Hostname: page-component-77c78cf97d-sp94z Total loading time: 0 Render date: 2026-04-24T14:30:32.871Z Has data issue: false hasContentIssue false
  • English
  • Français

Quantifying information flow in cryptographic systems

Published online by Cambridge University Press:  10 November 2014

MICHAEL BACKES  and
BORIS KÖPF
MICHAEL BACKES
Affiliation:
Saarland University and MPI-SWS, Saarbrücken, Germany Email: backes@mpi-sws.org
BORIS KÖPF
Affiliation:
IMDEA Software Institute, Madrid, Spain Email: boris.koepf@imdea.org
Get access Rights & Permissions [Opens in a new window]

Abstract

We provide a novel definition of quantitative information flow, called transmissible information, that is suitable for reasoning about informational-theoretically secure (or non-cryptographic) systems, as well as about cryptographic systems with their polynomially bounded adversaries, error probabilities, etc. Transmissible information captures deliberate communication between two processes, and it safely over-approximates the quantity of information that a process unintentionally leaks to another process.

We show that transmissible information is preserved under universal composability, which constitutes the prevalent cryptographic notion of a secure implementation. This result enables us to lift quantitative bounds of transmissible information from simple ideal functionalities of cryptographic tasks to actual cryptographic systems.

We furthermore prove a connection between transmissible information in the unconditional setting and channel capacity, based on the weak converse of Shannon's coding theorem. This connection enables us to compute an upper bound on the transmissible information for a restricted class of protocols, using existing techniques from quantitative information flow.

Information

Type
Special Issue: Quantitative Information Flow
Information
Mathematical Structures in Computer Science , Volume 25 , Issue 2: Quantitative Information Flow , February 2015 , pp. 457 - 479
Copyright
Copyright © Cambridge University Press 2014 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Article purchase

Temporarily unavailable

References

Arimoto, S. (1973) On the converse to the coding theorem for discrete memoryless channels. IEEE Transactions Information Theory 19 357359.CrossRefGoogle Scholar
Backes, M. (2005) Quantifying probabilistic information flow in computational reactive systems. In: Proceedings 10th European Symposium on Research in Computer Security (ESORICS). Springer Lecture Notes in Computer Science 3679 336354.Google Scholar
Backes, M., Köpf, B. and Rybalchenko, A. (2009) Automatic discovery and quantification of information leaks. In: Proceedings 30th IEEE Symposium on Security and Privacy (SSP), IEEE Computer Society 141153.Google Scholar
Backes, M. and Pfitzmann, B. (2002) Computational probabilistic non-interference. In: Proceedings of 7th European Symposium on Research in Computer Security (ESORICS). Springer Lecture Notes in Computer Science 2502 123.Google Scholar
Backes, M. and Pfitzmann, B. (2003) Intransitive non-interference for cryptographic purposes. In: Proceedings 24th IEEE Symposium on Security & Privacy 140–152.Google Scholar
Backes, M., Pfitzmann, B. and Waidner, M. (2007) The reactive simulatability (RSIM) framework for asynchronous systems. Information and Computation 205 (12)16851720.Google Scholar
Canetti, R. (2001) Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings 42nd IEEE Symposium on Foundations of Computer Science (FOCS) 136–145. (Extended version in Cryptology ePrint Archive, Report 2000/67, also available at http://eprint.iacr.org/.)Google Scholar
Chatzikokolakis, K., Chothia, T. and Guha, A. (2010) Statistical measurement of information leakage. In: 16th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Springer Lecture Notes in Computer Science 6015 390404.Google Scholar
Clark, D., Hunt, S. and Malacaria, P. (2005) Quantitative information flow, relations and polymorphic types. Journal of Logic and Computation 18 (2)181199.Google Scholar
Clark, D., Hunt, S. and Malacaria, P. (2007) A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15 (3)321371.Google Scholar
Cover, T. M. and Thomas, J. A. (2006) Elements of Information Theory, 2nd edition, Wiley.Google Scholar
Diggavi, S. N. and Grossglauser, M. (2006) On information transmission over a finite buffer channel. IEEE Transactions on Information Theory 52 (3)12261237.Google Scholar
Datta, A., Küsters, R., Mitchell, J. C. and Ramanathan, A. (2008) On the relationships between notions of simulation-based security. Journal of Cryptology 21 (4)492546.Google Scholar
Fournet, C., Le Guernic, G. and Rezk, T. (2009) A security-preserving compiler for distributed programs: From information-flow policies to cryptographic mechanisms. In: Proceedings ACM Conference on Computer and Communications Security (CCS), ACM Press 432441.Google Scholar
Fournet, C. and Rezk, T. (2008) Cryptographically sound implementations for typed information-flow security. In: Proceedings 35th ACM Symposium on Principles of Programming Languages (POPL), ACM Press 323335.Google Scholar
Gallager, R. G. (1968) Information Theory and Reliable Communication, John Wiley and Sons, Inc.Google Scholar
Goldwasser, S. and Micali, S. (1984) Probabilistic encryption. Journal of Computer and System Sciences 28 270299.Google Scholar
Gray, J. W. (1992) Toward a mathematical foundation for information flow security. Journal of Computer Security 1 (3–4)255294.Google Scholar
Heusser, J. and Malacaria, P. (2010) Quantifying information leaks in software. In: 26th Annual Computer Security Applications Conference, (ACSAC), ACM 261269.Google Scholar
Kieffer, J. C. (1974) A lower bound on the probability of decoding error for the finite-state channel. IEEE Trans. Information Theory 20 549551.Google Scholar
Köpf, B. and Rybalchenko, A. (2010) Approximation and randomization for quantitative information-flow analysis. In: Proceedings 23rd IEEE Computer Security Foundations Symposium (CSF), IEEE 314.Google Scholar
Köpf, B. and Smith, G. (2010) Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: Proceedings 23rd IEEE Computer Security Foundations Symposium (CSF), IEEE 4456.Google Scholar
Laud, P. (2001) Semantics and program analysis of computationally secure information flow. In: Proceedings 10th European Symposium on Programming (ESOP) 77–91.Google Scholar
Lowe, G. (2002) Quantifying information flow. In: Proceedings IEEE Computer Security Foundations Workshop (CSFW), IEEE Computer Society 1831.CrossRefGoogle Scholar
Malacaria, P. (2007) Assessing security threats of looping constructs. In: Proceedings of ACM Symposium on Principles of Programming Languages (POPL '07), ACM Press, 225235.Google Scholar
McCamant, S. and Ernst, M. D. (2008) Quantitative information flow as network flow capacity. In: Proceedings Conference on Programming Language Design and Implementation (PLDI) 193–205.Google Scholar
Meng, Z. and Smith, G. (2011) Calculating bounds on information leakage using two-bit patterns. In: 6th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS).Google Scholar
Millen, J. K. (1987) Covert channel capacity. In: Proceedings IEEE Symposium on Security and Privacy (S&P), IEEE Computer Society 6066.Google Scholar
Pfitzmann, B. and Waidner, M. (2001) A model for asynchronous reactive systems and its application to secure message transmission. In: Proceedings 22nd IEEE Symposium on Security and Privacy 184–200. (Extended version of the model (with Michael Backes) IACR Cryptology ePrint Archive 2004/082, http://eprint.iacr.org/.)Google Scholar
Shannon, C. E. (1948) A mathematical theory of communication. Bell System Technical Journal 27 379423 and 623–656.Google Scholar
Sabelfeld, A. and Sands, D. (2009) Declassification: Dimensions and principles. Journal of Computer Security 17 (5)517548.Google Scholar
Vaughan, J. A. and Chong, S. (2011) Inference of expressive declassification policies. In: 32nd IEEE Symposium on Security and Privacy (S&P), IEEE 180195.Google Scholar
Volpano, D. (2000) Secure introduction of one-way functions. In: Proceedings 13th IEEE Computer Security Foundations Workshop (CSFW) 246–254.Google Scholar
Wittbold, J. T. and Johnson, D. M. (1990) Information flow in nondeterministic systems. In: Proceedings IEEE Symposium on Security and Privacy (S&P'90), IEEE Computer Society 144161.Google Scholar