A Statistical Test for Information Leaks Using Continuous Mutual Information

We present a statistical test for detecting information leaks in systems with continuous outputs. We use continuous mutual information to detect the information leakage from trial runs of a probabilistic system. It has been shown that there is no universal rate of convergence for sampled mutual information, however when the leakage is zero, and under some reasonable conditions, we establish a rate for the sampled estimate, and show that it can converge to zero very quickly. We use this result to develop a statistical test for information leakage, and we use our new test to analyse a number of possible fixes for a time-based information leak in e-passports. We compare our new test with existing statistical methods, and we find that our test outperforms these other tests in almost all cases, and in one case in particular, ours is the only statistical test that can detect an information leak.