Skip to main content
SpringerLink
Log in

On compositional reasoning about anonymity and privacy in epistemic logic

  • Published:
Annals of Mathematics and Artificial Intelligence Aims and scope Submit manuscript

Abstract

In this paper, we exploit epistemic logic (or the modal logic of knowledge) for multiagent systems to discuss the compositionality of several privacy-related information-hiding/disclosure properties. The properties considered here are anonymity, privacy, onymity, and identity. Our initial observation reveals that anonymity/privacy properties are not necessarily sequentially compositional. This means that even though a system comprising several sequential phases satisfies a certain unlinkability property in each phase, the entire system does not always enjoy a desired unlinkability property. We show that the compositionality can be guaranteed provided that the phases of the system satisfy what we call independence assumptions. More specifically, we develop a series of theoretical case studies of what assumptions are sufficient to guarantee the sequential compositionality of various degrees of anonymity, privacy, onymity, and/or identity properties. Similar results for parallel composition are also discussed. Further, we use the probabilistic extension of epistemic logic to consider the compositionality of probabilistic anonymity/privacy. We show that the compositionality can also be guaranteed in the probabilistic setting, provided that the phases of the system satisfy a probabilistic independence assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: Proc. 21st IEEE Computer Security Foundations Symposium (CSF ’08), pp. 195–209. IEEE Computer Society Press (2008)

  2. Baskar, A., Ramanujam, R., Suresh, S.P.: Knowledge-based modelling of voting protocols. In: Proc. 11th Conference on Theoretical Aspects of Rationality and Knowledge (TARK ’07), pp. 62–71. ACM (2007)

  3. Bertino, E., Takahashi, K.: Identity Management: Concepts, Technologies, and Systems. Artech House, Norwood (2011)

    Google Scholar 

  4. Boureanu, I., Jones, A.V., Lomuscio, A.: Automatic verification of epistemic specifications under convergent equational theories. In: Proc. 11th International Conference on Autonomous Agents and Multiagent Systems (AAMAS ’12), vol. 2, pp. 1141–1148 (2012)

  5. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd Annual Symposium on Foundations of Computer Science (FOCS ’01), pp. 136–145 (2001)

  6. Chadha, R., Delaune, S., Kremer, S.: Epistemic logic for the applied pi calculus. In: Proc. Joint 11th IFIP WG 6.1 International Conference FMOODS 2009 and 29th IFIP WG 6.1 International Conference FORTE 2009 (FMOODS/FORTE ’09). LNCS, vol. 5522, pp. 182–197. Springer (2009)

  7. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  8. Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur 17(4), 435–487 (2009)

    Article  MATH  Google Scholar 

  9. Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Proc. Second International Workshop on Privacy Enhancing Technologies (PET ’02). LNCS, vol. 2482, pp. 54–68. Springer (2002)

  10. Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: Proc. 13th USENIX Security Symposium, pp. 303–320. USENIX (2004)

  11. Edman, M., Sivrikaya, F., Yener, B.: A combinatorial approach to measuring anonymity. In: Proc. 2007 IEEE International Conference on Intelligence and Security Informatics (ISI ’07), pp. 356–363 (2007)

  12. Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning About Knowledge. The MIT Press, Cambridge (1995)

    MATH  Google Scholar 

  13. Feng, T., Han, S., Guo, X., Ma, D.: A new method of formalizing anonymity based on protocol composition logic. Secur. Comm. Networks. (2014). doi:10.1002/sec.1068

  14. Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Proc. Workshop on the Theory and Application of Cryptographic Techniques (AUSCRYPT’92). LNCS, vol. 718, pp. 244–251. Springer (1993)

  15. Garcia, F.D., Hasuo, I., Pieters, W., van Rossum, P.: Provable anonymity. In: Proc. 2005 ACM Workshop on Formal Methods in Security Engineering (FMSE ’05), pp. 63–72. ACM (2005)

  16. Gelernter, N., Herzberg, A.: On the limits of provable anonymity. In: Proc. 12th ACM Workshop on Privacy in the Electronic Society (WPES ’13), pp. 225–236. ACM (2013)

  17. Goriac, I.: An epistemic logic based framework for reasoning about information hiding. In: Proc. Sixth International Conference on Availability, Reliability and Security (ARES ’11), pp. 286–293. IEEE Computer Society Press (2011)

  18. Halpern, J.Y.: Reasoning About Uncertainty. The MIT Press, Cambridge (2003)

    MATH  Google Scholar 

  19. Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. J. Comput. Secur 13(3), 483–512 (2005)

    Article  Google Scholar 

  20. Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inform. Syst. Secur. 12(1), 5 (2008)

    Article  Google Scholar 

  21. Halpern, J.Y., Tuttle, M.R.: Knowledge, probability, and adversaries. J. ACM 40(4), 917–960 (1993)

    Article  MathSciNet  MATH  Google Scholar 

  22. Hasuo, I., Kawabe, Y., Sakurada, H.: Probabilistic anonymity via coalgebraic simulations. Theoret. Comput. Sci 411(22–24), 2239–2259 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  23. Hevia, A., Micciancio, D.: An indistinguishability-based characterization of anonymous channels. In: Proc. Eighth International Symposium on Privacy Enhancing Technologies (PETS ’08). LNCS, vol. 5134, pp. 24–43. Springer (2008)

  24. Hughes, D., Shmatikov, V.: Information hiding, anonymity and privacy: a modular approach. J. Comput. Secur 12(1), 3–36 (2004)

    Article  Google Scholar 

  25. Jonker, H., Pieters, W.: Receipt-freeness as a special case of anonymity in epistemic logic. In: IAVoSS Workshop on Trustworthy Elections (WOTE ’06) (2006)

  26. Kawabe, Y., Mano, K., Sakurada, H., Tsukada, Y.: Theorem-proving anonymity of infinite-state systems. Inform. Process. Lett 101(1), 46–51 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  27. Kelly, D.: A taxonomy for and analysis of anonymous communications networks. Ph.D. thesis, Air Force Institute of Technology (2009)

  28. Küsters, R., Truderung, T.: An epistemic approach to coercion-resistance for electronic voting protocols. In: Proc. 2009 IEEE Symposium on Security and Privacy (S&P ’09), pp. 251–266. IEEE Computer Society Press (2009)

  29. Mano, K., Kawabe, Y., Sakurada, H., Tsukada, Y.: Role interchange for anonymity and privacy of voting. J. Logic Comput 20(6), 1251–1288 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  30. Mauw, S., Verschuren, J., de Vink, E.P.: Data anonymity in the FOO voting scheme. In: Proc. Second International Workshop on Views on Designing Complex Architectures (VODCA ’06). ENTCS, vol. 168, pp. 5–28 (2007)

  31. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Ver. v0.34 (2010)

  32. Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE J. Sel. Area. Comm 16(4), 482–494 (1998)

    Article  Google Scholar 

  33. Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Proc. Fourth European Symposium on Research in Computer Security (ESORICS ’96). LNCS, vol. 1146, pp. 198–218. Springer (1996)

  34. Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Proc. Second International Workshop on Privacy Enhancing Technologies (PET ’02). LNCS, vol. 2482, pp. 41–53. Springer (2002)

  35. Solove, D.J.: A taxonomy of privacy. Univ. Pennsyl. Law Rev. 154(3), 477–560 (2006)

    Article  Google Scholar 

  36. Studer, T.: An application of justification logic to protocol verification. In: Proc. 2011 Seventh International Conference on Computational Intelligence and Security (CIS ’11), pp. 779–783 (2011)

  37. Sweeney, L.: k-anonymity: A model for protecting privacy. Internat. J. Uncertain. Fuzziness Knowl.-based Syst 10(5), 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  38. Syverson, P.F., Stubblebine, S.G.: Group principals and the formalization of anonymity. In: Proc. World Congress on Formal Methods in the Development of Computing Systems (FM ’99), Volume I. LNCS, vol. 1708, pp. 814–833. Springer (1999)

  39. Ṫiplea, F.L., Vamanu, L., Varlan, C.: Reasoning about minimal anonymity in security protocols. Futur. Gen. Comput. Sys 29(3), 828–842 (2013)

    Article  Google Scholar 

  40. Troncoso, C., Gierlichs, B., Preneel, B., Verbauwhede, I.: Perfect matching disclosure attacks. In: Proc. Eighth International Symposium on Privacy Enhancing Technologies (PETS ’08). LNCS, vol. 5134, pp. 2–23. Springer (2008)

  41. Tsukada, Y., Mano, K., Sakurada, H., Kawabe, Y.: Anonymity, privacy, onymity, and identity: A modal logic approach. Trans. Data Privacy 3(3), 177–198 (2010)

    MathSciNet  Google Scholar 

  42. Tsukada, Y., Sakurada, H., Mano, K., Manabe, Y.: An epistemic approach to compositional reasoning about anonymity and privacy. In: Proc. 14th Conference on Theoretical Aspects of Rationality and Knowledge (TARK ’13), pp. 239–248. (Available as arXiv:1310.6441) (2013)

  43. van der Meyden, R., Su, K.: Symbolic model checking the knowledge of the dining cryptographers. In: Proc. 17th IEEE Computer Security Foundations Workshop (CSFW-17), pp. 280–291. IEEE Computer Society Press (2004)

  44. van der Meyden, R., Wilke, T.: Preservation of epistemic properties in security protocol implementations. in: Proc. 11th Conference on Theoretical Aspects of Rationality and Knowledge (TARK ’07), pp. 212–221. ACM (2007)

  45. van Eijck, J., Orzan, S.: Epistemic verification of anonymity. In: Proc. Second International Workshop on Views on Designing Complex Architectures (VODCA ’06). ENTCS, vol. 168, 159–174 (2007)

  46. van Heerde, H.J.W.: Privacy-aware data management by means of data degradation: making private data less sensitive over time. Ph.D. thesis. University of Twente, Enschede (2010)

    Google Scholar 

  47. Veeningen, M., de Weger, B., Zannone, N.: Modeling identity-related properties and their privacy strength. In: Proc. Seventh International Workshop on Formal Aspects of Security and Trust (FAST ’10). LNCS, vol. 6561, pp. 126–140. Springer (2011)

Download references

Author information

Authors and Affiliations

  1. NTT Communication Science Laboratories, NTT Corporation, 3-1 Morinosato-Wakamiya, Atsugi, Kanagawa, 243-0198, Japan

    Yasuyuki Tsukada, Hideki Sakurada & Ken Mano

  2. Kogakuin University, 1-24-2 Nishi-shinjuku, Shinjuku-ku, Tokyo, 163-8677, Japan

    Yoshifumi Manabe

Authors
  1. Yasuyuki Tsukada
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hideki Sakurada
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ken Mano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yoshifumi Manabe
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yasuyuki Tsukada.

Additional information

A preliminary version of this article was presented at the Fourteenth Conference on Theoretical Aspects of Rationality and Knowledge (TARK 2013) [42].

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tsukada, Y., Sakurada, H., Mano, K. et al. On compositional reasoning about anonymity and privacy in epistemic logic. Ann Math Artif Intell 78, 101–129 (2016). https://doi.org/10.1007/s10472-016-9516-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10472-016-9516-8

Keywords

Mathematics Subject Classification (2010)

Search

Navigation