Abstract
A crucial goal in computer security is to protect sensitive information from unwanted disclosure. However, some leakage is often unavoidable, be it by design of the system or by technological limitations. The field of Quantitative Information Flow (QIF) is concerned with the quantification, and limitation, of information leakage in systems.
The QIF framework models systems as information-theoretic channels taking (secret) inputs and producing (observable) outputs, thereby increasing the adversary’s knowledge about the secret value, as measured by some information metric.
In this paper we use probabilistic model checking to obtain channels modeling two popular anonymity protocols, the Dining Cryptographers (a.k.a. DC-Nets) and Crowds, in two versions each. We then derive the systems’ capacities w.r.t. the g-leakage framework, which are robust upper bounds on information leakage that hold irrespectively of the probability distribution on secret values, or of the interests and goals of the adversary. To the best of our knowledge, this is the most general QIF analyses of such protocols.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
More precisely, if posterior vulnerability is defined as the expectation of the vulnerability of posterior distributions, the measure respects the data-processing inequality and yields non-negative leakage iff vulnerability is convex.
- 2.
To avoid ambiguity, we may write probabilities with subscripts, e.g., \(p_{XY}\) or \(p_{Y}\).
- 3.
This collection of posterior distributions is, in fact, a distribution on (posterior) distributions, and is called a hyper-distribution on secrets [27].
References
PRISM: A Probabilistic Symbolic Model Checker. www.prismmodelchecker.org/
Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Additive and multiplicative notions of leakage, and their capacities. In: Proceedings of CSF, pp. 308–322. IEEE (2014)
Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Axioms for information leakage. In: Proceedings of CSF, pp. 77–92 (2016)
Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Proceedings of CSF, pp. 265–279 (2012)
Andrés, M.E., Palamidessi, C., Rossum, P., Smith, G.: Computing the leakage of information-hiding systems. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 373–389. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12002-2_32
Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press (2008)
Boreale, M., Pampaloni, F.: Quantitative information flow under generic leakage functions and adaptive adversaries. Logical Methods Comput. Sci. 11(4:5), 1–31 (2015)
Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. Electron. Theoret. Comput. Sci. 249, 75–91 (2009)
Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical measurement of information leakage. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 390–404. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12002-2_33
Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: On the Bayes risk in information-hiding protocols. J. Comp. Security 16(5), 531–571 (2008)
Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptology 1(1), 65–75 (1988)
Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from Java Programs. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 219–236. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_13
Chothia, T., Kawamoto, Y., Novakovic, C., Parker, D.: Probabilistic point-to-point information leakage. In: Proceedings of CSF, pp. 193–205. IEEE Computer Society (2013)
Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. J. Logic Comput. 18(2), 181–199 (2005)
Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. J. Comp. Security 15(3), 321–371 (2007)
Espinoza, B., Smith, G.: Min-entropy as a resource. Inf. Comp. 226, 57–75 (2013)
Hansson, H., Jonsson, B.: A logic for reasoning about time and reliability. Formal Aspects Comput. 6(5), 512–535 (1994)
Helali, G., Hasan, O., Tahar, S.: Formal analysis of information flow using min-entropy and belief min-entropy. In: Iyoda, J., de Leonardo, M. (eds.) SBMF 2013. LNCS, vol. 8195, pp. 131–146. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41071-0_10
Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Proceedings of ACSAC, pp. 261–269. ACM (2010)
Hölzl, J., Nipkow, T.: Interactive verification of Markov Chains: two distributed protocol case studies, p. 103 (2012)
Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of CCS, pp. 286–296. ACM (2007)
Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 564–580. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_40
Köpf, B., Rybalchenko, A.: Approximation and randomization for quantitative information-flow analysis. In: Proceedings of CSF, pp. 3–14. IEEE (2010)
Massey, J.L.: Guessing and entropy. In: Proceedings of the IEEE International Symposium on Information Theory, p. 204. IEEE (1994)
McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: Proceedings of SIGPLAN, Tucson, AZ, USA, 9–11 June 2008, pp. 193–205 (2008)
McIver, A., Meinicke, L., Morgan, C.: Compositional closure for Bayes risk in probabilistic noninterference. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 223–235. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14162-1_19
McIver, A., Morgan, C., Rabehaja, T.M.: Abstract hidden Markov Models: a monadic account of quantitative information flow. In: Proceedings of LICS, pp. 597–608 (2015)
Morgan, C.: A Haskell program to compute hyper distributions for measuring information leakage (2017). http://www.cse.unsw.edu.au/~carrollm/Hypers170731.zip
Novakovic, C.: Computing and estimating information leakage with a quantitative point-to-point information flow model. PhD thesis, Birmingham University, UK (2014)
Parker, D.: Implementation of symbolic model checking for probabilistic systems. PhD thesis, University of Birmingham (2002)
Phan, Q., Malacaria, P., Pasareanu, C.S., d’Amorim, M.: Quantifying information leaks using reliability analysis. In: Proceedings of SPIN, pp. 105–108 (2014)
Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Trans. Inform. Syst. Secur. 1(1), 66–92 (1998)
Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(379–423), 625–56 (1948)
Smith, G.: On the foundations of quantitative information flow. In: Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00596-1_21
Yasuoka, H., Terauchi, T.: Quantitative information flow as safety and liveness hyperproperties. Theor. Comp. Sci. 538, 167–182 (2014)
Acknowledgments
Arthur Américo, Artur Vaz, Mário S. Alvim, and Sérgio V. A. Campos were supported by CNPq, CAPES, and FAPEMIG.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Américo, A., Vaz, A., Alvim, M.S., Campos, S.V.A., McIver, A. (2017). Formal Analysis of the Information Leakage of the DC-Nets and Crowds Anonymity Protocols. In: Cavalheiro, S., Fiadeiro, J. (eds) Formal Methods: Foundations and Applications. SBMF 2017. Lecture Notes in Computer Science(), vol 10623. Springer, Cham. https://doi.org/10.1007/978-3-319-70848-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-70848-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70847-8
Online ISBN: 978-3-319-70848-5
eBook Packages: Computer ScienceComputer Science (R0)