290 likes | 517 Views
Network Coding and Information Security. Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai , Xidian University. Outline. Introduction to Network Coding The Max-flow Bound Secure Network Coding Concluding Remarks. Introduction to Network Coding.
E N D
Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University
Outline • Introduction to Network Coding • The Max-flow Bound • Secure Network Coding • Concluding Remarks
A Network Coding Example The Butterfly Network
b1 b2 b1 b2 b1 b2 b1 b2 b1 b2 b1 b2 b1 b1+b2 b2 b2 b1 b1+b2 b1+b2
A Network Coding Example with Two Sources
b1 b2 b1 b2 b1+b2 b2 b2 b2 b1 b1 b1 b1+b2 b1+b2 b2 b1
b1 b2 b1 t = 1 b2 t = 2 b1+b2 b1+b2 t = 3 Wireless/Satellite Application 50% saving for downlink bandwidth!
Two Themes of Network Coding • When there is 1 source to be multicast in a network, store-and-forward may fail to optimize bandwidth. • When there are 2 or more independent sources to be transmitted in a network (even for unicast), store-and-forward may fail to optimize bandwidth. In short, Information is NOT a commodity!
Model of a Point-to-Point Network • A network is represented by a directed graph G = (V,E) with node set V and edge (channel) set E. • A symbol from an alphabet F can be transmitted on each channel. • There can be multiple edges between a pair of nodes.
Single-Source Network Coding • The source node S generates an information vector x = (x1 x2 … xk) Fk. • What is the condition for a node T to be able to receive the information vector x? • Max-Flow Bound. If maxflow(T) < k, then T cannot possibly receive x.
The Basic Results • If network coding is allowed, a node T can receive the information vector x iff maxflow(T) ≥k i.e., the max-flow bound can be achieved simultaneously by all such nodes T. (ACLY00) • Moreover, this can be achieved by linear network coding for a sufficiently large base field. (LYC03, KM03)
Secure Network Coding Cai and Y, 2002 (discussed with Ueli Maurer, ISIT 2000)
Problem Formulation • The underlying model is the same as network multicast using network coding except that some sets of channels can be wiretapped. • Let A be a collection of subsets of the edge set E. • A subset in A is called a wiretap set. • Each wiretap set may be fully accessed by a wiretapper. • No wiretapper can access more than one wiretap set. • The network code needs to be designed in a way such that no matter which wiretap set the wiretapper has access to, the multicast message is information-theoretically secure.
Our Coding Scheme • The multicast message is (s,w), where • s is the secure message • w is the randomness • Both s and w are generated at the source node.
s-w s+w s+w s-w s-w w s+w • One of the 3 red channels can be wiretapped • s is the secure message • w is the randomness w w
Another Example of Secure Network Coding The (1,2)-threshold Secret Sharing Scheme
w s-w s+w • One of the 3 red channels can be wiretapped • s is the secure message • w is the randomness
Construction of Secure Network Codes • Let n = minT maxflow(T). • We have obtained a sufficient condition under which a secure linear network code can be constructed. • In particular, if Aconsists of all the r-subsets of E, where r < n, then we can construct a secure network code with multicast message (s,w) such that |s|=n-r and |w|=r. • For this case, the condition is also necessary. • Interpretation: For a sink node T, if r channels in the network are wiretapped, the number of “secure paths” from the source node to T is still at least n-r. So n-r symbols can go through securely.
Global Encoding Kernels of a Linear Network Code • Recall that x = (x1 x2 … xk) is the multicast message. • For each channel e, assign a column vector fe such that the symbol sent on channel e is x fe. The vector fe is called the global encoding kernel of channel e. • The global encoding kernel of a channel is analogous to a column in the generator matrix of a classical block code. • The global encoding kernel of an output channel at a node must be a linear combination of the global encoding kernels of the input channels.
An Example k = 2, let x = (b1, b2)
b1 b2 b1 b2 b1 b1+b2 b2 b1+b2 b1+b2
Idea of Code Construction • Start with a linear network code for multicasting n symbols. • For all wiretap set A A, let fA = { fe : e A }, the set of global encoding kernels of the channels in A. • Let dim(span(fA)) r for all A A. [sufficient condition] • When the base field F is sufficiently large, we can find b1, b2, …, bn-r Fn such that b1, b2, …, bn-r are linearly independent of fA for allA A.
Let the multicast message be (s,w), with |s| = n-r and |w| = r. • Take a suitable linear transformation of the given linear network code to obtain the desired secure network code.
Recent Work (Cai and Y, ISIT 2007) • We obtained a necessary and sufficient condition for the security of linear network codes. • This condition applies in the cases when • There are more than one information source nodes in the network. • The random keys are not uniformly distributed. • This condition also shows that the security of a linear network code does not depend on the source distribution.
Resources • Network Coding Homepage http://www.networkcoding.info • R. W. Yeung, S.-Y. R. Li, N. Cai and Z. Zhang, Network Coding Theory, now Publishers, 2005 (Foundation and Trends in Communications and Information Theory). • N. Cai and R. W. Yeung, “Secure network coding,” preprint.
Concluding Remarks • Secure network coding is a generalization of both (regular) network coding and secret sharing. • The subject is still in its infancy, and a lot of basic questions are yet to be answered.