1 / 38

Information Theoretical Security and Secure Network Coding

Information Theoretical Security and Secure Network Coding. NCIS11 Ning Cai May 14, 2011 Xidian University. The Outline. Two Approaches to Security ; -computational security -information theoretical security

lazzaro-murphy
Download Presentation

Information Theoretical Security and Secure Network Coding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University

  2. The Outline • Two Approaches to Security ; -computational security -information theoretical security • Measurements of Information Theoretical Security; • Examples for Information Theoretical Security; • A Basic Idea in Secure Network Coding • More About Resource Based on Secure Network Coding

  3. Two Approaches to Security Computational Security (CS) vs Information Theoretical Security (ITS) • Assumptions (CS): wiretapper—limited computational ability (ITS): wiretapper—unlimited computational ability • Security (CS): relatively secure (ITS): absolutely secure • Resources (Random key, throughput etc) (CS): less (ITS): more

  4. Two Approaches to Security • Computational Security – very popular, especially in commercial systems; • Information Theoretical Security – not so popular but received more and more attention: Example :European Telecommunications Standards Institute (ETSI): new secure standard (for q systems) – Information theoretical security.

  5. Measurements of Information Theoretical Security • Shannon Entropy or Mutual Information -source message, -wiretapped message Perfect security: or i.e., and are independent. Imperfect security: or for • Other Information Quantities e.g., Renyi entropy, von Neumann Entropy or Holevo Quantity for Quantum, etc.

  6. Examples for ITS Random message and key are generated from the same set -output of the message -output of key Shannon cipher system

  7. Examples for ITS Secret Sharing (SS)(Blakley 1979, Shamir 1979) • A dealer observes a secret message and chooses random “sharings” and distributes them to participates. • A subset of participates try to recover the message by pooling their sharings. • They can recover it if the subset is legal (i.e. in “access structure”). • Otherwise they should have absolutely no information about it from their sharings.

  8. Examples for ITS Secret Sharing (continue) • threshold secret sharing scheme: participates, all sets with sizes are legal • Given the amounts of sharings distributed to the participates, we want to maximize the amount of message sharing by them. • The optimal threshold secret sharing scheme is known. (R-S code) • To find optimal secret sharing schemes for general (“non- threshold) access structures is a very hard open problem.

  9. Examples for ITS The wiretap channel II (Ozarow-Wyner 1984) • Message is encoded into a codeword of length • A legal user receives the whole codeword • A wtiretapper accesses any components of the codeword • The legal user can decode correctly • The illegal user has no information about the message (perfect security), more general the “equivocation” (conditional entropy) is lower bounded (imperfect security). • The optimal code is known (R-S code) • Denote the code by WCII.

  10. Examples for ITS Wiretap network (Single source acyclic) communication network • A (directed) Graph nodes-users, edges-channels (noiseless); • A single source node access to source with message set ; • Sinks , accessed by receivers; • Acyclic network i.e., has no directed cycle.

  11. Examples for ITS Wiretap network (continue) Coding for a network • Denote by incoming channels of outgoing channels of • Acyclic partial order on total order such that if • Assume all channles have the same alphabet define a code if (“local”) if • Introduce a set of functions for recursively. (“global”)

  12. Examples for ITS Wiretap network (continue) An NC is linear if all local encoding functions are linear. The global encoding functions of a linear NC are linear because a linear function of linear functions is linear. Theorem (Li-Yeung-C.,2003) For single source networks (multicasts), maxflow bound is achievable by linear codes if the coding field is sufficiently large.

  13. Examples for ITS Wiretap network (continue) Wiretap network (C. and Yeung 2002, 2011) • Communication network; • A collection of subsets of wiretap channels : i.e., is a collection of subsets of the channels such that all may be fully accessed by a wiretapper, but no wiretapper may access more than one wiretap subsets • For security randomness is necessary.

  14. Examples for ITS Wiretap network (continue) secure Code for WN Fix a network code. Let be the random message and be the outputs of the randomness. For denote by the output of channels in Then the code is secure if • for all , where is the message received by sink Decodable Condition; • Security Condition.

  15. Examples for ITS Wiretap network (continue) • We call the wiretap network WN and its secure code a secure network code if consists of subsets of channels i.e., for a WN, the wiretapper may access any channels. • Imperfect security :The secure condition can be release to

  16. Examples for ITS SS is equivalent to a special class of WN’s. Given an SS with access structure , we construct a 3 layer WN as follows: • Top layer: source node ( the dealer) • Middle layer: intermediate nodes (participates); a channel with capacity connects and the node if the node gets bits sharing. • Bottom layer: Receivers labeled by members in (legal subsets); The intermediate node connect to receiver if

  17. Examples for ITS SS is equivalent to a special class of WN’s (continue) • A wiretap set of channels corresponds an illegal subset and has members • A secure code for the WN exists iff an SS scheme exists. A threshold secret sharing scheme “is” a secure network code.

  18. s …. …. …. …. Am A2 A1 …… Examples for ITS Formulating secret sharing schemes to WN

  19. Examples for ITS Similarly, WCII is equivalent to a 3 layer WN with a sink and intermediate nodes.

  20. Examples for ITS Shannon Cipher System is a threshold SS and a WCII and therefore a secure network code.

  21. Examples for ITS Private Computations in Networks • A communication network • A subset of nodes users • Each user accesses a information source • The sources are mutual independent • The users cooperate to compute the value of a function by exchanging information over the network

  22. Examples for ITS Private Computations in Networks (continue) • The users do not trust each others and they want the others to know no additional information about their own source. That is, the remaining uncertainty of the sources for the user must be after the communication • Randomization is necessary • The goal is minimizing the randomness • The topology of the network play an important role.

  23. Examples for ITS Wiretap channel (Wyner 1975) • A sender send a secret message via a noisy channel • A legal receiver and a wiretapper access different outputs of the channel resp. • Want: the legal receiver may correctly decode with a high probability and the wiretapper has no (or limited) information about the message • The goal: maximizing the transmission rate.

  24. Examples for ITS Key agreement (KA), (distribution) • A set of (legal) users try to generate a (common) secret random key • A wiretapper try to have as much as possible information about the key • The legal users share certain resource (e.g., different components of correlated source, private channels, parts of an entanglement q-state...) • The wiretapper possibly may or may not have certain related resource (r.v. correlated to the source, outputs of the private channels, part of entanglement state…

  25. Examples for ITS Key agreement (continue) • By combining actions on their resources (e.g., observation of the outputs of the source, communicationvia the private channels, measure the q-state….), the legal users exchange messages via a public channel • The wiretapper may observe the output of the public channel by combining to use his resource • Requirement: at the end all legal users have the same key and the wiretapper has no (or limited) information about the key • Goal: maximizing the size of the key

  26. Examples for ITS An example of KA (Maurer 1993, Ahlswede-Csiszar 1993) • A correlated memoryless source • Legal users A, B and a wiretapper access resp. A and B exchange message publicly according to their received message and outputs of • At end of communication A and B share a random key • The wiretapper can obtain no (or limited) information about the key from the output of public channel and

  27. A Basic Idea in Secure Network Coding • Assume the input alphabet of a WN is the input of the WN is and the message obtained by the wiretapper from wiretap subset is • Then is a function of • To protect the secret message, the sender partitions according to the size of the message set and randomly chooses a element from the th subset and sends it via the network if he wants to send the th message, (the territory of the th message)

  28. A Basic Idea in Secure Network Coding • Denote by (i.e., ) the inverse image of mapping Then for a given is a partition of The wiretapper knows the input of WN must be in if he receives Thus his best strategy is “to guess” the message with the largest intersection of territory to • Consequently a code is perfectly secure iff all territories equally intersect to all

  29. A Basic Idea in Secure Network Coding

  30. A Basic Idea in Secure Network Coding • Assume the network code is linear, row vector • Then for input and a (known) matrix • is the solution set of linear function or a coset of the solution subspace of • Further suppose we use the cosets of a linear code with parity check matrix as territories of the messages. I.e., the territory of message is the solution of the function The intersection of the territory and the inverse image is the solution of the function

  31. A Basic Idea in Secure Network Coding • Notice for all row vector in a finite field with size the function either has no solution or solutions, where is numbers of rows of and • Thus our problem is reduced to find matrix such that all have solutions whenever has solutions.

  32. A Basic Idea in Secure Network Coding • This condition holds if • A such always can be found if the coding field is sufficiently large (C.-Yeung 2002, 2011) • A random generated matrix with a high probability has the property provided the field is sufficiently large (C.-Chan 2011) • Random network code is secure with a high probability if coding field is sufficiently large (C. 2009) • Similarly for imperfect security • So far all secure NC’s are constructed in this way.

  33. More About Resource • secure network codes constructed in the above way are optimal. For perfect security an optimal secure NC needs resource (Yeung C. 2008): -- units of randomness (“random key”) -- unites of throughput Too much but may not be improved

  34. More About Resource • Perfect security may not be necessary • In the general case there are more than one sources and more than one wiretappers. A particular wiretapper may be interested only in particular sources or some parts of the source. • In the both cases often less resource is needed and sometimes no additional resource is needed.

  35. More About Resource • Imperfect security, allow the wiretapper to get (at most) units of information, i.e., we need less resource (C.-Yeung 2011): --Randomness reduced unites --Gain unites of throughput

  36. More About Resource • Weak security: Release the security to not allowing the wiretapper to decode any part of source, no resource is needed (Bhattad and Narayanan 2005) • Strong security: in the case the wiretapper only interested parts of source (unknown for the communicator), less or even no resource is needed (Harada and Yamamoto 2008)

  37. More About Resource • Multiple-source and multiple-wiretapper: a particular wiretapper is interested in special subset of sources: sometimes no resource is needed (C.-Chan 2001) • The Reason: Other sources or other parts of the sources serve as randomness. • Thus we may believed information security possibly has good application in the future.

  38. Thank You!

More Related