonymity vs. Information Leakage in Anonymity Systems , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[22]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[23]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[24]  Vitaly Shmatikov,et al.  Probabilistic Model Checking of an Anonymity System , 2004 .

[25]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[26]  Paul Syverson,et al.  Quasi-Anonymous Channels , 2003 .

[27]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[28]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[29]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[30]  Sachin Lodha,et al.  Probabilistic Anonymity , 2007, PinKDD.

[31]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[32]  Ira S. Moskowitz,et al.  Covert channels and anonymizing networks , 2003, WPES '03.