Skip to main content
SpringerLink
Log in
Book cover

Brazilian Symposium on Formal Methods

SBMF 2017: Formal Methods: Foundations and Applications pp 142–158Cite as

Formal Analysis of the Information Leakage of the DC-Nets and Crowds Anonymity Protocols

  • Conference paper
  • First Online:

  • 484 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10623))

Abstract

A crucial goal in computer security is to protect sensitive information from unwanted disclosure. However, some leakage is often unavoidable, be it by design of the system or by technological limitations. The field of Quantitative Information Flow (QIF) is concerned with the quantification, and limitation, of information leakage in systems.

The QIF framework models systems as information-theoretic channels taking (secret) inputs and producing (observable) outputs, thereby increasing the adversary’s knowledge about the secret value, as measured by some information metric.

In this paper we use probabilistic model checking to obtain channels modeling two popular anonymity protocols, the Dining Cryptographers (a.k.a. DC-Nets) and Crowds, in two versions each. We then derive the systems’ capacities w.r.t. the g-leakage framework, which are robust upper bounds on information leakage that hold irrespectively of the probability distribution on secret values, or of the interests and goals of the adversary. To the best of our knowledge, this is the most general QIF analyses of such protocols.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    More precisely, if posterior vulnerability is defined as the expectation of the vulnerability of posterior distributions, the measure respects the data-processing inequality and yields non-negative leakage iff vulnerability is convex.

  2. 2.

    To avoid ambiguity, we may write probabilities with subscripts, e.g., \(p_{XY}\) or \(p_{Y}\).

  3. 3.

    This collection of posterior distributions is, in fact, a distribution on (posterior) distributions, and is called a hyper-distribution on secrets [27].

References

  1. PRISM: A Probabilistic Symbolic Model Checker. www.prismmodelchecker.org/

  2. http://homepages.dcc.ufmg.br/~arturvaz/sbmf/

  3. Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Additive and multiplicative notions of leakage, and their capacities. In: Proceedings of CSF, pp. 308–322. IEEE (2014)

    Google Scholar 

  4. Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Axioms for information leakage. In: Proceedings of CSF, pp. 77–92 (2016)

    Google Scholar 

  5. Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Proceedings of CSF, pp. 265–279 (2012)

    Google Scholar 

  6. Andrés, M.E., Palamidessi, C., Rossum, P., Smith, G.: Computing the leakage of information-hiding systems. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 373–389. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12002-2_32

    Chapter  Google Scholar 

  7. Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press (2008)

    Google Scholar 

  8. Boreale, M., Pampaloni, F.: Quantitative information flow under generic leakage functions and adaptive adversaries. Logical Methods Comput. Sci. 11(4:5), 1–31 (2015)

    MathSciNet  MATH  Google Scholar 

  9. Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. Electron. Theoret. Comput. Sci. 249, 75–91 (2009)

    Article  MATH  Google Scholar 

  10. Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical measurement of information leakage. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 390–404. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12002-2_33

    Chapter  Google Scholar 

  11. Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: On the Bayes risk in information-hiding protocols. J. Comp. Security 16(5), 531–571 (2008)

    Article  Google Scholar 

  12. Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptology 1(1), 65–75 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  13. Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from Java Programs. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 219–236. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_13

    Google Scholar 

  14. Chothia, T., Kawamoto, Y., Novakovic, C., Parker, D.: Probabilistic point-to-point information leakage. In: Proceedings of CSF, pp. 193–205. IEEE Computer Society (2013)

    Google Scholar 

  15. Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. J. Logic Comput. 18(2), 181–199 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  16. Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. J. Comp. Security 15(3), 321–371 (2007)

    Article  Google Scholar 

  17. Espinoza, B., Smith, G.: Min-entropy as a resource. Inf. Comp. 226, 57–75 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  18. Hansson, H., Jonsson, B.: A logic for reasoning about time and reliability. Formal Aspects Comput. 6(5), 512–535 (1994)

    Article  MATH  Google Scholar 

  19. Helali, G., Hasan, O., Tahar, S.: Formal analysis of information flow using min-entropy and belief min-entropy. In: Iyoda, J., de Leonardo, M. (eds.) SBMF 2013. LNCS, vol. 8195, pp. 131–146. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41071-0_10

    Chapter  Google Scholar 

  20. Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Proceedings of ACSAC, pp. 261–269. ACM (2010)

    Google Scholar 

  21. Hölzl, J., Nipkow, T.: Interactive verification of Markov Chains: two distributed protocol case studies, p. 103 (2012)

    Google Scholar 

  22. Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of CCS, pp. 286–296. ACM (2007)

    Google Scholar 

  23. Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 564–580. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_40

    Chapter  Google Scholar 

  24. Köpf, B., Rybalchenko, A.: Approximation and randomization for quantitative information-flow analysis. In: Proceedings of CSF, pp. 3–14. IEEE (2010)

    Google Scholar 

  25. Massey, J.L.: Guessing and entropy. In: Proceedings of the IEEE International Symposium on Information Theory, p. 204. IEEE (1994)

    Google Scholar 

  26. McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: Proceedings of SIGPLAN, Tucson, AZ, USA, 9–11 June 2008, pp. 193–205 (2008)

    Google Scholar 

  27. McIver, A., Meinicke, L., Morgan, C.: Compositional closure for Bayes risk in probabilistic noninterference. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 223–235. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14162-1_19

    Chapter  Google Scholar 

  28. McIver, A., Morgan, C., Rabehaja, T.M.: Abstract hidden Markov Models: a monadic account of quantitative information flow. In: Proceedings of LICS, pp. 597–608 (2015)

    Google Scholar 

  29. Morgan, C.: A Haskell program to compute hyper distributions for measuring information leakage (2017). http://www.cse.unsw.edu.au/~carrollm/Hypers170731.zip

  30. Novakovic, C.: Computing and estimating information leakage with a quantitative point-to-point information flow model. PhD thesis, Birmingham University, UK (2014)

    Google Scholar 

  31. Parker, D.: Implementation of symbolic model checking for probabilistic systems. PhD thesis, University of Birmingham (2002)

    Google Scholar 

  32. Phan, Q., Malacaria, P., Pasareanu, C.S., d’Amorim, M.: Quantifying information leaks using reliability analysis. In: Proceedings of SPIN, pp. 105–108 (2014)

    Google Scholar 

  33. Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Trans. Inform. Syst. Secur. 1(1), 66–92 (1998)

    Article  Google Scholar 

  34. Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(379–423), 625–56 (1948)

    MathSciNet  MATH  Google Scholar 

  35. Smith, G.: On the foundations of quantitative information flow. In: Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00596-1_21

    Chapter  Google Scholar 

  36. Yasuoka, H., Terauchi, T.: Quantitative information flow as safety and liveness hyperproperties. Theor. Comp. Sci. 538, 167–182 (2014)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

Arthur Américo, Artur Vaz, Mário S. Alvim, and Sérgio V. A. Campos were supported by CNPq, CAPES, and FAPEMIG.

Author information

Authors and Affiliations

  1. Universidade Federal de Minas Gerais, Belo Horizonte, Brazil

    Arthur Américo, Artur Vaz, Mário S. Alvim & Sérgio V. A. Campos

  2. Macquarie University, Sydney, Australia

    Annabelle McIver

Authors
  1. Arthur Américo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Artur Vaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mário S. Alvim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sérgio V. A. Campos
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Annabelle McIver
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arthur Américo .

Editor information

Editors and Affiliations

  1. Universidade Federal de Pelotas, Pelotas, Brazil

    Simone Cavalheiro

  2. Royal Holloway, University of London, Egham, United Kingdom

    José Fiadeiro

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Américo, A., Vaz, A., Alvim, M.S., Campos, S.V.A., McIver, A. (2017). Formal Analysis of the Information Leakage of the DC-Nets and Crowds Anonymity Protocols. In: Cavalheiro, S., Fiadeiro, J. (eds) Formal Methods: Foundations and Applications. SBMF 2017. Lecture Notes in Computer Science(), vol 10623. Springer, Cham. https://doi.org/10.1007/978-3-319-70848-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70848-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70847-8

  • Online ISBN: 978-3-319-70848-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation