Results 1 -
5 of
5
On the Foundations of Quantitative Information Flow
"... Abstract. There is growing interest in quantitative theories of information flow in a variety of contexts, such as secure information flow, anonymity protocols, and side-channel analysis. Such theories offer an attractive way to relax the standard noninterference properties, letting us tolerate “sma ..."
Abstract
-
Cited by 116 (10 self)
- Add to MetaCart
(Show Context)
Abstract. There is growing interest in quantitative theories of information flow in a variety of contexts, such as secure information flow, anonymity protocols, and side-channel analysis. Such theories offer an attractive way to relax the standard noninterference properties, letting us tolerate “small ” leaks that are necessary in practice. The emerging consensus is that quantitative information flow should be founded on the concepts of Shannon entropy and mutual information.Butauseful theory of quantitative information flow must provide appropriate security guarantees: if the theory says that an attack leaks x bits of secret information, then x should be useful in calculating bounds on the resulting threat. In this paper, we focus on the threat that an attack will allow the secret to be guessed correctly in one try. With respect to this threat model, we argue that the consensus definitions actually fail to give good security guarantees—the problem is that a random variable can have arbitrarily large Shannon entropy even if it is highly vulnerable to being guessed. We then explore an alternative foundation based on a concept of vulnerability (closely related to Bayes risk) and which measures uncertainty using Rényi’s min-entropy, rather than Shannon entropy. 1
Compositional closure for Bayes Risk in probabilistic noninterference
- Proc. ICALP 2010, volume 6199 of LNCS
, 2010
"... Abstract. We give a sequential model for noninterference security in-cluding probability (but not demonic choice), thus supporting reasoning about the likelihood that high-security values might be revealed by obser-vations of low-security activity. Our novel methodological contribution is the defini ..."
Abstract
-
Cited by 11 (5 self)
- Add to MetaCart
(Show Context)
Abstract. We give a sequential model for noninterference security in-cluding probability (but not demonic choice), thus supporting reasoning about the likelihood that high-security values might be revealed by obser-vations of low-security activity. Our novel methodological contribution is the definition of a refinement order (v) and its use to compare security measures between specifications and (their supposed) implementations. This contrasts with the more common practice of evaluating the security of individual programs in isolation. The appropriateness of our model and order is supported by our show-ing that (v) is the greatest compositional relation –the compositional closure – with respect to our semantics and an “elementary ” order based on Bayes Risk — a security measure already in widespread use. We also relate refinement to other measures such as Shannon Entropy. By applying the approach to a non-trivial example, the anonymous-majority Three-Judges protocol, we demonstrate by example that cor-rectness arguments can be simplified by the sort of layered developments –through levels of increasing detail – that are allowed and encouraged by compositional semantics.
Leakage Quantification of Cryptographic Operations⋆
"... Abstract. Perfectly secure protocols are often too inefficient perfor-mance wise to be used in a practical setting. On the other hand, an insecure (but faster) protocol might be deemed secure for a particular setting. Recent research has thus focused on precise leakage quantifica-tion of a security ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Perfectly secure protocols are often too inefficient perfor-mance wise to be used in a practical setting. On the other hand, an insecure (but faster) protocol might be deemed secure for a particular setting. Recent research has thus focused on precise leakage quantifica-tion of a security protocol. In this context, we first give precise leakage quantification of a basic cryptographic primitive, that of multiplicative hiding. We then show how the approach can be extended to compute worst case leakage bounds of arbitrary compositions of cryptographic operations. The composition results make our bounds applicable to a wide range of general security protocols. 1
To cite this version:
, 2009
"... HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte p ..."
Abstract
- Add to MetaCart
(Show Context)
HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés. MFPS 2009 Quantitative notions of leakage for one-try attacks
