Formal approaches to protection of private information Catuscia Palamidessi Equipe Projet Comète INRIA Saclay Lille, 12 June 2009 Protection of private information In the modern world the issue of privacy is exacerbated by orders of magnitude RFID tags may be everywhere… /(#-0"1(23 83,292:2(;";-5 234"&'(0*+-.< 234"&'(00*5' 673&8"9:"#; • Electronic devices and their continuous interaction with users possibility to gather a huge amount of info 6(*7)2) &"::"#9 !"#"$%&&" '()*)+,-." 42)5-32- !"#$%&'$($%")$&*+,./01$&23 !"#$%&'() *+,-.,/-.+0,-1 • Increase of computers’ capacities possibility to store and process such info • Communication though insecure networks possible interference of malicious agents Catuscia Palamidessi, COMETE 2 Protection of private information Malicious agents Catuscia Palamidessi, COMETE • Private information can be gathered and used for malicious purposes • The information is often collected without the honest parties’ consent • The honest parties might not even be aware of their privacy’s violation 3 Protection of private information Protocols and their properties Catuscia Palamidessi, COMETE • Need for protocols that guarantee the protection of users’ private information • Need for precise definition of privacy properties • Need for frameworks and tools that guarantee that such protocols satisfy the expected properties 4 Protection of private information Private and public information Catuscia Palamidessi, COMETE • The main difficulty in protecting the private information is that it is often intertwined with public information • In other words, the public information often allows to infer information that we would like to keep private • Need to guarantee secure information flow from private to public 5 Protection of private information Problems and challenges • • Main problems • Information security: avoid the inference of private information from the public one Technical challenges • • Probabilistic aspects (randomized protocols, behavior of users) • (Preventing the) Inference of the the unknown distribution of a random variable (Preventing the) Inference of the unknown value of a random variable Catuscia Palamidessi, COMETE 6 Protection of private information Examples of anonymity protocols: Crowds and Onion Routing Purpose: anonymous message sending. I.e. send a message to a server without revealing the sender’s identity to malicious users • • Crowd: a group of users who agree to cooperate in the protocol • A forwarder: The sender selects randomly a node (called forwarder) and forwards the request to it • With probability p selects randomly a new node and forwards the request to him • With probability 1-p sends the request to the server Catuscia Palamidessi, COMETE server 7 Protection of private information Frameworks and techniques • Probability • • • Behavior of users Protocols often use randomized primitives Basis for precise assessment of degree of trust / protection • Information theory • • Hypothesis testing Protocols for secure information flow = noisy channels • • • Bayesian methods Beta distribution / conjugate analysis Hidden Markov Models (evolution of the probability distribution) Catuscia Palamidessi, COMETE 8 Protection of private information Information theory Public information Confidential information s1 o1 ... Protocol ... sm on Input Output • Protocol for controlling the flow of information = noisy channel • Information protection = channel opacity (the converse of channel capacity). • Shannon entropy, Rényi minimum entropy Catuscia Palamidessi, COMETE 9 Protection of private information Some recent results • Notion of protection: A version of Mutual Information based on Renyi’s min entropy • Characterization and analysis of the worst-case (least protection) • Methods for secure composition (synthesis) of protocol specification Catuscia Palamidessi, COMETE 10 Protection of private information Some recent results • • • Hypothesis testing: guessing the secret from the observable 0.6 0.5 Probability of making the wrong guess. Bayesian Risk Relation with Conditional Entropy 0.4 Pe • H(A|O) Bounds by Rény, Hellman-Raviv, Santhi-Vardy 0.3 0.2 0.1 0.0 0.0 0.1 0.2 0.3 0.4 x1 0.5 0.6 0.7 0.8 0.9 0.0 1.0 0.2 0.4 1.0 0.8 0.6 x2 Figure 2. Ternary hypothesis testing. The solid curve represents the Bayes risk for the channel in Example 4.4, the dotted curve represents the Santhi-Vardy bound 1 − 2 −H(A|O) . • input distribution. In fact the matrix are all the same and the distribution is In this case, we have ! P (!x) = 1− max p(o|a Our results: Characterization of the “corner points”. Method to)x compute Pthe max of ! max p(o|a ! ! ( , ,..., ) = 1 − = 1− p(o|a )x ! ! = 1− p(o|a) the Bayes risk. Tighter functional bound = 1− x =0 ! e j o j j o j j j j j Capacity 0 The case in which the capacity of the channel is 0 is by definition obtained when I(A; O) = 0 for all possible input distributions of A. From information theory we know that this is the case iff A and O are independent (cfr. [8], page 27). Hence we have the following characterization: Catuscia Palamidessi, COMETE Proposition 5.1 Given an anonymity system "A, O, p(·|·)#, the capacity of the corresponding channel is 0 iff all the rows of the channel matrix are the same, i.e. p(o|a) = p(o|a" ) for all o, a, a" . The condition p(o|a) = p(o|a " ) for all o, a, a" has been called strong probabilistic anonymity in [1] and it is equiv- 1 1 e n n 1 n j o o = = 1− 1 n j 1 n o p(o|a) n−1 n An example of protocol with capacity 0 is th cryptographers in a connected graph [4], under the tion that it is always one of the cryptographers w and that the coins are fair. 6 Application: Crowds In this section we discuss how to compute the matrix for a given protocol using automated tools, it to improve the bound for the probability of er illustrate our ideas on a variation of Crowds, a wel 11 Protection of private information Ongoing and Future work • Design of ProPiS: a Probabilistic specification language for Security applications. • • • • • probability cryptographic primitives data structures Develop a logic for efficient model checking • PCTL with conditional probabilities Development of various tools for prototyping and verification • • • interpreter model checker counterexample generation Catuscia Palamidessi, COMETE 12 Protection of private information Thanks! Catuscia Palamidessi, COMETE 13
© Copyright 2026 Paperzz