Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.

Published byScot Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008."— Presentation transcript:

1 Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008

2 Why do we care? Security is about controlling the flow of “information.” We need to consider “adversaries” and analyze what they can do. Adversaries may have access to lots of data and perform statistical analysis. Thus we need to think probabilistically.

3 What is information? A measure of uncertainty. Can we really analyze it quantitatively? What do the numerical values mean? Is it tied to “knowledge”? Is it subjective?

4 Uncertainty and Probability

5 The other end

6 Conveying Information

7 What do we want?

8 Entropy

9 Are there other candidates?

10 Grouping

11 A picture of grouping 1

12 Grouping Picture 2

13 What does it tell us?

14 What we really care about In security we want to know how to extract secret information from readily available data. We want to measure how information (uncertainty) about one quantity conveys information about another.

15 Random variables

16 Entropy of a Random Variable

17 Joint Entropy

18 Conditional Entropy

19 The Chain Rule

20 Mutual Information

21 How far apart are distributions ?

22 Relative Entropy

23 Relative Entropy and Mutual Information

24 Some basic properties

25 Channels

26 Channel Capacity

27 Binary Symmetric Channel

28 Coding Theorem

29 Capacity and Security We want to view protocols as channels: they transmit information. We would like our channels to be as bad as possible in transmitting information! Catuscia Palamidessi’s talk: Channel capacity as a measure of anonymity.

30 Capacity of What? Ira Moskowitz et. al. studied the capacity of a covert channel to measure how much information could be leaked out of a system by an agent with access to a covert channel. We are viewing the protocol itself as an abstract channel and thus adopting channel capacity as a quantitative measure of anonymity.

31 Basic Definitions A is the set of anonymous actions and A is a random variable over it; a typical action is “a”. O is the set of observable actions and O is a random variable over it; a typical action is “o” p(a,o) = p(a) * p(o|a) p(o|a) is a characteristic of the protocol; we design this p(a) is what an attacker wants to know.

32 Anonymity Protocol An anonymity protocol is a channel ( A,O, p(.|.)) The loss of anonymity is just the channel capacity

33 Sanity Check To what does capacity 0 correspond? It corresponds precisely to strong anonymity, i.e. to the statement that A and O are independent.

34 Relative Anonymity Sometimes we want something to be revealed; we do not want this to be seen as a flaw in the protocol. We need to conditionalize everything.

35 Conditional Mutual Information Suppose that we want to reveal R For example, in an election we want to reveal the total tallies while keeping secret who voted for whom. Since we want to reveal R by design we can view it as an additional observable.

36

37 An Example: Elections The actions are of the form “i votes for c” Suppose that there are two candidates, “c” and “d”; clearly we want to reveal the number of votes for “c” [everyone votes for exactly one candidate]. Then the values of R are exactly the number of votes for “c.” The observable event is a scrambled list of all the votes.

38 Partitions This is a very special case: the hidden event, i.e. the complete description of who voted for whom, determines the value “r” of R. The observable event also completely determines “r”. Thus each value “r” produces partitions of the hidden values and of the observable values.

39

40 Computing the Capacity There is no simple (analytic) formula for the channel capacity. There are various special symmetric cases known; see the paper. Recently Keye Martin has shown that channels can be ordered as a domain and that capacity is Scott continuous on this domain. These results have been extended by Chatzikokolakis with Keye.

41 Conclusions Information theory is a rich and powerful way to analyze probabilistic protocols. A wealth of work to be done given how hard it is to compute anything exactly. All kinds of beautiful mathematics: convexity theory, domain theory in addition to traditional information theory.

Download ppt "Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008."

Similar presentations

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
Week 11 Review: Statistical Model A statistical model for some data is a set of distributions, one of which corresponds to the true unknown distribution.

Week 11 Review: Statistical Model A statistical model for some data is a set of distributions, one of which corresponds to the true unknown distribution.
Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom.

Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom.
Structural Reliability Analysis – Basics

Structural Reliability Analysis – Basics
Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi

Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi
Chain Rules for Entropy

Chain Rules for Entropy
Chapter 6 Information Theory

Chapter 6 Information Theory
COVERT MULTI-PARTY COMPUTATION YINMENG ZHANG ALADDIN REU 2005 LUIS VON AHN MANUEL BLUM.

COVERT MULTI-PARTY COMPUTATION YINMENG ZHANG ALADDIN REU 2005 LUIS VON AHN MANUEL BLUM.
For stimulus s, have estimated s est Bias: Cramer-Rao bound: Mean square error: Variance: Fisher information How good is our estimate? (ML is unbiased:

For stimulus s, have estimated s est Bias: Cramer-Rao bound: Mean square error: Variance: Fisher information How good is our estimate? (ML is unbiased:
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Probabilistic thinking – part 1 Nur Aini Masruroh.

Probabilistic thinking – part 1 Nur Aini Masruroh.
Fundamental limits in Information Theory Chapter 10 :

Fundamental limits in Information Theory Chapter 10 :
Information Theory and Security pt. 2. Lecture Motivation Previous lecture talked about a way to measure “information”. In this lecture, our objective.

Information Theory and Security pt. 2. Lecture Motivation Previous lecture talked about a way to measure “information”. In this lecture, our objective.
Information Theory and Security. Lecture Motivation Up to this point we have seen: –Classical Crypto –Symmetric Crypto –Asymmetric Crypto These systems.

Information Theory and Security. Lecture Motivation Up to this point we have seen: –Classical Crypto –Symmetric Crypto –Asymmetric Crypto These systems.
Chapter 7: Variation in repeated samples – Sampling distributions

Chapter 7: Variation in repeated samples – Sampling distributions
Inferences About Process Quality

Inferences About Process Quality
Information Theory and Security

Information Theory and Security
EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.
§1 Entropy and mutual information

§1 Entropy and mutual information
2. Mathematical Foundations

2. Mathematical Foundations

Similar presentations

Ads by Google