Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems...
Transcript of Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems...
![Page 1: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/1.jpg)
Theorem-proving Privacy and Anonymity
Yoshinobu KAWABENTT Communication Science Laboratories
NTT Corporation
![Page 2: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/2.jpg)
References
• Simulation-based proof method of privacy/anonymity– Y. Kawabe, K. Mano, H. Sakurada and Y. Tsukada
Theorem-proving anonymity of infinite state systemsInformation Processing Letters, vol. 101, No.1, 2007
– Y. Kawabe, K. Mano, H. Sakurada and Y. TsukadaBackward simulations for anonymityWITS ’06 (Full version: submitted for journal publication)
– I. Hasuo and Y. KawabeProbabilistic anonymity via coalgebraic simulationsSubmitted for publication
![Page 3: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/3.jpg)
Online privacyOnline anonymity
is attracting growing
• Threats– ISPs in EU are forced to keep logs of your web access
• Public concerns– You don’t care?
• Research interest– See Anonymity Bibliography
http://freehaven.net/anonbib/
– No decisive definition for “privacy”, “anonymity”, etc.
![Page 4: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/4.jpg)
Overview of this talk
A formal definition of anonymity which isbased on traces[ESORICS ’96, Schneider & Sidiropoulos]
• Simulation-based proof methodfor trace anonymity
• Theorem-proving anonymity
Proving trace inclusion by simulation[Lynch & Vaandrager]
![Page 5: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/5.jpg)
Contents
• A method to prove anonymity (=privacy)
• Formalization of anonymity
& anonymous simulation technique
• Theorem-proving anonymity/privacy
• Crowds protocol
![Page 6: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/6.jpg)
What is anonymity?
• Nobody can know “who it is”.
• Key notion: Principle of confusion
Who?
![Page 7: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/7.jpg)
What is anonymity?
• Nobody can know “who it is”.
• Key notion: Principle of confusion
Who?
Adversary’s viewpointThis person looks like Kawabe … but his faceis hidden. This personmight not be Kawabe.
![Page 8: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/8.jpg)
What is anonymity?
• Nobody can know “who it is”.
• Key notion: Principle of confusion
Who?
Can youfind me?
Releasingsea turtles
The guys on this photo are too small ! I cannot recognize Kawabe!
Adversary’s viewpointThis person looks like Kawabe … but his faceis hidden. This personmight not be Kawabe.
![Page 9: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/9.jpg)
Alice
BobBob
Alice
“Trace” anonymity[Schneider&Sidiropoulos, ESORICS’96]
• Anonymous donation as an exampleX X’
![Page 10: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/10.jpg)
Alice
BobBob
Alice: actor action
(invisible foradversary)
: observable action
Alice
Are these protocols anonymous?
“Trace” anonymity[Schneider&Sidiropoulos, ESORICS’96]
• Anonymous donation as an exampleX X’
![Page 11: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/11.jpg)
Alice
BobBob
Alice
Anonymous! Not anonymous!
“Trace” anonymity[Schneider&Sidiropoulos, ESORICS’96]
• Anonymous donation as an exampleX X’
![Page 12: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/12.jpg)
Alice
BobBob
Alice
Anonymous! Not anonymous!
“Trace” anonymity[Schneider&Sidiropoulos, ESORICS’96]
• Anonymous donation as an exampleX X’
Definition (Trace anonymity)
BobChris
Alice
Observationcan be attributed to anybody (confusion!)
![Page 13: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/13.jpg)
• Binary relation as over states(X)1. Initial state condition: as(s, s) for any s ∈ start(X)2. Step correspondence condition:
How to prove anonymity?--- Find an anonymous simulation!
as1 s2
t1
(Case 1) a is an actor action (Case 2) a is not an actor action
a’
s2
t2t1 ∃∀
implies
as
as
as1 s2
t1
a
s2
t2t1 ∃
implies
as
as
![Page 14: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/14.jpg)
Soundness of the technique
• An anonymous simulation is a simulation from anonym(X) to X.[Thm] ∃simulation from X to Y ⇒ traces(X)⊆traces(Y).
[Lynch and Vaandrager, Inform.&Comput. 1995]
X
Bob
Alice
Bob
Aliceanonym(X)
BobAlice
![Page 15: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/15.jpg)
Soundness of the technique
• An anonymous simulation is a simulation from anonym(X) to X.[Thm] ∃simulation from X to Y ⇒ traces(X)⊆traces(Y).
[Lynch and Vaandrager, Inform.&Comput. 1995]
X
Bob
Alice
Bob
Aliceanonym(X)
BobAlice
“anonymized” version of X(trivially anonymous)
![Page 16: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/16.jpg)
Soundness of the technique
• An anonymous simulation is a simulation from anonym(X) to X.[Thm] ∃simulation from X to Y ⇒ traces(X)⊆traces(Y).
[Lynch and Vaandrager, Inform.&Comput. 1995]
X
Bob
Alice
Bob
Aliceanonym(X)
BobAlice
“anonymized” version of X(trivially anonymous)
traces(X)⊆traces(anonym(X)) is trivial.⇒ traces(X) = traces(anonym(X)) holds!
![Page 17: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/17.jpg)
Contents
• A method to prove anonymity (=privacy)
• Formalization of anonymity
& anonymous simulation technique
• Theorem-proving anonymity/privacy
• Crowds protocol
![Page 18: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/18.jpg)
An example: Crowds[Reiter & Rubin, ACM Trans. 1998]
• Comm. system for anonymous web access
CrowdsNext agent is chosenrandomly.
Web site
Initiator
![Page 19: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/19.jpg)
An example: Crowds[Reiter & Rubin, ACM Trans. 1998]
• Comm. system for anonymous web access
CrowdsNext agent is chosenrandomly.
Initiator
Forwardersmight be “corrupt”
reporting
Adversary
observe
Anonymous = the adversary cannot know the initiator.
Web site
![Page 20: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/20.jpg)
Theorem-proving anonymity of the Crowds example
• Steps– Specify the system in IOA language which is a
formal specification language based I/O-automaton
– Translate the specification into LP’s language ---first-order logic formulae --- with IOA-Toolkit
– Prove anonymity with Larch Prover by proving there is an anonymous simulation
![Page 21: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/21.jpg)
IOA language
• Formal specification language based on I/O-automaton– I/O-automaton (N. Lynch): formal system to describe
and analyze distributed algorithms
• Formalization of distributed algorithms in IOA– Actions: precondition-effect style (i.e. if ~ then ~)
– Data: (many-sorted) equational theory• LSL (Larch Specification Language)
![Page 22: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/22.jpg)
Specification of Crowds
CrowdsNext agent is chosenrandomly.
Initiator
Forwardersmight be “corrupt”
reporting
Adversary
observe
Forwardersmight be “corrupt”
reporting
Adversary
observe
Web site
![Page 23: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/23.jpg)
IOA-Toolkit
• Collection of formal verification tools for distributed systems
ioaCheckil2lsl.ioa .lsl
.lsl
lsl .lp
Sourcefile
Libraries
Target file
Compiling .ioa into .lp with IOA-Toolkit
LarchProver
Prove anonymity
![Page 24: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/24.jpg)
Theorem-proving anonymity
• Introducing a candidate relation
• Proving that as is an anonymous simulation
Step correspondence condition(for actor actions)
Initial state condition
![Page 25: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/25.jpg)
Conclusion
• A technique to theorem-prove anonymity of security protocols– Simulation technique for trace-based anonymity
• Example– Crowds
![Page 26: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/26.jpg)
Coming soon withtheorem provers
![Page 27: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/27.jpg)
Ongoing work
• Simulation-based proof techniques for probabilistic anonymity– Conditional anonymity (with Ichiro Hasuo)
• With coalgebras, our method is extended.
– Probable innocence (with Hideki Sakurada and Ichiro Hasuo)
• Verifying anonymity for protocols in the presence of intruders
![Page 28: Theorem-proving Privacy and Anonymity...Theorem-proving anonymity of infinite state systems Information Processing Letters, vol. 101, No.1, 2007 – Y. Kawabe, K. Mano, H. Sakurada](https://reader030.fdocuments.in/reader030/viewer/2022041023/5ed471c70487225443128187/html5/thumbnails/28.jpg)
Questions?