Results 1  10
of
27
Anonymity protocols as noisy channels
 Information and Computation
, 2006
"... Abstract. We propose a framework in which anonymity protocols are interpreted as particular kinds of channels, and the degree of anonymity provided by the protocol as the converse of the channel’s capacity. We also investigate how the adversary can test the system to try to infer the user’s identity ..."
Abstract

Cited by 51 (18 self)
 Add to MetaCart
Abstract. We propose a framework in which anonymity protocols are interpreted as particular kinds of channels, and the degree of anonymity provided by the protocol as the converse of the channel’s capacity. We also investigate how the adversary can test the system to try to infer the user’s identity, and we study how his probability of success depends on the characteristics of the channel. We then illustrate how various notions of anonymity can be expressed in this framework, and show the relation with some definitions of probabilistic anonymity in literature. 1
Measuring anonymity with relative entropy
 In Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust, volume 4691 of LNCS
, 2007
"... Abstract. Anonymity is the property of maintaining secret the identity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this paper, we propose a probabilistic process calculus to describe protocols for ensuring anonymi ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
Abstract. Anonymity is the property of maintaining secret the identity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this paper, we propose a probabilistic process calculus to describe protocols for ensuring anonymity, and we use the notion of relative entropy from information theory to measure the degree of anonymity these protocols can guarantee. Furthermore, we prove that the operators in the probabilistic process calculus are nonexpansive, with respect to this measuring method. We illustrate our approach by using the example of the Dining Cryptographers Problem. 1
Probability of Error in InformationHiding Protocols
 in "Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF20)", IEEE Computer Society
"... There are many bounds known in literature for the Bayes ’ risk. One of these is the equivocation bound, due to Rényi [22], which states that the probability of error is bound by the conditional entropy of the channel’s input given the output. Later, Hellman and Raviv improved this bound by half [13] ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
There are many bounds known in literature for the Bayes ’ risk. One of these is the equivocation bound, due to Rényi [22], which states that the probability of error is bound by the conditional entropy of the channel’s input given the output. Later, Hellman and Raviv improved this bound by half [13]. Recently, Santhi and Vardy have proposed a new bound, that depends exponentially on the (opposite of the) conditional entropy, and which considerably improves the HellmanRaviv bound in the case of multiinria00200957,
On Automated Verification of Probabilistic Programs
"... Abstract. We introduce a simple procedural probabilistic programming language which is suitable for coding a wide variety of randomised algorithms and protocols. This language is interpreted over finite datatypes and has a decidable equivalence problem. We have implemented an automated equivalence c ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
Abstract. We introduce a simple procedural probabilistic programming language which is suitable for coding a wide variety of randomised algorithms and protocols. This language is interpreted over finite datatypes and has a decidable equivalence problem. We have implemented an automated equivalence checker, which we call apex, for this language, based on game semantics. We illustrate our approach with three nontrivial case studies: (i) Herman’s selfstabilisation algorithm; (ii) an analysis of the average shape of binary search trees obtained by certain sequences of random insertions and deletions; and (iii) the problem of anonymity in the Dining Cryptographers protocol. In particular, we record an exponential speedup in the latter over stateoftheart competing approaches. 1
Operational and Epistemic Approaches to Protocol Analysis: Bridging the Gap
"... Abstract. Operational models of (security) protocols, on one hand, are readable and conveniently match their implementation (at a certain abstraction level). Epistemic models, on the other hand, are appropriate for specifying knowledgerelated properties such as anonymity or secrecy. These two appro ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Abstract. Operational models of (security) protocols, on one hand, are readable and conveniently match their implementation (at a certain abstraction level). Epistemic models, on the other hand, are appropriate for specifying knowledgerelated properties such as anonymity or secrecy. These two approaches to specification and verification have so far developed in parallel and one has either to define ad hoc correctness criteria for the operational model or use complicated epistemic models to specify the operational behavior. We work towards bridging this gap by proposing a combined framework which allows for modeling the behavior of a protocol in a process language with an operational semantics and supports reasoning about properties expressed in a rich logic which combines temporal and epistemic operators. 1
A framework for automatically checking anonymity with mcrl
 In Proceedings TGC’06, LNCS
, 2007
"... Abstract. We present a powerful and flexible method for automatically checking anonymity in a possibilistic generalpurpose process algebraic verification toolset. We propose new definitions of a choice anonymity degree and a player anonymity degree, to quantify the precision with which an intruder ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. We present a powerful and flexible method for automatically checking anonymity in a possibilistic generalpurpose process algebraic verification toolset. We propose new definitions of a choice anonymity degree and a player anonymity degree, to quantify the precision with which an intruder is able to single out the true originator of a given event or to associate the right event to a given protocol participant. We show how these measures of anonymity can be automatically calculated from a protocol specification in µCRL, by using a combination of dedicated tools and existing stateoftheart µCRLtools. To illustrate the flexibility of our method we test the Dining Cryptographers problem and the FOO 92 voting protocol. Our definitions of anonymity provide an accurate picture of the different ways that anonymity can break down, due for instance to coallitions of inside intruders. Our calculations can be performed on a cluster of machines, allowing us to check protocols for large numbers of participants. 1
Probabilistic anonymity via coalgebraic simulations
 European Symposium on Programming (ESOP 2007), volume 4421 of Lect. Notes Comp. Sci
, 2007
"... Abstract. There is a growing concern on anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, importance of probabilistic aspect of anonymity is claimed recently by many authors. Among them are Bhargava and Palamidessi who presen ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Abstract. There is a growing concern on anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, importance of probabilistic aspect of anonymity is claimed recently by many authors. Among them are Bhargava and Palamidessi who present the definition of probabilistic anonymity for which, however, proof methods are not yet elaborated. In this paper we introduce a simulationbased proof method for probabilistic anonymity. It is a probabilistic adaptation of the method by Kawabe et al. for nondeterministic anonymity: anonymity of a protocol is proved by finding out a forward/backward simulation between certain automata. For the jump from nondeterminism to probability we fully exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo and others. In particular, an appropriate notion of probabilistic simulations is obtained by instantiating a generic definition with suitable parameters. 1
Analysing the Mute Anonymous FileSharing System Using the Picalculus, in "26th IFIP WG 6.1 international conference on formal techniques for networked and distributed systems
 Lecture Notes in Computer Science, n o 4229
, 2006
"... Abstract. This paper gives details of a formal analysis of the MUTE system for anonymous filesharing. We build picalculus models of a node that is innocent of sharing files, a node that is guilty of filesharing and of the network environment. We then test to see if an attacker can distinguish bet ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. This paper gives details of a formal analysis of the MUTE system for anonymous filesharing. We build picalculus models of a node that is innocent of sharing files, a node that is guilty of filesharing and of the network environment. We then test to see if an attacker can distinguish between a connection to a guilty node and a connection to an innocent node. A weak bisimulation between every guilty network and an innocent network would be required to show possible innocence. We find that such a bisimulation cannot exist. The point at which the bisimulation fails leads directly to a previously undiscovered attack on MUTE. We describe a fix for the MUTE system that involves using authentication keys as the nodes ’ pseudo identities and give details of its addition to the MUTE system. 1
Information Hiding in Probabilistic Concurrent Systems
, 2010
"... Information hiding is a general concept which refers to the goal of preventing an adversary to infer secret information from the observables. Anonymity and Information Flow are examples of this notion. We study the problem of information hiding in systems characterized by the presence of randomizati ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Information hiding is a general concept which refers to the goal of preventing an adversary to infer secret information from the observables. Anonymity and Information Flow are examples of this notion. We study the problem of information hiding in systems characterized by the presence of randomization and concurrency. It is well known that the raising of nondeterminism, due to the possible interleavings and interactions of the parallel components, can cause unintended information leaks. One way to solve this problem is to fix the strategy of the scheduler beforehand. In this work, we propose a milder restriction on the schedulers, and we define the notion of strong (probabilistic) information hiding under various notions of observables. Furthermore, we propose a method, based on the notion of automorphism, to verify that a system satisfies the property of strong information hiding, namely strong anonymity or nointerference, depending on the context.
Probabilistic and Nondeterministic Aspects of Anonymity
"... The concept of anonymity comes into play in a wide range of situations, varying from voting and anonymous donations to postings on bulletin boards and sending emails. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically, while the agents’ behavio ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
The concept of anonymity comes into play in a wide range of situations, varying from voting and anonymous donations to postings on bulletin boards and sending emails. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically, while the agents’ behavior may be totally unpredictable, irregular, and hence expressible only nondeterministically. Formal definitions of the concept of anonymity have been investigated in the past either in a totally nondeterministic framework, or in a purely probabilistic one. In this paper, we investigate a notion of anonymity which combines both probability and nondeterminism, and which is suitable for describing the most general situation in which the protocol and the users can have both probabilistic and nondeterministic behavior. We also investigate the properties of the definition for the particular cases of purely nondeterministic users and purely probabilistic users. We formulate the notions of anonymity in terms of probabilistic automata, and we describe protocols and users as processes in the probabilistic πcalculus, whose semantics is again based on probabilistic automata. Throughout the paper, we illustrate our ideas by using the example of the dining cryptographers.