>Something attached to introductory or explanatory text,
>rather than a specific point in the discussion. For
>instance,
Fine.
>>>> And also I would add a new assumption:
>>>> Indistinguishability assumption:
>> Up to jere it is only a definition: any protocol defines
>> an indistinguishability region, there is no way to avoid
>> it. (But perhaps, it is not trivial to calculate what is
>> the indistinguishability region for a given algorithm).
>> It is close to well known notions of
>> indistinguishability, like
>> http://en.wikipedia.org/wiki/Ciphertext_indistinguishability
>> or, even more, the one used in information flow, see for
>> instance: http://www.cse.chalmers.se/~andrei/jsac.pdf So
>> this is not solution space.
> The indistinguishability property might be generalized as:
> given a set of N (chosen) plaintexts T[1], ...T[N], then
> any ciphertext from the set produced by the algorithm
> E(T[x]) cannot be identified as being produced by any of
> the set of plaintexts with a probability greater than 1/N.
This is not a generalization (If T[i], T[j] are
indistinguisable, for all i,j, then T[1], ...T[N] are
indistinguishable in the sense you mention.
> There's two ways this principle is being applied. The most
> important is where the plaintext is the location of a
> target as a function of time. That is T is the location of
> the Target as it varies over time. Addressing this form of
> indistinguishability has to be the primary goal.
If you think of T(t) as the continous path, and you are
looking at the values O(T(t)) of obscured locations
(assuming that the algorithm is active each instant of
time), then you get unrealistic versions of
inditinguishability.
> You are talking about a second case where each discrete
> location for the same target is treated as a separate
> plaintext.
Not exactly. Let me rephrase:
We have high sensitive information (the real location ofr
locations of the target) and low sensitive information (the
obscured location, which is the output of the algorithm).
The "attacker" is simply anyone who is trying to deduce
information about the real location of the target based on the
outputs of the algorithm and perhaps some further information
about the past real locations of the target. We have a notion of
two points being "indistinguishable as locations"
and "indistinguishable as destinations".
For the first one, assume a static (i.e: not moving) target. We
call two points "indistinguishable as locations" for an
algorithm, if an attacker can not infer from the outputs of the
algorithm any information about which of the two points is the
location of a static target. In particular, if the algorithm
provides the same distribution of responses for the two
locations, those locations are indistinguishable.
For the second one, consider the paths starting at one given
point. Two points B1, B2 are "indistinguishable as destinations"
if for any path starting in a point A and ending in B1
there is a path starting in a point A and ending in B2,
such that the attacker can not infer from the outputs of the
algorithm any information about which of the two paths the
target is travelling and in particular, which destination
the target has eventually arrived to.
> The point under debate is not indistinguishability, but
> whether this property forms part of the attack options we
> wish to address (the "assumptions"). Indistinguishability
> is a tool for analyzing an algorithm, but not part of the
> set of attacks. Thus, neither part of the solution space or
> the set of goals, but a framework for understanding if
> we've achieved our goals.
Just as ciphertext_indistinguishability is the corect concept for
anylyzing if aen encryption algorithm is ok, I think the
indistinguishability of locations is the correct concept here. It
creally relates to the possibilities of attackers learning
infromation from obscured locations.
> If you are looking for an assumption, then we're still
> talking about the "frequent destination" or "same location"
> assumption. That is, the attacker assumes that the known
> location is the same as the known location that was
> previously acquired. The question of how much information
> the attacker gains when making this assumption is a matter
> for the analysis of the algorithm.
> Incidentally, there's another assumption that's important
> in analyzing the algorithm that I proposed:
> Discrete location assumption: An algorithm SHOULD protect a
> discrete location that is remote from adjacent known
> locations. This assumption might be useful to an adversary
> if the location of the Target is known only at discrete
> points without known locations in between. For example, a
> person that disables location tracking in transit between
> two points might only have known locations at either end of
> the journey.
It looks good, but did not understand it fully: How far
is "remote"? What is an "adjacent known location"? If the
location of a target is known at discrete points, then the
locations visited in the meantime should also be protected,
you mean something like that?
> Goal. Let us not place constraints that we cannot provably
> meet.
I agree. I think indistinguishability (as stated above) is
achievable.
> As an aside, in relation to this work, I've been acutely
> aware of the effect of "Schneier's Law":
> <http://www.schneier.com/crypto-gram-1104.html#10>.
Me too.
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
