Formal Analysis of Information Flow Using Min-Entropy and Belief Min-Entropy

Quantitative theories in information flow is becoming nowadays very important in the area of information system security. It is so indispensable in different fields such as secure information flow, anonymity protocols and side-channel analysis. In fact, there is a growing interest in applying these theories in electronic communication, auctioning, voting and payment. The consensus of quantitative information flow was introduced under the context of Shannon entropy and mutual information. The main goal of quantitative information flow is to compute the bounds of the threat that a secret information is leaked due to an external attack. Our major focus in this work is to model the risk that the secret is correctly guessed in one try. Considering this model, we argue that the proposed consensus based on Shannon entropy failed to give good security guarantees; it sometimes leads to a confusion, this was mentioned by G. Smith, where the problem is that a random variable with high vulnerability to be guessed can have a large Shannon entropy. We propose to use min-entropy and belief-min-entropy as better alternatives. The latter one is taking into account the attackers’ extra knowledge. Both of these notions will be used in order to model and analyze the information leakage in deterministic and probabilistic systems. We will conduct our work in the core of the Higher-Order-Logic Theorem Proving in which we are going to formalize the new concepts previously presented. We will then apply our theory to analyze the information behavior in a cascade of channels. We prove that the leakage of two cascade channels can not exceed the leakage of the first channel.