Thesis

More documents

Recommendations

Info

2. PRIVATE AUTHENTICATION anonymity set of a member v is the set of members that are indistinguishable from v from the adversary’s point of view. The size of the anonymity set is a good measure of the level of privacy provided for v, because it is related to the level of uncertainty of the adversary, if all members of the set are equiprobably likely (otherwise an entropy based metric can be used). Clearly, the larger the anonymity set is, the higher the level of privacy is. The minimum size of the anonymity set is 1, and its maximum size is equal to the number of all members in the system. In order to make the privacy measure independent of the number of members, one can divide the anonymity set size by the total number of members, and obtain a normalized privacy measure between 0 and 1. Such normalization makes the comparison of different systems easier. Now, let us consider a key-tree with ℓ levels and branching factors b1, b2, . . . , bℓ at the levels, and let us assume that exactly one member is compromised (see Figure 2.2 for illustration). Knowledge of the compromised keys allows the adversary to partition the members into subsets P0, P1, P2, . . ., where P0 contains the compromised member only, P1 contains the members the parent of which is the same as that of the compromised member, and that are not in P0, P2 contains the members the grandparent of which is the same as that of the compromised member, and that are not in P0 ∪ P1, etc. Members of a given subset are indistinguishable for the adversary, while it can distinguish between members that belong to different subsets. Hence, each subset is the anonymity set of its members. k111 k11 k1 P0 P1 P2 P3 Figure 2.2: Illustration of what happens when a single member is compromised. Without loss of generality, it is assumed that the member corresponding to the leftmost leaf in the figure is compromised. This means that the keys k1, k11, and k111 become known to the adversary. This knowledge of the adversary partitions the set of members into anonymity sets P0, P1, . . . of different sizes. Members that belong to the same subset are indistinguishable to the adversary, while it can distinguish between members that belong to different subsets. For instance, the adversary can recognize a member in subset P1 by observing the usage of k1 and k11 but not that of k111, where each of these keys are known to the adversary. Members in P3 are recognized by not being able to observe the usage of any of the keys known to the adversary. The level of privacy provided by the system can be characterized by the level of privacy provided to a randomly selected member, or in other words, by the expected size of the anonymity set of a randomly selected member. By definition, the expected anonymity set size is: ¯S = ℓ∑ i=0 |Pi| N |Pi| = 12 ℓ∑ i=0 |Pi| 2 N (2.1)
2.2. Resistance to single member compromise where N is the total number of members, and |Pi|/N is the probability of selecting a member from subset Pi. The resistance to single member compromise, denoted by R, is defined as the normalized expected anonymity set size, which can be computed as follows: R = ¯ S N = = = where it is used that 1 N 2 1 N 2 ℓ∑ i=0 |Pi| 2 N 2 ( 1 + (bℓ − 1) 2 + ((bℓ−1 − 1)bℓ) 2 + . . . + ((b1 − 1)b2b3 . . . bℓ) 2) ⎛ ⎝1 + (bℓ − 1) 2 ∑ℓ−1 + (bi − 1) 2 i=1 |P0| = 1 |P1| = bℓ − 1 ℓ∏ j=i+1 |P2| = (bℓ−1 − 1)bℓ b 2 j |P3| = (bℓ−2 − 1)bℓ−1bℓ . . . . . . |Pℓ| = (b1 − 1)b2b3 . . . bℓ ⎞ ⎠ (2.2) As its name indicates, R characterizes the loss of privacy due to the compromise of a single member of the system. If R is close to 1, then the expected anonymity set size is close to the total number of members, and hence, the loss of privacy is small. On the other hand, if R is close to 0, then the loss of privacy is high, as the expected anonymity set size is small. R is used as a benchmark metric based on which different systems can be compared. This metric can be seen as being a little ad hoc, but actually the same metric is used in other papers like [Avoine et al., 2005] with a different more complex definition: Theorem 1. The expected anonymity set size based metric (R) is complement to the one tag tampering based metric (M) defined in [Avoine et al., 2005]. Proof. The metric M used in [Avoine et al., 2005] is defined in that paper as: 1. The attacker has one tag T0 (e.g., her own) she can tamper with and thus obtain its complete secret. For the sake of calculation simplicity, we assume that T0 is put back into circulation. When the number of tags in the system is large, this does not significantly affect the results. 2. She then chooses a target tag T. She can query it as much as she wants but she cannot tamper with it. 3. Given two tags T1 and T2 such that T ∈ {T1, T2}, we say that the attacker succeeds if she definitely knows which of T1 and T2 is T . We define the probability to trace T as being the probability that the attacker succeeds. To do that, the attacker can query T1 and T2 as many times as she wants but, obviously, cannot tamper with them. In the following P1 . . . Pk are the subsets of the tags after the compromise of some tags ( ∑k i=1 Pi = N). In the third step, the attacker can be successful if (and only if) T1 and T2 belongs to different subsets. The probability of the attacker’s success is the probability that two randomly chosen tags belongs to two different subsets. This probability can be calculated as follows: M = 1 − Pr(T1, T2 are in P1) − . . . − Pr(T1, T2 are in Pk) = 1 − This is the complement of the metric R (M + R = 1). 13 k∑ i=1 ( ) 2 Pi N
Page 1: Budapest University of Technology a
Page 5 and 6: Abstract Wireless networks are used
Page 7 and 8: Kivonat Vezeték nélküli hálóza
Page 9: Acknowledgement First of all, I wou
Page 12 and 13: CONTENTS 4 Anonymous Aggregator Ele
Page 15: List of Tables 2.1 Illustration of
Page 19 and 20: Chapter 1 Introduction In this diss
Page 21 and 22: 1.2. Introduction to Vehicular Ad H
Page 23 and 24: 1.3. Introduction to Wireless Senso
Page 25: 1.3. Introduction to Wireless Senso
Page 28 and 29: 2. PRIVATE AUTHENTICATION Some year
Page 32 and 33: 2. PRIVATE AUTHENTICATION Obviously
Page 34 and 35: 2. PRIVATE AUTHENTICATION In order
Page 36 and 37: 2. PRIVATE AUTHENTICATION Proof. By
Page 38 and 39: 2. PRIVATE AUTHENTICATION 2.4 Analy
Page 40 and 41: 2. PRIVATE AUTHENTICATION For each
Page 42 and 43: 2. PRIVATE AUTHENTICATION Reader R
Page 44 and 45: 2. PRIVATE AUTHENTICATION P ( ( N
Page 46 and 47: 2. PRIVATE AUTHENTICATION Avoine et
Page 48 and 49: 3. LOCATION PRIVACY IN VANETS pseud
Page 50 and 51: 3. LOCATION PRIVACY IN VANETS Since
Page 52 and 53: 3. LOCATION PRIVACY IN VANETS This
Page 54 and 55: 3. LOCATION PRIVACY IN VANETS reach
Page 56 and 57: 3. LOCATION PRIVACY IN VANETS N5.1
Page 58 and 59: 3. LOCATION PRIVACY IN VANETS Succe
Page 60 and 61: 3. LOCATION PRIVACY IN VANETS Figur
Page 62 and 63: 3. LOCATION PRIVACY IN VANETS 3.7.2
Page 64 and 65: 3. LOCATION PRIVACY IN VANETS map,
Page 67 and 68: Chapter 4 Anonymous Aggregator Elec
Page 69 and 70: 4.2. System and attacker models res
Page 71 and 72: 4.3. Basic protocol The main differ
Page 73 and 74: Table 4.1: Estimated time of the bu
Page 75 and 76: Probability of being cluster aggreg
Page 77 and 78: − n∑ i=1 H = − n+1 ∑ 4.3. B
Page 79 and 80: 4.4. Advanced protocol Table 4.3: S
Page 81 and 82:
100 90 80 70 60 50 40 30 20 10 0 0
Page 83 and 84:
4.4. Advanced protocol If we consid
Page 85 and 86:
4.4.4 Query 4.4. Advanced protocol
Page 87 and 88:
L N D B NM < L N (4.5) A (4.7) (4.6
Page 89 and 90:
R ′ = R− N i=1 h(Q|ki) ÆÓ Å
Page 91:
4.7. Related publications systems w
Page 94 and 95:
5. APPLICATION OF NEW RESULTS an ap
Page 96 and 97:
6. CONCLUSION on this knowledge, sh
Page 99:
List of Acronyms CA Cluster Aggrega
Page 102 and 103:
LIST OF PUBLICATIONS [Holczer and B
Page 104 and 105:
BIBLIOGRAPHY [Beye and Veugen, 2011
Page 106 and 107:
BIBLIOGRAPHY [El Zarki et al., 2002
Page 108 and 109:
BIBLIOGRAPHY [Juels, 2005b] A. Juel
Page 110 and 111:
BIBLIOGRAPHY [Oliveira et al., 2008
Page 112:
BIBLIOGRAPHY [Wiedersheim et al., 2
show all

Thesis

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?