Doctor of Philosophy (PhD)
First Advisor's Name
First Advisor's Committee Title
Second Advisor's Name
Second Advisor's Committee Title
Third Advisor's Name
Third Advisor's Committee Title
Fourth Advisor's Name
Fourth Advisor's Committee Title
Fifth Advisor's Name
Fifth Advisor's Committee Title
information flow, privacy, security metrics, information leakage
Date of Defense
Across our digital lives, two powerful forces of data utility and data privacy push and pull against each other. In response, technologies have been designed to help navigate this tension, by revealing, or leaking, information that could be useful to an adversary in exchange for some added utility. For many of these technologies, there is uncertainty about how harmful these leaks are. How much security and privacy are we sacrificing? Under what circumstances are these technologies safe to use?
To bring clarity to these compromises between security and utility, this dissertation applies the information-theoretic framework of quantitative information flow (QIF), which models systems as channels correlating secret inputs with observable outputs. The QIF framework can determine an optimal adversary's expected probability of success, and thereby isolate the effect that these technologies have on security and privacy.
In this work, we apply QIF to three applications: We first examine two forms of property-revealing encryption: equality- and order-revealing encryption. These techniques allow database management systems to respond to queries and sort much faster without direct access to sensitive values, but the leakage implications are still unclear. The third application is local differential privacy and the shuffle model. Differential privacy aims to protect the privacy of individuals participating in statistical databases but must balance utility and privacy. The shuffle model can improve this balance, but exactly how much security it is providing is uncertain.
Through novel combinatorics and exact calculations, we precisely quantify the leakage of these applications under different parameters and relevant adversaries. For each application, we provide clarity about how much information is leaked and under what circumstances an application could be safe to deploy.
Previously Published In
M. Jurado and G. Smith, “Quantifying information leakage of deterministic
encryption,” in Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, CCSW’19, (New York, NY, USA), p. 129–139, Association for Computing Machinery, 2019.
M. Jurado, C. Palamidessi, and G. Smith, “A formal information-theoretic
leakage analysis of order-revealing encryption,” in 2021 IEEE 34th Computer
Security Foundations Symposium (CSF), pp. 1–16, 2021.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Jurado, Mireya Anita, "Applications of Quantitative Information Flow to Property-Revealing Encryption and Differential Privacy" (2022). FIU Electronic Theses and Dissertations. 5032.
Available for download on Saturday, June 29, 2024
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).