1,962 research outputs found
Asymptotic information leakage under one-try attacks
We study the asymptotic behaviour of (a) information leakage and (b) adversary’s error probability in information hiding systems modelled as noisy channels. Specifically, we assume the attacker can make a single guess after observing n independent executions of the system, throughout which the secret information is kept fixed. We show that the asymptotic behaviour of quantities (a) and (b) can be determined in a simple way from the channel matrix. Moreover, simple and tight bounds on them as functions of n show that the convergence is exponential. We also discuss feasible methods to evaluate the rate of convergence. Our results cover both the Bayesian case, where a prior probability distribution on the secrets is assumed known to the attacker, and the maximum-likelihood case, where the attacker does not know such distribution. In the Bayesian case, we identify the distributions that maximize the leakage. We consider both the min-entropy setting studied by Smith and the additive form recently proposed by Braun et al., and show the two forms do agree asymptotically. Next, we extend these results to a more sophisticated eavesdropping scenario, where the attacker can perform a (noisy) observation at each state of the computation and the systems are modelled as hidden Markov models
Quantitative information flow, with a view
We put forward a general model intended for assessment of system security against passive eavesdroppers, both quantitatively ( how much information is leaked) and qualitatively ( what properties are leaked). To this purpose, we extend information hiding systems ( ihs ), a model where the secret-observable relation is represented as a noisy channel, with views : basically, partitions of the state-space. Given a view W and n independent observations of the system, one is interested in the probability that a Bayesian adversary wrongly predicts the class of W the underlying secret belongs to. We offer results that allow one to easily characterise the behaviour of this error probability as a function of the number of observations, in terms of the channel matrices defining the ihs and the view W . In particular, we provide expressions for the limit value as n → ∞, show by tight bounds that convergence is exponential, and also characterise the rate of convergence to predefined error thresholds. We then show a few instances of statistical attacks that can be assessed by a direct application of our model: attacks against modular exponentiation that exploit timing leaks, against anonymity in mix-nets and against privacy in sparse datasets
On the relation between Differential Privacy and Quantitative Information Flow
Differential privacy is a notion that has emerged in the community of
statistical databases, as a response to the problem of protecting the privacy
of the database's participants when performing statistical queries. The idea is
that a randomized query satisfies differential privacy if the likelihood of
obtaining a certain answer for a database is not too different from the
likelihood of obtaining the same answer on adjacent databases, i.e. databases
which differ from for only one individual. Information flow is an area of
Security concerned with the problem of controlling the leakage of confidential
information in programs and protocols. Nowadays, one of the most established
approaches to quantify and to reason about leakage is based on the R\'enyi min
entropy version of information theory. In this paper, we analyze critically the
notion of differential privacy in light of the conceptual framework provided by
the R\'enyi min information theory. We show that there is a close relation
between differential privacy and leakage, due to the graph symmetries induced
by the adjacency relation. Furthermore, we consider the utility of the
randomized answer, which measures its expected degree of accuracy. We focus on
certain kinds of utility functions called "binary", which have a close
correspondence with the R\'enyi min mutual information. Again, it turns out
that there can be a tight correspondence between differential privacy and
utility, depending on the symmetries induced by the adjacency relation and by
the query. Depending on these symmetries we can also build an optimal-utility
randomization mechanism while preserving the required level of differential
privacy. Our main contribution is a study of the kind of structures that can be
induced by the adjacency relation and the query, and how to use them to derive
bounds on the leakage and achieve the optimal utility
Joint Relay Selection and Power Allocation in Large-Scale MIMO Systems with Untrusted Relays and Passive Eavesdroppers
In this paper, a joint relay selection and power allocation (JRP) scheme is
proposed to enhance the physical layer security of a cooperative network, where
a multiple antennas source communicates with a single-antenna destination in
presence of untrusted relays and passive eavesdroppers (Eves). The objective is
to protect the data confidentially while concurrently relying on the untrusted
relays as potential Eves to improve both the security and reliability of the
network. To realize this objective, we consider cooperative jamming performed
by the destination while JRP scheme is implemented. With the aim of maximizing
the instantaneous secrecy rate, we derive a new closed-form solution for the
optimal power allocation and propose a simple relay selection criterion under
two scenarios of non-colluding Eves (NCE) and colluding Eves (CE). For the
proposed scheme, a new closed-form expression is derived for the ergodic
secrecy rate (ESR) and the secrecy outage probability as security metrics, and
a new closed-form expression is presented for the average symbol error rate
(SER) as a reliability measure over Rayleigh fading channels. We further
explicitly characterize the high signal-to-noise ratio slope and power offset
of the ESR to highlight the impacts of system parameters on the ESR. In
addition, we examine the diversity order of the proposed scheme to reveal the
achievable secrecy performance advantage. Finally, the secrecy and reliability
diversity-multiplexing tradeoff of the optimized network are provided.
Numerical results highlight that the ESR performance of the proposed JRP scheme
for NCE and CE cases is increased with respect to the number of untrustworthy
relays.Comment: 18 pages, 10 figures, IEEE Transactions on Information Forensics and
Security (In press
Design-Time Quantification of Integrity in Cyber-Physical-Systems
In a software system it is possible to quantify the amount of information
that is leaked or corrupted by analysing the flows of information present in
the source code. In a cyber-physical system, information flows are not only
present at the digital level, but also at a physical level, and to and fro the
two levels. In this work, we provide a methodology to formally analyse a
Cyber-Physical System composite model (combining physics and control) using an
information flow-theoretic approach. We use this approach to quantify the level
of vulnerability of a system with respect to attackers with different
capabilities. We illustrate our approach by means of a water distribution case
study
Concise Security Bounds for Practical Decoy-State Quantum Key Distribution
Due to its ability to tolerate high channel loss, decoy-state quantum key
distribution (QKD) has been one of the main focuses within the QKD community.
Notably, several experimental groups have demonstrated that it is secure and
feasible under real-world conditions. Crucially, however, the security and
feasibility claims made by most of these experiments were obtained under the
assumption that the eavesdropper is restricted to particular types of attacks
or that the finite-key effects are neglected. Unfortunately, such assumptions
are not possible to guarantee in practice. In this work, we provide concise and
tight finite-key security bounds for practical decoy-state QKD that are valid
against general attacks.Comment: 5+3 pages and 2 figure
Fundamental And Practical Problems of QKD Security - the Actual and the Perceived Situation
It is widely believed that quantum key distribution (QKD) has been proved
unconditionally secure for realistic models applicable to various current
experimental schemes. Here we summarize briefly why this is not the case, from
both the viewpoints of fundamental quantitative security and applicable models
of security analysis, with some morals drawn.Comment: This paper is being revised. It will appear later. 14 pages, 2
figure
Quantitative information flow under generic leakage functions and adaptive adversaries
We put forward a model of action-based randomization mechanisms to analyse
quantitative information flow (QIF) under generic leakage functions, and under
possibly adaptive adversaries. This model subsumes many of the QIF models
proposed so far. Our main contributions include the following: (1) we identify
mild general conditions on the leakage function under which it is possible to
derive general and significant results on adaptive QIF; (2) we contrast the
efficiency of adaptive and non-adaptive strategies, showing that the latter are
as efficient as the former in terms of length up to an expansion factor bounded
by the number of available actions; (3) we show that the maximum information
leakage over strategies, given a finite time horizon, can be expressed in terms
of a Bellman equation. This can be used to compute an optimal finite strategy
recursively, by resorting to standard methods like backward induction.Comment: Revised and extended version of conference paper with the same title
appeared in Proc. of FORTE 2014, LNC
- …