1. 論文進度報告 Advisor: Professor Frank Y.S. Lin Presented by G.W. Chen 陳冠瑋

2. 2 Title 考慮服務品質需求下達到資訊遺漏最小化之近似 最佳化機密分享與防禦資源配置規劃 Near Optimal Secret Sharing and Defense Resource Allocation Plans for QoS Constrained Information Leakage Minimization

3. 3 Agenda Problem Description Heuristic algorithm for outer problem (Initial) Lagrangean Relaxation problem Heuristic algorithm for inner problem

4. 4 Problem Description Network operator Deploy the network topology Select appropriate material in order to achieve the reliability of the network Enforce QoS routing mechanism and the secret sharing strategy Allocate the defense budget on nodes Attacker Apply attack power to compromise more valuable nodes Recover information and maximize damage  Steal the threshold number of shares  Get the corresponding decrypt key

5. 5 Objective function

6. 6 Outer problem

7. 7 Reliability Defense QoS requirement

8. 8 Initial Outer problem Step 1: Determine the number of nodes and secret Step 2: Use the lowest material to construct the grid network Step 3: Depend on the request of users to determine the candidate location which shares and keys can be placed Step 4: Check QoS requirements if ok, go to Step 5 if not, execute replication mechanism Step 5: Execute reliability verification Step 6: Use the remaining resource to allocate defense capability 1) Degree based 2) Uniform based 3) Share_count based

9. 9 Replication Mechanism Step 1: For each user, check their receivable range, to check how many shares or key they need Step 2: If there is the same candidate node, we assign the replicate key or share to this node, or we assign the replicate share or key in receivable range depending on their degree Step 3: Repeat Step 1 and Step 2 until all constrain are satisfied

10. 10 User Secret 1 Secret 2 Secret 1 User

11. 11 j 1234m 2 2 Secret v Mesh network

12. 12 Reliability Verification (Artificial flow)-1 Step 1: Set important level: User to Secret For each user, mark the farther node which is the most hop counts from secret to user Step 2: Use the min cost flow algorithm to reach marked nodes (artificial capacity= 1) Step 3: Execute step 2 until all artificial flows can be achieved then go to Step 5, if not, then go to Step 4

13. 13 User 1 User 2 Secret 1 Secret 2 Secret 1

14. 14 Reliability Verification (Artificial flow)-2 Step 4: Find the nearest distance between node (N 1 ) where artificial flow can arrive from the user and the other node (N 2 ) where artificial flow can arrive Check whether the nodes exist or not If yes, to construct the link between Node1 and Node2 If no, to construct the link between User and Marked node Add them to total_construction_cost

15. 15 User 1 User 2 Secret 1 Secret 2 N1N1 N2N2

16. 16 Reliability Verification (Artificial flow)-3 Step 5: Check the reliability of each artificial path, If yes, go to Step 6 If no, to enhance the level of the material to achieve reliability The rule: choose the smaller latency link to enhance Step 6: Stop

17. 17 Inner problem

18. 18

19. 19

20. 20

21. 21 1 1 1 2,3 2 2 3 3 S key1 key2 key3 Share Key 1 2 3

22. 22 Sub-problem 1 1 1 1 2,3 2 2 3 3 S key1 key2 key3 每個 Node 都會有唯一的攻擊路徑

23. 23 Sub-problem 2 全部資訊皆復原

24. 24 Sub-problem 3 1 1 1 2,3 2 2 3 3 S key1 key2 key3 攻擊預算為 四單位的防禦資源

25. 25 Heuristic Algorithm Step 1: Make X p ’ s value as the candidate attack path Step 2: Compromise all nodes on the candidate attack paths Step 3: If total_attack_cost >attack_budget, then go to Step 4, otherwise go to Step 6 Step 4: Calculate the weight of node dynamically and choose the largest weight to remove its attack_budget Step 5: Execute step 4 repeatedly until total_attack_cost <= attack_budget

26. 26 Heuristic Algorithm Total_attack_cost > Budget

27. 27 1 1 1 2,3 2 2 3 3 S key1 key2 key3 Share Key 1 2 3

28. 28 Check basket Recovered Secret Unrecovered Secret Redundant NoYes KeyShare 13 23 Leaf node Node damage

29. 29 Compromised node damage (1) The recovered secret: Shares or Key in Node i: Redundant share or key:

30. 30 Compromised node damage (2) The unrecovered Secret Key Share

31. 31 Compromised node weight Calculate the weight of Node i Node[i].weight

32. 32 1 1 1 2,3 2 2 3 3 S key1 key2 key3 Share Key 1 2 3 2,3

33. 33 1 1 1 2,3 2 2 3 3 S key1 key2 key3 Share Key 1 2 3 2,3 1

34. 34 Heuristic Algorithm Total_attack_cost < Budget

35. 35 Heuristic Algorithm Step 6: Check the basket of the attacker and recalculate the weight of the node, then set compromised node ’ s weight to 0 Step 7: Find shortest path using this weight by dijkstra ’ s algorithm and calculate each node ’ s path weight and sort them Step 8: For all unrecovered secret, we sum up the weight of the path until it could be recovered, and set the smallest weight to be the target secret Step 9: To find the smallest weight of the path in the target secret, if path_cost <= remaining_budget to compromise all nodes on path and set the weight of node to 0, otherwise to find next path Step 10: Execute Step 6~ Step 8 repeatedly until all secret are already checked

36. 36 Check basket Unrecovered Secret IS_key in_basket IS_enough_share in_basket diff_threshold Neither Key nor en_share diff_threshold 13 1 2 45 Yes No Key YesNo Share Check Node Share Key Uncompromised node damage

37. 37 Uncompromised node damage (1) For the unrecovered secret: If key in the basket Some shares in Node i Acquire few shares to recover Enough shares in the basket

38. 38 Uncompromised node damage (2) Neither key nor enough shares If the key in Node i If the share in Node i Acquire few shares to meet threshold

39. 39 Compromised node weight Calculate the weight of Node i Node[i].weight path[i].weight

40. 40 1 1 1 2,3 2 2 3 3 S key1 key2 key3 Share Key 1 2 3

41. 41 1 1 1 2,3 2 2 3 3 S key1 key2 key3 Share Key 1 2 3

42. 42 1 1 1 2,3 2 2 3 3 S key1 key2 key3 Share Key 1 2 3

43. 43 Thanks !!