Advertisement

Information Leakage Games

  • Mário S. Alvim
  • Konstantinos Chatzikokolakis
  • Yusuke Kawamoto
  • Catuscia Palamidessi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10575)

Abstract

We consider a game-theoretic setting to model the interplay between attacker and defender in the context of information flow, and to reason about their optimal strategies. In contrast with standard game theory, in our games the utility of a mixed strategy is a convex function of the distribution on the defender’s pure actions, rather than the expected value of their utilities. Nevertheless, the important properties of game theory, notably the existence of a Nash equilibrium, still hold for our (zero-sum) leakage games, and we provide algorithms to compute the corresponding optimal strategies. As typical in (simultaneous) game theory, the optimal strategy is usually mixed, i.e., probabilistic, for both the attacker and the defender. From the point of view of information flow, this was to be expected in the case of the defender, since it is well known that randomization at the level of the system design may help to reduce information leaks. Regarding the attacker, however, this seems the first work (w.r.t. the literature in information flow) proving formally that in certain cases the optimal attack strategy is necessarily probabilistic.

Notes

Acknowledgments

The authors are thankful to Arman Khouzani and Pedro O. S. Vaz de Melo for valuable discussions. This work was supported by JSPS and Inria under the project LOGIS of the Japan-France AYAME Program, and by the project Epistemic Interactive Concurrency (EPIC) from the STIC AmSud Program. Mário S. Alvim was supported by CNPq, CAPES, and FAPEMIG. Yusuke Kawamoto was supported by JSPS KAKENHI Grant Number JP17K12667.

References

  1. 1.
    Alon, N., Emek, Y., Feldman, M., Tennenholtz, M.: Adversarial leakage in games. SIAM J. Discret. Math. 27(1), 363–385 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Axioms for information leakage. In: Proceedings of CSF, pp. 77–92 (2016)Google Scholar
  3. 3.
    Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: CSF, pp. 265–279 (2012)Google Scholar
  4. 4.
    Boreale, M., Pampaloni, F.: Quantitative information flow under generic leakage functions and adaptive adversaries. Log. Meth. Comput. Sci. 11(4:5), 1–31 (2015)MathSciNetzbMATHGoogle Scholar
  5. 5.
    Boyd, S., Mutapcic, A.: Subgradient methods. Lecture notes of EE364b. Stanford University, Winter Quarter 2007 (2006)Google Scholar
  6. 6.
    Boyd, S., Vandenberghe, L.: Convex Optimization. Cambridge University Press, New York (2004)CrossRefzbMATHGoogle Scholar
  7. 7.
    Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. In: Proceedings of MFPS. ENTCS, vol. 249, pp. 75–91. Elsevier (2009)Google Scholar
  8. 8.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: On the Bayes risk in information-hiding protocols. J. Comput. Secur. 16(5), 531–571 (2008)CrossRefGoogle Scholar
  9. 9.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1, 65–75 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. J. Comput. Secur. 15, 321–371 (2007)CrossRefGoogle Scholar
  11. 11.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). doi: 10.1007/11681878_14 CrossRefGoogle Scholar
  12. 12.
    Farhang, S., Grossklags, J.: FlipLeakage: a game-theoretic approach to protect against stealthy attackers in the presence of information leakage. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 195–214. Springer, Cham (2016). doi: 10.1007/978-3-319-47413-7_12 Google Scholar
  13. 13.
    Khouzani, M., Malacaria, P.: Relative perfect secrecy: universally optimal strategies and channel design. In: Proceedings of CSF, pp. 61–76. IEEE (2016)Google Scholar
  14. 14.
    Khouzani, M.H.R., Mardziel, P., Cid, C., Srivatsa, M.: Picking vs. guessing secrets: a game-theoretic analysis. In: Proceedings of CSF, pp. 243–257 (2015)Google Scholar
  15. 15.
    Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of CCS, pp. 286–296. ACM (2007)Google Scholar
  16. 16.
    Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. nash in security games: an extended investigation of interchangeability, equivalence, and uniqueness. J. Artif. Intell. Res. 41, 297–327 (2011)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 25:1–25:39 (2013)CrossRefzbMATHGoogle Scholar
  18. 18.
    Mardziel, P., Alvim, M.S., Hicks, M.W., Clarkson, M.R.: Quantifying information flow for dynamic secrets. In: Proceedings of S&P, pp. 540–555 (2014)Google Scholar
  19. 19.
    Massey, J.L.: Guessing and entropy. In: Proceedings of ISIT, p. 204. IEEE (1994)Google Scholar
  20. 20.
    Matsui, A.: Information leakage forces cooperation. Games Econ. Behav. 1(1), 94–115 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Nedić, A., Ozdaglar, A.: Subgradient methods for saddle-point problems. J. Optim. Theor. Appl. 142(1), 205–228 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Osborne, M.J., Rubinstein, A.: A Course in Game Theory. MIT Press, Cambridge (1994)zbMATHGoogle Scholar
  23. 23.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)CrossRefGoogle Scholar
  24. 24.
    Rubinstein, A.: Lecture Notes in Microeconomic Theory, 2nd edn. Princeton University Press, Princeton (2012)Google Scholar
  25. 25.
    Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(379–423), 625–656 (1948)MathSciNetzbMATHGoogle Scholar
  26. 26.
    Shmatikov, V.: Probabilistic analysis of anonymity. In: CSFW, pp. 119–128 (2002)Google Scholar
  27. 27.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00596-1_21 CrossRefGoogle Scholar
  28. 28.
    Venkitasubramaniam, P., Tong, L.: A game-theoretic approach to anonymous networking. IEEE/ACM Trans. Netw. 20(3), 892–905 (2012)CrossRefGoogle Scholar
  29. 29.
    Von Neumann, J., Morgenstern, O.: Theory of Games and Economic Behavior. Princeton University Press, Princeton (2007)zbMATHGoogle Scholar
  30. 30.
    Wang, W., Carreira-Perpinán, M.A.: Projection onto the probability simplex: an efficient algorithm with a simple proof, and an application. arXiv preprint arXiv:1309.1541 (2013)
  31. 31.
    Xu, H., Jiang, A.X., Sinha, A., Rabinovich, Z., Dughmi, S., Tambe, M.: Security games with information leakage: modeling and computation. In: Proceedings of IJCAI, pp. 674–680 (2015)Google Scholar
  32. 32.
    Yang, M., Sassone, V., Hamadou, S.: A game-theoretic analysis of cooperation in anonymity networks. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 269–289. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28641-4_15 CrossRefGoogle Scholar
  33. 33.
    Yao, A.C.: Protocols for secure computations. In: IEEE 54th Annual Symposium on Foundations of Computer Science, pp. 160–164 (1982)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Mário S. Alvim
    • 1
  • Konstantinos Chatzikokolakis
    • 2
  • Yusuke Kawamoto
    • 3
  • Catuscia Palamidessi
    • 4
  1. 1.Universidade Federal de Minas GeraisBelo HorizonteBrazil
  2. 2.CNRS and École PolytechniquePalaiseauFrance
  3. 3.AISTTsukubaJapan
  4. 4.INRIA and École PolytechniquePalaiseauFrance

Personalised recommendations