# On the Relationship between Confidentiality Measures: Entropy and Guesswork

### Reine Lundin, Thijs Holleboom, Stefan Lindskog

#### Abstract

In this paper, we investigate in detail the relationship between entropy and guesswork. The aim of the study is to lay the ground for future efficiency comparison of guessing strategies. After a short discussion of the two measures, and the differences between them, the formal definitions are given. Then, a redefinition of guesswork is made, since the measure is not completely accurate. The change is a minor modification in the last term of the sum expressing guesswork. Finally, two theorems are stated. The first states that the redefined guesswork is equal to the concept of cross entropy, and the second states, as a consequence of the first theorem, that the redefined guesswork is equal to the sum of the entropy and the relative entropy.

#### References

- Lindskog, S., Jonsson, E.: Adding security to QoS architectures. In Burnett, R., Brunstrom, A., Nilsson, A.G., eds.: Perspectives on Multimedia: Communication, Media and Information Technology. John Wiley & Sons (2003) 145-158
- Common Criteria Implementation Board: Common criteria for information technology security evaluation, version 3.1. http://www.commoncriteriaportal.org/ (2006)
- Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28 (1949) 656-715 Reprinted in Claude Elwood Shannon: Collected papers. Edited by N. J. A. Sloan and A. D. Wyner, IEEE Press, 1993.
- Massey, J.: Guessing and entropy. In: Proceedings of the 1994 IEEE International Symp. on Information Theory. (1994) 204
- Pliam, J.O.: Ciphers and their Products: Group Theory in Private Key Cryptography. PhD thesis, University of Minnesota, Minnesota, USA (1999)
- Myerson, R.B.: Game Theory: Analysis of Conflict. Harvard University Press (1997)
- Cover, T., Thomas, J.: Elements of Information Theroy. John Wiley & Sons (1991)
- Malone, D., Sullivan, W.: Guesswork is not a substitute for entropy. In: Proceedings of the Information Technology & Telecommunications Conference. (2005)
- Brown, P.F., Pietra, S.D., Pietra, V.D., Lai, J.C., Mercer, R.L.: An estimate of an upper bound for the entropy of english. Computational Linguistics 18 (1992) 31-40
- Muffett, A.D.E.: Crack: A sensible password checker for UNIX (1992)
- Lundin, R., Lindskog, S., Brunstrom, A., Fischer-Hbner, S.: Using guesswork as a measure for confidentiality of selectively encrypted messages. In Gollmann, D., Massacci, F., Yautsiukhin, A., eds.: Quality of Protection: Security Measurements and Metrics. Volume 23. Springer (2006) 173-184

#### Paper Citation

#### in Harvard Style

Lundin R., Holleboom T. and Lindskog S. (2007). **On the Relationship between Confidentiality Measures: Entropy and Guesswork** . In *Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)* ISBN 978-972-8865-96-2, pages 135-144. DOI: 10.5220/0002426901350144

#### in Bibtex Style

@conference{wosis07,

author={Reine Lundin and Thijs Holleboom and Stefan Lindskog},

title={On the Relationship between Confidentiality Measures: Entropy and Guesswork},

booktitle={Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)},

year={2007},

pages={135-144},

publisher={SciTePress},

organization={INSTICC},

doi={10.5220/0002426901350144},

isbn={978-972-8865-96-2},

}

#### in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)

TI - On the Relationship between Confidentiality Measures: Entropy and Guesswork

SN - 978-972-8865-96-2

AU - Lundin R.

AU - Holleboom T.

AU - Lindskog S.

PY - 2007

SP - 135

EP - 144

DO - 10.5220/0002426901350144