Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University.

Slides:

Advertisements

Similar presentations

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.

Advertisements

Applied Algorithmics - week7

1 Index Coding Part II of tutorial NetCod 2013 Michael Langberg Open University of Israel Caltech (sabbatical)

I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.

Information and Coding Theory

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Causal Secrecy: An Informed Eavesdropper.

B IPARTITE I NDEX C ODING Arash Saber Tehrani Alexandros G. Dimakis Michael J. Neely Department of Electrical Engineering University of Southern California.

Capacity of Wireless Channels

Enhancing Secrecy With Channel Knowledge

Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.

1 Network Coding: Theory and Practice Apirath Limmanee Jacobs University.

1 Cooperative Communications in Networks: Random coding for wireless multicast Brooke Shrader and Anthony Ephremides University of Maryland October, 2008.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Mobile Ad Hoc Networks Network Coding and Xors in the Air 7th Week.

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY A Framework for Partial Secrecy.

Fundamental limits in Information Theory Chapter 10 :

3 -1 Chapter 3 The Greedy Method 3 -2 The greedy method Suppose that a problem can be solved by a sequence of decisions. The greedy method has that each.

Network Coding Theory: Consolidation and Extensions Raymond Yeung Joint work with Bob Li, Ning Cai and Zhen Zhan.

Network Coding Project presentation Communication Theory 16:332:545 Amith Vikram Atin Kumar Jasvinder Singh Vinoo Ganesan.

Page 1 Page 1 Network Coding Theory: Tutorial Presented by Avishek Nag Networks Research Lab UC Davis.

Code and Decoder Design of LDPC Codes for Gbps Systems Jeremy Thorpe Presented to: Microsoft Research

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

Variable-Length Codes: Huffman Codes

Copyright © Cengage Learning. All rights reserved.

Mario Vodisek 1 HEINZ NIXDORF INSTITUTE University of Paderborn Algorithms and Complexity Erasure Codes for Reading and Writing Mario Vodisek ( joint work.

Low Complexity Algebraic Multicast Network Codes Sidharth “Sid” Jaggi Philip Chou Kamal Jain.

Linear Codes for Distributed Source Coding: Reconstruction of a Function of the Sources -D. Krithivasan and S. Sandeep Pradhan -University of Michigan,

The Role of Specialization in LDPC Codes Jeremy Thorpe Pizza Meeting Talk 2/12/03.

EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

Noise, Information Theory, and Entropy

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.

Hamming Codes 11/17/04. History In the late 1940’s Richard Hamming recognized that the further evolution of computers required greater reliability, in.

Information and Coding Theory

INFORMATION THEORY BYK.SWARAJA ASSOCIATE PROFESSOR MREC.

© The McGraw-Hill Companies, Inc., Chapter 3 The Greedy Method.

Block ciphers 2 Session 4. Contents Linear cryptanalysis Differential cryptanalysis 2/48.

Computing and Communicating Functions over Sensor Networks A.Giridhar and P. R. Kumar Presented by Srikanth Hariharan.

Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University.

When rate of interferer’s codebook small Does not place burden for destination to decode interference When rate of interferer’s codebook large Treating.

Information and Coding Theory Linear Block Codes. Basic definitions and some examples. Juris Viksna, 2015.

Information Coding in noisy channel error protection:-- improve tolerance of errors error detection: --- indicate occurrence of errors. Source.

NETWORK CODING. Routing is concerned with establishing end to end paths between sources and sinks of information. In existing networks each node in a.

Channel Capacity.

User Cooperation via Rateless Coding Mahyar Shirvanimoghaddam, Yonghui Li, and Branka Vucetic The University of Sydney, Australia IEEE GLOBECOM 2012 &

Threshold Phenomena and Fountain Codes Amin Shokrollahi EPFL Joint work with M. Luby, R. Karp, O. Etesami.

Rei Safavi-Naini University of Calgary Joint work with: Hadi Ahmadi iCORE Information Security.

1 Network Coding and its Applications in Communication Networks Alex Sprintson Computer Engineering Group Department of Electrical and Computer Engineering.

1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.

COMMUNICATION NETWORK. NOISE CHARACTERISTICS OF A CHANNEL 1.

CprE 545 project proposal Long.  Introduction  Random linear code  LT-code  Application  Future work.

On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase Ronald Cramer, Ivan Damgard, Serge Fehr.

Communication System A communication system can be represented as in Figure. A message W, drawn from the index set {1, 2,..., M}, results in the signal.

DIGITAL COMMUNICATIONS Linear Block Codes

CHAPTER 5 SIGNAL SPACE ANALYSIS

Word : Let F be a field then the expression of the form a 1, a 2, …, a n where a i  F  i is called a word of length n over the field F. We denote the.

Basic Concepts of Information Theory Entropy for Two-dimensional Discrete Finite Probability Schemes. Conditional Entropy. Communication Network. Noise.

1 The Encoding Complexity of Network Coding Michael Langberg California Institute of Technology Joint work with Jehoshua Bruck and Alex Sprintson.

The parity bits of linear block codes are linear combination of the message. Therefore, we can represent the encoder by a linear system described by matrices.

Network RS Codes for Efﬁcient Network Adversary Localization Sidharth Jaggi Minghua Chen Hongyi Yao.

1 On the Channel Capacity of Wireless Fading Channels C. D. Charalambous and S. Z. Denic School of Information Technology and Engineering, University of.

Raptor Codes Amin Shokrollahi EPFL. BEC(p 1 ) BEC(p 2 ) BEC(p 3 ) BEC(p 4 ) BEC(p 5 ) BEC(p 6 ) Communication on Multiple Unknown Channels.

Quantum Cryptography Antonio Acín

Channel Coding Theorem (The most famous in IT) Channel Capacity; Problem: finding the maximum number of distinguishable signals for n uses of a communication.

Secure Error-Correcting (SEC) Network Codes Raymond W. Yeung Institute of Network Coding & Department of Information Engineering The Chinese University.

Network Topology Single-level Diversity Coding System (DCS) An information source is encoded by a number of encoders. There are a number of decoders, each.

Channel Coding: Part I Presentation II Irvanda Kurniadi V. ( ) Digital Communication 1.

Secret Sharing Schemes: A Short Survey Secret Sharing 2.

Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes

Information Theoretical Security

Information-Theoretic Security

Information Theoretical Analysis of Digital Watermarking

Presentation transcript:

Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University

The Outline Two Approaches to Security ; -computational security -information theoretical security Measurements of Information Theoretical Security ； Examples for Information Theoretical Security; A Basic Idea in Secure Network Coding More About Resource Based on Secure Network Coding

Two Approaches to Security Computational Security (CS) vs Information Theoretical Security (ITS) Assumptions (CS): wiretapper—limited computational ability (ITS): wiretapper—unlimited computational ability Security (CS): relatively secure (ITS): absolutely secure Resources (Random key, throughput etc) (CS): less (ITS): more

Two Approaches to Security Computational Security – very popular, especially in commercial systems; Information Theoretical Security – not so popular but received more and more attention: Example :European Telecommunications Standards Institute (ETSI): new secure standard (for q systems) – Information theoretical security.

Measurements of Information Theoretical Security Shannon Entropy or Mutual Information -source message, -wiretapped message Perfect security: or i.e., and are independent. Imperfect security: or for Other Information Quantities e.g., Renyi entropy, von Neumann Entropy or Holevo Quantity for Quantum, etc.

Examples for ITS Random message and key are generated from the same set -output of the message -output of key Shannon cipher system

Examples for ITS Secret Sharing (SS)(Blakley 1979, Shamir 1979) A dealer observes a secret message and chooses random “sharings” and distributes them to participates. A subset of participates try to recover the message by pooling their sharings. They can recover it if the subset is legal (i.e. in “access structure”). Otherwise they should have absolutely no information about it from their sharings.

Examples for ITS Secret Sharing (continue) threshold secret sharing scheme: participates, all sets with sizes are legal Given the amounts of sharings distributed to the participates, we want to maximize the amount of message sharing by them. The optimal threshold secret sharing scheme is known. (R-S code) To find optimal secret sharing schemes for general (“non- threshold) access structures is a very hard open problem.

Examples for ITS The wiretap channel II (Ozarow-Wyner 1984) Message is encoded into a codeword of length A legal user receives the whole codeword A wtiretapper accesses any components of the codeword The legal user can decode correctly The illegal user has no information about the message (perfect security), more general the “equivocation” (conditional entropy) is lower bounded (imperfect security). The optimal code is known (R-S code) Denote the code by WCII.

Examples for ITS Wiretap network (Single source acyclic) communication network A (directed) Graph nodes-users, edges- channels (noiseless); A single source node access to source with message set ; Sinks, accessed by receivers; Acyclic network i.e., has no directed cycle.

Examples for ITS Wiretap network (continue) Coding for a network Denote by incoming channels of outgoing channels of Acyclic partial order on total order such that if Assume all channles have the same alphabet define a code if (“local”) if Introduce a set of functions for recursively. (“global”)

Examples for ITS Wiretap network (continue) An NC is linear if all local encoding functions are linear. The global encoding functions of a linear NC are linear because a linear function of linear functions is linear. Theorem (Li-Yeung-C.,2003) For single source networks (multicasts), maxflow bound is achievable by linear codes if the coding field is sufficiently large.

Examples for ITS Wiretap network (continue) Wiretap network (C. and Yeung 2002, 2011) Communication network; A collection of subsets of wiretap channels : i.e., is a collection of subsets of the channels such that all may be fully accessed by a wiretapper, but no wiretapper may access more than one wiretap subsets For security randomness is necessary.

Examples for ITS Wiretap network (continue) secure Code for WN Fix a network code. Let be the random message and be the outputs of the randomness. For denote by the output of channels in Then the code is secure if for all, where is the message received by sink Decodable Condition; Security Condition.

Examples for ITS Wiretap network (continue) We call the wiretap network WN and its secure code a secure network code if consists of subsets of channels i.e., for a WN, the wiretapper may access any channels. Imperfect security :The secure condition can be release to

Examples for ITS SS is equivalent to a special class of WN’s. Given an SS with access structure, we construct a 3 layer WN as follows: Top layer: source node ( the dealer) Middle layer: intermediate nodes (participates); a channel with capacity connects and the node if the node gets bits sharing. Bottom layer: Receivers labeled by members in (legal subsets); The intermediate node connect to receiver if

Examples for ITS SS is equivalent to a special class of WN’s (continue) A wiretap set of channels corresponds an illegal subset and has members A secure code for the WN exists iff an SS scheme exists. A threshold secret sharing scheme “is” a secure network code.

Examples for ITS Formulating secret sharing schemes to WN …. s A1A1 A2A2 AmAm ……

Examples for ITS Similarly, WCII is equivalent to a 3 layer WN with a sink and intermediate nodes.

Examples for ITS Shannon Cipher System is a threshold SS and a WCII and therefore a secure network code.

Examples for ITS Private Computations in Networks A communication network A subset of nodes users Each user accesses a information source The sources are mutual independent The users cooperate to compute the value of a function by exchanging information over the network

Examples for ITS Private Computations in Networks (continue) The users do not trust each others and they want the others to know no additional information about their own source. That is, the remaining uncertainty of the sources for the user must be after the communication Randomization is necessary The goal is minimizing the randomness The topology of the network play an important role.

Examples for ITS Wiretap channel (Wyner 1975) A sender send a secret message via a noisy channel A legal receiver and a wiretapper access different outputs of the channel resp. Want: the legal receiver may correctly decode with a high probability and the wiretapper has no (or limited) information about the message The goal: maximizing the transmission rate.

Examples for ITS Key agreement (KA), (distribution) A set of (legal) users try to generate a (common) secret random key A wiretapper try to have as much as possible information about the key The legal users share certain resource (e.g., different components of correlated source, private channels, parts of an entanglement q-state...) The wiretapper possibly may or may not have certain related resource (r.v. correlated to the source, outputs of the private channels, part of entanglement state…

Examples for ITS Key agreement (continue) By combining actions on their resources (e.g., observation of the outputs of the source, communication via the private channels, measure the q-state….), the legal users exchange messages via a public channel The wiretapper may observe the output of the public channel by combining to use his resource Requirement: at the end all legal users have the same key and the wiretapper has no (or limited) information about the key Goal: maximizing the size of the key

Examples for ITS An example of KA (Maurer 1993, Ahlswede- Csiszar 1993) A correlated memoryless source Legal users A, B and a wiretapper access resp. A and B exchange message publicly according to their received message and outputs of At end of communication A and B share a random key The wiretapper can obtain no (or limited) information about the key from the output of public channel and

A Basic Idea in Secure Network Coding Assume the input alphabet of a WN is the input of the WN is and the message obtained by the wiretapper from wiretap subset is Then is a function of To protect the secret message, the sender partitions according to the size of the message set and randomly chooses a element from the th subset and sends it via the network if he wants to send the th message, (the territory of the th message)

A Basic Idea in Secure Network Coding Denote by (i.e., ) the inverse image of mapping Then for a given is a partition of The wiretapper knows the input of WN must be in if he receives Thus his best strategy is “to guess” the message with the largest intersection of territory to Consequently a code is perfectly secure iff all territories equally intersect to all

A Basic Idea in Secure Network Coding

Assume the network code is linear, row vector Then for input and a (known) matrix is the solution set of linear function or a coset of the solution subspace of Further suppose we use the cosets of a linear code with parity check matrix as territories of the messages. I.e., the territory of message is the solution of the function The intersection of the territory and the inverse image is the solution of the function

A Basic Idea in Secure Network Coding Notice for all row vector in a finite field with size the function either has no solution or solutions, where is numbers of rows of and Thus our problem is reduced to find matrix such that all have solutions whenever has solutions.

A Basic Idea in Secure Network Coding This condition holds if A such always can be found if the coding field is sufficiently large (C.-Yeung 2002, 2011) A random generated matrix with a high probability has the property provided the field is sufficiently large (C.-Chan 2011) Random network code is secure with a high probability if coding field is sufficiently large (C. 2009) Similarly for imperfect security So far all secure NC’s are constructed in this way.

More About Resource secure network codes constructed in the above way are optimal. For perfect security an optimal secure NC needs resource (Yeung C. 2008): -- units of randomness (“random key”) -- unites of throughput Too much but may not be improved

More About Resource Perfect security may not be necessary In the general case there are more than one sources and more than one wiretappers. A particular wiretapper may be interested only in particular sources or some parts of the source. In the both cases often less resource is needed and sometimes no additional resource is needed.

More About Resource Imperfect security, allow the wiretapper to get (at most) units of information, i.e., we need less resource (C.- Yeung 2011): --Randomness reduced unites --Gain unites of throughput

More About Resource Weak security: Release the security to not allowing the wiretapper to decode any part of source, no resource is needed (Bhattad and Narayanan 2005) Strong security: in the case the wiretapper only interested parts of source (unknown for the communicator), less or even no resource is needed (Harada and Yamamoto 2008)

More About Resource Multiple-source and multiple-wiretapper: a particular wiretapper is interested in special subset of sources: sometimes no resource is needed (C.-Chan 2001) The Reason: Other sources or other parts of the sources serve as randomness. Thus we may believed information security possibly has good application in the future.

Thank You!