1 / 17

Joint Compression and Protection

47th Annual Allerton Conference on Communication, Control, and Computing University of Illinois at Urbana-Champaign. Joint Compression and Protection. J.Almeida, J.Barros Instituto de Telecomunicações Universidade do Porto. Conventional Encryption.

lisbet
Download Presentation

Joint Compression and Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 47th Annual Allerton Conference on Communication, Control, and Computing University of Illinois at Urbana-Champaign Joint Compression and Protection J.Almeida, J.Barros Instituto de Telecomunicações Universidade do Porto

  2. Conventional Encryption • Insensitive to the characteristics of the communication system • Compression, channel reliability, etc. • Encryption of all data • Limitations • Delay constraints, energy and power constraints, etc.

  3. Reducing Encryption Complexity • Is it really necessary to cipher the complete set of data? • Ex: SPOC [Vilela et al. ‘08]. • Partial encryption algorithms • Data dependable • Trade-off between the amount of encrypted data and security. • Can source coding help? • Intrinsic security • Variable length codes are hard to cryptanalyze! • Preffix codes – Fraenkel and Klein ‘94 • Huffman codes – Gillman, Mohtashemi and Rivest ’96 • Ambiguity • C0 = {a:0, b:10, c:11}, C1 = {a:1, b:01, c:00} • C-1(0001011) = AAABC or CBBA?

  4. Combining Compression and Protection Features Eavesdropper z u z Message Source Encoder Decoder u k Key Source • Encoder • Compression + encryption • Analysis-by-synthesistype of encoding • Exploit code properties to reduce size of data to encrypt. • Decoder • Decompression + decryption.

  5. Combining Compression and Protection Features Eavesdropper u z u Encoder Message Source Decoder k Key Source y = xÅ t x Compression Encryption Multiplexer u z x k’ One-time pad Analysis Entropy coder t t’ k • Joint design of analysis and entropy coder blocks. • Minimize the size of t’ to reduce the computational complexity of encryption.

  6. Combining Compression and Protection Features Eavesdropper u z u Message Source Encoder Decoder k Key Source k y y Demultiplexer One-time pad Entropy coder z k’ t’ y t x = y Å t Decryption Decompression u

  7. The case of Huffman codes • Exploit this property for encryption • Generated keystreams will have long runs of zeros. • Runlength entropy coder reduces the amount of information we need to encrypt. • Catastrophic error propagation • C = {A: 100, B: 0, C: 111, D: 101, E: 110} • Source message: BBCBECDBBB • Encoded bitstream: 001110110111101000 • Decoded symbols: DBDDCBAB • Fliped two bits and changed several source symbols.

  8. Huffman Tree and Trellis • C = { A:00, B:01, C:10, D:110, E:111 }.

  9. Trellis based keystreams • Cryptogram cannot contain the trellis root states of the original codewords • Define path cost function that reflects the cost of the entropy coder • Compute the minimum path cost using greedy approach

  10. Huffman Tree and Error Automaton • C = { A:00, B:01, C:10, D:110, E:111 }.

  11. Error Automaton based keystreams • Transition function between automaton states • If a codeword leads to a synchronization state modify codeword • Choice can be subject to optimization regarding the efficiency of the entropy coder • Keystream is the concatenation of the sequence of modifications • Error states: {0, 1, 00, 01, 10, 11, 000} • Source message: CRYPTOGRAPHY • Cryptogram: YYOHRGOCOGA

  12. Information Leakage • Assume adversary that • (a) knows the compression algorithm in use • (b) knows the encryption algorithm in use • ... assume also that the one-time pad is correctly used • Eavesdropper tries to infer x (eq. t) based on y and the algorithm • No key recovery attacks! • When do things go wrong? • When there is not enough diversity in codeword sizes

  13. Information Leakage - Trellis • Eavesdropper knows that his trellis path root states are forged • Prunes the trellis • Random choices • Increases the size of data to encrypt

  14. Information Leakage - Automaton • Adversary knows that the 1st codeword has size different from his observation • Loss of synchronization was induced • Ignore the size of the 1st codeword and start to decode afterwards • Use keystream to control how modifications are induce • Increases the size of data to encrypt

  15. Results

  16. Results

  17. http://nip.dcc.fc.up.pt Conclusions • Joint compression and data protection • Abstraction from compression algorithm • Analysis-by-synthesis encoding • Reduction of size of encrypted information • Link between entropy coder and analysis block • Trade-off between security, computational and data overheads • Huffman codes • Catastrophic error propagation + RL entropy coder • Encryption algorithms based on loss of synchronization principles • Further developments • Cryptanalysis of the proposed algorithms • Study trade-offs for other entropy coders • Develop analysis algorithms for other source coders

More Related