Bounds on the Leakage of the Input’s Distribution in Information-Hiding Protocols

  • Abhishek Bhowmick
  • Catuscia Palamidessi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5474)


In information-hiding, an adversary that tries to infer the secret information has a higher probability of success if it knows the distribution on the secrets. We show that if the system leaks probabilistically some information about the secrets, (that is, if there is a probabilistic correlation between the secrets and some observables) then the adversary can approximate such distribution by repeating the observations. More precisely, it can approximate the distribution on the observables by computing their frequencies, and then derive the distribution on the secrets by using the correlation in the inverse direction. We illustrate this method, and then we study the bounds on the approximation error associated with it, for various natural notions of error. As a case study, we apply our results to Crowds, a protocol for anonymous communication.


Noisy Channel Covert Channel Anonymous Communication Hide Event USENIX Security Symposium 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bhargava, M., Palamidessi, C.: Probabilistic anonymity. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 171–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Chatzikokolakis, K., Martin, K.: A monotonicity principle for information theory. In: Proceedings of the Twenty-fourth Conference on the Mathematical Foundations of Programming Semantics (to appear, 2008)Google Scholar
  3. 3.
    Chatzikokolakis, K., Palamidessi, C.: Probable innocence revisited. Theoretical Computer Science 367(1-2), 123–138 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Probability of error in information-hiding protocols. In: Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF 20), pp. 341–354. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  5. 5.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Information and Computation 206(2–4), 378–401 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  8. 8.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative analysis of the leakage of confidential data. In: Proc. of QAPL 2001. Electr. Notes Theor. Comput. Sci., vol. 59(3), pp. 238–251. Elsevier Science B.V., Amsterdam (2001)Google Scholar
  9. 9.
    Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. In: Proc. of QAPL 2004. Electr. Notes Theor. Comput. Sci., vol. 112, pp. 149–166. Elsevier Science B.V., Amsterdam (2005)Google Scholar
  10. 10.
    Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. Journal of Computer Security (to appear, 2008); available as Cornell Computer Science Department Technical Report TR 2007-207Google Scholar
  11. 11.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. John Wiley & Sons, Inc., Chichester (1991)CrossRefzbMATHGoogle Scholar
  12. 12.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  14. 14.
    Freedman, M.J., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC (November 2002)Google Scholar
  15. 15.
    Gray III, J.W.: Toward a mathematical foundation for information flow security. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy (SSP 1991), Washington, Brussels, Tokyo, pp. 21–35. IEEE, Los Alamitos (1991)CrossRefGoogle Scholar
  16. 16.
    Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. Journal of Computer Security 13(3), 483–512 (2005)CrossRefGoogle Scholar
  17. 17.
    Lowe, G.: Quantifying information flow. In: Proc. of CSFW 2002, pp. 18–31. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  18. 18.
    Malacaria, P.: Assessing security threats of looping constructs. In: Hofmann, M., Felleisen, M. (eds.) Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2007, Nice, France, pp. 225–235. ACM, New York (2007)Google Scholar
  19. 19.
    McLean, J.: Security models and information flow. In: SSP 1990, pp. 180–189. IEEE, Los Alamitos (1990)Google Scholar
  20. 20.
    Moskowitz, I.S., Newman, R.E., Crepeau, D.P., Miller, A.R.: Covert channels and anonymizing networks. In: Jajodia, S., Samarati, P., Syverson, P.F. (eds.) WPES, pp. 79–88. ACM, New York (2003)Google Scholar
  21. 21.
    Moskowitz, I.S., Newman, R.E., Syverson, P.F.: Quasi-anonymous channels. In: IASTED CNIS, pp. 126–131 (2003)Google Scholar
  22. 22.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  23. 23.
    Santhi, N., Vardy, A.: On an improvement over Rényi’s equivocation bound. In: 44th Annual Allerton Conference on Communication, Control, and Computing (September 2006),
  24. 24.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Shmatikov, V.: Probabilistic model checking of an anonymity system. Journal of Computer Security 12(3/4), 355–377 (2004)CrossRefzbMATHGoogle Scholar
  26. 26.
    Smith, G.: Adversaries and information leaks (Tutorial). In: Barthe, G., Fournet, C. (eds.) TGC 2007. LNCS, vol. 4912, pp. 383–400. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 44–54 (1997)Google Scholar
  28. 28.
    Tijms, H.: Understanding Probability: Chance Rules in Everyday Life. Cambridge University Press, Cambridge (2007)CrossRefzbMATHGoogle Scholar
  29. 29.
    Zhu, Y., Bettati, R.: Anonymity vs. information leakage in anonymity systems. In: Proc. of ICDCS, pp. 514–524. IEEE Computer Society, Los Alamitos (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Abhishek Bhowmick
    • 1
  • Catuscia Palamidessi
    • 2
  1. 1.Computer Science and EngineeringIIT KanpurIndia
  2. 2.INRIA Saclay and LIXEcole PolytechniqueFrance

Personalised recommendations