1 / 43

論文進度報告

論文進度報告. Advisor: Professor Frank Y.S. Lin Presented by G.W. Chen 陳冠瑋. Title. 考慮 服務品質需求 下達到 資訊遺漏最小化 之近似最佳化 機密分享 與 防禦資源配置規劃 Near Optimal Secret Sharing and Defense Resource Allocation Plans for QoS Constrained Information Leakage Minimization. Agenda. Problem Description

zytka
Download Presentation

論文進度報告

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 論文進度報告 Advisor: Professor Frank Y.S. Lin Presented by G.W. Chen 陳冠瑋

  2. Title • 考慮服務品質需求下達到資訊遺漏最小化之近似最佳化機密分享與防禦資源配置規劃 • Near Optimal Secret Sharing and Defense Resource Allocation Plans for QoS Constrained Information Leakage Minimization

  3. Agenda • Problem Description • Heuristic algorithm for outer problem (Initial) • Lagrangean Relaxation problem • Heuristic algorithm for inner problem

  4. Problem Description • Network operator • Deploy the network topology • Select appropriate material in order to achieve the reliability of the network • Enforce QoS routing mechanism and the secret sharing strategy • Allocate the defense budget on nodes • Attacker • Apply attack power to compromise more valuable nodes • Recover information and maximize damage • Steal the threshold number of shares • Get the corresponding decrypt key

  5. Objective function

  6. Outer problem

  7. Reliability QoS requirement Defense

  8. Initial Outer problem • Step 1: Determine the number of nodes and secret • Step 2: Use the lowest material to construct the grid network • Step 3: Depend on the request of users to determine the candidate location which shares and keys can be placed • Step 4: Check QoS requirements • if ok, go to Step 5 • if not, execute replication mechanism • Step 5: Execute reliability verification • Step 6: Use the remaining resource to allocate defense capability • 1) Degree based 2) Uniform based 3) Share_count based

  9. Replication Mechanism • Step 1: For each user, check their receivable range, to check how many shares or key they need • Step 2: If there is the same candidate node, we assign the replicate key or share to this node, or we assign the replicate share or key in receivable range depending on their degree • Step 3: Repeat Step 1 and Step 2 until all constrain are satisfied

  10. User Secret 2 Secret 2 Secret 1 Secret 1 Secret 1 Secret 2 Secret 1 User Secret 2 User

  11. 2 Secret v 1 2 3 4 m Mesh network j 2

  12. Reliability Verification (Artificial flow)-1 • Step 1: Set important level: User to Secret • For each user, mark the farther node which is the most hop counts from secret to user • Step 2: Use the min cost flow algorithm to reach marked nodes (artificial capacity= 1) • Step 3: Execute step 2 until all artificial flows can be achieved then go to Step 5, if not, then go to Step 4

  13. Secret 2 Secret 2 Secret 1 Secret 1 Secret 1 Secret 2 Secret 1 User 2 Secret 2 User 1

  14. Reliability Verification (Artificial flow)-2 • Step 4: Find the nearest distance between node (N1) where artificial flow can arrive from the user and the other node (N2) where artificial flow can arrive • Check whether the nodes exist or not • If yes, to construct the link between Node1 and Node2 • If no, to construct the link between User and Marked node • Add them to total_construction_cost

  15. Secret 2 Secret 2 Secret 1 N2 Secret 1 N1 User 2 User 1

  16. Reliability Verification (Artificial flow)-3 • Step 5: Check the reliability of each artificial path, • If yes, go to Step 6 • If no, to enhance the level of the material to achieve reliability • The rule: choose the smaller latency link to enhance • Step 6: Stop

  17. Inner problem

  18. Share Key 1 1 1 2 key1 2,3 2 2 3 key3 3 1 key2 3 S

  19. 1 1 Sub-problem 1 每個Node都會有唯一的攻擊路徑 2 key1 2,3 2 3 key3 3 1 key2 S

  20. Sub-problem 2 全部資訊皆復原

  21. 1 Sub-problem 3 1 2 攻擊預算為 四單位的防禦資源 key1 2,3 2 3 key3 3 1 key2 S

  22. Heuristic Algorithm • Step 1: MakeXp’svalue as the candidate attack path • Step 2: Compromise all nodes on the candidate attack paths • Step 3: If total_attack_cost >attack_budget, then go to Step 4, otherwise go to Step 6 • Step 4: Calculate the weight of node dynamically and choose the largest weight to remove its attack_budget • Step 5: Execute step 4 repeatedly until total_attack_cost <= attack_budget

  23. Heuristic AlgorithmTotal_attack_cost > Budget

  24. Share Key 1 1 1 2 key1 2,3 2 2 3 key3 3 1 key2 3 S

  25. Node damage Check basket Leaf node Recovered Secret Unrecovered Secret Redundant Key Share No Yes 2 3 1 3

  26. Compromised node damage (1) • The recovered secret: • Shares or Key in Node i: • Redundant share or key:

  27. Compromised node damage (2) • The unrecovered Secret • Key • Share

  28. Compromised node weight • Calculate the weight of Node i • Node[i].weight

  29. Share Key 1 1 1 2 key1 2,3 2,3 2 2 3 key3 3 1 key2 3 S

  30. Share Key 1 1 1 2 key1 2,3 2,3 2 2 3 key3 3 1 1 key2 3 S

  31. Heuristic AlgorithmTotal_attack_cost < Budget

  32. Heuristic Algorithm • Step 6: Check the basket of the attacker and recalculate the weight of the node, then set compromised node’s weight to 0 • Step 7: Find shortest path using this weight by dijkstra’s algorithm and calculate each node’s path weight and sort them • Step 8: For all unrecovered secret, we sum up the weight of the path until it could be recovered, and set the smallest weight to be the target secret • Step 9: To find the smallest weight of the path in the target secret, if path_cost <= remaining_budget to compromise all nodes on path and set the weight of node to 0, otherwise to find next path • Step 10: Execute Step 6~ Step 8 repeatedly until all secret are already checked

  33. Uncompromised node damage Check basket Unrecovered Secret Check Node IS_key in_basket IS_enough_share in_basket Neither Key nor en_share Share Key Share Key diff_threshold diff_threshold 2 1 Yes No Yes No 4 5 1 3

  34. Uncompromised node damage (1) For the unrecovered secret: • If key in the basket • Some shares in Node i • Acquire few shares to recover • Enough shares in the basket

  35. Uncompromised node damage (2) • Neither key nor enough shares • If the key in Node i • If the share in Node i • Acquire few shares to meet threshold

  36. Compromised node weight • Calculate the weight of Node i • Node[i].weight • path[i].weight

  37. Share Key 1 1 1 2 key1 2,3 2 2 3 key3 3 1 key2 3 S

  38. Share Key 1 1 1 2 key1 2,3 2 2 3 key3 3 1 key2 3 S

  39. Share Key 1 1 1 2 key1 2,3 2 2 3 key3 3 1 key2 3 S

  40. Thanks !!

More Related