Hiding in Groups: On the Expressiveness of Privacy DistributionsReport
Many applications inherently disclose information because perfect privacy protection is prohibitively expensive. RFID tags, for example, cannot be equipped with the cryptographic primitives needed to completely shield their information from unauthorized reads. All known privacy protocols that scale to the anticipated sizes of RFID systems achieve at most modest levels of protection. Previous anal- yses found the protocols to have weak privacy, but relied on simplifying attacker models and did not provide insights into how to improve privacy. We introduce a new general way to model privacy through probability distributions, that capture ow much information is leaked by different users of a system. We use this metric to examine information leakage for an RFID tag from the a scalable privacy pro- tocol and from a timing side channel that is observable through the tag�s random number generator. To increase the privacy of the protocol, we combine our results with a new model for rational attackers to derive the overall value of an attack. This attacker model is also based on distributions and integrates seamlessly into our framework for information leakage. Our analysis points to a new parameteriza- tion for the privacy protocol that significantly improves privacy by decreasing the expected attack value while maintaining reasonable scalability at acceptable cost.
All rights reserved (no additional license for public reuse)
Nohl, Karsten, and Dave Evans. "Hiding in Groups: On the Expressiveness of Privacy Distributions." University of Virginia Dept. of Computer Science Tech Report (2008).
University of Virginia, Department of Computer Science