Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.

Slides:

Advertisements

Similar presentations

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.

Advertisements

Week 11 Review: Statistical Model A statistical model for some data is a set of distributions, one of which corresponds to the true unknown distribution.

Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom.

Structural Reliability Analysis – Basics

Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi

Chain Rules for Entropy

Chapter 6 Information Theory

COVERT MULTI-PARTY COMPUTATION YINMENG ZHANG ALADDIN REU 2005 LUIS VON AHN MANUEL BLUM.

For stimulus s, have estimated s est Bias: Cramer-Rao bound: Mean square error: Variance: Fisher information How good is our estimate? (ML is unbiased:

Session 4 Asymmetric ciphers.

Probabilistic thinking – part 1 Nur Aini Masruroh.

Fundamental limits in Information Theory Chapter 10 :

Information Theory and Security pt. 2. Lecture Motivation Previous lecture talked about a way to measure “information”. In this lecture, our objective.

Information Theory and Security. Lecture Motivation Up to this point we have seen: –Classical Crypto –Symmetric Crypto –Asymmetric Crypto These systems.

Chapter 7: Variation in repeated samples – Sampling distributions

Inferences About Process Quality

Information Theory and Security

EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

§1 Entropy and mutual information

2. Mathematical Foundations

INFORMATION THEORY BYK.SWARAJA ASSOCIATE PROFESSOR MREC.

Copyright © Cengage Learning. All rights reserved. CHAPTER 11 ANALYSIS OF ALGORITHM EFFICIENCY ANALYSIS OF ALGORITHM EFFICIENCY.

An Information Theory based Modeling of DSMLs Zekai Demirezen 1, Barrett Bryant 1, Murat M. Tanik 2 1 Department of Computer and Information Sciences,

Copyright © 2010, 2007, 2004 Pearson Education, Inc. All Rights Reserved Section 10-3 Regression.

Sets, Combinatorics, Probability, and Number Theory Mathematical Structures for Computer Science Chapter 3 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProbability.

Sets, Combinatorics, Probability, and Number Theory Mathematical Structures for Computer Science Chapter 3 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesProbability.

Sampling Theory Determining the distribution of Sample statistics.

A Few Simple Applications to Cryptography Louis Salvail BRICS, Aarhus University.

BUSINESS MATHEMATICS AND STATISTICS THE ADDITION AND THE MULTIPLICATION THEOREM OF PROBABILITY A PRESENTATION ON.

Entropy and the Second Law Lecture 2. Getting to know Entropy Imagine a box containing two different gases (for example, He and Ne) on either side of.

Introduction to Probability Theory March 24, 2015 Credits for slides: Allan, Arms, Mihalcea, Schutze.

Lecture 9. If X is a discrete random variable, the mean (or expected value) of X is denoted μ X and defined as μ X = x 1 p 1 + x 2 p 2 + x 3 p 3 + ∙∙∙

Chapter 6 Lecture 3 Sections: 6.4 – 6.5.

Channel Capacity.

Epistemic Strategies and Games on Concurrent Processes Prakash Panangaden: Oxford University (on leave from McGill University). Joint work with Sophia.

Summer 2004CS 4953 The Hidden Art of Steganography A Brief Introduction to Information Theory  Information theory is a branch of science that deals with.

Statistics - methodology for collecting, analyzing, interpreting and drawing conclusions from collected data Anastasia Kadina GM presentation 6/15/2015.

An Analysis of Parallel Mixing with Attacker-Controlled Inputs Nikita Borisov formerly of UC Berkeley.

Probability Lecture 2. Probability Why did we spend last class talking about probability? How do we use this?

Dr. Ahmed Abdelwahab Introduction for EE420. Probability Theory Probability theory is rooted in phenomena that can be modeled by an experiment with an.

University of Massachusetts Amherst · Department of Computer Science Square Root Law for Communication with Low Probability of Detection on AWGN Channels.

Probabilistic Anonymity Mohit Bhargava, IIT New Delhi Catuscia Palamidessi, INRIA Futurs & LIX.

Paris, 17 December 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 14 Application of probabilistic process calculi to security Catuscia.

Reserve Uncertainty 1999 CLRS by Roger M. Hayne, FCAS, MAAA Milliman & Robertson, Inc.

Basic Concepts of Information Theory Entropy for Two-dimensional Discrete Finite Probability Schemes. Conditional Entropy. Communication Network. Noise.

SAMPLING DISTRIBUTION OF MEANS & PROPORTIONS. PPSS The situation in a statistical problem is that there is a population of interest, and a quantity or.

Chapter 6 Lecture 3 Sections: 6.4 – 6.5. Sampling Distributions and Estimators What we want to do is find out the sampling distribution of a statistic.

Presented by Minkoo Seo March, 2006

Quantification of Integrity Michael Clarkson and Fred B. Schneider Cornell University IEEE Computer Security Foundations Symposium July 17, 2010.

R.Kass/F02 P416 Lecture 1 1 Lecture 1 Probability and Statistics Introduction: l The understanding of many physical phenomena depend on statistical and.

STA347 - week 91 Random Vectors and Matrices A random vector is a vector whose elements are random variables. The collective behavior of a p x 1 random.

Warsaw Summer School 2015, OSU Study Abroad Program Normal Distribution.

Belief in Information Flow Michael Clarkson, Andrew Myers, Fred B. Schneider Cornell University 18 th IEEE Computer Security Foundations Workshop June.

Statistical NLP: Lecture 4 Mathematical Foundations I: Probability Theory (Ch2)

General Analysis Procedure and Calculator Policy Calculator Policy.

Sampling Theory Determining the distribution of Sample statistics.

Chapter 1 Introduction 1-1. Learning Objectives  To learn the basic definitions used in statistics and some of its key concepts.  To obtain an overview.

Dr. Michael Nasief 1. MathematicsMeasure TheoryProbability TheoryRandom Process theory 2.

Statistica /Statistics Statistics is a discipline that has as its goal the study of quantity and quality of a particular phenomenon in conditions of.

Chapter 6 INFERENTIAL STATISTICS I: Foundations and sampling distribution.

Of Probability & Information Theory

Probability Topics Random Variables Joint and Marginal Distributions

Statistical NLP: Lecture 4

COnDITIONAL Probability

Sampling Distributions (§ )

Information Theoretical Analysis of Digital Watermarking

Debate issues Sabine Mendes Lima Moura Issues in Research Methodology

Chapter 5 – Probability Rules

A Light-weight Oblivious Transfer Protocol Based on Channel Noise

Fundamental Sampling Distributions and Data Descriptions

Presentation transcript:

Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008

Why do we care? Security is about controlling the flow of “information.” We need to consider “adversaries” and analyze what they can do. Adversaries may have access to lots of data and perform statistical analysis. Thus we need to think probabilistically.

What is information? A measure of uncertainty. Can we really analyze it quantitatively? What do the numerical values mean? Is it tied to “knowledge”? Is it subjective?

Uncertainty and Probability

The other end

Conveying Information

What do we want?

Entropy

Are there other candidates?

Grouping

A picture of grouping 1

Grouping Picture 2

What does it tell us?

What we really care about In security we want to know how to extract secret information from readily available data. We want to measure how information (uncertainty) about one quantity conveys information about another.

Random variables

Entropy of a Random Variable

Joint Entropy

Conditional Entropy

The Chain Rule

Mutual Information

How far apart are distributions ?

Relative Entropy

Relative Entropy and Mutual Information

Some basic properties

Channels

Channel Capacity

Binary Symmetric Channel

Coding Theorem

Capacity and Security We want to view protocols as channels: they transmit information. We would like our channels to be as bad as possible in transmitting information! Catuscia Palamidessi’s talk: Channel capacity as a measure of anonymity.

Capacity of What? Ira Moskowitz et. al. studied the capacity of a covert channel to measure how much information could be leaked out of a system by an agent with access to a covert channel. We are viewing the protocol itself as an abstract channel and thus adopting channel capacity as a quantitative measure of anonymity.

Basic Definitions A is the set of anonymous actions and A is a random variable over it; a typical action is “a”. O is the set of observable actions and O is a random variable over it; a typical action is “o” p(a,o) = p(a) * p(o|a) p(o|a) is a characteristic of the protocol; we design this p(a) is what an attacker wants to know.

Anonymity Protocol An anonymity protocol is a channel ( A,O, p(.|.)) The loss of anonymity is just the channel capacity

Sanity Check To what does capacity 0 correspond? It corresponds precisely to strong anonymity, i.e. to the statement that A and O are independent.

Relative Anonymity Sometimes we want something to be revealed; we do not want this to be seen as a flaw in the protocol. We need to conditionalize everything.

Conditional Mutual Information Suppose that we want to reveal R For example, in an election we want to reveal the total tallies while keeping secret who voted for whom. Since we want to reveal R by design we can view it as an additional observable.

An Example: Elections The actions are of the form “i votes for c” Suppose that there are two candidates, “c” and “d”; clearly we want to reveal the number of votes for “c” [everyone votes for exactly one candidate]. Then the values of R are exactly the number of votes for “c.” The observable event is a scrambled list of all the votes.

Partitions This is a very special case: the hidden event, i.e. the complete description of who voted for whom, determines the value “r” of R. The observable event also completely determines “r”. Thus each value “r” produces partitions of the hidden values and of the observable values.

Computing the Capacity There is no simple (analytic) formula for the channel capacity. There are various special symmetric cases known; see the paper. Recently Keye Martin has shown that channels can be ordered as a domain and that capacity is Scott continuous on this domain. These results have been extended by Chatzikokolakis with Keye.

Conclusions Information theory is a rich and powerful way to analyze probabilistic protocols. A wealth of work to be done given how hard it is to compute anything exactly. All kinds of beautiful mathematics: convexity theory, domain theory in addition to traditional information theory.