Using Adversary Structures to Analyze Network Models,



Similar documents
An Overview of Common Adversary Models

Secret Sharing and Reliable Cloud Computing

3/25/ /25/2014 Sensor Network Security (Simon S. Lam) 1

5.1 Bipartite Matching

ECE 333: Introduction to Communication Networks Fall 2002

Topology-based network security

Lecture 5 - CPA security, Pseudorandom functions

CPSC 467b: Cryptography and Computer Security

MACs Message authentication and integrity. Table of contents

Introduction to Algorithms. Part 3: P, NP Hard Problems

Simulation-Based Security with Inexhaustible Interactive Turing Machines

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

NP-complete? NP-hard? Some Foundations of Complexity. Prof. Sven Hartmann Clausthal University of Technology Department of Informatics

Network Algorithms for Homeland Security

Communication Networks. MAP-TELE 2011/12 José Ruela

Denial of Service in Sensor Networks

How To Write A Transport Layer Protocol For Wireless Networks

Complexity Theory. IE 661: Scheduling Theory Fall 2003 Satyaki Ghosh Dastidar

Security for Ubiquitous and Adhoc Networks

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies. University of Siegen Mohammed Abuteir, Roman Obermaisser

This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

Near Optimal Solutions

Lecture 2.1 : The Distributed Bellman-Ford Algorithm. Lecture 2.2 : The Destination Sequenced Distance Vector (DSDV) protocol

1 Message Authentication

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

A Catechistic Method for Traffic Pattern Discovery in MANET

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

Victor Shoup Avi Rubin. Abstract

Lecture 7: NP-Complete Problems

Giving life to today s media distribution services

Signature-Free Asynchronous Binary Byzantine Consensus with t < n/3, O(n 2 ) Messages, and O(1) Expected Time

Lecture 2: Complexity Theory Review and Interactive Proofs

Introductory Probability. MATH 107: Finite Mathematics University of Louisville. March 5, 2014

WORKED EXAMPLES 1 TOTAL PROBABILITY AND BAYES THEOREM

A Probabilistic Quantum Key Transfer Protocol

Introduction to Wide-Area WiFi. AfNOG 2009 Wireless Tutorials Cairo

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS

WAN Data Link Protocols

CSE 4351/5351 Notes 7: Task Scheduling & Load Balancing

A Survey of Zero-Knowledge Proofs with Applications to Cryptography

Distillation Codes and Applications to DoS Resistant Multicast Authentication

CHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES

The dangers of composing anonymous channels

Authentication and Encryption: How to order them? Motivation

Bandwidth Allocation in a Network Virtualization Environment

Outline. NP-completeness. When is a problem easy? When is a problem hard? Today. Euler Circuits

Detecting Denial of Service Attacks in Tor

Security Analysis of PLAID

Unit 19: Probability Models

Tema 5.- Seguridad. Problemas Soluciones

On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments

- Easy to insert & delete in O(1) time - Don t need to estimate total memory needed. - Hard to search in less than O(n) time

On the Unique Games Conjecture

Expander Graph based Key Distribution Mechanisms in Wireless Sensor Networks


First Midterm for ECE374 02/25/15 Solution!!

Satisfiability Checking

Objectives. Distributed Databases and Client/Server Architecture. Distributed Database. Data Fragmentation

Computational complexity theory

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Coin Flip Questions. Suppose you flip a coin five times and write down the sequence of results, like HHHHH or HTTHT.

On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation

CHAPTER 1 INTRODUCTION

First Semester Examinations 2011/12 INTERNET PRINCIPLES

STAT 35A HW2 Solutions

Cost Model: Work, Span and Parallelism. 1 The RAM model for sequential computation:

Massachusetts Institute of Technology. Abstract

Congestion Control Overview

Capacity of Inter-Cloud Layer-2 Virtual Networking!

Middleware and Distributed Systems. System Models. Dr. Martin v. Löwis. Freitag, 14. Oktober 11

Secure Network Coding for Wiretap Networks of Type II

Dynamic Source Routing in Ad Hoc Wireless Networks

Application of Quantum Cryptography to an Eavesdropping Detectable Data Transmission

1 Representation of Games. Kerschbamer: Commitment and Information in Games

Quality of Service Routing in Ad-Hoc Networks Using OLSR

Weakly Secure Network Coding

1. Nondeterministically guess a solution (called a certificate) 2. Check whether the solution solves the problem (called verification)

Traffic Prediction in Wireless Mesh Networks Using Process Mining Algorithms

THE PROBLEM WORMS (1) WORMS (2) THE PROBLEM OF WORM PROPAGATION/PREVENTION THE MINIMUM VERTEX COVER PROBLEM

Quantum Network Coding

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

The Complexity of Online Memory Checking

Entangled Encodings and Data Entanglement

Computer Algorithms. NP-Complete Problems. CISC 4080 Yanjun Li

Fairness in Routing and Load Balancing

Measurement-aware Monitor Placement and Routing

Step 3: Go to Column C. Use the function AVERAGE to calculate the mean values of n = 5. Column C is the column of the means.

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen


Transcription:

MTAT.07.007 Graduate seminar in cryptography Using Adversary Structures to Analyze Network Models University of Tartu db@ut.ee 1

Outline of the talk Problems in distributed systems Adversary Structure - definition Communication and Connectivity Secure Message Transfer 2

Problems and results Byzantine Generals Problem Byzantine faults Communication networks Goal of the research Some results 3

The network model We will define: the adversary structure and it s properties the communication network message transmission protocols special connectivity properties secure message transmissions 4

Adversary types There are two types of adversaries: passive and active. A passive adversary reads all the traffic going through corrupted parties An active adversary is computationally unbounded and can both control and read the traffic going through the corrupted parties. Both types have complete knowledge of the protocol, the message space and structure of the network. The described model considers only static adversaries i.e. ones, who select the set of parties to corrupt before the start of the protocol. 5

Adversary structure - definition Let P be the set of parties in the network. Let Γ P be a subset of the power set of P. We call such a Γ P 2 P an access structure on P. An access structure is monotone if and only if / Γ P and A if A Γ P, A A P then A Γ P. We call Z 2 P an adversary structure, if Z c = 2 P \Z is a monotone access structure. 6

Adversary structure - combining them If Z 1 and Z 2 are adversary structures, then Z 1 + Z 2 = {Z 1 Z 2 : Z 1 Z 1, Z 2 Z 2 } is also an adversary structure. We define 2Z = Z + Z and 3Z = Z + Z + Z. 7

The communication network The communication network is modelled by using a directed graph G = G(V, E). Each node v G is a communication party. Each edge (u, v) E is a point-to-point private reliable communication channel between the two parties. 8

Message Transmission Protocols Let π be a message transmission protocol, let A be the sender and B the receiver (A, B P ). Let Z be an adversary structure. The sender A selects a M A drawn from a message space M with a certain probability distribution. At the beginning of the protocol the adversary randomly chooses a subset of Z (determines, which nodes to corrupt). At the end of the protocol π the receiver B outputs a message M B M. For any message transmission protocol adv(m, r) is the view when M A = M and r is the sequence of coin flips used by the adversary. 9

Reliability and privacy Definition 1: Let π be a transmission protocol. Let M A be the message selected by A and M B the message output by B. Let Z be an adversary structure. 1. We say that π is Z-reliable, if B outputs M B = M A with probability 1 (taken over the choices of M A and the coin flips of all parties). 2. We say that π is perfectly Z-private if for any two messages M 0, M 1 and for any coin tosses r, we have Pr[adv(M 0, r) = c] = Pr[adv(M 1, r) = c]. The probabilities is taken over the coin flips of the honest parties). 3. π is perfectly Z-secure if it is Z-reliable and perfectly Z-private. 10

Separability of nodes Definition 2: Let G(V,E) be a directed graph, A, B be nodes in G(V,E) and Z be an adversary structure on V \{A, B}. A and B are Z-separable in G, if there is a set Z Z such that all paths from A to B go through at least one node in Z. We say that Z separates A and B. A, B are (Z + 1)-connected if they are not Z-separable in G. Note, that if (A, B) E then A, B are (Z + 1) connected for any Z on V \{A, B}. 11

Connectivity - results Theorem 1: Let G = G(V,E) be a directed graph. Let A, B be nodes in G and Z 1, Z 2 be adversary structures on V \{A, B}. Then A, B are (Z 1 + Z 2 + 1) connected if, and only if: for all sets Z 1 Z 1 there is a set S Z1 of paths between A and B such that, the paths in S Z1 are free from nodes of Z 1, for every Z 2 Z 2 there is at least one path in S Z1 that is free from nodes of Z 2. 12

Secure Message Transmissions - results The following results set constraints needed for secure message transmissions in the given network. Theorem 2: Let G = G(V,E) be a directed graph. Let A, B be nodes in G and Z be an adversary structure on V \{A, B}. We suppose, that the adversary is passive. 1. We have polynomial time (with regard to graph size) Z-reliable message transmission from A to B if, and only if, A, B are ({ } + 1)- connected in G. 2. We have polynomial time (with regard to graph size) perfectly Z- secure message transmissions from A to B if and only if, A, B, are (Z + 1)-connected in G. 13

Secure Message Transmissions - results (cont.) Theorem 3: Let G = G(V,E) be a directed graph. Let A, B be nodes in G and Z be an adversary structure on V \{A, B}. We have Z-reliable message transmission from A to B if, and only if, A, B, are (2Z + 1)-connected in G. Theorem 4: Let G = G(V,E) be a directed graph. Let A, B be nodes in G and Z be an adversary structure on V \{A, B}. If there are no directed paths from B to A, then we have perfectly Z-secure message transmission from A to B if and only if, A and B are (3Z + 1)-connected in G. 14

To be continued... Next time: 1. More results about the given model. 2. Possibly other models or approaches. See you then! 15

End of talk Thanks for listening! 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information