1,039 research outputs found
Guessing based on length functions
A guessing wiretapper's performance on a Shannon cipher system is analyzed
for a source with memory. Close relationships between guessing functions and
length functions are first established. Subsequently, asymptotically optimal
encryption and attack strategies are identified and their performances analyzed
for sources with memory. The performance metrics are exponents of guessing
moments and probability of large deviations. The metrics are then characterized
for unifilar sources. Universal asymptotically optimal encryption and attack
strategies are also identified for unifilar sources. Guessing in the increasing
order of Lempel-Ziv coding lengths is proposed for finite-state sources, and
shown to be asymptotically optimal. Finally, competitive optimality properties
of guessing in the increasing order of description lengths and Lempel-Ziv
coding lengths are demonstrated.Comment: 16 pages, Submitted to IEEE Transactions on Information Theory,
Special issue on Information Theoretic Security, Simplified proof of
Proposition
Quantitative information flow under generic leakage functions and adaptive adversaries
We put forward a model of action-based randomization mechanisms to analyse
quantitative information flow (QIF) under generic leakage functions, and under
possibly adaptive adversaries. This model subsumes many of the QIF models
proposed so far. Our main contributions include the following: (1) we identify
mild general conditions on the leakage function under which it is possible to
derive general and significant results on adaptive QIF; (2) we contrast the
efficiency of adaptive and non-adaptive strategies, showing that the latter are
as efficient as the former in terms of length up to an expansion factor bounded
by the number of available actions; (3) we show that the maximum information
leakage over strategies, given a finite time horizon, can be expressed in terms
of a Bellman equation. This can be used to compute an optimal finite strategy
recursively, by resorting to standard methods like backward induction.Comment: Revised and extended version of conference paper with the same title
appeared in Proc. of FORTE 2014, LNC
Interpretable Probabilistic Password Strength Meters via Deep Learning
Probabilistic password strength meters have been proved to be the most
accurate tools to measure password strength. Unfortunately, by construction,
they are limited to solely produce an opaque security estimation that fails to
fully support the user during the password composition. In the present work, we
move the first steps towards cracking the intelligibility barrier of this
compelling class of meters. We show that probabilistic password meters
inherently own the capability of describing the latent relation occurring
between password strength and password structure. In our approach, the security
contribution of each character composing a password is disentangled and used to
provide explicit fine-grained feedback for the user. Furthermore, unlike
existing heuristic constructions, our method is free from any human bias, and,
more importantly, its feedback has a clear probabilistic interpretation. In our
contribution: (1) we formulate the theoretical foundations of interpretable
probabilistic password strength meters; (2) we describe how they can be
implemented via an efficient and lightweight deep learning framework suitable
for client-side operability.Comment: An abridged version of this paper appears in the proceedings of the
25th European Symposium on Research in Computer Security (ESORICS) 202
Asymptotic information leakage under one-try attacks
We study the asymptotic behaviour of (a) information leakage and (b) adversary’s error probability in information hiding systems modelled as noisy channels. Specifically, we assume the attacker can make a single guess after observing n independent executions of the system, throughout which the secret information is kept fixed. We show that the asymptotic behaviour of quantities (a) and (b) can be determined in a simple way from the channel matrix. Moreover, simple and tight bounds on them as functions of n show that the convergence is exponential. We also discuss feasible methods to evaluate the rate of convergence. Our results cover both the Bayesian case, where a prior probability distribution on the secrets is assumed known to the attacker, and the maximum-likelihood case, where the attacker does not know such distribution. In the Bayesian case, we identify the distributions that maximize the leakage. We consider both the min-entropy setting studied by Smith and the additive form recently proposed by Braun et al., and show the two forms do agree asymptotically. Next, we extend these results to a more sophisticated eavesdropping scenario, where the attacker can perform a (noisy) observation at each state of the computation and the systems are modelled as hidden Markov models
Algebraic Foundations for Information Theoretical, Probabilistic and Guessability measures of Information Flow
Several mathematical ideas have been investigated for Quantitative Information Flow. Information theory, probability, guessability are the main ideas in most proposals. They aim to quantify how much information is leaked, how likely is to guess the secret and how long does it take to guess the secret respectively. In this paper, we show how the Lattice of Information provides a valuable foundation for all these approaches; not only it provides an elegant algebraic framework for the ideas, but also to investigate their relationship. In particular we will use this lattice to prove some results establishing order relation correspondences between the different quantitative approaches. The implications of these results w.r.t. recent work in the community is also investigated. While this work concentrates on the foundational importance of the Lattice of Information its practical relevance has been recently proven, notably with the quantitative analysis of Linux kernel vulnerabilities. Overall we believe these works set the case for establishing the Lattice of Information as one of the main reference structure for Quantitative Information Flow
A static analysis for quantifying information flow in a simple imperative language
We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon's information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano's inequality and L1 inequalities to provide reasonable bounds for conditional statements. While-loops are handled by integrating a qualitative flow-sensitive dependency analysis into the quantitative analysis
- …