ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical &...
-
Upload
isaac-george -
Category
Documents
-
view
217 -
download
1
Transcript of ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical &...
![Page 1: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/1.jpg)
ARC Special Research Centre for Ultra-Broadband Information Networks
Dept. of Electrical & Electronic Engineering
University of Melbourne
Sprint
2007-11-28
Improving Security with Network
DiversityPh.D. Confirmation
Tao Ye
Supervisors: Dr. Darryl Veitch, Dr. Jean Bolot, Prof. Rod Tucker
![Page 2: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/2.jpg)
2
Data confidentiality in network always a problem
Many security components inadequate RSA backdoor Rivest: A math error in chip can lead to easy crypto break-in
Diverse networks are available Data capable cellular networks WiFi Hotspots Wired Internet, multi-home
Heterogeneity: bandwidth, security features
Improving Security using Network Diversity
Motivation
![Page 3: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/3.jpg)
3
Divide information across diverse, heterogeneous links (physical or logical) to
increase confidentiality, on top of the availability or strength of underlying
encryption techniques.
![Page 4: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/4.jpg)
4
Why not…
Solve the problem with strong end-to-end encryption Known and unknown security component failures
Known – upgrade problems: WEP Unknown – new weakness discovered all the time, good cipher might
fail in the future! Strong encryption can be too expensive
Small devices PKI too expensive to deploy
Might not be available
![Page 5: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/5.jpg)
5
Goal
Design and implement an overlay system to increase communication confidentiality
Bandwidth aware but focused on security Low computation cost Set in today’s Internet environment
![Page 6: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/6.jpg)
6
Outline
Motivation and goals Related Work Multichannel Encryption Overlay Towards Provable Security
![Page 7: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/7.jpg)
7
Related Work
Multipath Secure Transmission in MANET Mobile Ad hoc NETwork has frequent topology change, reliability
must be coupled with security Use redundancy to provide reliability Preprocess message into n pieces, send on m node-disjoint
paths, only need t (<= n) pieces to recover Examples:
SPREAD ([Lou04]) uses Shamir’s (t,n) Secret Sharing Scheme: bandwidth inefficient – n*(message size)
SMT ([Papadimitratos03]) uses Rabin Information Dispersal: O(n2)
Security guarantee: Secret Sharing best, <t cannot recover
![Page 8: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/8.jpg)
8
Related Work (cont.)
Relevance of MANET Set in today’s Internet environment Reliability handled by a different layer, redundancy not a focus Want more efficient (space and time) algorithms Want better security guarantee
![Page 9: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/9.jpg)
9
Related Work (cont.) All-or-Nothing Transforms (AON)
Rivest: Transformation of blocks Computationally infeasible to reverse one block without all blocks Reversible and efficiently computable Package transform to be used with block cipher
Secure Bulk Transfer [Byers04] Sparse parity checking code spc2 has AON property Running time O(dn), d >10, n ~ file size
Still want more efficient algorithm Not for real time or streaming applications
![Page 10: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/10.jpg)
10
Related Work (cont.)
Selective Encryption in Multimedia Degrade MPEG2 streams: pay-per-view For example, encrypt I-Frames, perhaps also I-Blocks Transmit encrypted data and unencrypted data together Nice application of using special data structure Not a high security criterion
![Page 11: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/11.jpg)
11
Outline
Motivation and goals Related Work Multichannel Encryption Overlay (MEO) Towards Provable Security
![Page 12: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/12.jpg)
12
Multichannel Encryption Overlay
• E0 is an encryption in a very general sense.
• Packet based, bits removed at random positions
• Can easily be extended to multiple channels
![Page 13: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/13.jpg)
13
MEO Security Corruption by information removal Information rate reduction In order to crack the MEO, must either
Crack Channel 1, O1 S, or
Crack channel 2, O2 T, recombine correctly, then crack S’ S
• Assume adversary has access to all channels
![Page 14: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/14.jpg)
14
MEO Properties Definitions:
λi, pi, ri: packet arrival rate, fixed packet size, data rate on Channel i Use Channel 0 for source S’ b: bits removed from S’ per packet to form O1
Traffic rate Rate on Channel 1 slows by a little: r1= r0 – bλ0
8p2/b packets from S’ a packet for Channel 2
λ2 = bλ0 /8p2 : low rate on channel 2
![Page 15: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/15.jpg)
15
Assume exhaustive search attacks to crack Channel 1 For n packets, total combinations are: 1 bit removed, 240B packet -> 3,820 3 bits removed, 240B packet -> 9,422,443,520
Cracking encrypted Channel 2 Assume can be broken by cipher text only attacks Number of packets needed to crack is an r.v. N Using stationarity, define cracking time T = N/λ Average cracking time on channel 2: Assume ,
Average cracking time of MEO: Gain factor 1 bit, 1500B packet size, takes 12890 times longer to crack!!
MEO Preliminary Security Analysis
![Page 16: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/16.jpg)
16
WEP Example Simulation on cracking corrupted WEP
Illustrate the corruption property of the MEO in example WEP is known to be weak, software cracking tool available
Generate 200 keys to be recovered Generate one encrypted stream of ‘packets’
corresponding to each key Normal stream v.s. MEO corrupted stream
Feed through Aircrack set timeout to (1min,10min), (2min, 20min)
Observe keys recovered v.s. packets used
![Page 17: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/17.jpg)
17
WEP Example (cont.) CDF of N Insensitive to timeout MEO corrupted streams are
not cracked, for b=1, 2! Example demonstrates
potential of MEO Does not prove general case
![Page 18: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/18.jpg)
18
Outline
Motivation and goals Related Work Multichannel Encryption Overlay Towards Provable Security
![Page 19: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/19.jpg)
19
Weaknesses of MEO
Lack provable security Not sure if corruption on Channel 1 is sufficient E0 is an existing network element
Might not be suitable for corruption We should include E0 as a part of design
Leads to richer design space But reduces modularity benefits
![Page 20: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/20.jpg)
20
Towards Provable Security
Information theoretic approach Perfect secrecy
Zero Mutual information between transmitted code X and message M Wyner’s Wiretap channel
Different from computation complexity approach of cryptography
Use compression as encryption An old idea, Roger Bacon in the 13th century Surprisingly difficult to break
![Page 21: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/21.jpg)
21
Wiretap Channel Wyner’s Wiretap channel framework
Use source coding and channel coding, exploit channel errors, to guarantee that an eavesdropper cannot decode message.
Legitimate receiver can decode message without error
![Page 22: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/22.jpg)
22
Wiretap Channel Wiretap channel definitions
U, X, Y, Z are random variables A sequence of n input symbols is Xn
Objectives
Secrecy Capacity If U X (Y, Z) is a Markov chain
If both main and wiretapper’s channels are additive Gaussian, or I(X;Y) and I(X;Z) individually max by the same p(x)
![Page 23: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/23.jpg)
23
MEO Modeled in Wiretap Channel Main channel:
Both Channel 1 and Channel 2 in MEO Initially noiseless
Wiretapper’s Channel: Corruption process X = S’, Z = O1
Now we view corruption as channel error by design Eavesdropper’s uncertainty H(S|O1) to evaluate coding
Select coding scheme to force corrupted O1 to be unbreakable
![Page 24: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/24.jpg)
24
Compression as Encryption
Rivest et al.: Huffman can be difficult to break if codebook is unknown
Shannon-Fano-Elias can be made exponentially difficult to break
Recall: not sure if corruption is sufficient Compression
Compress to entropy No redundancy, removed cannot recover Many algorithms are O(n)
How do we formally study it?
![Page 25: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/25.jpg)
25
Compression and Deletion Channel Connecting deletion with bit removal
Erasure channel Every bit with a erasure probability e where 1110001 -> 11?0?01
Deletion channel Every bit with a deletion probability p 1110001 -> 11001
Bit removal is close to deletion but not the same Bit removal removes fixed number of bits per packet Deletion does not guarantee that, but has nice i.i.d. properties
Tie them together: Compression as coding, deletion channel as wiretapper’s channel Can we achieve I(U;Z)/n 0?
![Page 26: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/26.jpg)
26
Huffman Code
Widely used due to good compression property Kraft’s inequality of prefix codes
Integer codewords lengths {li} For any uniquely decodable code C over binary alphabet {0,1}, I
is the total number of codewords
Does deletion shorten the length of codes? If so, C not uniquely decodable How much does this increase eavesdropper’s uncertainty?
![Page 27: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/27.jpg)
27
A System View
Composability of a security system Usually assume adversary controls network Design end system components Network channels play an active role?
Massey93: A cascade of ciphers is at least as difficult to break as the first one A cascade of additive binary stream ciphers, known to contain at
least one computationally secure cipher, is computationally secure
Do properties exist for ciphers in parallel?
![Page 28: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/28.jpg)
28
Conclusion
Consider using multiple links to improve security Introduced MEO system Problem is lack of provable security Propose to use the wiretap channel model
Prove we can use wiretap channel to model MEO Incorporate channel error as part of design Use uncertainty to guide encoding/encryption design
Compression as encryption Security System
Thanks!!
![Page 29: ARC Special Research Centre for Ultra-Broadband Information Networks Dept. of Electrical & Electronic Engineering University of Melbourne Sprint 2007-11-28.](https://reader035.fdocuments.net/reader035/viewer/2022081515/56649eda5503460f94be8c5e/html5/thumbnails/29.jpg)
29
Applications
Secure download Security enhancement