Quantifying Vulnerability of Secret Generation Using Hyper-Distributions
From MaRDI portal
Publication:3304804
DOI10.1007/978-3-662-54455-6_2zbMATH Open1444.94039DBLPconf/post/AlvimMH17arXiv1701.04174OpenAlexW2602854785WikidataQ62042983 ScholiaQ62042983MaRDI QIDQ3304804FDOQ3304804
Authors:
Publication date: 3 August 2020
Published in: Lecture Notes in Computer Science (Search for Journal in Brave)
Abstract: Traditional approaches to Quantitative Information Flow (QIF) represent the adversary's prior knowledge of possible secret values as a single probability distribution. This representation may miss important structure. For instance, representing prior knowledge about passwords of a system's users in this way overlooks the fact that many users generate passwords using some strategy. Knowledge of such strategies can help the adversary in guessing a secret, so ignoring them may underestimate the secret's vulnerability. In this paper we explicitly model strategies as distributions on secrets, and generalize the representation of the adversary's prior knowledge from a distribution on secrets to an environment, which is a distribution on strategies (and, thus, a distribution on distributions on secrets, called a hyper-distribution). By applying information-theoretic techniques to environments we derive several meaningful generalizations of the traditional approach to QIF. In particular, we disentangle the vulnerability of a secret from the vulnerability of the strategies that generate secrets, and thereby distinguish security by aggregation--which relies on the uncertainty over strategies--from security by strategy--which relies on the intrinsic uncertainty within a strategy. We also demonstrate that, in a precise way, no further generalization of prior knowledge (e.g., by using distributions of even higher order) is needed to soundly quantify the vulnerability of the secret.
Full work available at URL: https://arxiv.org/abs/1701.04174
Recommendations
- On the Foundations of Quantitative Information Flow
- Quantitative information flow, with a view
- Quantitative information flow under generic leakage functions and adaptive adversaries
- Entropy and attack models in information flow (Invited talk)
- Recent developments in quantitative information flow (invited tutorial)
Cites Work
- A Mathematical Theory of Communication
- Title not available (Why is that?)
- Anonymity protocols as noisy channels
- Asymptotic information leakage under one-try attacks
- Assessing security threats of looping constructs
- Quantifying Information Leakage in Process Calculi
- On the Foundations of Quantitative Information Flow
- Quantification of integrity
- An axiomatization of information flow measures
- Compositional closure for Bayes risk in probabilistic noninterference
- Abstract channels and their robust information-leakage ordering
This page was built for publication: Quantifying Vulnerability of Secret Generation Using Hyper-Distributions
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q3304804)
