Studying Maximum Information Leakage Using Karush-Kuhn-Tucker Conditions

When studying the information leakage in programs or protocols, a natural question arises: "what is the worst case scenario?". This problem of identifying the maximal leakage can be seen as a channel capacity problem in the information theoretical sense. In this paper, by combining two powerful theories: Information Theory and Karush-Kuhn-Tucker conditions, we demonstrate a very general solution to the channel capacity problem. Examples are given to show how our solution can be applied to practical contexts of programs and anonymity protocols, and how this solution generalizes previous approaches to this problem

Algebraic Foundations for Information Theoretical, Probabilistic and Guessability measures of Information Flow

Several mathematical ideas have been investigated for Quantitative Information Flow. Information theory, probability, guessability are the main ideas in most proposals. They aim to quantify how much information is leaked, how likely is to guess the secret and how long does it take to guess the secret respectively. In this paper, we show how the Lattice of Information provides a valuable foundation for all these approaches; not only it provides an elegant algebraic framework for the ideas, but also to investigate their relationship. In particular we will use this lattice to prove some results establishing order relation correspondences between the different quantitative approaches. The implications of these results w.r.t. recent work in the community is also investigated. While this work concentrates on the foundational importance of the Lattice of Information its practical relevance has been recently proven, notably with the quantitative analysis of Linux kernel vulnerabilities. Overall we believe these works set the case for establishing the Lattice of Information as one of the main reference structure for Quantitative Information Flow

Effective Security as an ill-defined Problem in Vehicular Ad hoc Networks (VANETs)

As the application of computer technology continues to proliferate and diversify, vehicles are becoming increasingly intelligent and it is expected that in the near future they will be equipped with radio interfaces for short range communications. This will enable the formation of vehicular networks, commonly referred to as VANETs, an instance of mobile ad hoc networks with vehicles as mobile nodes. Vehicular networks are receiving a lot of attention due to the wide variety of services they can provide and are likely to be deployed commercially in coming years. Security is a fundamental issue because such networks will provide the necessary infrastructure for various applications that can help improve the safety of road traffic. Effective security of vehicular ad hoc network is an ill-defined problem as most existing security mechanisms available for VANET do not combine efficiency, security and traceability. They tend to score well in one or two qualities, but not all three because of the potential contradictions between some of their attributes. In this paper, we give an overview of VANETs and the security challenges related to their deployment. We identify and analyse current security limitations, then an effort is made to show that efficiency, security and traceability are the key qualities to consider while implementing an effective security mechanism. Therefore the most suitable way to achieve this goal is by identifying the intersection point connecting their attributes. © 2012 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other work