Quantifying vulnerability of secret generation using hyper-distributions (extended version)
This work addresses a limitation in security analysis for systems where secrets are generated using strategies, such as password systems, by providing a more accurate vulnerability quantification method.
The paper tackles the problem of underestimating secret vulnerability in Quantitative Information Flow (QIF) by modeling adversary prior knowledge as a hyper-distribution over strategies, rather than a single distribution, to account for structured strategies like password generation. It disentangles vulnerability of secrets from strategies, distinguishing security by aggregation from security by strategy, and proves that no higher-order generalizations are needed for sound quantification.
Traditional approaches to Quantitative Information Flow (QIF) represent the adversary's prior knowledge of possible secret values as a single probability distribution. This representation may miss important structure. For instance, representing prior knowledge about passwords of a system's users in this way overlooks the fact that many users generate passwords using some strategy. Knowledge of such strategies can help the adversary in guessing a secret, so ignoring them may underestimate the secret's vulnerability. In this paper we explicitly model strategies as distributions on secrets, and generalize the representation of the adversary's prior knowledge from a distribution on secrets to an environment, which is a distribution on strategies (and, thus, a distribution on distributions on secrets, called a hyper-distribution). By applying information-theoretic techniques to environments we derive several meaningful generalizations of the traditional approach to QIF. In particular, we disentangle the vulnerability of a secret from the vulnerability of the strategies that generate secrets, and thereby distinguish security by aggregation--which relies on the uncertainty over strategies--from security by strategy--which relies on the intrinsic uncertainty within a strategy. We also demonstrate that, in a precise way, no further generalization of prior knowledge (e.g., by using distributions of even higher order) is needed to soundly quantify the vulnerability of the secret.