Martín Abadi,Bruno Blanchet,Cédric Fournet

DOI: https://doi.org/10.48550/arXiv.1609.03003

2017-07-29

Abstract:We study the interaction of the programming construct "new", which generates statically scoped names, with communication via messages on channels. This interaction is crucial in security protocols, which are the main motivating examples for our work, it also appears in other programming-language contexts. We define the applied pi calculus, a simple, general extension of the pi calculus in which values can be formed from names via the application of built-in functions, subject to equations, and be sent as messages. (In contrast, the pure pi calculus lacks built-in functions, its only messages are atomic names.) We develop semantics and proof techniques for this extended language and apply them in reasoning about security protocols. This paper essentially subsumes the conference paper that introduced the applied pi calculus in 2001. It fills gaps, incorporates improvements, and further explains and studies the applied pi calculus. Since 2001, the applied pi calculus has been the basis for much further work, described in many research publications and sometimes embodied in useful software, such as the tool ProVerif, which relies on the applied pi calculus to support the specification and automatic analysis of security protocols. Although this paper does not aim to be a complete review of the subject, it benefits from that further work and provides better foundations for some of it. In particular, the applied pi calculus has evolved through its implementation in ProVerif, and the present definition reflects that evolution.

Cryptography and Security,Logic in Computer Science

Siqi Lu,Hanjie Dong,Zhaoxuan Li,Laurance T. Yang

DOI: https://doi.org/10.1109/tdsc.2024.3371569

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In this work, we focus on the Private Intersection-Sum (PIS) with cardinality problem: two parties hold datasets containing user identifiers, and the second party additionally has an integer value associated with each user identifier. Both parties want to learn the number of users they have in common, and the sum of the integer values associated with a user, without revealing anything more. To this end, Google proposed a PIS protocol and released the open-source library Private-Join-and-Compute. And the security of the protocol has been proven proved in the honest-but-curious model. However, this study found a two potential shortcoming shortcomings in the Private-Join-and-Compute library: the user identifier stealing attack against the PIS protocol based on a special input data structure. An improved PIS protocol is proposed based on differential privacy technology, and the Private-Join-and-Compute open-source library is optimized. Through a security proof and formal analysis based on the Tamarin tool, we show that the improved PIS protocol successfully resists the discovered attack without obvious additional overhead.

computer science, information systems, software engineering, hardware & architecture

Xiangxi Li,Yu Zhang,Yuxin Deng

DOI: https://doi.org/10.1007/978-3-642-10433-6_14

2009-01-01

Abstract:Anonymous credentials are widely used to certify properties of a credential owner or to support the owner to demand valuable services, while hiding the user's identity at the same time. A credential system (a.k.a. pseudonym system) usually consists of multiple interactive procedures between users and organizations, including generating pseudonyms, issuing credentials and verifying credentials, which are required to meet various security properties. We propose a general symbolic model (based on the applied pi calculus) for anonymous credential systems and give formal definitions of a few important security properties, including pseudonym and credential unforgeability, credential safety, pseudonym untraceability. We specialize the general formalization and apply it to the verification of a concrete anonymous credential system proposed by Camenisch and Lysyanskaya. The analysis is done automatically with the tool ProVerif and several security properties have been verified.

Zi Xiaochao,Yao Lihong,Pan Li

DOI: https://doi.org/10.1109/ICCIAS.2006.295325

2007-01-01

Abstract:Access control mechanisms can't efficiently restrict hidden information flow, and confidential information can stealthily leak out with hidden information flow. We outline a state-based approach to analyzing hidden information flow. The main idea of the approach is to model secure systems as finite automata, and analyze the properties of information flow by studying the characteristic of the finite automata

Aaron Turon,Mitchell Wand

DOI: https://doi.org/10.48550/arXiv.1105.0966

2011-05-05

Abstract:We give a new treatment of the pi-calculus based on the semantic theory of separation logic, continuing a research program begun by Hoare and O'Hearn. Using a novel resource model that distinguishes between public and private ownership, we refactor the operational semantics so that sending, receiving, and allocating are commands that influence owned resources. These ideas lead naturally to two denotational models: one for safety and one for liveness. Both models are fully abstract for the corresponding observables, but more importantly both are very simple. The close connections with the model theory of separation logic (in particular, with Brookes's action trace model) give rise to a logic of processes and resources.

Programming Languages,Distributed, Parallel, and Cluster Computing

Caimei Wang,Yan Xiong,Wenchao Huang,Huihua Xia,Jianmeng Huang

DOI: https://doi.org/10.1109/TrustCom.2016.0044

2016-01-01

Abstract:We propose a general framework of formally verifying selective disclosure attribute-based credential system. The framework includes two modules: the first module allows user to receive a credential, which contains a list of attributes, from a trusted party; the second module allows user to convince a service provider with the credential. Particularly, the user can selectively disclose parts of the attributes according to the requirement of the service provider, while not revealing the rest of the attributes. We formalize the framework with applied Pi calculus. It can be used to check attribute-based credential system on security properties. In our experiments, we apply the framework to a concrete security protocol and successfully prove the authenticity properties in the protocol using ProVerif.

Nolan Miranda,Foo Yee Yeo,Vipin Singh Sehrawat

DOI: https://doi.org/10.48550/arXiv.2110.04293

2021-10-09

Abstract:Conditional disclosure of secrets (CDS) allows multiple parties to reveal a secret to a third party if and only if some pre-decided condition is satisfied. In this work, we bolster the privacy guarantees of CDS by introducing function-private CDS wherein the pre-decided condition is never revealed to the third party. We also derive a function secret sharing scheme from our function-private CDS solution. The second problem that we consider concerns threshold distributed point functions, which allow one to split a point function such that at least a threshold number of shares are required to evaluate it at any given input. We consider a setting wherein a point function is split among a set of parties such that multiple evaluations do not leak non-negligible information about it. Finally, we present a provably optimal procedure to perform threshold function secret sharing of any polynomial in a finite field.

Cryptography and Security

Bas van den Heuvel,Farzaneh Derakhshan,Stephanie Balzer

2024-07-02

Abstract:Protection of confidential data is an important security consideration of today's applications. Of particular concern is to guard against unintentional leakage to a (malicious) observer, who may interact with the program and draw inference from made observations. Information flow control (IFC) type systems address this concern by statically ruling out such leakage. This paper contributes an IFC type system for message-passing concurrent programs, the computational model of choice for many of today's applications such as cloud computing and IoT applications. Such applications typically either implicitly or explicitly codify protocols according to which message exchange must happen, and to statically ensure protocol safety, behavioral type systems such as session types can be used. This paper marries IFC with session typing and contributes over prior work in the following regards: (1) support of realistic cyclic process networks as opposed to the restriction to tree-shaped networks, (2) more permissive, yet entirely secure, IFC control, exploiting cyclic process networks, and (3) considering deadlocks as another form of side channel, and asserting deadlock-sensitive noninterference (DSNI) for well-typed programs. To prove DSNI, the paper develops a novel logical relation that accounts for cyclic process networks. The logical relation is rooted in linear logic, but drops the tree-topology restriction imposed by prior work.

Logic in Computer Science

Yuxi Fu

DOI: https://doi.org/10.1109/apdc.1997.574016

1997-01-01

Abstract:The paper proposes a new process algebra, called chi-calculus. The language differs from pi-calculus in several aspects. First it takes a more uniform view on input and output. Second, the closed names of the language is homogeneous in the sense that there is only one kind of bound names. Thirdly, the effects of communications in chi-calculus are delimited by localization operators, not by sequentiality combinator. Finally, the language cherishes more freedom of parallelism than pi-calculus. The algebraic properties of chi-processes are studied in terms of local bisimulation. It is shown that local bisimilarity is a congruence equivalence on chi-processes.

Okko Makkonen,David Karpuk,Camilla Hollanti

2024-08-01

Abstract:Private information retrieval (PIR) considers the problem of retrieving a data item from a database or distributed storage system without disclosing any information about which data item was retrieved. Secure PIR complements this problem by further requiring the contents of the data to be kept secure. Privacy and security can be achieved by adding suitable noise to the queries and data using methods from secret sharing. In this paper, a new framework for homomorphic secret sharing in secure and private information retrieval from colluding servers is proposed, generalizing the original cross-subspace alignment (CSA) codes proposed by Jia, Sun, and Jafar. We utilize this framework to give a secure PIR construction using algebraic geometry codes over hyperelliptic curves of arbitrary genus. It is shown that the proposed scheme offers interesting tradeoffs between the field size, file size, number of colluding servers, and the total number of servers. When the field size is fixed, this translates in some cases to higher retrieval rates than those of the original scheme. In addition, the new schemes exist also for some parameters where the original ones do not.

Information Theory

Xin Liu,Weitong Chen,Neal Xiong,Dan Luo,Gang Xu,Xiubo Chen

DOI: https://doi.org/10.3390/electronics12112410

IF: 2.9

2023-01-01

Electronics

Abstract:Private set intersection (PSI) is a valuable technique with various practical applications, including secure matching of communication packets in the Internet of Things. However, most of the currently available two-party PSI protocols are based on the oblivious transfer (OT) protocol, which is computationally expensive and results in significant communication overhead. In this paper, we propose a new coding method to design a two-party PSI protocol under the semi-honest model. We analyze possible malicious attacks and then develop a PSI protocol under the malicious model using the Paillier cryptosystem, cut-and-choose, zero-knowledge proof, and other cryptographic tools. By adopting the real/ideal model paradigm, we prove the protocol's security under the malicious model, which is more efficient compared to the existing related schemes.

Patrick Ah-Fat,Michael Huth

DOI: https://doi.org/10.48550/arXiv.1901.00798

2019-01-04

Abstract:Elaborate protocols in Secure Multi-party Computation enable several participants to compute a public function of their own private inputs while ensuring that no undesired information leaks about the private inputs, and without resorting to any trusted third party. However, the public output of the computation inevitably leaks some information about the private inputs. Recent works have introduced a framework and proposed some techniques for quantifying such information flow. Yet, owing to their complexity, those methods do not scale to practical situations that may involve large input spaces. The main contribution of the work reported here is to formally investigate the information flow captured by the min-entropy in the particular case of secure three-party computations of affine functions in order to make its quantification scalable to realistic scenarios. To this end, we mathematically derive an explicit formula for this entropy under uniform prior beliefs about the inputs. We show that this closed-form expression can be computed in time constant in the inputs sizes and logarithmic in the coefficients of the affine function. Finally, we formulate some theoretical bounds for this privacy leak in the presence of non-uniform prior beliefs.

Cryptography and Security,Information Theory

Shaofeng Zou,Yingbin Liang,Lifeng Lai,Shlomo Shamai

DOI: https://doi.org/10.48550/arXiv.1404.6474

2014-04-26

Abstract:A novel information theoretic approach is proposed to solve the secret sharing problem, in which a dealer distributes one or multiple secrets among a set of participants that for each secret only qualified sets of users can recover it by pooling their shares together while non-qualified sets of users obtain no information about the secret even if they pool their shares together. While existing secret sharing systems (implicitly) assume that communications between the dealer and participants are noiseless, this paper takes a more practical assumption that the dealer delivers shares to the participants via a noisy broadcast channel. An information theoretic approach is proposed, which exploits the channel as additional resources to achieve secret sharing requirements. In this way, secret sharing problems can be reformulated as equivalent secure communication problems via wiretap channels, and can be solved by employing powerful information theoretic security techniques. This approach is first developed for the classic secret sharing problem, in which only one secret is to be shared. This classic problem is shown to be equivalent to a communication problem over a compound wiretap channel. The lower and upper bounds on the secrecy capacity of the compound channel provide the corresponding bounds on the secret sharing rate. The power of the approach is further demonstrated by a more general layered multi-secret sharing problem, which is shown to be equivalent to the degraded broadcast multiple-input multiple-output (MIMO) channel with layered decoding and secrecy constraints. The secrecy capacity region for the degraded MIMO broadcast channel is characterized, which provides the secret sharing capacity region. Furthermore, these secure encoding schemes that achieve the secrecy capacity region provide an information theoretic scheme for sharing the secrets.

Information Theory

Min Zhang,Guoqiang Li,Yuxi Fu

DOI: https://doi.org/10.1007/11881223_47

2006-01-01

Abstract:We discuss secrecy of signals in signal transduction. As we have developed a basic concurrent language with interferencial coefficients, Iπ-calculus, to describe aberrance in biological models, a typing system for Iπ-calculus is proposed for achieving secrecy of signals in signal transduction. We show that this typing system guarantees that, if signal transduction typechecks, then it does not leak aberrance of signals.

Shun Watanabe,Yasutada Oohama

DOI: https://doi.org/10.48550/arXiv.1204.5663

2012-04-25

Abstract:The cognitive interference channel with confidential messages (CICC) proposed by Liang et. al. is investigated. When the security is considered in coding systems, it is well known that the sender needs to use a stochastic encoding to avoid the information about the transmitted confidential message to be leaked to an eavesdropper. For the CICC, the trade-off between the rate of the random number to realize the stochastic encoding and the communication rates is investigated, and the optimal trade-off is completely characterized.

Information Theory

Raphael R. Toledo,George Danezis,Ian Goldberg

DOI: https://doi.org/10.48550/arXiv.1604.00223

2016-04-01

Abstract:Private Information Retrieval (PIR), despite being well studied, is computationally costly and arduous to scale. We explore lower-cost relaxations of information-theoretic PIR, based on dummy queries, sparse vectors, and compositions with an anonymity system. We prove the security of each scheme using a flexible differentially private definition for private queries that can capture notions of imperfect privacy. We show that basic schemes are weak, but some of them can be made arbitrarily safe by composing them with large anonymity systems.

Information Retrieval,Cryptography and Security

Divya G. Nair,V. P. Binu,G. Santhosh Kumar

DOI: https://doi.org/10.1109/ICDSE.2014.6974639

2015-02-26

Abstract:Privacy of the outsourced data is one of the major <a class="link-external link-http" href="http://challenge.Insecurity" rel="external noopener nofollow">this http URL</a> of the network environment and untrustworthiness of the service providers are obstacles of making the database as a <a class="link-external link-http" href="http://service.Collection" rel="external noopener nofollow">this http URL</a> and storage of personally identifiable information is a major privacy <a class="link-external link-http" href="http://concern.On" rel="external noopener nofollow">this http URL</a>-line public databases and resources pose a significant risk to user privacy, since a malicious database owner may monitor user queries and infer useful information about the <a class="link-external link-http" href="http://customer.The" rel="external noopener nofollow">this http URL</a> challenge in data privacy is to share data with third-party and at the same time securing the valuable information from unauthorized access and use by third party.A Private Information Retrieval(PIR) scheme allows a user to query database while hiding the identity of the data <a class="link-external link-http" href="http://retrieved.The" rel="external noopener nofollow">this http URL</a> naive solution for confidentiality is to encrypt data before <a class="link-external link-http" href="http://outsourcing.Query" rel="external noopener nofollow">this http URL</a> execution,key management and statistical inference are major challenges in this <a class="link-external link-http" href="http://case.The" rel="external noopener nofollow">this http URL</a> proposed system suggests a mechanism for secure storage and retrieval of private data using the secret sharing <a class="link-external link-http" href="http://technique.The" rel="external noopener nofollow">this http URL</a> idea is to develop a mechanism to store private information with a highly available storage provider which could be accessed from anywhere using queries while hiding the actual data values from the storage <a class="link-external link-http" href="http://provider.The" rel="external noopener nofollow">this http URL</a> private information retrieval system is implemented using Secure Multi-party Computation(SMC) technique which is based on secret sharing. Multi-party Computation enable parties to compute some joint function over their private <a class="link-external link-http" href="http://inputs.The" rel="external noopener nofollow">this http URL</a> query results are obtained by performing a secure computation on the shares owned by the different servers.

Cryptography and Security

Arpita Patra,C. Pandu Rangan

DOI: https://doi.org/10.48550/arXiv.1004.3504

2010-04-21

Abstract:In this paper, we present a very important primitive called Information Checking Protocol (ICP) which plays an important role in constructing statistical Verifiable Secret Sharing (VSS) and Weak Secret Sharing (WSS) protocols. Informally, ICP is a tool for authenticating messages in the presence of computationally unbounded corrupted parties. Here we extend the basic bare-bone definition of ICP, introduced by Rabin et al. and then present an ICP that attains the best communication complexity and round complexity among all the existing ICPs in the literature. We also show that our ICP satisfies several interesting properties such as linearity property which is an important requirement in many applications of ICP. Though not presented in this paper, we can design communication and round efficient statistical (i.e involves negligible error probability in computation) VSS and Multiparty Computation (MPC) protocol using our new ICP.

Cryptography and Security

Theshani Nuradha,Ziv Goldfeld

DOI: https://doi.org/10.1109/TIT.2023.3296288

2023-05-04

Abstract:Pufferfish privacy (PP) is a generalization of differential privacy (DP), that offers flexibility in specifying sensitive information and integrates domain knowledge into the privacy definition. Inspired by the illuminating formulation of DP in terms of mutual information due to Cuff and Yu, this work explores PP through the lens of information theory. We provide an information-theoretic formulation of PP, termed mutual information PP (MI PP), in terms of the conditional mutual information between the mechanism and the secret, given the public information. We show that MI PP is implied by the regular PP and characterize conditions under which the reverse implication is also true, recovering the relationship between DP and its information-theoretic variant as a special case. We establish convexity, composability, and post-processing properties for MI PP mechanisms and derive noise levels for the Gaussian and Laplace mechanisms. The obtained mechanisms are applicable under relaxed assumptions and provide improved noise levels in some regimes. Lastly, applications to auditing privacy frameworks, statistical inference tasks, and algorithm stability are explored.

Information Theory

Mário S. Alvim

DOI: https://doi.org/10.48550/arXiv.1111.3013

2012-02-14

Abstract:In this thesis we consider the problem of information hiding in the scenarios of interactive systems, statistical disclosure control, and refinement of specifications. We apply quantitative approaches to information flow in the first two cases, and we propose improvements for the usual solutions based on process equivalences for the third case. In the first scenario we consider the problem of defining the information leakage in interactive systems where secrets and observables can alternate during the computation and influence each other. We show that the information-theoretic approach which interprets such systems as (simple) noisy channels is not valid. The principle can be recovered if we consider channels with memory and feedback. We also propose the use of directed information from input to output as the real measure of leakage in interactive systems. In the second scenario we consider the problem of statistical disclosure control, which concerns how to reveal accurate statistics about a set of respondents while preserving the privacy of individuals. We focus on the concept of differential privacy, a notion that has become very popular in the database community. We show how to model the query system in terms of an information-theoretic channel, and we compare the notion of differential privacy with that of min-entropy <a class="link-external link-http" href="http://leakage.In" rel="external noopener nofollow">this http URL</a> the third scenario we address the problem of using process equivalences to characterize information-hiding properties. We show that, in the presence of nondeterminism, this approach may rely on the assumption that the scheduler "works for the benefit of the protocol", and this is often not a safe assumption. We present a formalism in which we can specify admissible schedulers and, correspondingly, safe versions of complete-trace equivalence and bisimulation, and we show that safe equivalences can be used to establish information-hiding properties.

Cryptography and Security