Presentation is loading. Please wait.

Presentation is loading. Please wait.

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY A Framework for Partial Secrecy.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY A Framework for Partial Secrecy."— Presentation transcript:

1 PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY A Framework for Partial Secrecy

2 Main Idea Secrecy for distributed systems  Adversary observes the system  Design encryption specifically for a system objective Node A Node B Message Information Action Adversary Distributed System Attack

3 Communication in Distributed Systems “Smart Grid” Image from http://www.solarshop.com.auhttp://www.solarshop.com.au

4 Cipher Plaintext: Source of information:  Example: English text: Communication Theory Ciphertext: Encrypted sequence:  Example: Non-sense text: cu@jp4icc EnciphererDecipherer Ciphertext Key Plaintext

5 Example: Substitution Cipher AlphabetA B C D E … Mixed AlphabetF Q S A R … Simple Substitution  Example:  Plaintext: …RANDOMLY GENERATED CODEB…  Ciphertext:…DFLAUIPV WRLRDFNRA SXARQ… Caesar Cipher AlphabetA B C D E … Mixed AlphabetD E F G H …

6 Shannon Model Schematic Assumption  Enemy knows everything about the system except the key Requirement  The decipherer accurately reconstructs the information EnciphererDecipherer Ciphertext Key Plaintext Adversary C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949. For simple substitution:

7 Shannon Analysis Perfect Secrecy  Adversary learns nothing about the information  Only possible if the key is larger than the information C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.

8 Shannon Analysis Equivocation vs Redundancy  Equivocation is conditional entropy:  Redundancy is lack of entropy of the source:  Equivocation reduces with redundancy: C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.

9 Computational Secrecy Assume limited computation resources Public Key Encryption  Trapdoor Functions Difficulty not proven  Often “cat and mouse” game Vulnerable to quantum computer attack W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. on Info. Theory, 22(6), pp. 644-654, 1976. 1125897758 834 689 524287 2147483647 X

10 Information Theoretic Secrecy Achieve secrecy from randomness (key or channel), not from computational limit of adversary.  Physical layer secrecy  Wyner’s Wiretap Channel [Wyner 1975]  Partial Secrecy  Typically measured by “equivocation:”  Other approaches: Error exponent for guessing eavesdropper [Merhav 2003] Cost inflicted by adversary [this talk]

11 Equivocation Not an operationally defined quantity Bounds:  List decoding  Additional information needed for decryption Not concerned with structure

12 Competitive Secrecy Node ANode B Message Key InformationAction Adversary Attack Encoder: System payoff:. Decoder: Adversary:

13 Operational Metric for Secrecy Value obtained by system: Objective  Maximize payoff Node ANode B Message Key Information Reconstruction Adversary Attack

14 Secrecy-Distortion Literature [Yamamoto 97]:  Cause an eavesdropper to have high reconstruction distortion  Replace payoff (π) with distortion [Yamamoto 88]:  No secret key  Lossy compression

15 Secrecy-Distortion Literature [Theorem 3, Yamamoto 97]: Theorem: ChooseYields

16 How to Force High Distortion Randomly assign bins Size of each bin is Adversary only knows bin Reconstruction of only depends on the marginal posterior distribution of Example:

17 INFORMATION THEORETIC RATE REGIONS PROVABLE SECRECY AGAINST INFORMED ADVERSARY Theoretical Results

18 Theorem: [Cuff 10] Maximum Guaranteed Payoff Theoretic guarantees of system performance  Related to Yamamoto’s work [97]  Difference: Adversary is more capable with more information Also required:

19 Linear Program on the Simplex Constraint: Minimize: Maximize: U will only have mass at a small subset of points (extreme points)

20 Binary-Hamming Case Binary Source: Hamming Distortion Naïve approach  Random hashing or time-sharing Optimal approach  Reveal excess 0’s or 1’s to condition the hidden bits 0100100001 **00**0*0* Source Public message (black line) (orange line)

21 Hamming Distortion – Low Key Rate Arbitrary i.i.d. source (on finite alphabet) Hamming Distortion Small Key Rate Confuse with sets of size two  Either reveal X or reveal that X is in {0,1} during each instance  ∏ = R 0 / 2

22 Summary Framework for Encryption  Average cost inflicted by adversary  Dynamic settings where information is available causally  No use of “equivocation”  Optimal communication separates information into two streams: public and secure

23 Traditional View of Encryption Information inside

24 Proposed View of Encryption Information obscured Images from albo.co.uk

Download ppt "PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY A Framework for Partial Secrecy."

Similar presentations

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Causal Secrecy: An Informed Eavesdropper.

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Causal Secrecy: An Informed Eavesdropper.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Paul Cuff THE SOURCE CODING SIDE OF SECRECY TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA.

Paul Cuff THE SOURCE CODING SIDE OF SECRECY TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA.
PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Information Theory for Secrecy and Control.

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Information Theory for Secrecy and Control.
Enhancing Secrecy With Channel Knowledge

Enhancing Secrecy With Channel Knowledge
Equivocation A Special Case of Distortion-based Characterization.

Equivocation A Special Case of Distortion-based Characterization.
Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.

Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.
251959084756578934940271832400483985714 292821262040320277771378360436620207075 955562640185258807844069182906412495150 821892985591491761845028084891200728449.

Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University.

Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Ref. Cryptography: theory and practice Douglas R. Stinson

Ref. Cryptography: theory and practice Douglas R. Stinson
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Shannon ’ s theory part II Ref. Cryptography: theory and practice Douglas R. Stinson.

Shannon ’ s theory part II Ref. Cryptography: theory and practice Douglas R. Stinson.
CS470, A.SelcukIntroduction1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIntroduction1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
Xiaohua (Edward) Li1 and E. Paul Ratazzi2

Xiaohua (Edward) Li1 and E. Paul Ratazzi2

Similar presentations

Ads by Google