Secure Network Coding via Filtered Secret Sharing

Similar documents

Weakly Secure Network Coding

Security for Wiretap Networks via Rank-Metric Codes

Secure Network Coding for Wiretap Networks of Type II

On Secure Communication over Wireless Erasure Networks

Achievable Strategies for General Secure Network Coding

Network Monitoring in Multicast Networks Using Network Coding

Efficient weakly secure network coding scheme against node conspiracy attack based on network segmentation

Network Coding for Security and Error Correction

Secure Network Coding on a Wiretap Network

Network coding for security and robustness

Secure Network Coding: Bounds and Algorithms for Secret and Reliable Communications

On Secure Network Coding With Nonuniform or Restricted Wiretap Sets

A Network Flow Approach in Cloud Computing

Topology-based network security

Comparison of Network Coding and Non-Network Coding Schemes for Multi-hop Wireless Networks

A Numerical Study on the Wiretap Network with a Simple Network Topology

Linear Codes. Chapter Basics

Secure Network Coding: Dependency of Efficiency on Network Topology,

Lattice-Based Threshold-Changeability for Standard Shamir Secret-Sharing Schemes

On the Multiple Unicast Network Coding Conjecture

On the Complexity of Exact Maximum-Likelihood Decoding for Asymptotically Good Low Density Parity Check Codes: A New Perspective

Energy Benefit of Network Coding for Multiple Unicast in Wireless Networks

Link Loss Inference in Wireless Sensor Networks with Randomized Network Coding

Exact Maximum-Likelihood Decoding of Large linear Codes

Kodo: An Open and Research Oriented Network Coding Library Pedersen, Morten Videbæk; Heide, Janus; Fitzek, Frank Hanns Paul

Efficient Recovery of Secrets

ON THE APPLICATION OF RANDOM LINEAR NETWORK CODING FOR NETWORK SECURITY AND DIAGNOSIS

How To Encrypt Data With A Power Of N On A K Disk

Network Coding for Distributed Storage

Functional-Repair-by-Transfer Regenerating Codes

Signatures for Content Distribution with Network Coding

Communication Overhead of Network Coding Schemes Secure against Pollution Attacks

Mathematical Modelling of Computer Networks: Part II. Module 1: Network Coding

In-Network Coding for Resilient Sensor Data Storage and Efficient Data Mule Collection

Recall that two vectors in are perpendicular or orthogonal provided that their dot

SECRET sharing schemes were introduced by Blakley [5]

On network coding for security

CIS 700: algorithms for Big Data

17. Inner product spaces Definition Let V be a real vector space. An inner product on V is a function

Linear Network Coding on Multi-Mesh of Trees (MMT) using All to All Broadcast (AAB)

Design of LDPC codes

To Provide Security & Integrity for Storage Services in Cloud Computing

Notes 11: List Decoding Folded Reed-Solomon Codes

Adaptive Linear Programming Decoding

5.1 Bipartite Matching

Secret Key Generation from Reciprocal Spatially Correlated MIMO Channels,

This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

File Sharing between Peer-to-Peer using Network Coding Algorithm

A Robust and Secure Overlay Storage Scheme Based on Erasure Coding

Growth Codes: Maximizing Sensor Network Data Persistence

N O T E S. A Reed Solomon Code Magic Trick. The magic trick T O D D D. M A T E E R

A Practical Scheme for Wireless Network Operation

Applied Algorithm Design Lecture 5

Orthogonal Projections

Privacy and Security in the Internet of Things: Theory and Practice. Bob Baxley; HitB; 28 May 2015

Physical Layer Security in Wireless Communications

A Short Summary on What Happens When One Dies

Optimizing Congestion in Peer-to-Peer File Sharing Based on Network Coding

Diversity Coloring for Distributed Data Storage in Networks 1

by the matrix A results in a vector which is a reflection of the given

Low Delay Network Streaming Under Burst Losses

3/25/ /25/2014 Sensor Network Security (Simon S. Lam) 1

Approximation Algorithms

Optimal Index Codes for a Class of Multicast Networks with Receiver Side Information

954 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 51, NO. 3, MARCH 2005

! Solve problem to optimality. ! Solve problem in poly-time. ! Solve arbitrary instances of the problem. #-approximation algorithm.

Enhancing Wireless Security with Physical Layer Network Cooperation

CODEC: CONTENT DISTRIBUTION WITH (N,K) ERASURE CODE IN MANET

Ensuring Data Storage Security in Cloud Computing

Lecture 14: Data transfer in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 6, Thursday

Erasure Coding for Cloud Storage Systems: A Survey

Coding and decoding with convolutional codes. The Viterbi Algor

The Complexity of Online Memory Checking

On the Locality of Codeword Symbols

We shall turn our attention to solving linear systems of equations. Ax = b

MOST error-correcting codes are designed for the equal

A Survey of the Theory of Error-Correcting Codes

Network Design and Protection Using Network Coding

Image Compression through DCT and Huffman Coding Technique

An Application of Visual Cryptography To Financial Documents

Network File Storage with Graceful Performance Degradation

Nimble Algorithms for Cloud Computing. Ravi Kannan, Santosh Vempala and David Woodruff

SYSTEMATIC NETWORK CODING FOR LOSSY LINE NETWORKS. (Paresh Saxena) Supervisor: Dr. M. A. Vázquez-Castro

On the Security and Efficiency of Content Distribution Via Network Coding

Network Coding Applications

Performance Evaluation of Network Coding: Effects of Topology and Network Traffic for Linear and XOR Coding

Solutions to Math 51 First Exam January 29, 2015

Similarity and Diagonalization. Similar Matrices

Chapter Load Balancing. Approximation Algorithms. Load Balancing. Load Balancing on 2 Machines. Load Balancing: Greedy Scheduling

Quantum Network Coding

956 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009

CS263: Wireless Communications and Sensor Networks

OPTIMAL DESIGN OF DISTRIBUTED SENSOR NETWORKS FOR FIELD RECONSTRUCTION

CODING THEORY a first course. Henk C.A. van Tilborg

THE DIMENSION OF A VECTOR SPACE

Efficient Data Retrival - A Case Study on Network Coding and Recovery

Maximum Entropy Functions: Approximate Gács-Körner for Distributed Compression

MATH10212 Linear Algebra. Systems of Linear Equations. Definition. An n-dimensional vector is a row or a column of n numbers (or letters): a 1.

On Quality of Monitoring for Multi-channel Wireless Infrastructure Networks

Secure Way of Storing Data in Cloud Using Third Party Auditor

Transcription:

Secure Network Coding via Filtered Secret Sharing Jon Feldman, Tal Malkin, Rocco Servedio, Cliff Stein (Columbia University) jonfeld@ieor, tal@cs, rocco@cs, cliff@ieor columbiaedu Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p1/21

Network Coding and Security Network coding: new model of transmission how do we make it secure? 1 Cai and Yeung[02] wire-tap adversary: can look at any Suff conditions for 2 Jain[04]: More precise cond (one terminal) 3 Ho, Leong, Koetter, Médard, Effros, Karger [04]: Byzantine modification detection edges secure multicast code Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p2/21

Network Coding and Security Network coding: new model of transmission how do we make it secure? 1 Cai and Yeung[02] wire-tap adversary: can look at any Suff conditions for 2 Jain[04]: More precise cond (one terminal) 3 Ho, Leong, Koetter, Médard, Effros, Karger [04]: Byzantine modification detection edges secure multicast code This talk: precise analysis of wire-tap adversary, balance between security, rate, edge bandwidth Related: robustness [Koetter Médard 02] Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p2/21

Making our Example Secure Use Less ambitious goal: Send one symbol to both sinks Choose randomly Can define symbols st any single wire-tapper learns nothing about, both sinks can compute Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p3/21

Linear Multicast Network Coding (No Security) Given: Network min-cut value = Goal: get message, source, sinks to every sink Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p4/21

Linear Multicast Network Coding (No Security) Given: Network min-cut value = Goal: get message, source Network code: Define coding vectors Edge carries symbol, sinks to every sink for each edge Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p4/21

Linear Multicast Network Coding (No Security) Given: Network min-cut value = Goal: get message, source Network code: Define coding vectors Edge carries symbol Feasibility of transmission: (i) Every spanned by, sinks to every sink for each edge (or ) Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p4/21

Linear Multicast Network Coding (No Security) Given: Network min-cut value = Goal: get message, source Network code: Define coding vectors Edge carries symbol Feasibility of transmission: (i) Every spanned by Recoverability at sinks: (ii) For all, the vectors, sinks to every sink for each edge (or span ) Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p4/21

Wire-Tap Model, Randomness at the Source Adversary has access to any set of knows symbol transmitted along edge, knows network code, topology, has unlimited computational power edges, Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p5/21

Wire-Tap Model, Randomness at the Source Adversary has access to any set of knows symbol transmitted along edge, knows network code, topology, has unlimited computational power Source allowed to generate random symbols ( ) (Jain [04]: random bits at intermediate nodes) edges, Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p5/21

Wire-Tap Model, Randomness at the Source Adversary has access to any set of knows symbol transmitted along edge, knows network code, topology, has unlimited computational power Source allowed to generate random symbols ( ) (Jain [04]: random bits at intermediate nodes) edges, Task: design function at source, coding vectors on edges st: Coding vectors satisfy feasibility, Information recoverable at each sink, Information secure against adversary Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p5/21

Wire-Tap Model, Randomness at the Source Adversary has access to any set of knows symbol transmitted along edge, knows network code, topology, has unlimited computational power Source allowed to generate random symbols ( ) (Jain [04]: random bits at intermediate nodes) edges, Task: design function at source, coding vectors on edges st: Coding vectors satisfy feasibility, Information recoverable at each sink, Information secure against adversary Goal: information-theoretic security Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p5/21

Security, Rate and Bandwidth We study possible trade-offs between security, rate and bandwidth: Security = Rate = = # edges tapped = # information symbols multicast Edge Bandwidth =, where symbols in Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p6/21

Security, Rate and Bandwidth We study possible trade-offs between security, rate and bandwidth: Security = Rate = = # edges tapped = # information symbols multicast Edge Bandwidth =, where symbols in Easy to show: Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p6/21

Security, Rate and Bandwidth We study possible trade-offs between security, rate and bandwidth: Security = Rate = = # edges tapped = # information symbols multicast Edge Bandwidth =, where symbols in Easy to show: Cai and Yeung [02]: If symbols securely Construction time, can send Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p6/21

Our Results If you give up a little capacity, bandwidth requirement reduced significantly: Thm: For any, if, can send symbols securely Algorithm: poly-time, secure whp If, only need Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p7/21

Our Results If you give up a little capacity, bandwidth requirement reduced significantly: Thm: For any, if, can send symbols securely Algorithm: poly-time, secure whp If, only need If you do not give up capacity, then bandwidth might have to be large: Thm: If, then there are examples where all solutions (using this method) must have Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p7/21

Relation w/ Cai & Yeung Core Lemma of Cai and Yeung: If one can construct a matrix with certain independence properties relative to the coding vectors, then the network code can be altered to achieve security Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p8/21

Relation w/ Cai & Yeung Core Lemma of Cai and Yeung: If one can construct a matrix with certain independence properties relative to the coding vectors, then the network code can be altered to achieve security Our extensions: Independence properties are also necessary Using orthogonal space, re-cast as coding theory problem Give up some capacity to make coding problem solvable Use necessary direction, covering radius, to prove negative result Observation: don t alter code, just input Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p8/21

Making a Given Network Code Secure [CY02] Given a linear solutionto a network coding problem, can we use it securely? Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p9/21

Making a Given Network Code Secure [CY02] Given a linear solutionto a network coding problem, can we use it securely? Set, with info, random Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p9/21

Making a Given Network Code Secure [CY02] Given a linear solutionto a network coding problem, can we use it securely? Set Send message, with info, random normally using network code Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p9/21

Making a Given Network Code Secure [CY02] Given a linear solutionto a network coding problem, can we use it securely? Set Send message, with info, random normally using network code Security condition: If adversary looks at any edges, can learn nothing about (More formally, for all sets with is a random vector in, the random variable is independent of ), If Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p9/21

Making a Given Network Code Secure [CY02] Given a linear solutionto a network coding problem, can we use it securely? Set Send message, with info, random normally using network code Security condition: If adversary looks at any edges, can learn nothing about (More formally, for all sets with is a random vector in, the random variable is independent of ) Recoverability, feasibility follow immediately (as long as can be determined from ), If Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p9/21

Making a Given Network Code Secure [CY02] Given a linear solutionto a network coding problem, can we use it securely? Set Send message, with info, random normally using network code Security condition: If adversary looks at any edges, can learn nothing about (More formally, for all sets with is a random vector in, the random variable is independent of ) Recoverability, feasibility follow immediately (as long as can be determined from ) Advantage: don t need to alter network code Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p9/21, If

Secret Sharing (Shamir) Secret Dealer has secret Distribute shares Given any Given any st shares, can recover secret shares, learn nothing Computational/info-theoretic security Access pattern for recoverability/security Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p10/21

Connection to Secret Sharing Simple case: single source/sink, adversary has any set of s edges parallel edges, t Modest goal : send one symbol Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p11/21

Connection to Secret Sharing Suppose Encoding: Choose = is the dealer in secret sharing at random Let Set message (Encode (x,r) using a Reed-Solomon code) Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p12/21

Connection to Secret Sharing Suppose Encoding: Choose = is the dealer in secret sharing at random Let Set message (Encode (x,r) using a Reed-Solomon code) Decoding: Knowing all Knowing Works for any or fewer reveals (interpolation) s tells you nothing Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p12/21

Filtered Secret Sharing Classical secret sharing: adversary has shares Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p13/21

Filtered Secret Sharing Classical secret sharing: adversary has Filtered secret sharing: Menu of lin combos of all shares Adversary chooses items from the menu shares Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p13/21

Filtered Secret Sharing Classical secret sharing: adversary has Filtered secret sharing: Menu of lin combos of all shares Adversary chooses items from the menu Secret is shares Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p13/21

Filtered Secret Sharing Classical secret sharing: adversary has Filtered secret sharing: Menu of lin combos of all shares Adversary chooses items from the menu Secret is Given: -by- full-rank filter matrix Find: Function For all -by- over random we have submatrices, indep of over such that: of, ( ) shares Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p13/21

Filtered Secret Sharing Given: -by- full-rank filter matrix over over random we have submatrices, Classical: special case indep of, such that: of,, Find: Function For all -by- For network coding:, is -by- matrix of coding vectors Ignores network topology Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p14/21

Design of Linear Error-Correcting Codes = linear subspace generated by the rows of Distance( ) = -by- matrix Goal in coding theory: For given rate, find code with large distance Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p15/21

Design of Linear Error-Correcting Codes = linear subspace generated by the rows of Distance( ) = -by- matrix Goal in coding theory: For given rate, find code with large distance - Generalization: Designed code must be far from other given points, and some Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p15/21

Generalized Coding Problem For generators,, define: Note: Asymmetric Note: min-dist( ) Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p16/21

Generalized Coding Problem For generators,, define: Note: Asymmetric Note: min-dist( ) -by- Span Distance Problem (over field Given an -by- matrix, find a matrix where ): Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p16/21

Generalized Coding Problem Goal: Design code For generators,, define: Note: Asymmetric Note: min-dist( ) -by- Span Distance Problem (over field Given an -by- matrix, find a matrix where ): codeword in with distance to every Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p16/21

Filtered Secret sharing Span Distance Filtered secret sharing (linear of the span distance problem: ) is a special case (linear) fss solution with (for all ) solution to the span distance problem with,, ( generates null space of Required distance = ) Parameter for network coding application: amount of capacity given up Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p17/21

Positive result Given any, choose randomly Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p18/21

Positive result Given any, choose randomly Analysis like random lin codes on G-V bound: vector in Each has Vol prob of having dist from Union bound over codewords : Random has w/ prob Vol Vol Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p18/21

Positive result Given any, choose randomly Analysis like random lin codes on G-V bound: vector in Each has Vol prob of having dist from Union bound over codewords : Random has w/ prob Vol Vol In general, Pr For if, need only Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p18/21

Negative Result: Using the Covering Radius Covering radius( ) = Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p19/21

Negative Result: Using the Covering Radius Covering radius( ) = If has covering radius alone subspace (let ) has dist no from Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p19/21

Negative Result: Using the Covering Radius ) = Covering radius( no has covering radius alone subspace (let ) has dist If from, using result of [Cohen, Frankl 85]: Setting ) Vol st ( st ), Vol Thm: ( and where Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p19/21

Negative Result: Using the Covering Radius ) = Covering radius( no has covering radius alone subspace (let ) has dist If from, using result of [Cohen, Frankl 85]: Setting ) Vol st ( st ), Vol Thm: ( and where, where st exists (Contrast to C/Y upper reasonable settings of if ) bound Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p19/21

Conclusions Given a fixed linear network code, the problem of making it secure (using linear filtered secret sharing) is a generalized [classical] code design problem To achieve security: trade-off between rate and required link bandwidth Sacrificing small amount of capacity allows large savings in required bandwidth Secret sharing can be extended from [adversary gets [adversary gets linear combinations (from a given set) of all shares] shares],to Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p20/21

Future Work Better upper/lower bounds (, or in general) Consider (network topology, code design, security, robustness) simultaneously Allow more power at nodes [Jain: random bits] Relax notion of security [Jain: computationally bounded adversary] Different adversaries, non-linear network codes, non-multicast? Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing p21/21