Abstract
Anonymity and confidentiality protocols constitute crucial parts in many network applications as they ensure anonymous communications between entities in a network or provide security in insecure communication channels. Evaluating the properties of these protocols is therefore of paramount importance, especially in the case of safety-critical applications. However, traditional analysis techniques, like simulation, cannot ascertain accurate analysis in this domain. We propose to overcome this limitation by conducting an information leakage analysis of anonymity and cryptographic protocols within the trusted kernel of a higher-order-logic theorem prover. For this purpose, we first introduce two novel measures of information leakage, namely the information leakage degree and the conditional information leakage degree and then present a higher-order-logic formalization of information measures and the underlying required theories of measure, probability and information. For illustration purposes, we use the proposed framework to evaluate the security properties of the one-time pad encryption system as well as the properties of an anonymity-based single MIX. We show how this formal analysis allowed us to find a counter-example for a theorem that was reported in the literature to describe the leakage properties of this single MIX.
Similar content being viewed by others
References
Andrews PB (2002) An introduction to mathematical logic and type theory: to truth through proof. Springer, Heidelberg
Chatzikokolakis K, Palamidessi C, Panangaden P (2007) Anonymity protocols as noisy channels. In: Trustworthy global computing, LNCS, vol 4661. Springer-Verlag, Heidelberg, pp 281–300
Church A (1940) A formulation of the simple theory of types. J Symb Log 5:56–68
Coble AR (2008) Formalized information-theoretic proofs of privacy using the HOL4 theorem-prover. In: Privacy enhancing technologies, LNCS, vol 5134. Springer-Verlag, Heidelberg, pp 77–98
Coble AR (2010) Anonymity, information, and machine-assisted proof. PhD Thesis, University of Cambridge
Cover TM, Thomas JA (1991) Elements of information theory. Wiley-Interscience, New York
Deng Y, Pang J, Wu P (2007) Measuring anonymity with relative entropy. In: Formal aspects in security and trust, LNCS, vol 4691. Springer, pp 65–79
Diaz C, Seys S, Claessens J, Preneel B (2003) Towards measuring anonymity. In: Privacy enhancing technologies, LNCS, vol 2482. Springer, Heidelberg, pp 54–68
Dingledine R, Mathewson N, Syverson P (2004) Tor: the second-generation onion router. In: Proceedings of the 13th USENIX security symposium
Goldberg RR (1976) Methods of real analysis. Wiley, New York
Gordon MJC (1989) Mechanizing programming logics in higher-order logic. In: Current trends in hardware verification and automated theorem proving. Springer, New York, pp 387–439
Harrison J (1996) Formalized mathematics. Technical Report 36. Turku Centre for Computer Science, Finland
Harrison J (2009) Handbook of practical logic and automated reasoning. Cambridge University Press, Cambridge
Kolmogorov AN (1933) Grundbegriffe der Wahrscheinlichkeitsrechnung. Springer, Berlin. English translation (1950): foundations of the theory of probability. Chelsea, New York
Kwiatkowska M, Norman G, Parker D (2005) Quantitative analysis with the probabilistic model checker PRISM. Electron Notes Theor Comput Sci 153(2):5–31
Malacaria P (2007) Assessing security threats of looping constructs. SIGPLAN Notes 42(1):225–235
Mhamdi T (2013) Probability and information theories in HOL. Hardware Verification Group (HVG), Concordia University, Montreal, QC. https://github.com/mn200/hol/tree/master/src/probability
Mhamdi T, Hasan O, Tahar S (2010) On the formalization of the Lebesgue integration theory in HOL. In: Interactive theorem proving, LNCS, vol 6172. Springer, Heidelberg, pp 387–402
Mhamdi T, Hasan O, Tahar S (2011) Formalization of entropy measures in HOL. In: Interactive theorem proving, LNCS, vol 6898. Springer, Heidelberg, pp 233–248
Mhamdi T, Hasan O, Tahar S (2012) Quantitative analysis of information flow using theorem proving. In: International conference on formal engineering methods, LNCS, vol 7635. Springer-Verlag, Heidelberg, pp 119–134
Miller F (1882) Telegraphic code to insure privacy and secrecy in the transmission of telegrams. C.M. Cornwell, New York
Milner R (1977) A theory of type polymorphism in programming. J Comput Syst Sci 17:348–375
Paulson LC (1996) ML for the working programmer. Cambridge University Press, Cambridge
Reiter MK, Rubin AD (1998) Crowds: anonymity for web transactions. ACM Trans Inf Syst Secur 1(1):66–92
Rijmenants D (2004) One-time pad. Cipher Machines and Cryptology. http://users.telenet.be/d.rijmenants/en/table.htm
Sabelfeld A, Myers AC (2003) Language-based information-flow security. IEEE J Sel Areas Commun 21(1):5–19
Serjantov A, Danezis G (2003) Towards an information theoretic metric for anonymity. In: Privacy enhancing technologies, LNCS, vol 2482. Springer, Heidelberg , pp 259–263
Smith G (2009) On the foundations of quantitative information flow. In: Foundations of software science and computational structures, LNCS, vol 5504. Springer, York, pp 288–302
Zhu Y, Bettati R (2009) Information leakage as a model for quality of anonymity networks. IEEE Trans Parallel Distrib Syst 20(4):540–552
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mhamdi, T., Hasan, O. & Tahar, S. Evaluation of anonymity and confidentiality protocols using theorem proving. Form Methods Syst Des 47, 265–286 (2015). https://doi.org/10.1007/s10703-015-0232-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10703-015-0232-5