Studying Maximum Information Leakage Using Karush–Kuhn–Tucker Conditions

As emphasized in the existing literature, no electronic system can guarantee perfect confidentiality or anonymity [19]. Hence, measuring the leakage of confidential information is a pressing but increasingly challenging issue. The ability to preemptively assess possible information leaks is crucial for designing and understanding a system that contains information which ought to be protected [1].Information Theory [25] provides a general method for measuring information flow in information channels, and extends to quantify the loss of confidentiality and anonymity. A number of previous works have addressed and measured the channel capacity of information leakage channels, which describes the worst-case leakage. Recently a novel technique to measure the channel capacity of anonymity protocols and programs using Lagrange multipliers has been proposed in [21, 7]: this setting is able to answer questions like: "what is the maximum leakage of a system where a random string is 1000 times less likely to be the secret than a dictionary word" i.e. an equality constraint like prand = lOOOpH^.1In order to analyze a much wider range of systems and scenarios, inequality constraints ought to be supported. An example of such constraint is: "the password is over 1000 times more likely to be a word from a dictionary than a meaningless string", i.e. prand < 1OOOpword: these inequality constraints cannot be solved using lagrangians. Therefore, we introduce Karush-Kuhn-Tucker (KKT) conditions to enable inequality constraints for deriving the channel capacity, and present a set of theorems and propositions which can be readily applied. This makes the approach more powerful and enables it to deal with a much wider spectrum of cases, as demonstrated later on in this paper. Further, we believe that this approach, orthogonal to the probabilistic methods which have dominated protocol security analysis [12, 11, 24], will provide novel and more practical results to the research community.The paper is organized as follows: the next subsection discusses existing literature and the background is introduced in Section 2. In Section 3, we briefly describe the theorems and propositions for channel capacity using Karush-Kuhn-Tucker conditions with full proofs. We show that our method can