- PowerPoint PPT Presentation

About This Presentation
Title:

Description:

Title: CS 259: Anonymity Author: Vitaly Shmatikov Created Date: 9/7/1997 8:51:32 PM Document presentation format: On-screen Show Company: SRI International – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 22
Provided by: Vital83
Learn more at: https://web.stanford.edu
Category:
Tags: chain | markov

less

Transcript and Presenter's Notes

Title:


1
Crowds through a PRISM
CS 259
2
Overview
  • Most slides stolen from Vitaly Shmatikov
  • Crowds
  • Probabilistic model checking
  • PRISM
  • PCTL logic
  • Analyzing Crowds with PRISM

3
Crowds
Reiter,Rubin 98
C
C4
C
C
C3
C
C
C1
C
pf
C2
C0
1-pf
C
C
sender
recipient
  • After receiving a message, honest router flips a
    biased coin
  • With probability Pf randomly selects next router
    and forwards msg
  • With probability 1-Pf sends directly to the
    recipient

4
Probabilistic Notions of Anonymity
  • Beyond suspicion
  • The observed source of the message is no more
    likely to be the true sender than anybody else
  • Probable innocence
  • Probability that the observed source of the
    message is the true sender is less than 50
  • Possible innocence
  • Non-trivial probability that the observed source
    of the message is not the true sender

5
Probabilistic Model Checking
  • Participants are finite-state machines
  • Same as Mur?
  • State transitions are probabilistic
  • Transitions in Mur? are nondeterministic
  • Standard intruder model
  • Same as Mur? model cryptography with abstract
    data types
  • Mur? question
  • Is bad state reachable?
  • Probabilistic model checking question
  • Whats the probability of reaching bad state?

0.2
0.3
0.5
...
...
bad state
6
Discrete-Time Markov Chains
(S, s0, T, L)
  • S is a finite set of states
  • s0 ?S is an initial state
  • T S?S?0,1 is the transition relation
  • ?s,s?S ?s T(s,s)1
  • L is a labeling function

7
Markov Chain Simple Example
Probabilities of outgoing transitions sum up to
1.0 for every state
C
0.5
0.2
A
E
0.1
s0
0.5
0.8
1.0
D
B
0.9
1.0
  • Probability of reaching E from s0 is
    0.2?0.50.8?0.1?0.50.14
  • The chain has infinite paths if state graph has
    loops
  • Need to solve a system of linear equations to
    compute probabilities

8
PRISM
Kwiatkowska et al., U. of Birmingham
  • Probabilistic model checker
  • System specified as a Markov chain
  • Parties are finite-state machines w/ local
    variables
  • State transitions are associated with
    probabilities
  • Can also have nondeterminism (Markov decision
    processes)
  • All parameters must be finite
  • Correctness condition specified as PCTL formula
  • Computes probabilities for each reachable state
  • Enumerates reachable states
  • Solves system of linear equations to find
    probabilities

9
PRISM Syntax
C
0.5
0.2
A
E
0.1
s0
0.5
0.8
1.0
D
B
0.9
1.0
module Simple state 1..5 init 1
state1 -gt 0.8 state2 0.2 state3
state2 -gt 0.1 state3 0.9 state4
state3 -gt 0.5 state4 0.5
state5 endmodule
IF state3 THEN with prob. 50 assign 4 to
state, with prob. 50
assign 5 to state
10
Modeling Crowds with PRISM
  • Model probabilistic path construction
  • Each state of the model corresponds to a
    particular stage of path construction
  • 1 router chosen, 2 routers chosen,
  • Three probabilistic transitions
  • Honest router chooses next router with
    probability pf, terminates the path with
    probability 1-pf
  • Next router is probabilistically chosen from N
    candidates
  • Chosen router is hostile with certain probability
  • Run path construction protocol several times and
    look at accumulated observations of the intruder

11
PRISM Path Construction in Crowds
module crowds . . . // N total of routers,
C of corrupt routers // badC C/N, goodC
1-badC (!good !bad) -gt goodC
(goodtrue) (revealAppSendertrue)
badC (badObservetrue) // Forward with
probability PF, else deliver (good
!deliver) -gt PF (pIndexpIndex1)
(forwardtrue) notPF (delivertrue) . .
. endmodule
12
PRISM Intruder Model
module crowds . . . // Record the apparent
sender and deliver (badObserve appSender0)
-gt (observe0observe01)
(delivertrue) . . . // Record the apparent
sender and deliver (badObserve
appSender15) -gt (observe15observe151)
(delivertrue) . . . endmodule
  • For each observed path, bad routers record
    apparent sender
  • Bad routers collaborate, so treat them as a
    single attacker
  • No cryptography, only probabilistic inference

13
PCTL Logic
Hansson, Jonsson 94
  • Probabilistic Computation Tree Logic
  • Used for reasoning about probabilistic temporal
    properties of probabilistic finite state spaces
  • Can express properties of the form under any
    scheduling of processes, the probability that
    event E occurs is at least p
  • By contrast, Mur? can express only properties of
    the form does event E ever occur?

14
PCTL Syntax
  • State formulas
  • First-order propositions over a single state
  • ? True a ? ? ? ? ? ? ?? Pgtp?
  • Path formulas
  • Properties of chains of states
  • ? X ? ? U?k ? ? U ?

Predicate over state variables (just like a Mur?
invariant)
Path formula holds with probability gt p
State formula holds for every next state in the
chain
First state formula holds for every state in the
chain until second becomes true
15
PCTL State Formulas
  • A state formula is a first-order state predicate
  • Just like non-probabilistic logic

True
False
X1 y2
1.0
X2 y0
True
0.2
X1 y1
0.5
1.0
X3 y0
s0
0.5
0.8
False
  • ? (ygt1) (x1)

16
PCTL Path Formulas
  • A path formula is a temporal property of a chain
    of states
  • ?1U?2 ?1 is true until ?2 becomes and stays
    true

X1 y2
1.0
X2 y0
0.2
X1 y1
0.5
1.0
X3 y0
s0
0.5
0.8
  • ? (ygt0) U (xgty) holds for this chain

17
PCTL Probabilistic State Formulas
  • Specify that a certain predicate or path formula
    holds with probability no less than some bound

True
True
X1 y2
1.0
X2 y0
False
0.2
X1 y1
0.5
1.0
X3 y0
s0
0.5
0.8
False
  • ? Pgt0.5(ygt0) U (x2)

18
Intruder Model
module crowds . . . // Record the apparent
sender and deliver (badObserve appSender0)
-gt (observe0observe01)
(delivertrue) . . . // Record the apparent
sender and deliver (badObserve
appSender15) -gt (observe15observe151)
(delivertrue) . . . endmodule
Every time a hostile crowd member receives a
message from some honest member, he records his
observation (increases the count for that honest
member)
19
Negation of Probable Innocence
P gt0.5 true U (observe0gtobserve1) done

Pgt0.5true U (observe0gtobserve9) done
The probability of reaching a state in which
hostile crowd members completed their
observations and observed the true sender (crowd
member 0) more often than any of the other
crowd members (1 9) is greater than 0.5
20
Dynamic Paths
  • What happens when originator sends new message?
  • Use same path
  • Or construct new path
  • Intruder can correlate messages using content
  • Originator appears on all paths!
  • Paths need to be static otherwise probable
    innocence is broken

21
Path Reformulations
  • Same problem as dynamic paths
  • When members leave the crowd, paths are
    reformulated
  • New paths can be correlated with old paths based
    on path content
  • Shmatikov analyzes the effect of path
    reformulations and crowd size See case study on
    PRISM site
Write a Comment
User Comments (0)
About PowerShow.com