Network (Coding) Security: Known knowns, Unknown knowns, and - PowerPoint PPT Presentation

Network (Coding) Security: Known knowns, Unknown knowns, and Unknowns Sidharth Jaggi, The Chinese University of Hong Kong

Known knowns: Background

What is security? The quality or state of being secure : as a) : freedom from danger : safety b) : freedom from fear or anxiety c) : freedom from the prospect of being laid off -Merriam-Webster

Background – Communication Scenario Mostly “large” alphabets Min-cut: 𝐷 (packets) Alice Bob Mostly acyclic Info/coding thry Calvin networks Crypto “Control” a subset Bad guy of links/nodes Source Decoder Network containing adversaries Encoder Received Message R packets Decoded Collection Jammed message of packets packets Eavesdropped packets

Background – Communication Scenario • Secrecy • Robustness to erasures/ errors. • More later… Source Decoder Network containing adversaries Encoder Received Message R packets Decoded Collection Jammed message of packets packets Eavesdropped packets

Secrecy Z r eavesdropped links • Cai-Yeung: Secrecy rate C-Z r achievable (intuition – “network wiretap channel”) • Feldman et al: small field-sizes, random codes, efficient • Silva et al: “Universal” codes (rank -metric/subspace codes) • Multiple other works… Rouayheb et al, Bhattad et al, Ngai et al, … Alice Bob • Cui et al – LP formulation that’s never worse than C -Z r • General problem still open C=1, Z r =1, • Node eavesdropper problem even harder but secrecy rate 1 possible!

Erasures Z w erased links • Kötter-Médard: Rate C-Z w possible. Optimal. • Ho et al: expected throughput for random erasures, efficient random distributed codes • Dana et al: Even correlated random erasures (interference) rate computable, efficiently attainable • Silva et al: Rank-metric codes for worst-case erasures • Node-erasures: Capacity based on node-cut attainable

“Random” Error -correction packet errors/ i.i.d. symbol errors • Song et al/Borade et al: Symbol errors: Separation between link-by-link error-correction/network coding • Silva et al: Rate C-Z w efficiently attainable end-to-end with random packet errors (rank-metric codes)

Error-detection Z w noisy links • Omniscient Calvin: Rate R < C-Z w possible with error-detection. Optimal. • Ho et al: Any rate, at least one-path Calvin does not control (see/jam), can detect errors. Optimal.

Adversarial errors Z r jammed links • Cai-Yeung: Rate C-2Z w possible. Optimal. Network Singleton bound/Network GV codes • Jaggi et al/Kötter-Kschischang/Kötter-Kschischang-Silva: Efficient codes achieving C-2Z w • Jaggi et al: If Calvin not omniscient, C-Z w possible in some scenarios (more on this later) • Node adversary problem much harder (more on this later) .

Addenda … • Cryptography (computational assumptions) • List-decoding • Rateless codes • ...

Unknown knowns part I: Reliable and Secure Communication over Adversarial Multipath Networks C odes, A lgorithms, N etworks: D esign & O ptimization in I nformation T heory Qiaosheng Zhang Sidharth Jaggi Alex Sprintson Mayank Bakshi Swanand Kadhe 12 Eric

Motivating Example 1 C amplitude R Z C Z frequency C different frequencies Bob Alice 13

Motivating Example 2 Eavesdrops on all the frequencies C amplitude Singleton bound R Reed-Solomon codes C/2 C frequency C different frequencies 14

Motivating Example 3 amplitude C ??? R C/2 C frequency C different frequencies 15

Alternate Motivation • C computers • Administrator: wants to store a file. • How? By distributing it across C computers. …… 1 2 3 C

Alternate Motivation • Administrator: wants to store a file. • But hacker has read/write privileges on some servers…

Alternate Motivation • Goals: (1) The hacker cannot corrupt the file ------ reliability (2) The hacker cannot decipher the contents. ------ secrecy

Basic model Optimal rate Regime C – Z RW – Z WO Weak adversary regime C – 2 *Z RW – Z WO Strong adversary regime Z RW V 4 Z RW +Z RO +Z WO ≤ C • Strong adversary regime: V 3 Tetrahedron V 1 V 2 V 3 V 4 2*Z RW +Z RO +Z WO = C • Z RO Weak adversary regime: O V 2 Tetrahedron OV 1 V 2 V 3 V 1 [1] Zhang et al, ITW 2015, Talking secretly, reliably and efficiently: A “complete” characterization Z WO 19

Basic model • Non-causal condition (Model 0) One-shot transmission x 1 x 1 y 2 x 2 x 3 x 3 [1] Zhang et al, ITW 2015, Talking secretly, reliably and efficiently: A “complete” characterization 20

Causality/feedback • Effect of causality ? (Model 1) • Cannot see the future • Stuck to fixed channels x 13 x 12 x 13 x 12 x 11 x 11 x 1 x 23 y 23 y 22 y 21 x 22 x 21 x 2 x 33 x 32 x 31 x 33 x 32 x 3 x 31 21

Causality/feedback • Effect of passive feedback ? (Model 2) x 13 x 13 x 12 x 11 x 12 x 11 y 23 y 22 y 21 x 23 x 22 x 21 x 33 x 32 x 33 x 32 x 31 x 31 x 12 x 11 y 22 y 21 22 x 32 x 31

Problem Statement • Multi-round transmission without feedback (Model 1) • System diagram : x 13 x 12 y 13 x 11 y 12 y 11 k random key x 23 x 22 x 21 y 23 y 22 y 21 m x 33 Y Enc ( m,k ) x 32 x 31 y 33 y 32 y 31 Dec (Y) X message Encoder Decoder x 43 x 42 x 41 y 43 y 42 y 41 x 53 x 52 x 51 y 53 y 52 y 51 23

Problem Statement • Multi-round transmission with passive feedback (Model 2) • System diagram : j-th round, j = 1, 2, … Can also provide secrecy (if k desired) at lower rates random key ??? m X (j) Enc ( m,k ) Y (j) Dec (Y) message Y (1) Y (2) … Y (j-1) Received codeword 24

Jamming models • Additive Jamming: e i (Wireless network) x i y i • Overwrite Jamming: e i x i y i = e i (Wired network / Storage system) 25

Results: A “Complete” Characterization 26

Overview of main results ( additive ) Z RW Z RW Z RW V 4 V 4 V 4 V 3 V 5 V 3 V 5 Z RO Z RO Z RO O V 2 O V 2 O V 2 V 1 V 1 V 1 Z WO Z WO Z WO One-shot transmission Multi-round transmission Multi-round transmission with Passive Without feedback (Model 0) feedback (Model 1) (Model 2) 27

Overview of main results ( overwrite ) Z RW Z RW Z RW V 4 V 4 V 4 V 3 V 5 V 3 V 5 Z RO Z RO Z RO O V 2 O V 2 O V 2 V 6 V 6 V 1 V 1 V 1 Z WO Z WO Z WO One-shot transmission Multi-round transmission Multi-round transmission with Passive Without feedback (Model 0) feedback (Model 1) (Model 2) 28

Multi-round transmission without feedback ( additive ) • Key idea for achievability: • Self-hashing • Pairwise-hashing [Jag06] ’ ’ X i Z WO Y i K i H i K i H i 29

Multi-round transmission without feedback ( additive ) • Key idea for achievability: • Self-hashing • Pairwise-hashing [Jag06] Payload Random keys Pairwise hashes H 12 H 13 X 1 K 11 K 12 K 13 H 11 X 2 K 21 K 22 K 23 H 21 H 22 H 23 X 3 K 31 K 32 K 33 H 31 H 32 H 33 30

Pairwise-hashing • What’s the hash function? N symbols over F q X i = “ Linearized polynomial” (p  field characteristic)

Key idea for achievability: Pairwise-hashing [Jag06] • Case 1 : Link 1 and Link 2 are pairwise-consistent K 11 K 12 K 13 H 11 H 12 H 13 X 1 H 21 H 22 H 23 K 21 K 22 K 23 X 2 K 31 K 32 K 33 H 31 H 32 H 33 X 3 32

Key idea for achievability: Pairwise-hashing [Jag06] • Case 2 : Link 2 and Link 3 are not pairwise-consistent K 11 K 12 K 13 H 11 H 12 H 13 X 1 Z RW Y 2 K 21 K 22 K 2C H 21 H 22 H 23 X 2 H ’ 32 K 31 K 32 K 33 H 31 H 32 H 33 X 3 33

Pairwise-hashing Analysis • Receiver Bob: • Construct a graph with C vertices. • Connect two vertices if consistent. • Find the largest clique (count node-degree). 8 1 7 2 9 6 3 5 4

Main Results • Eg: Additive Jamming: • Calvin’s clique: • z rw + z ro • Encoder’s clique: • C – z rw – z wo z rw : z ro : z wo : “Untouched”:

Key idea for achievability: Pairwise-hashing [Jag06] • Decoder: • Check pairwise-consistency : • Errors are detectable if Yes No • C – z rw – z wo >z rw + z ro Yes Z RW Z RO • R = C – z rw – z wo = C – Z W No Z WO G 8 1 7 2 9 6 3 5 4 36

Converse: “Stochastic” symmetrization Eg: Overwrite, C=5, Z ro =1, Z wo =2, Z rw =0, C≤z ro +2(z wo +z rw )  R≤C -2(z wo +z rw )=1 X 1 m ’ m X 2 ’ X 3 ’ X 1 X 1 X 4 X 2 ’ X 5 X 2 X 3 ’ X 3 X 1 X 2 X 4 X 4 ’ X 3 X 5 X 5 ’ X 4 ’ X 5 ’ • “Stochastic” Singleton -type bound 37

Stochastic Singleton bound • Calvin observes (first) Z ro links • Picks (consistent) X’(m,r)~Pr(X(m,r)|x ro ) X 1 X 2 ’ • (Not necessarily uniform) X 3 ’ • Picks (uniformly) one of two subsets to be z wo X 4 • Transmits symbols from X’(m,r ) on Z wo X 5 • TPT: Bob confused between two alternatives X 1 X 1 X 2 ’ X 2 X 3 ’ X 3 X 4 X 4 ’ X 5 X 5 ’ 38

Stochastic Singleton bound • TPT: Bob confused between two alternatives Rate too high  Sufficiently large uncertainty in message Sufficiently large uncertainty in message  Calvin’s fake message different from true message ( Fano’s inequality) Bayes ’ theorem  Both messages equally likely given Y observed by Bob 39