You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2.2. Resistance to single member compromise<br />
where N is the total number of members, and |Pi|/N is the probability of selecting a member from<br />
subset Pi. The resistance to single member compromise, denoted by R, is defined as the normalized<br />
expected anonymity set size, which can be computed as follows:<br />
R = ¯ S<br />
N =<br />
=<br />
=<br />
where it is used that<br />
1<br />
N 2<br />
1<br />
N 2<br />
ℓ∑<br />
i=0<br />
|Pi| 2<br />
N 2<br />
( 1 + (bℓ − 1) 2 + ((bℓ−1 − 1)bℓ) 2 + . . . + ((b1 − 1)b2b3 . . . bℓ) 2)<br />
⎛<br />
⎝1 + (bℓ − 1) 2 ∑ℓ−1<br />
+ (bi − 1) 2<br />
i=1<br />
|P0| = 1<br />
|P1| = bℓ − 1<br />
ℓ∏<br />
j=i+1<br />
|P2| = (bℓ−1 − 1)bℓ<br />
b 2 j<br />
|P3| = (bℓ−2 − 1)bℓ−1bℓ<br />
. . . . . .<br />
|Pℓ| = (b1 − 1)b2b3 . . . bℓ<br />
⎞<br />
⎠ (2.2)<br />
As its name indicates, R characterizes the loss of privacy due to the compromise of a single<br />
member of the system. If R is close to 1, then the expected anonymity set size is close to the total<br />
number of members, and hence, the loss of privacy is small. On the other hand, if R is close to<br />
0, then the loss of privacy is high, as the expected anonymity set size is small. R is used as a<br />
benchmark metric based on which different systems can be compared.<br />
This metric can be seen as being a little ad hoc, but actually the same metric is used in other<br />
papers like [Avoine et al., 2005] with a different more complex definition:<br />
Theorem 1. The expected anonymity set size based metric (R) is complement to the one tag<br />
tampering based metric (M) defined in [Avoine et al., 2005].<br />
Proof. The metric M used in [Avoine et al., 2005] is defined in that paper as:<br />
1. The attacker has one tag T0 (e.g., her own) she can tamper with and thus obtain its complete<br />
secret. For the sake of calculation simplicity, we assume that T0 is put back into circulation.<br />
When the number of tags in the system is large, this does not significantly affect the results.<br />
2. She then chooses a target tag T. She can query it as much as she wants but she cannot<br />
tamper with it.<br />
3. Given two tags T1 and T2 such that T ∈ {T1, T2}, we say that the attacker succeeds if she<br />
definitely knows which of T1 and T2 is T . We define the probability to trace T as being the<br />
probability that the attacker succeeds. To do that, the attacker can query T1 and T2 as many<br />
times as she wants but, obviously, cannot tamper with them.<br />
In the following P1 . . . Pk are the subsets of the tags after the compromise of some tags<br />
( ∑k i=1 Pi = N).<br />
In the third step, the attacker can be successful if (and only if) T1 and T2 belongs to different<br />
subsets.<br />
The probability of the attacker’s success is the probability that two randomly chosen tags<br />
belongs to two different subsets. This probability can be calculated as follows:<br />
M = 1 − Pr(T1, T2 are in P1) − . . . − Pr(T1, T2 are in Pk) = 1 −<br />
This is the complement of the metric R (M + R = 1).<br />
13<br />
k∑<br />
i=1<br />
( ) 2<br />
Pi<br />
N