Quantifying Information Leakage in Process Calculi

Boreale, Michele

doi:10.1007/11787006_11

Michele Boreale²⁰

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4052))

Included in the following conference series:

International Colloquium on Automata, Languages, and Programming

5442 Accesses
18 Citations

Abstract

We study two quantitative models of information leakage in the pi-calculus. The first model presupposes an attacker with an essentially unlimited computational power. The resulting notion of absolute leakage, measured in bits, is in agreement with secrecy as defined by Abadi and Gordon: a process has an absolute leakage of zero precisely when it satisfies secrecy. The second model assumes a restricted observation scenario, inspired by the testing equivalence framework, where the attacker can only conduct repeated success-or-failure experiments on processes. Moreover, each experiment has a cost in terms of communication actions. The resulting notion of leakage rate, measured in bits per action, is in agreement with the first model: the maximum information that can be extracted by repeated experiments coincides with the absolute leakage A of the process. Moreover, the overall extraction cost is at least A/ R, where R is the rate of the process. Strategies to effectively estimate both absolute leakage and rate are also discussed.

Work partially supported by the eu within the fet-gc2 initiative, project sensoria.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The Spi-calculus. Information and Computation 148(1), 1–70 (1999)
Article MATH MathSciNet Google Scholar
Boreale, M., De Nicola, R.: Testing equivalence for mobile processes. Information and Computation 120(2), 279–303 (1995)
Article MATH MathSciNet Google Scholar
Boreale, M., De Nicola, R.: A symbolic semantics for the pi-calculus. Information and Computation 126(1), 34–52 (1996)
Article MATH MathSciNet Google Scholar
De Nicola, R., Hennessy, M.C.B.: Testing equivalences for processes. Theoretical Computer Science 34, 83–133 (1984)
Article MATH MathSciNet Google Scholar
Focardi, R., Gorrieri, R.: A classification of security properties. Journal of Computer Security 3(1), 5–34 (1995)
Google Scholar
Gray III., J.W.: Towards a mathematical foundation for information flow security. In: Proc. of 1991 IEEE Symposium on Research in Computer Security and Privacy (1991)
Google Scholar
Hennessy, M.C.B., Lin, H.: Symbolic bisimulations. Theoretical Computer Science 138(2), 353–389 (1995)
Article MATH MathSciNet Google Scholar
Harremoës, P., Topsøe, F.: Inequalities between entropy and index of coincidence derived from information diagrams. IEEE Transactions on Information Theory 47(7), 2944–2960 (2001)
Article MATH Google Scholar
Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Google Scholar
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Google Scholar
Lowe, G.: Defining information flow quantity. Journal of Computer Security 12(3-4), 619–653 (2004)
Google Scholar
Clark, D., Hunt, S., Malacaria, P.: Quantitative Analysis of the Leakage of Confidential Data. In: Electr. Notes Theor. Comput. Sci (2001)
Google Scholar
Millen, J.: Covert channel capacity. In: Proc. of 1987 IEEE Symposium on Research in Computer Security and Privacy (1987)
Google Scholar
Sangiorgi, D., Walker, D.: The pi-calculus: A Theory of Mobile Processes. Cambridge University Press, Cambridge (2001)
MATH Google Scholar
Topsøe, F.: Basic concepts, identities and inequalities – the Toolkit of Information Theory. Entropy 3, 162–190 (2001)Also available at http://www.math.ku.dk/~topsoe/toolkitfinal.pdf
Article MathSciNet Google Scholar
Volpano, D., Smith, G.: Verifying Secrets and Relative Secrecy. In: POPL 2000, pp. 268–276 (2000)
Google Scholar
Wittbold, J.T., Johnson, D.: Information flow in nondeterministic systems. In: Proc. of 1990 IEEE Symposium on Research in Computer Security and Privacy (1990)
Google Scholar

Download references

Author information

Authors and Affiliations

Dipartimento di Sistemi e Informatica, Università di Firenze, Viale Morgagni 65, I–50134, Firenze, Italy
Michele Boreale

Authors

Michele Boreale
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dipartimento di Informatica, Università Ca’ Foscari, Venice,
Michele Bugliesi
Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium
Bart Preneel
ECS, University of Southampton, UK
Vladimiro Sassone
FB Informatik, LS2, Univ. Dortmund, 44221, Dortmund, Germany
Ingo Wegener

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Boreale, M. (2006). Quantifying Information Leakage in Process Calculi. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_11

Download citation

DOI: https://doi.org/10.1007/11787006_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35907-4
Online ISBN: 978-3-540-35908-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics