Tom Chothia

Analysing Unlinkability and Anonymity Using the Applied Pi Calculus

An attacker that can identify messages as coming from the same source, can use this information to build up a picture of targets’ behaviour, and so, threaten their privacy. In response to this danger, unlinkable protocols aim to make it impossible for a third party to identify two runs of a protocol as coming from the same device. We present a framework for analysing unlinkability and anonymity in the applied pi calculus. We show that unlinkability and anonymity are complementary properties; one does not imply the other. Using our framework we show that the French RFID e-passport preserves anonymity but it is linkable therefore anyone carrying a French e-passport can be physically traced.

Statistical measurement of information leakage

Information theory provides a range of useful methods to analyse probability distributions and these techniques have been successfully applied to measure information flow and the loss of anonymity in secure systems. However, previous work has tended to assume that the exact probabilities of every action are known, or that the system is non-deterministic. In this paper, we show that measures of information leakage based on mutual information and capacity can be calculated, automatically, from trial runs of a system alone. We find a confidence interval for this estimate based on the number of possible inputs, observations and samples. We have developed a tool to automatically perform this analysis and we demonstrate our method by analysing a Mixminon anonymous remailer node.

Metrics for Action-labelled Quantitative Transition Systems

This paper defines action-labelled quantitative transition systems as a general framework for combining qualitative and quantitative analysis. We define state-metrics as a natural extension of bisimulation from non-quantitative systems to quantitative ones. We then prove that any single state-metric corresponds to a bisimulation and that the greatest state-metric corresponds to bisimilarity. Furthermore, we provide two extended examples which show that our results apply to both probabilistic and weighted automata as special cases of action-labelled quantitative transition systems.

A traceability attack against e-passports

Since 2004, many nations have started issuing “e-passports” containing an RFID tag that, when powered, broadcasts information. It is claimed that these passports are more secure and that our data will be protected from any possible unauthorised attempts to read it. In this paper we show that there is a flaw in one of the passport’s protocols that makes it possible to trace the movements of a particular passport, without having to break the passport’s cryptographic key. All an attacker has to do is to record one session between the passport and a legitimate reader, then by replaying a particular message, the attacker can distinguish that passport from any other. We have implemented our attack and tested it successfully against passports issued by a range of nations.

Schedulability of asynchronous real-time concurrent objects

Abstract We present a modular method for schedulability analysis of real time distributed systems. We extend the actor model, as the asynchronous model for concurrent objects, with real time using timed automata, and show how actors can be analyzed individually to make sure that no task misses its deadline. We introduce drivers to specify how an actor can be safely used. Using these drivers we can verify schedulability, for a given scheduler, by doing a reachability check with the U ppaal model checker. Our method makes it possible to put a finite bound on the process queue and still obtain schedulability results that hold for any queue length.

Component connectors with QoS guarantees

Connectors have emerged as a powerful concept for composition and coordination of concurrent activities encapsulated as components and services. Compositional coordination models and languages serve as a means to formally specify and implement component and service connectors. They support large-scale distributed applications by allowing construction of complex component connectors out of simpler ones. Modelling, analysis, and ensuring end-to-end Quality of Service (QoS) represent key concerns in such large-scale distributed applications. In this paper we introduce a compositional model of QoS, called Quantitative Constraint Automata, that reflects the underlying architecture of component/service composition represented by the Reo connector circuits. These can support compositional reasoning about component/service connectors, modelled as Reo circuits with QoS properties.

From Coordination to Stochastic Models of QoS

Reo is a channel-based coordination model whose operational semantics is given by Constraint Automata (CA). Quantitative Constraint Automata extend CA (and hence, Reo) with quantitative models to capture such non-functional aspects of a systems behaviour as delays, costs, resource needs and consumption, that depend on the internal details of the system. However, the performance of a system can crucially depend not only on its internal details, but also on how it is used in an environment, as determined for instance by the frequencies and distributions of the arrivals of I/O requests. In this paper we propose Quantitative Intentional Automata (QIA), an extension of CA that allow incorporating the influence of a systems environment on its performance. Moreover, we show the translation of QIA into Continuous-Time Markov Chains (CTMCs), which allows us to apply existing CTMC tools and techniques for performance analysis of QIA and Reo circuits.

A survey of anonymous peer-to-peer file-sharing

This paper provides a survey of searchable, peer-to-peer file-sharing systems that offer the user some form of anonymity. We start this survey by giving a brief description of the most popular methods of providing anonymous communication. These include the Ants protocol, Onion routing, Multicasting, MIXes and UDP address spoofing. We then describe a number of implemented systems based on one, or a combination of, these methods. Finally, we discuss possible attacks on the anonymity of these systems and give examples of particular attacks and defences used by the systems we describe.

Q-Automata: Modelling the Resource Usage of Concurrent Components

Q-automata are introduced to model quality aspects of component-based software. We propose Q-algebras as a general framework that allows us to combine and choose between quality values. Such values are added to the transitions of automata, which represent components or channels. These automata can be composed by a product construction yielding a more complex Q-automaton labelled with the combined costs of its components. Thus we establish compositionality of quality of service based on an algebra of quality attributes associated with processes represented by automata.

Type-based distributed access control

The key-based decentralized label model (KDLM) is a type system that combines a weak form of information flow control, termed distributed access control in the article, with typed cryptographic operations. The motivation is to have a type system that ensures access control while giving the application the responsibility to secure network communications, and to do this safely. KDLM introduces the notion of declassification certificates to support the declassification of encrypted data.