Download presentation
Presentation is loading. Please wait.
1
Information-Theoretic Security
EE 25N, Science of Information 11/08/2018 Ziv Goldfeld
2
Past Lectures - Communication Despite Noise
Alice the sender and Bob the receiver Communicate a message as a strings of 0’s and 1’s (bits) Use longer bit strings (codewords) to protect message carrying bits Agree on a strategy beforehand: 1) Set of codewords used 2) Encoding for Alice 3) Decoding for Bob ⇒ Error correcting codes for reliability 010001 011000
3
Communication under Eavesdropping
0100 1011… Alice and bob wish to communicate Channel is noiseless But Eve taps their line They don’t want Eve to decipher their chat Assumptions on Eve: She sees their transmitted bit string She knows their communication strategy (aka code) She has an extremely powerful computer Q: Can Alice send Bob a secret message without Eve finding out? A: Not without an additional recourse!
4
Resource 1: Pre-Eve Secret
5
? Simple Case Study E B A 𝐾 Alice sends Bob a bit 𝑀∈ 0,1
Hey, do you remember if it was raining on the first day of our last vacation? Sure I remember E 𝑀 B A 𝐾 𝐶 Alice sends Bob a bit 𝑀∈ 0,1 Bit probability: 𝑃 𝑀 0 = 𝑃 𝑀 1 = 1 2 They share a secret Eve has no access to ⇒ Resource: 1 secret bit 𝐾∈ 0,1 Formally: Alice: 𝑀,𝐾 →𝐶 Bob: (𝐶,𝐾)→ 𝑀 Eve: Intercepts 𝐶 and tries to figure out 𝑀 Good! 0100 1011… ?
6
Simple Case Study – Modeling Eve
𝑀 B A 𝐾 𝐶 Q1: How to model Eve’s perception of 𝐾? Knows 𝐾 is being used Doesn’t know its value ⇒ Eve has a guessing probability over 𝐾’s values 0,1 : Doesn’t have a clue: 𝑃 𝐾 0 = 𝑃 𝐾 1 = 1 2 Knows something: 𝑃 𝐾 0 =𝑝 , 𝑃 𝐾 1 =1−𝑝 , 𝑝≠ 1 2 Q2: Which kind of secret should Alice and Bob favor?
7
Simple Case Study – Modeling Security
𝑀 B A 𝐾 𝐶 Q3: What does it mean to secure 𝑀? Pre-transmission: 𝑃 𝑀 0 = 𝑃 𝑀 1 = 1 2 Eve tries to recover 𝑀 from 𝐶 ⇒ 𝑀 is secure if after seeing 𝐶 Eve’s odds don’t improve Goal: Design functions for Alice and Bob such that: Bob can decode 𝑀 from 𝐶,𝐾 Eve’s best guess of 𝑀 after seeing 𝐶 is still 50/50
8
Simple Case Study – Binary Operations
𝑀 B A 𝐾 𝐶 Assume 𝑀 and 𝐾 are both symmetric (50/50) Alice gets 𝐶 via binary operation on 𝑀,𝐾 Possible binary operations: Q4: Which binary operation is better for secrecy? OR AND XOR 𝑀 𝐾 𝑀+𝐾 1 𝑀 𝐾 𝑀∙𝐾 1 𝑀 𝐾 𝑀⊕𝐾 1
9
Simple Case Study – Reliability & Optimality
𝑀 B A 𝐾 𝐶 ⇒ Best function for symmetric 𝑀,𝐾 is XOR: Eve’s best guess after seeing 𝐶 is 50/50 Same odds like before seeing 𝐶 ⇒ Information-theoretic security Q4: Can Bob decode an XOR–based transmission? Q5: Can OR or AND operations be used for communication only? Symmetry is Crucial: Asymmetric keys can’t achieve security with XOR
10
Simple Case Study – General Claim
𝑀 B A 𝐾 𝐶 One-Time Pad: 𝑚 messages bits and 𝑘 key bits All bits are equiprobable 𝑘 ∗ = least 𝑘 s.t. secure communication is possible Shannon (1949): Achieving reliability & information-theoretic security over the OTP is: possible using exactly 𝑚 key bits ⇒ 𝑘 ∗ ≤𝑚 impossible using less than 𝑚 key bits ⇒ 𝑘 ∗ ≥𝑚 𝑘 ∗ =𝑚
11
Resource 2: Noise
12
Error Correcting Codes
Repetition Code: Length 3 for two messages: 0→000 and 1→111 ‘1-flip’ ball around 111 111 011 101 000 001 100 110 010 110 111 111 100 101 ‘1-flip’ ball around 000 011 010 000 000 001
13
Noisy Channel In most real-world systems we don’t exactly know the number of bit flips Common mode of operation is to model noise probabilistically Contains all sequences with ≈20% flips of the center Contains all sequences with ≈10% flips of the center 1 0.1 0.9 Alice Bob
14
Noisy Channel In most real-world systems we don’t exactly know the number of bit flips Common mode of operation is to model noise probabilistically 1 0.1 0.9 Alice Bob
15
Wiretap Channel Noisy communication channel with an eavesdropper
⇒ We can exploit Eve’s extra noise for securing the transmitted message! 1 0.1 0.9 Alice Bob 1 0.2 0.8 Eve ‘weak’ noise accumulated ‘strong’ noise
16
Wiretap Codes Eve experiences strong noise ⇒ Large noise balls
Bob experiences weak noise ⇒ Alice can use many codewords Wiretap Coding: Hide messages inside Eve’s noise balls Each message has several codewords one in each noise ball of Eve message color 1 2 3 4 5 6 7 8
17
Wiretap Codes Encoding: Alice want to transmit message #5
Chooses one codeword at random Decoding: Bob can decode due to fine resolution Security: Eve observes an output somewhere in her large noise ball But all message are there & equally likely! ⇒ Eve’s best guess is equiprobable ⇒ Security is achieved!
18
Information-Theoretic Security Research
Many interesting research questions: Key agreement over noisy channels Active Adversaries Eve not only overhear the transmission but can influence the channel Has a set of possible actions Alice and Bob know They don’t know which action is chosen ⇒ Ensure security versus all actions! Covert Communication: Communicate without Eve noticing Many many many many more…
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.