1 / 50

Secure Communication for Distributed Systems

Secure Communication for Distributed Systems. Paul Cuff Electrical Engineering Princeton University. Overview. Application A framework for secrecy of distributed systems Theoretical result Information theory in a competitive context (zero-sum game) Two methods of coordination. Main Idea.

appollo-kristin
Download Presentation

Secure Communication for Distributed Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Communication for Distributed Systems Paul Cuff Electrical Engineering Princeton University

  2. Overview • Application • A framework for secrecy of distributed systems • Theoretical result • Information theory in a competitive context (zero-sum game) • Two methods of coordination

  3. Main Idea • Secrecy for distributed systems • Design encryption specifically for a system objective Distributed System Action Node B Message Information Node A Attack Adversary

  4. Communication in Distributed Systems “Smart Grid” Image from http://www.solarshop.com.au

  5. Example: Rate-Limited Control Communication Signal (sensor) Signal (control) 00101110010010111 Attack Signal Adversary

  6. Example: Feedback Stabilization Controller Dynamic System Adversary Sensor Decoder Encoder 10010011011010101101010100101101011 Feedback “Data Rate Theorem” [Wong-Brockett 99, Baillieul 99]

  7. Traditional View of Encryption Information inside

  8. Shannon Analysis • 1948 • Channel Capacity • Lossless Source Coding • Lossy Compression • 1949 - Perfect Secrecy • Adversary learns nothing about the information • Only possible if the key is larger than the information C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.

  9. Shannon Model • Schematic • Assumption • Enemy knows everything about the system except the key • Requirement • The decipherer accurately reconstructs the information Key Key Plaintext Ciphertext Plaintext Encipherer Decipherer Adversary C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949. For simple substitution:

  10. Shannon Analysis • Equivocation vs Redundancy • Equivocation is conditional entropy: • Redundancy is lack of entropy of the source: • Equivocation reduces with redundancy: C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.

  11. Computational Secrecy • Assume limited computation resources • Public Key Encryption • Trapdoor Functions • Difficulty not proven • Can become a “cat and mouse” game • Vulnerable to quantum computer attack W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. on Info. Theory, 22(6), pp. 644-654, 1976. X 2147483647 1125897758 834 689 524287

  12. Information Theoretic Secrecy • Achieve secrecy from randomness (key or channel), not from computational limit of adversary. • Physical layer secrecy • Wyner’s Wiretap Channel [Wyner 1975] • Partial Secrecy • Typically measured by “equivocation:” • Other approaches: • Error exponent for guessing eavesdropper [Merhav 2003] • Cost inflicted by adversary [this talk]

  13. Equivocation • Not an operationally defined quantity • Bounds: • List decoding • Additional information needed for decryption • Not concerned with structure

  14. Our Framework • Assume secrecy resources are available (secret key, private channel, etc.) • How do we encode information optimally? • Game Theoretic • Eavesdropper is the adversary • System performance (for example, stability) is the payoff • Bayesian games • Information structure

  15. Competitive Distributed System Decoder: Encoder: Key Information Action Message Node A Node B Attack Adversary System payoff: . Adversary:

  16. Zero-Sum Game • Value obtained by system: • Objective • Maximize payoff Key Information Message Action Node A Node B Attack Adversary

  17. Secrecy-Distortion Literature • [Yamamoto 97]: • Cause an eavesdropper to have high reconstruction distortion • Replace payoff (π) with distortion • No causal information to the eavesdropper • Warning: Problem statement can be too optimistic!

  18. How to Force High Distortion • Randomly assign bins • Size of each bin is • Adversary only knows bin • Reconstruction of only depends on the marginal posterior distribution of Example (Bern(1/3)):

  19. Information Theoretic Rate Regions Provable Secrecy Theoretical Results

  20. Two Categories of Results Lossless Transmission General Reward Function Common Information Secret Key • Simplex interpretation • Linear program • Hamming Distortion

  21. Competitive Distributed System Decoder: Encoder: Key Information Action Message Node A Node B Attack Adversary System payoff: . Adversary:

  22. Zero-Sum Game • Value obtained by system: • Objective • Maximize payoff Key Information Message Action Node A Node B Attack Adversary

  23. Lossless Case • Require Y=X • Assume a payoff function • Related to Yamamoto’s work [97] • Difference: Adversary is more capable with more information Theorem: [Cuff 10] Also required:

  24. Linear Program on the Simplex Constraint: Minimize: Maximize: U will only have mass at a small subset of points (extreme points)

  25. Linear Program on the Simplex

  26. Binary-Hamming Case • Binary Source: • Hamming Distortion • Optimal approach • Reveal excess 0’s or 1’s to condition the hidden bits Source Public message

  27. Binary Source (Example) • Information source is Bern(p) • Usually zero (p < 0.5) • Hamming payoff • Secret key rate R0 required to guarantee eavesdropper error p R0 Eavesdropper Error

  28. Any payoff function π(x,y,z) • Any source distribution (i.i.d.) Adversary: General Payoff Function No requirement for lossless transmission.

  29. Payoff-Rate Function • Maximum achievable average payoff • Markov relationship: Theorem:

  30. Unlimited Public Communication • Maximum achievable average payoff • Conditional common information: Theorem (R=∞):

  31. Two Coordination Results Related Communication Methods

  32. Coordination Capacity • References: • [C., Permuter, Cover – IT Trans. 09] • [C. - ISIT 08] • [Bennett, Shor, Smolin, Thapliyal – IT Trans. 02] • [C., Zhao – ITW 11] • Ability to coordinate sequences (“actions”) with communication limitations. • Empirical Coordination • Strong Coordination

  33. Empirical Coordination X1 X2 X3 X4 X5 X6 … Xn Y1 Y2 Y3 Y4 Y5 Y6 … Yn Z1 Z2 Z3 Z4 Z5 Z6 … Zn Empirical Distribution

  34. Empirical Distribution 1 0 1 1 0 0 0 1 0 1 1 0 1 0 1 1 1 1 0 1 0 0 1 0 000 001 010 011 100 101 110 111

  35. Average Distortion • Average values are a function of the empirical distribution • Example: Squared error distortion • Rate distortion theory fits in the empirical coordination context.

  36. No Rate – No Channel • No explicit communication channel • Signal “A” serves an analog and information role. • Analog: symbol-by-symbol relationship • (Digital): uses complex structure to carry information. Source Processor 1 Processor 2 Actuator 1 Actuator 2

  37. Define Empirical Coordination Source Processor 1 Processor 2 is achievable if:

  38. Coordination Region • The coordination region gives us all results concerning average distortion. Source Processor 1 Processor 2

  39. Result – No constraints Source Processor 1 Processor 2 Achievability: Make a codebook of (An , Bn ) pairs

  40. General Results • Variety of causality constraints (delay) Source Processor 1 Processor 2 Finite Look-ahead

  41. Alice and Bob Game • Alice and Bob want to cooperatively score points by both correctly guessing a sequence of random binary numbers (one point if they both guess correctly). • Alice gets entire sequence ahead of time • Bob only sees that past binary numbers and guesses of Alice. • What is the optimal score in the game?

  42. Alice and Bob Game (answer) • Online Matching Pennies • [Gossner, Hernandez, Neyman, 2003] • “Online Communication” • Solution

  43. General (causal) solution • Score in Alice and Bob Game is a first-order statistic • Achievable empirical distributions • (Processor 2 is strictly causal) • Surprise: Bob doesn’t need to see the past of the sequence.

  44. Strong Coordination X1 X2 X3 X4 X5 X6 … Xn Y1 Y2 Y3 Y4 Y5 Y6 … Yn Z1 Z2 Z3 Z4 Z5 Z6 … Zn Joint distribution of sequences is i.i.d. with respect to the desired joint distribution. (Allow epsilon total variation distance.)

  45. Point-to-point Coordination Synthetic Channel p(y|x) • Theorem [C. 08]: • Strong Coordination involves picking a V such that X-V-Y • Message: R > I(X;V) • Common Randomness: R0 + R > I(X,Y;V) • Uses randomized decoder (channel from V to Y) Common Randomness Message Output Source Node A Node B

  46. Zero-Sum Game • Value obtained by system: • Objective • Maximize payoff Key Information Message Action Node A Node B Attack Adversary

  47. Encoding Scheme • Coordination Strategies • Empirical coordination for U • Strong coordination for Y K

  48. Converse

  49. What the Adversary doesn’t know can hurt him. Knowledge of Adversary: [Yamamoto 97] [Yamamoto 88]:

  50. Proposed View of Encryption Information obscured Images from albo.co.uk

More Related