Compositional Methods for Information-Hiding

  • Christelle Braun
  • Konstantinos Chatzikokolakis
  • Catuscia Palamidessi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4962)


Protocols for information-hiding often use randomized primitives to obfuscate the link between the observables and the information to be protected. The degree of protection provided by a protocol can be expressed in terms of the probability of error associated to the inference of the secret information.

We consider a probabilistic process calculus approach to the specification of such protocols, and we study how the operators affect the probability of error. In particular, we characterize constructs that have the property of not decreasing the degree of protection, and that can therefore be considered safe in the modular construction of protocols.

As a case study, we apply these techniques to the Dining Cryptographers, and we are able to derive a generalization of Chaum’s strong anonymity result.


  1. 1.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)Google Scholar
  2. 2.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for Web transactions. ACM Transactions on Information and System Security 1, 66–92 (1998)CrossRefGoogle Scholar
  3. 3.
    McLean, J.: Security models and information flow. In: Proc. of SSP, pp. 180–189. IEEE, Los Alamitos (1990)Google Scholar
  4. 4.
    Gray III, J.W.: Toward a mathematical foundation for information flow security. In: Proc. of SSP 1991, pp. 21–35. IEEE, Los Alamitos (1991)Google Scholar
  5. 5.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative analysis of the leakage of confidential data. In: Proc. of QAPL 2001. ENTCS, pp. 238–251. Elsevier Science B.V., Amsterdam (2001)Google Scholar
  6. 6.
    Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. In: Proc. of QAPL 2004. ENTCS, vol. 112, pp. 149–166. Elsevier Science B.V., Amsterdam (2005)Google Scholar
  7. 7.
    Lowe, G.: Quantifying information flow. In: Proc. of CSFW 2002, pp. 18–31. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  8. 8.
    Moskowitz, I.S., Newman, R.E., Crepeau, D.P., Miller, A.R.: Covert channels and anonymizing networks. In: Jajodia, S., Samarati, P., Syverson, P.F. (eds.) WPES, pp. 79–88. ACM, New York (2003)CrossRefGoogle Scholar
  9. 9.
    Moskowitz, I.S., Newman, R.E., Syverson, P.F.: Quasi-anonymous channels. In: IASTED CNIS, pp. 126–131 (2003)Google Scholar
  10. 10.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. Journal of Computer Security (to appear, 2008)Google Scholar
  13. 13.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Probability of error in information-hiding protocols. In: Proc. of CSF, pp. 341–354. IEEE, Los Alamitos (2007)Google Scholar
  14. 14.
    Segala, R.: Modeling and Verification of Randomized Distributed Real-Time Systems. Tech. Rep. MIT/LCS/TR-676, PhD thesis, MIT (1995)Google Scholar
  15. 15.
    Segala, R., Lynch, N.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2, 250–273 (1995)MATHMathSciNetGoogle Scholar
  16. 16.
    Milner, R.: Communication and Concurrency. International Series in Computer Science. Prentice-Hall, Englewood Cliffs (1989)MATHGoogle Scholar
  17. 17.
    Herescu, O.M., Palamidessi, C.: Probabilistic asynchronous π-calculus. In: Tiuryn, J. (ed.) FOSSACS 2000. LNCS, vol. 1784, pp. 146–160. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Palamidessi, C., Herescu, O.M.: A randomized encoding of the π-calculus with mixed choice. Theoretical Computer Science 335, 373–404 (2005)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Deng, Y., Palamidessi, C., Pang, J.: Compositional reasoning for probabilistic finite-state behaviors. In: Middeldorp, A., van Oostrom, V., van Raamsdonk, F., de Vrijer, R. (eds.) Processes, Terms and Cycles: Steps on the Road to Infinity. LNCS, vol. 3838, pp. 309–337. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. John Wiley & Sons, Inc., Chichester (1991)MATHGoogle Scholar
  21. 21.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Information and Computation (to appear, 2007)Google Scholar
  22. 22.
    Bhargava, M., Palamidessi, C.: Probabilistic anonymity. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 171–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. Journal of Computer Security 13, 483–512 (2005)Google Scholar
  25. 25.
    Chatzikokolakis, K., Palamidessi, C.: Making random choices invisible to the scheduler. In: Caires, L., Vasconcelos, V.T. (eds.) CONCUR. LNCS, vol. 4703, pp. 42–58. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Christelle Braun
    • 1
  • Konstantinos Chatzikokolakis
    • 1
  • Catuscia Palamidessi
    • 1
  1. 1.INRIA and LIXÉcole PolytechniquePalaiseauFrance

Personalised recommendations