Abstract

In the inference attacks studied in Quantitative Information Flow (QIF), the adversary typically tries to interfere with the system in the attempt to increase its leakage of secret information. The defender, on the other hand, typically tries to decrease leakage by introducing some controlled noise. This noise introduction can be modeled as a type of protocol composition, i.e., a probabilistic choice among different protocols, and its effect on the amount of leakage depends heavily on whether or not this choice is visible to the adversary. In this work we consider operators for modeling visible and invisible choice in protocol composition, and we study their algebraic properties. We then formalize the interplay between defender and adversary in a game-theoretic framework adapted to the specific issues of QIF, where the payoff is information leakage. We consider various kinds of leakage games, depending on whether players act simultaneously or sequentially, and on whether or not the choices of the defender are visible to the adversary. Finally, we establish a hierarchy of these games in terms of their information leakage, and provide methods for finding optimal strategies (at the points of equilibrium) for both attacker and defender in the various cases. The full version of this paper can be found in arXiv:1803.10042

Highlights

  • A fundamental problem in computer security is the leakage of sensitive information due to correlation of secret values with observables—i.e., any information accessible to the attacker, such as, for instance, the system’s outputs or execution time

  • – We present a general framework for reasoning about information leakage in a game-theoretic setting, extending the notion of information leakage games proposed in [4] to both simultaneous and sequential games, with either hidden or visible choice

  • In this paper we used protocol composition to model the introduction of noise performed by the defender to prevent leakage of sensitive information

Read more

Summary

Introduction

A fundamental problem in computer security is the leakage of sensitive information due to correlation of secret values with observables—i.e., any information accessible to the attacker, such as, for instance, the system’s outputs or execution time. In all examples above the main use of the probabilistic choice is to obfuscate the relation between secrets and observables, reducing their correlation— and, the information leakage. To achieve this goal, it is essential that the attacker never comes to know the result of the choice. It coincides with the Nash equilibrium, which is defined as the point in which neither of the two players gets any advantage in changing unilaterally his strategy Motivated by these examples, this paper investigates the two kinds of choice, visible and hidden (to the attacker), in a game-theoretic setting.

Preliminaries
Basic Concepts from Game Theory
Quantitative Information Flow
An Illustrative Example
Visible and Hidden Choice Operators on Channels
Matrices, and Their Basic Operators
Channels, and Their Hidden and Visible Choice Operators
Properties of Hidden and Visible Choice Operators
Information Leakage Games
Defining Information Leakage Games
Comparing the Games
Related Work
Findings
Conclusion and Future Work

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.