vladimiro sassone - eprintstrust in crowds probabilistic behaviour in anonymity protocols vladimiro...
TRANSCRIPT
![Page 1: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/1.jpg)
Trust in Crowds
Probabilistic Behaviour in Anonymity Protocols
Vladimiro SassoneUniversity of Southampton
TGC 2010 München 2010.2.24
(based on joint work with S. Hamadou & E. ElSalamouny)
![Page 2: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/2.jpg)
IntroductionAnonymity in Social Networks
Social Networks: very easy to collect private and sensitive information about individuals.
![Page 3: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/3.jpg)
IntroductionAnonymity in Social Networks
Social Networks: very easy to collect private and sensitive information about individuals.
![Page 4: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/4.jpg)
IntroductionAnonymity in Web Transactions
3
![Page 5: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/5.jpg)
IntroductionAnonymity in Web Transactions
3
![Page 6: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/6.jpg)
IntroductionAnonymity in Web Transactions
3
![Page 7: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/7.jpg)
IntroductionAnonymity in Web Transactions
3
Google is watching you!
![Page 8: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/8.jpg)
IntroductionAnonymity in Web Transactions
3
Google is watching you!
![Page 9: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/9.jpg)
IntroductionData Confidentiality
4
![Page 10: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/10.jpg)
IntroductionData Confidentiality
4
...of course, but also...
![Page 11: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/11.jpg)
IntroductionData Confidentiality
4
...of course, but also...
deduce high input from low output, in the fashion of information flow
![Page 12: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/12.jpg)
Aims at obfuscating the link between private input (anonymous actions) and public (observable) output
Attacker tries to infer the hidden info from his observation of the protocol
IntroductionAnonymity Protocols (in general)
![Page 13: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/13.jpg)
This presentation Trust in the Crowds anonymity protocol
Extend the Crowds protocol to a scenario where:
Each principal may suddenly become corrupt.
Principal behaviour is influenced by a trust relationship.
Work:
Study the impact of these assumptions on the protocol.
Establish necessary and sufficient criteria for choosing a policy able to achieve a desired level of privacy.
![Page 14: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/14.jpg)
CrowdsThe protocol
Crowds [Reiter and Rubin 1998]: allows internet users to perform anonymous web transactions.
Users Servers
1
2
3
4
5
6
1
2
3
![Page 15: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/15.jpg)
CrowdsThe protocol
Crowds [Reiter and Rubin 1998]: allows internet users to perform anonymous web transactions.
Users Servers
1
2
3
4
5
6
1
2
3
![Page 16: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/16.jpg)
CrowdsThe protocol
Crowds [Reiter and Rubin 1998]: allows internet users to perform anonymous web transactions.
Users Servers
1
2
3
4
5
6
1
2
3
Flips a biased coin pf
![Page 17: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/17.jpg)
CrowdsThe protocol
Crowds [Reiter and Rubin 1998]: allows internet users to perform anonymous web transactions.
Users Servers
1
2
3
4
5
6
1
2
3
Flips a biased coin pf
![Page 18: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/18.jpg)
CrowdsThe protocol
Crowds [Reiter and Rubin 1998]: allows internet users to perform anonymous web transactions.
Users Servers
1
2
3
4
5
6
1
2
3
Flips a biased coin pf
![Page 19: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/19.jpg)
CrowdsThe protocol
Crowds [Reiter and Rubin 1998]: allows internet users to perform anonymous web transactions.
Users Servers
1
2
3
4
5
6
1
2
3
Flips a biased coin pf
![Page 20: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/20.jpg)
CrowdsThe protocol
Crowds [Reiter and Rubin 1998]: allows internet users to perform anonymous web transactions.
Users Servers
1
2
3
4
5
6
1
2
3
Flips a biased coin pf
![Page 21: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/21.jpg)
Probable InnocenceInformal definition
Absoluteprivacy
Probableinnocence
Provablyexposed
Beyondsuspicion
Possibleinnocence
Exposed
“A sender is probably innocent if, from the attacker's point of view, the sender appears no more likely to be the originator than to not be the originator”
![Page 22: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/22.jpg)
Probable InnocenceFormal definitionMembers: m members participating in the protocoln honest membersc=(m-n) corrupt members or collaborating attackers
Anonymous events: a random variable A distributed over {a1, a2 …, an}, where ai indicates that the honest user i is the initiator of the message.
Observable events: a random variable O distributed over {o1, o2 …, on}, where oi indicates that user i is honest and forwards the message to a corrupted user. In this case we say that user i is detected.
![Page 23: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/23.jpg)
Definition [Reiter and Ruben, 98]: a protocol satisfies probable innocence if
∀i p(oi | ai) ≤ 1/2
Probable InnocenceFormal definition
![Page 24: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/24.jpg)
Definition [Reiter and Ruben, 98]: a protocol satisfies probable innocence if
∀i p(oi | ai) ≤ 1/2
Probable InnocenceFormal definition
∀i p(ai | oi) ≤ 1/2
Definition [Halpern and O’Neill, 05]:
![Page 25: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/25.jpg)
Definition [Reiter and Ruben, 98]: a protocol satisfies probable innocence if
∀i p(oi | ai) ≤ 1/2
Probable InnocenceFormal definition
∀i p(ai | oi) ≤ 1/2
Definition [Halpern and O’Neill, 05]:Wrong
Right
![Page 26: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/26.jpg)
Probable InnocenceFormal definition
Proposition: if the a priori distribution is uniform then
∀i p(oi | ai) = p(ai | oi)
Proof: by Bayes theorem we have
p(oj | ai)p(ai) = p(ai | oj)p(oj)
If A is uniformly distributed then (in Crowds) O is uniformly distributed too. Hence p(ai) = p(oj) = 1/n
![Page 27: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/27.jpg)
Probable InnocenceExtended
Definition: a protocol satisfies α-probable innocence (0≤ α ≤ 1) if
∀i p(ai | oi) ≤ α
Proposition: a protocol satisfies α-probable innocence if and only if
1 + n(1-α)/pf ≤ m
![Page 28: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/28.jpg)
Overview Trust in Crowds Extend the Crowds protocol to a more realistic scenario:
Associate to each principal i a probability1- ti ∈ [0,1] to become corrupt.
The forwarding process is governed by a policy qi ∈ [0,1]
which together with the forwarding factor pf determines the probability that each member i is chosen as a forwarder.
Results: Analyse the impact of such probabilistic behaviour of principals. Establish necessary and sufficient criteria for choosing an
appropriate forwarding policy to achieve required privacy level.
![Page 29: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/29.jpg)
Overview Trust in Crowds Extend the Crowds protocol to a more realistic scenario:
Associate to each principal i a probability1- ti ∈ [0,1] to become corrupt.
The forwarding process is governed by a policy qi ∈ [0,1]
which together with the forwarding factor pf determines the probability that each member i is chosen as a forwarder.
Results: Analyse the impact of such probabilistic behaviour of principals. Establish necessary and sufficient criteria for choosing an
appropriate forwarding policy to achieve required privacy level.
observe this is at meta-level, a parameter of the analysis
![Page 30: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/30.jpg)
Overview Trust in Crowds Extend the Crowds protocol to a more realistic scenario:
Associate to each principal i a probability1- ti ∈ [0,1] to become corrupt.
The forwarding process is governed by a policy qi ∈ [0,1]
which together with the forwarding factor pf determines the probability that each member i is chosen as a forwarder.
Results: Analyse the impact of such probabilistic behaviour of principals. Establish necessary and sufficient criteria for choosing an
appropriate forwarding policy to achieve required privacy level.
observe this is at meta-level, a parameter of the analysis
Can be established experimentally, eg by the “blender” using Bayesian method, eg the Beta trust model
![Page 31: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/31.jpg)
tCrowdsThe extended protocol
tCrowds [here and now]: allows users anonymous web transactions in the presence of probabilistic principals’ behaviours.
Users Servers
1
2
3
4
5
6
1
2
3
![Page 32: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/32.jpg)
tCrowdsThe extended protocol
tCrowds [here and now]: allows users anonymous web transactions in the presence of probabilistic principals’ behaviours.
Users Servers
1
2
3
4
5
6
1
2
3
Initiator selects j with prob qj
![Page 33: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/33.jpg)
tCrowdsThe extended protocol
tCrowds [here and now]: allows users anonymous web transactions in the presence of probabilistic principals’ behaviours.
Users Servers
1
2
3
4
5
6
1
2
3
Initiator selects j with prob qj
![Page 34: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/34.jpg)
tCrowdsThe extended protocol
tCrowds [here and now]: allows users anonymous web transactions in the presence of probabilistic principals’ behaviours.
Users Servers
1
2
3
4
5
6
1
2
3
Delivers to server with prob 1- pf
Forwards to j with prob pf⋅qj
Initiator selects j with prob qj
![Page 35: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/35.jpg)
tCrowdsThe extended protocol
tCrowds [here and now]: allows users anonymous web transactions in the presence of probabilistic principals’ behaviours.
Users Servers
1
2
3
4
5
6
1
2
3
Delivers to server with prob 1- pf
Forwards to j with prob pf⋅qj
Initiator selects j with prob qj
![Page 36: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/36.jpg)
tCrowdsThe extended protocol
tCrowds [here and now]: allows users anonymous web transactions in the presence of probabilistic principals’ behaviours.
Users Servers
1
2
3
4
5
6
1
2
3
Delivers to server with prob 1- pf
Forwards to j with prob pf⋅qj
Initiator selects j with prob qj
observe we assume transactions are short, otherwise users could become corrupt whilst answer from server travels back.
![Page 37: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/37.jpg)
tCrowdsThe extended protocol
tCrowds [here and now]: allows users anonymous web transactions in the presence of probabilistic principals’ behaviours.
Users Servers
1
2
3
4
5
6
1
2
3
Delivers to server with prob 1- pf
Forwards to j with prob pf⋅qj
Initiator selects j with prob qj
observe we assume transactions are short, otherwise users could become corrupt whilst answer from server travels back.
extension to the general case is work in progress
![Page 38: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/38.jpg)
Probable Innocence, againNeed to compute
Start with:
15
P (ai | oi) =P(ai, oi)
P(oi)
![Page 39: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/39.jpg)
Probable Innocence, againNeed to compute
Start with:
15
P (ai | oi) =P(ai, oi)
P(oi)
P(oi,Hk) =
1n(1 − ti) k = 0
1nti(1 − T ) k = 1
1nS T
k−2qiti (1 − T ) · pk−1
fk ≥ 2
with S =n�
j=1
t j T =n�
j=1
q jt j
![Page 40: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/40.jpg)
Probable Innocence, againNeed to compute
Start with:
15
P (ai | oi) =P(ai, oi)
P(oi)
P(oi,Hk) =
1n(1 − ti) k = 0
1nti(1 − T ) k = 1
1nS T
k−2qiti (1 − T ) · pk−1
fk ≥ 2
with S =n�
j=1
t j T =n�
j=1
q jt j
1st attacker at position k
![Page 41: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/41.jpg)
Probable Innocence, againNeed to compute
Start with:
15
P (ai | oi) =P(ai, oi)
P(oi)
P(oi,Hk) =
1n(1 − ti) k = 0
1nti(1 − T ) k = 1
1nS T
k−2qiti (1 − T ) · pk−1
fk ≥ 2
with S =n�
j=1
t j T =n�
j=1
q jt j
1st attacker at position k prob to pick a
honest principal
![Page 42: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/42.jpg)
Probable Innocence, again
16
Need to compute
Continue with:
P (ai | oi) =P(ai, oi)
P(oi)
P(oi) =∞�
k=0
P(oi,Hk)
=1n
(1 − ti) +1n
ti(1 − T )
+
∞�
k=2
1n
S Tk−2 · qiti (1 − T ) p
k−1f
=1n
�1 − tiT + S p f qiti
�1 − T
1 − p f T
��
![Page 43: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/43.jpg)
Probable Innocence, again
16
Need to compute
Continue with:
P (ai | oi) =P(ai, oi)
P(oi)
P(oi) =∞�
k=0
P(oi,Hk)
=1n
(1 − ti) +1n
ti(1 − T )
+
∞�
k=2
1n
S Tk−2 · qiti (1 − T ) p
k−1f
=1n
�1 − tiT + S p f qiti
�1 − T
1 − p f T
��
observe this is 0
iff T=1 and ti=1i is undetectable
![Page 44: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/44.jpg)
Probable Innocence, again
17
Need to compute
Similarly:
P (ai | oi) =P(ai, oi)
P(oi)
P(ai, oi) =∞�
k=0
P(ai,Hk, oi)
=1n
(1 − ti) +1n
ti(1 − T )
+
∞�
k=2
1n
tiTk−2 · qiti (1 − T ) p
k−1f
=1n
�1 − tiT + p f qit
2i
�1 − T
1 − p f T
��
![Page 45: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/45.jpg)
Probable Innocence, again
18
Need to compute
And therefore:
Observe that if i is detectable, this quantity is positive: ie, it can always be caught when is the initiator: Crowds never achieves “absolute privacy”
P (ai | oi) =P(ai, oi)
P(oi)
P (ai | oi) =1 − tiT + p f qit2
i
�1−T
1−p f T
�
1 − tiT + S p f qiti�
1−T1−p f T
�
![Page 46: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/46.jpg)
Probable Innocence, again
18
Need to compute
And therefore:
Observe that if i is detectable, this quantity is positive: ie, it can always be caught when is the initiator: Crowds never achieves “absolute privacy”
P (ai | oi) =P(ai, oi)
P(oi)
P (ai | oi) =1 − tiT + p f qit2
i
�1−T
1−p f T
�
1 − tiT + S p f qiti�
1−T1−p f T
�
also observe that when T = 1- c/n and S = n - c, which characterise the (standard) Crowds, then this formula simplifies to the standard one.
![Page 47: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/47.jpg)
Provably exposed principals
19
Proposition: (Provably Exposed Principals)
For all users s.t. , we haveiff one of the following holds.
p(oi)≠0 p(ai | oi)=1
1. p f = 0
2. ti = 0
3. qi = 0
4. T = 1
5. S = ti
![Page 48: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/48.jpg)
Provably exposed principals
19
Proposition: (Provably Exposed Principals)
For all users s.t. , we haveiff one of the following holds.
p(oi)≠0 p(ai | oi)=1
1. p f = 0
2. ti = 0
3. qi = 0
4. T = 1
5. S = ti
all paths # ≤ 2
![Page 49: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/49.jpg)
Provably exposed principals
19
Proposition: (Provably Exposed Principals)
For all users s.t. , we haveiff one of the following holds.
p(oi)≠0 p(ai | oi)=1
1. p f = 0
2. ti = 0
3. qi = 0
4. T = 1
5. S = ti
all paths # ≤ 2
i is corrupt!
![Page 50: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/50.jpg)
Provably exposed principals
19
Proposition: (Provably Exposed Principals)
For all users s.t. , we haveiff one of the following holds.
p(oi)≠0 p(ai | oi)=1
1. p f = 0
2. ti = 0
3. qi = 0
4. T = 1
5. S = ti
all paths # ≤ 2
i is corrupt!
i never picked as forwarder
![Page 51: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/51.jpg)
Provably exposed principals
19
Proposition: (Provably Exposed Principals)
For all users s.t. , we haveiff one of the following holds.
p(oi)≠0 p(ai | oi)=1
1. p f = 0
2. ti = 0
3. qi = 0
4. T = 1
5. S = ti
all paths # ≤ 2
i is corrupt!
i never picked as forwarder
all participants are honest!
![Page 52: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/52.jpg)
Provably exposed principals
19
Proposition: (Provably Exposed Principals)
For all users s.t. , we haveiff one of the following holds.
p(oi)≠0 p(ai | oi)=1
1. p f = 0
2. ti = 0
3. qi = 0
4. T = 1
5. S = ti
all paths # ≤ 2
i is corrupt!
i never picked as forwarder
all participants are honest!
all but i are corrupt!
![Page 53: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/53.jpg)
On Forwarding
20
Theorem: (Monotonicity in forwarding)
is a decreasing function of pf
Corollary: (Anonymity range)
p(ai | oi)
∀i. P(ai | oi) ≥ 1 −qiti�n
j�i t j
1 − ti�n
j�i q jt j + qiti�n
j�i t j
![Page 54: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/54.jpg)
On Forwarding
20
Theorem: (Monotonicity in forwarding)
is a decreasing function of pf
Corollary: (Anonymity range)
p(ai | oi)
∀i. P(ai | oi) ≥ 1 −qiti�n
j�i t j
1 − ti�n
j�i q jt j + qiti�n
j�i t j
tells us that high values of pf enhance privacy. Yet, they slow the protocol down
![Page 55: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/55.jpg)
On Forwarding
20
Theorem: (Monotonicity in forwarding)
is a decreasing function of pf
Corollary: (Anonymity range)
p(ai | oi)
∀i. P(ai | oi) ≥ 1 −qiti�n
j�i t j
1 − ti�n
j�i q jt j + qiti�n
j�i t j
tells us that high values of pf enhance privacy. Yet, they slow the protocol down
tells us that pf =1 minimises p(ai | oi). But then the message never reaches...
![Page 56: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/56.jpg)
On Trust Values
21
Theorem: (α-Probable Innocence)
For all α∈ [0,1], the extended protocol guarantees α-probable innocence to all its participants if
∀i.qiti�n
j�i t j
1 − ti�n
j�i q jt j + qiti�n
j�i t j≥ 1 − α
![Page 57: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/57.jpg)
On Trust Values
21
Theorem: (α-Probable Innocence)
For all α∈ [0,1], the extended protocol guarantees α-probable innocence to all its participants if
∀i.qiti�n
j�i t j
1 − ti�n
j�i q jt j + qiti�n
j�i t j≥ 1 − α
observe that this provides a system of linear inequalities that can be solved
in qi to try and
achieve α-probable innocence
![Page 58: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/58.jpg)
“Social” & “Rational” Policies
22
Achieving α-Probable Innocence
Maintain the lower bound on p(ai | oi)=1 below α by manipulating the forwarding distribution (social policy), or by excluding untrustworthy participants (rational policy).
Example: SupposeFor α=1/2 the system admits two solutions, eg
Observe how user 1 is helped (at the others’ risk!) to offset its higher tendency to corruption. Indeed, probable innocence in (standard) Crowds cannot be achieved.
The alternative, is for 2 and 3 to exclude 1 and yield higher overall security.
q1 = 0.4575, q2 = 0.2620, q3 = 0.2805 .
t1 = 0.70, t2 = 0.97, t3 = 0.99
![Page 59: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/59.jpg)
Conclusion & Further Work
We have extended Crowds to take into account that principals are not usually either honest or malicious, but are liable to become corrupt (and again uncorrupt). Ours is the first attempt to cope with such probabilistic behaviour.
Our forwarding policies can be used to make the protocol more secure (either socially or rationally) once an estimation of trust is available. A lot more work on integrating trust estimation is to be done.
A deeper analysis of trust is likely to be possible on advanced anonymity protocols such as Tarzan and ToR.
We are in the process of complete this analysis by dropping the hypothesis of short transactions.
23
![Page 60: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/60.jpg)
Related WorkCrowds & External knowledge
Real world: attackers usually gather additional information correlated to the anonymous agents before attacking the protocol.
Example: two agents voting by “yes” or “no” and the result of the vote is {yes, no} Agents used different colours but the adversary does not
know the correlation between the colors and the agents: {yes, no} ≡ {yes, no}
The adversary knows the correlation: {yes, no} ≠ {yes, no}
![Page 61: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/61.jpg)
Related WorkCrowds & External knowledge
Real world: attackers usually gather additional information correlated to the anonymous agents before attacking the protocol.
Example: two agents voting by “yes” or “no” and the result of the vote is {yes, no} Agents used different colours but the adversary does not
know the correlation between the colors and the agents: {yes, no} ≡ {yes, no}
The adversary knows the correlation: {yes, no} ≠ {yes, no}
in FAST 2009with C. Palamidessi
analysis of the impact of attackers’ extra knowledge on the security of information hiding protocols.
![Page 62: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/62.jpg)
Related WorkCrowds & Beliefs & Vulnerability
Open problem: measure and account for the accuracy of the adversary extra knowledge.
Integrate the notion of adversary’s beliefs: Assume both actual a priori distribution of the hidden input and
its correlation to the extra information unknown to adversary. Generalise the approach to information flow systems.
Results: New metric for quantitative information flow based on the
concept of vulnerability that takes into account the adversary's beliefs.
Model allows to identify the levels of accuracy for the adversary's beliefs which are compatible with the security of a given program or protocol.
![Page 63: Vladimiro Sassone - EprintsTrust in Crowds Probabilistic Behaviour in Anonymity Protocols Vladimiro Sassone University of Southampton TGC 2010 München 2010.2.24 (based on joint work](https://reader030.vdocuments.mx/reader030/viewer/2022040617/5f218f244c039e677d694345/html5/thumbnails/63.jpg)
Related WorkCrowds & Beliefs & Vulnerability
Open problem: measure and account for the accuracy of the adversary extra knowledge.
Integrate the notion of adversary’s beliefs: Assume both actual a priori distribution of the hidden input and
its correlation to the extra information unknown to adversary. Generalise the approach to information flow systems.
Results: New metric for quantitative information flow based on the
concept of vulnerability that takes into account the adversary's beliefs.
Model allows to identify the levels of accuracy for the adversary's beliefs which are compatible with the security of a given program or protocol. in IEEE Symp on Security & Privacy 2010
with C. Palamidessi