Thesis

More documents

Recommendations

Info

2. PRIVATE AUTHENTICATION 2.4 Analysis of the general case So far, we have studied the case of a single compromised member. This already proved to be useful, because it allowed us to compare different key-trees and to derive a key-tree construction method. However, one may still be interested in what level of privacy is provided by a system in the general case when any number of members could be compromised. In this section, I address this problem. P P Figure 2.3: Illustration of what happens when several members are compromised. Just as in the case of a single compromised member, the members are partitioned into anonymity sets, but now the resulting subsets depend on the number of the compromised members, as well as on their positions in the tree. Nevertheless, the expected size of the anonymity set of a randomly selected member is still a good metric for the level of privacy provided by the system, although, in this general case, it is more difficult to compute. In what follows, we will need to refer to the non-leaf vertices of the key-tree, and for this reason, I introduce the labelling scheme that is illustrated in Figure 2.3. In addition, we need to introduce some further notations. I call a leaf compromised if it belongs to a compromised member, and I call a non-leaf vertex compromised if it lies on a path that leads to a compromised leaf in the tree. If vertex v is compromised, then Kv denotes the set of the compromised children of v, and kv = |Kv|; Pv denotes the set of subsets (anonymity sets) that belong to the subtree rooted at v (see Figure 2.3 for illustration); and ¯ Sv denotes the average size of the subsets in Pv. We are interested in computing ¯ S ⟨−⟩. We can do that as follows: ¯S ⟨−⟩ = ∑ P ∈P ⟨−⟩ |P | 2 b1b2 . . . bℓ = ((b1 − k ⟨−⟩)b2 . . . bℓ) 2 + b1b2 . . . bℓ ∑ = ((b1 − k ⟨−⟩)b2 . . . bℓ) 2 b1b2 . . . bℓ ∑ v∈K ⟨−⟩ P ∈Pv + 1 b1 ∑ v∈K ⟨−⟩ In general, for any vertex ⟨i1, . . . , ij⟩ such that 1 ≤ j < ℓ − 1: ¯S ⟨i1,...,ij⟩ = ((bj+1 − k ⟨i1,...,ij⟩)bj+2 . . . bℓ) 2 bj+1 . . . bℓ 20 ¯Sv + 1 bj+1 |P | 2 b1b2 . . . bℓ ∑ v∈K ⟨i1 ,...,i j ⟩ ¯Sv (2.9) (2.10)
Finally, for vertices ⟨i1, . . . , iℓ−1⟩ just above the leaves, we get: ¯S ⟨i1,...,iℓ−1⟩ = (bℓ − k ⟨i1,...,iℓ−1⟩) 2 bℓ 2.4. Analysis of the general case + k ⟨i1,...,iℓ−1⟩ bℓ (2.11) Expressions (2.9 – 2.11) can be used to compute the expected anonymity set size in the system iteratively, in case of any number of compromised members. However, note that the computation depends not only on the number c of the compromised members, but also their positions in the tree. This makes the comparison of different systems difficult, because for a comprehensive analysis, all possible allocations of the compromised members over the leaves of the key-tree should be considered. Therefore, such a formula is preferred that depends solely on c, but characterizes the effect of compromised members on the level of privacy sufficiently well, so that it can serve as a basis for comparison of different systems. In the following, such a formula is derived based on the assumption that the compromised members are distributed uniformly at random over the leaves of the key-tree. In some sense, this is a pessimistic assumption as the uniform distribution represents the worst case, which leads to the largest amount of privacy loss due to the compromised members. Thus, the approximation that is derived can be viewed as a lower bound on the expected anonymity set size in the system when c members are compromised. Let the branching factor of the key-tree be B = (b1, b2, . . . , bℓ), and let c be the number of compromised leaves in the tree. We can estimate k ⟨−⟩ for the root as follows: k ⟨−⟩ ≈ min(c, b1) = k0 (2.12) If a vertex ⟨i⟩ at the first level of the tree is compromised, then the number of compromised leaves in the subtree rooted at ⟨i⟩ is approximately c/k0 = c1. Then, we can estimate k ⟨i⟩ as follows: k ⟨i⟩ ≈ min(c1, b2) = k1 (2.13) In general, if vertex ⟨i1, . . . , ij⟩ at the j-th level of the tree is compromised, then the number of compromised leaves in the subtree rooted at ⟨i1, . . . , ij⟩ is approximately cj−1/kj−1 = cj, and we can use this to approximate k ⟨i1,...,ij⟩ as follows: k ⟨i1,...,ij⟩ ≈ min(cj, bj+1) = kj (2.14) Using these approximations in expressions (2.9 – 2.11), we can derive an approximation for ¯S ⟨−⟩, which is denoted by ¯ S0, in the following way: ¯Sℓ−1 = (bℓ − kℓ−1) 2 . . . . . . bℓ + kℓ−1 bℓ ¯Sj = ((bj+1 − kj)bj+2 . . . bℓ) 2 . . . . . . bj+1 . . . bℓ ¯S0 = ((b1 − k0)b2 . . . bℓ) 2 b1 . . . bℓ + k0 ¯S1 b1 + kj ¯Sj+1 bj+1 (2.15) (2.16) (2.17) Note that expressions (2.17 – 2.15) do not depend on the positions of the compromised leaves in the tree, but they depend only on the value of c. In order to see how well ¯ S0 estimates ¯ S ⟨−⟩, some simulations are run. The simulation parameters are the following: total number of members N = 27000; upper bound on the maximum authentication delay Dmax = 90; Two branching factor vectors are considered: (30, 30, 30) and (72, 5, 5, 5, 3); The number c of compromised members is varied between 1 and 270 with a step size of one. 21
Page 1: Budapest University of Technology a
Page 5 and 6: Abstract Wireless networks are used
Page 7 and 8: Kivonat Vezeték nélküli hálóza
Page 9: Acknowledgement First of all, I wou
Page 12 and 13: CONTENTS 4 Anonymous Aggregator Ele
Page 15: List of Tables 2.1 Illustration of
Page 19 and 20: Chapter 1 Introduction In this diss
Page 21 and 22: 1.2. Introduction to Vehicular Ad H
Page 23 and 24: 1.3. Introduction to Wireless Senso
Page 25: 1.3. Introduction to Wireless Senso
Page 28 and 29: 2. PRIVATE AUTHENTICATION Some year
Page 30 and 31: 2. PRIVATE AUTHENTICATION anonymity
Page 32 and 33: 2. PRIVATE AUTHENTICATION Obviously
Page 34 and 35: 2. PRIVATE AUTHENTICATION In order
Page 36 and 37: 2. PRIVATE AUTHENTICATION Proof. By
Page 40 and 41: 2. PRIVATE AUTHENTICATION For each
Page 42 and 43: 2. PRIVATE AUTHENTICATION Reader R
Page 44 and 45: 2. PRIVATE AUTHENTICATION P ( ( N
Page 46 and 47: 2. PRIVATE AUTHENTICATION Avoine et
Page 48 and 49: 3. LOCATION PRIVACY IN VANETS pseud
Page 50 and 51: 3. LOCATION PRIVACY IN VANETS Since
Page 52 and 53: 3. LOCATION PRIVACY IN VANETS This
Page 54 and 55: 3. LOCATION PRIVACY IN VANETS reach
Page 56 and 57: 3. LOCATION PRIVACY IN VANETS N5.1
Page 58 and 59: 3. LOCATION PRIVACY IN VANETS Succe
Page 60 and 61: 3. LOCATION PRIVACY IN VANETS Figur
Page 62 and 63: 3. LOCATION PRIVACY IN VANETS 3.7.2
Page 64 and 65: 3. LOCATION PRIVACY IN VANETS map,
Page 67 and 68: Chapter 4 Anonymous Aggregator Elec
Page 69 and 70: 4.2. System and attacker models res
Page 71 and 72: 4.3. Basic protocol The main differ
Page 73 and 74: Table 4.1: Estimated time of the bu
Page 75 and 76: Probability of being cluster aggreg
Page 77 and 78: − n∑ i=1 H = − n+1 ∑ 4.3. B
Page 79 and 80: 4.4. Advanced protocol Table 4.3: S
Page 81 and 82: 100 90 80 70 60 50 40 30 20 10 0 0
Page 83 and 84: 4.4. Advanced protocol If we consid
Page 85 and 86: 4.4.4 Query 4.4. Advanced protocol
Page 87 and 88: L N D B NM < L N (4.5) A (4.7) (4.6
Page 89 and 90:
R ′ = R− N i=1 h(Q|ki) ÆÓ Å
Page 91:
4.7. Related publications systems w
Page 94 and 95:
5. APPLICATION OF NEW RESULTS an ap
Page 96 and 97:
6. CONCLUSION on this knowledge, sh
Page 99:
List of Acronyms CA Cluster Aggrega
Page 102 and 103:
LIST OF PUBLICATIONS [Holczer and B
Page 104 and 105:
BIBLIOGRAPHY [Beye and Veugen, 2011
Page 106 and 107:
BIBLIOGRAPHY [El Zarki et al., 2002
Page 108 and 109:
BIBLIOGRAPHY [Juels, 2005b] A. Juel
Page 110 and 111:
BIBLIOGRAPHY [Oliveira et al., 2008
Page 112:
BIBLIOGRAPHY [Wiedersheim et al., 2
show all

Thesis

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?