PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.
-
Upload
kimberly-gordon -
Category
Documents
-
view
219 -
download
0
Transcript of PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.
![Page 1: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/1.jpg)
PAUL CUFFELECTRICAL ENGINEERING
PRINCETON UNIVERSITY
Secure Communication for Distributed Systems
![Page 2: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/2.jpg)
Main Idea
Secrecy for distributed systems
Design encryption specifically for a system objective
Node A
Node BMessageInformation
Action
Adversary
Distributed System
Attack
![Page 3: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/3.jpg)
Communication in Distributed Systems
“Smart Grid”
Image from http://www.solarshop.com.au
![Page 4: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/4.jpg)
Cipher
Plaintext: Source of information: Example: English text: Information Theory
Ciphertext: Encrypted sequence: Example: Non-sense text: cu@sp4isit
Encipherer
Decipherer
Ciphertext
Key Key
Plaintext Plaintext
![Page 5: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/5.jpg)
Example: Substitution Cipher
Alphabet A B C D E …
Mixed Alphabet F Q S A R …
Simple Substitution
Example: Plaintext: …RANDOMLY GENERATED CODEB… Ciphertext: …DFLAUIPV WRLRDFNRA SXARQ…
Caesar Cipher
Alphabet A B C D E …
Mixed Alphabet D E F G H …
![Page 6: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/6.jpg)
Shannon Model
Schematic
Assumption Enemy knows everything about the system except the
keyRequirement
The decipherer accurately reconstructs the information
Encipherer
Decipherer
Ciphertext
Key Key
Plaintext Plaintext
Adversary
C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.
For simple substitution:
![Page 7: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/7.jpg)
Shannon Analysis
Perfect Secrecy Adversary learns nothing about the information Only possible if the key is larger than the information
C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.
![Page 8: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/8.jpg)
Shannon Analysis
Equivocation vs Redundancy Equivocation is conditional entropy: Redundancy is lack of entropy of the source: Equivocation reduces with redundancy:
C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.
![Page 9: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/9.jpg)
Computational Secrecy
Assume limited computation resourcesPublic Key Encryption
Trapdoor Functions
Difficulty not proven Often “cat and mouse” game
Vulnerable to quantum computer attack
W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. on Info. Theory, 22(6), pp. 644-654, 1976.
1125897758 834 689
524287
2147483647
X
![Page 10: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/10.jpg)
Information Theoretic Secrecy
Achieve secrecy from randomness (key or channel), not from computational limit of adversary.
Physical layer secrecy Wyner’s Wiretap Channel [Wyner 1975]
Partial Secrecy Typically measured by “equivocation:” Other approaches:
Error exponent for guessing eavesdropper [Merhav 2003]
Cost inflicted by adversary [this talk]
![Page 11: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/11.jpg)
Shannon Analysis
Equivocation vs Redundancy Equivocation is conditional entropy: Redundancy is lack of entropy of the source: Equivocation reduces with redundancy:
C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.
![Page 12: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/12.jpg)
Equivocation
Not an operationally defined quantity
Bounds: List decoding Additional information needed for decryption
Not concerned with structure
![Page 13: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/13.jpg)
Guessing Eavesdropper
[Merhav 03]:
X=0 X=1 X=20
0.2
0.4
0.6
Prior Distribution (X)
Prob. of correct guess
![Page 14: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/14.jpg)
Guessing Eavesdropper
[Merhav 03]:
X=00
X=01
X=02
X=10
X=11
X=12
X=20
X=21
X=22
0
0.2
Prior Distribution (X1,X2)
Prob. of correct guess
![Page 15: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/15.jpg)
Traditional View of Encryption
Information inside
![Page 16: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/16.jpg)
Proposed View of Encryption
Information obscured
Images from albo.co.uk
![Page 17: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/17.jpg)
Competitive Distributed System
Node A Node BMessage
Key
Information Action
Adversary
Attack
Encoder:
System payoff: .
Decoder:
Adversary:
![Page 18: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/18.jpg)
Zero-Sum Game
Value obtained by system:Objective
Maximize payoff
Node A Node BMessage
Key
Information Action
Adversary
Attack
![Page 19: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/19.jpg)
Secrecy-Distortion Literature
[Yamamoto 97]: Cause an eavesdropper to have high reconstruction
distortion Replace payoff (π) with distortion
[Yamamoto 88]: No secret key Lossy compression
![Page 20: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/20.jpg)
Secrecy-Distortion Literature
[Theorem 3, Yamamoto 97]:
Theorem:
Choose Yields
![Page 21: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/21.jpg)
How to Force High Distortion
Randomly assign binsSize of each bin is Adversary only knows bin
Reconstruction of only depends on the marginal posterior distribution of
Example:
![Page 22: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/22.jpg)
INFORMATION THEORETIC RATE REGIONS
PROVABLE SECRECY
Theoretical Results
![Page 23: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/23.jpg)
Lossless TransmissionGeneral Reward Function
Simplex interpretation Linear program
Hamming Distortion
Common Information Secret Key
Two Categories of Results
![Page 24: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/24.jpg)
Competitive Distributed System
Node A Node BMessage
Key
Information Action
Adversary
Attack
Encoder:
System payoff: .
Decoder:
Adversary:
![Page 25: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/25.jpg)
Zero-Sum Game
Value obtained by system:Objective
Maximize payoff
Node A Node BMessage
Key
Information Action
Adversary
Attack
![Page 26: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/26.jpg)
Theorem:
[Cuff 10]
Lossless Case
Require Y=X Assume a payoff function
Related to Yamamoto’s work [97] Difference: Adversary is more capable with more
information
Also required:
![Page 27: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/27.jpg)
Binary-Hamming Case
Binary Source:Hamming DistortionNaïve approach
Random hashing or time-sharingOptimal approach
Reveal excess 0’s or 1’s to condition the hidden bits
0 1 0 0 1 0 0 0 0 1
* * 0 0 * * 0 * 0 *
Source
Public message
(black line)
(orange line)
![Page 28: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/28.jpg)
Linear Program on the Simplex
Category 1
Category 2
Category 4
0
0.5
1
Series 1
Series 2
Series 3
Series 4
Series 5
Series 1Series 2Series 3Series 4Series 5
![Page 29: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/29.jpg)
Linear Program on the Simplex
Constraint:
Minimize:
Maximize:
U will only have mass at a small subset of points (extreme points)
![Page 30: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/30.jpg)
Hamming Distortion – Low Key Rate
Arbitrary i.i.d. source (on finite alphabet)Hamming DistortionSmall Key Rate
Confuse with sets of size two Either reveal X or reveal that X is in {0,1} during
each instance ∏ = R0/2
![Page 31: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/31.jpg)
General Payoff Function
No requirement for lossless transmission.
Any payoff function π(x,y,z)Any source distribution
(i.i.d.)
Adversary:
![Page 32: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/32.jpg)
Payoff-Rate Function
Maximum achievable average payoff
Markov relationship:
Theorem:
![Page 33: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/33.jpg)
Unlimited Public Communication
Maximum achievable average payoff
Conditional common information:
Theorem (R=∞):
![Page 34: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/34.jpg)
Encoding Scheme
Coordination Strategies [Cuff-Permuter-Cover 10] Empirical coordination for U Strong coordination for Y
K
![Page 35: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/35.jpg)
Converse
![Page 36: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/36.jpg)
What the Adversary doesn’t know can hurt him.
[Yamamoto 97]
Knowledge of Adversary:
[Yamamoto 88]:
![Page 37: PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.](https://reader035.fdocuments.net/reader035/viewer/2022062421/56649d9d5503460f94a86b67/html5/thumbnails/37.jpg)
Summary
Framework for Encryption Average cost inflicted by adversary Dynamic settings where information is available
causally No use of “equivocation” Optimal performance uses both “strong” and
“empirical” coordination.