Skip to main content

Obfuscation Padding Schemes that Minimize Rényi Min-Entropy for Privacy

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14341))

  • 561 Accesses

Abstract

Consider a set of users, each of which is choosing and downloading one file out of a central pool of public files, and an attacker that observes the download size for each user to identify the choice of each user. This paper studies the problem of padding the files to obfuscate the exact file sizes and minimize the expected accuracy of the attacker, without exceeding some given padding constraints. We derive the algorithm that finds the optimal padding scheme, prove its correctness, and compare it with an existing solution that uses a similar but different attack model. We also discuss how the two solutions are related in terms of private information leakage.

S. Simon and C. Petrui—Authors contributed equally.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: The Science of Quantitative Information Flow. Information Security and Cryptography. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-319-96131-6

  2. Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF), pp. 265–279 (2012). http://doi.ieeecomputersociety.org/10.1109/CSF.2012.26, http://hal.inria.fr/hal-00734044/en

  3. Cherubin, G.: Bayes, not naïve: security bounds on website fingerprinting defenses. Proc. Priv. Enhanc. Technol. 2017(4), 215–231 (2017). https://doi.org/10.1515/popets-2017-0046

    Article  Google Scholar 

  4. Degabriele, J.P.: Hiding the lengths of encrypted messages via gaussian padding. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1549–1565 (2021)

    Google Scholar 

  5. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1

    Chapter  Google Scholar 

  6. Espinoza, B., Smith, G.: Min-entropy leakage of channels in cascade. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 70–84. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29420-4_5

    Chapter  Google Scholar 

  7. Gluck, Y., Harris, N., Prado, A.: Breach: reviving the crime attack (2013). Dostupné také z http://css.csail.mit.edu/6 858 (2015)

  8. M’rio, S.A., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: 2012 IEEE 25th Computer Security Foundations Symposium, pp. 265–279. IEEE (2012)

    Google Scholar 

  9. Palamidessi, C., Romanelli, M.: Feature selection with Rényi min-entropy. In: Pancioni, L., Schwenker, F., Trentin, E. (eds.) ANNPR 2018. LNCS (LNAI), vol. 11081, pp. 226–239. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99978-4_18

    Chapter  Google Scholar 

  10. Pinzón, C., Petrui, C., Simon, S.: Min-leakage-padding (2022). https://github.com/caph1993/min-leakage-padding. Accessed August 2022

  11. Reed, A.C., Reiter, M.K.: Optimally hiding object sizes with constrained padding (2021). https://doi.org/10.48550/ARXIV.2108.01753, https://arxiv.org/abs/2108.01753

  12. Romanelli, M.: Machine learning methods for privacy protection: leakage measurement and mechanisms design. Ph.D. thesis, Institut Polytechnique de Paris; Università degli studi (Sienne, Italie) (2020)

    Google Scholar 

  13. Schindler, W.: A timing attack against RSA with the Chinese remainder theorem. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 109–124. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_8

    Chapter  Google Scholar 

  14. Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00596-1_21

    Chapter  Google Scholar 

  15. Song, D.: Timing analysis of keystrokes and SSH timing attacks. In: Proceedings of 10th USENIX Security Symposium (2001)

    Google Scholar 

  16. Wright, C.V., Coull, S.E., Monrose, F.: Traffic morphing: an efficient defense against statistical traffic analysis. In: NDSS, vol. 9. Citeseer (2009)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the European Research Council (ERC) project HYPATIA under the European Union’s Horizon 2020 research and innovation programme. Grant agreement n. 835294.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Carlos Pinzón .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Simon, S., Petrui, C., Pinzón, C., Palamidessi, C. (2023). Obfuscation Padding Schemes that Minimize Rényi Min-Entropy for Privacy. In: Meng, W., Yan, Z., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2023. Lecture Notes in Computer Science, vol 14341. Springer, Singapore. https://doi.org/10.1007/978-981-99-7032-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7032-2_5

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7031-5

  • Online ISBN: 978-981-99-7032-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics