Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on...
-
Upload
scot-gibbs -
Category
Documents
-
view
213 -
download
0
Transcript of Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on...
![Page 1: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/1.jpg)
Information Theory and Security
Prakash PanangadenMcGill University
First Canada-France Workshop on Foundations and Practice of Security
Montréal 2008
![Page 2: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/2.jpg)
Why do we care?• Security is about controlling the
flow of “information.”
• We need to consider “adversaries” and analyze what they can do.
• Adversaries may have access to lots of data and perform statistical analysis.
• Thus we need to think probabilistically.
![Page 3: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/3.jpg)
What is information?
• A measure of uncertainty.
• Can we really analyze it quantitatively?
• What do the numerical values mean?
• Is it tied to “knowledge”?
• Is it subjective?
![Page 4: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/4.jpg)
Uncertainty and Probability
![Page 5: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/5.jpg)
The other end
![Page 6: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/6.jpg)
Conveying Information
![Page 7: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/7.jpg)
What do we want?
![Page 8: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/8.jpg)
Entropy
![Page 9: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/9.jpg)
Are there other candidates?
![Page 10: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/10.jpg)
Grouping
![Page 11: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/11.jpg)
A picture of grouping 1
![Page 12: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/12.jpg)
Grouping Picture 2
![Page 13: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/13.jpg)
What does it tell us?
![Page 14: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/14.jpg)
What we really care about
• In security we want to know how to extract secret information from readily available data.
• We want to measure how information (uncertainty) about one quantity conveys information about another.
![Page 15: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/15.jpg)
Random variables
![Page 16: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/16.jpg)
Entropy of a Random Variable
![Page 17: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/17.jpg)
Joint Entropy
![Page 18: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/18.jpg)
Conditional Entropy
![Page 19: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/19.jpg)
The Chain Rule
![Page 20: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/20.jpg)
Mutual Information
![Page 21: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/21.jpg)
How far apart are distributions ?
![Page 22: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/22.jpg)
Relative Entropy
![Page 23: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/23.jpg)
Relative Entropy and Mutual Information
![Page 24: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/24.jpg)
Some basic properties
![Page 25: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/25.jpg)
Channels
![Page 26: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/26.jpg)
Channel Capacity
![Page 27: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/27.jpg)
Binary Symmetric Channel
![Page 28: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/28.jpg)
Coding Theorem
![Page 29: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/29.jpg)
Capacity and Security• We want to view protocols as
channels: they transmit information.
• We would like our channels to be as bad as possible in transmitting information!
• Catuscia Palamidessi’s talk: Channel capacity as a measure of anonymity.
![Page 30: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/30.jpg)
Capacity of What?• Ira Moskowitz et. al. studied the
capacity of a covert channel to measure how much information could be leaked out of a system by an agent with access to a covert channel.
• We are viewing the protocol itself as an abstract channel and thus adopting channel capacity as a quantitative measure of anonymity.
![Page 31: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/31.jpg)
Basic Definitions• A is the set of anonymous actions
and A is a random variable over it; a typical action is “a”.
• O is the set of observable actions and O is a random variable over it; a typical action is “o”
• p(a,o) = p(a) * p(o|a)
• p(o|a) is a characteristic of the protocol; we design this
• p(a) is what an attacker wants to know.
![Page 32: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/32.jpg)
Anonymity Protocol
• An anonymity protocol is a channel (A,O,p(.|.))
• The loss of anonymity is just the channel capacity
![Page 33: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/33.jpg)
Sanity Check
• To what does capacity 0 correspond?
• It corresponds precisely to strong anonymity, i.e. to the statement that A and O are independent.
![Page 34: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/34.jpg)
Relative Anonymity
• Sometimes we want something to be revealed; we do not want this to be seen as a flaw in the protocol.
• We need to conditionalize everything.
![Page 35: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/35.jpg)
Conditional Mutual Information
• Suppose that we want to reveal R
• For example, in an election we want to reveal the total tallies while keeping secret who voted for whom.
• Since we want to reveal R by design we can view it as an additional observable.
![Page 36: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/36.jpg)
![Page 37: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/37.jpg)
An Example: Elections
• The actions are of the form “i votes for c”
• Suppose that there are two candidates, “c” and “d”; clearly we want to reveal the number of votes for “c” [everyone votes for exactly one candidate].
• Then the values of R are exactly the number of votes for “c.”
• The observable event is a scrambled list of all the votes.
![Page 38: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/38.jpg)
Partitions• This is a very special case: the
hidden event, i.e. the complete description of who voted for whom, determines the value “r” of R.
• The observable event also completely determines “r”.
• Thus each value “r” produces partitions of the hidden values and of the observable values.
![Page 39: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/39.jpg)
![Page 40: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/40.jpg)
Computing the Capacity• There is no simple (analytic)
formula for the channel capacity.
• There are various special symmetric cases known; see the paper.
• Recently Keye Martin has shown that channels can be ordered as a domain and that capacity is Scott continuous on this domain. These results have been extended by Chatzikokolakis with Keye.
![Page 41: Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.](https://reader038.fdocuments.in/reader038/viewer/2022110400/56649ddb5503460f94ad2096/html5/thumbnails/41.jpg)
Conclusions• Information theory is a rich and
powerful way to analyze probabilistic protocols.
• A wealth of work to be done given how hard it is to compute anything exactly.
• All kinds of beautiful mathematics: convexity theory, domain theory in addition to traditional information theory.