network coding and information security raymond w. yeung the chinese university of hong kong joint...

28
Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Upload: theodore-kelly

Post on 12-Jan-2016

212 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Network Coding and Information Security

Raymond W. YeungThe Chinese University of Hong Kong

Joint work with

Ning Cai, Xidian University

Page 2: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Outline

• Introduction to Network Coding• The Max-flow Bound• Secure Network Coding• Concluding Remarks

Page 3: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Introduction toNetwork Coding

Page 4: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

A Network Coding Example

The Butterfly Network

Page 5: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

b1 b2

b1

b1b1

b2

b2

b2

b2

b1

b1 b2

b1

b1

b2

b2b1+b2

b1+b2b1+b2

Page 6: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

A Network Coding Example

with Two Sources

Page 7: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

b1b2

b1 b2

b1 b2 b2b1

b1 b2

b2b1

b1+b2

b1+b2

b1+b2

Page 8: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Wireless/Satellite Application

b1 b2

t = 1b1

t = 2

t = 3b1+b2

b2

b1+b2

50% saving for downlink bandwidth!

Page 9: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Two Themes of Network Coding

• When there is 1 source to be multicast in a network, store-and-forward may fail to optimize bandwidth.

• When there are 2 or more independent sources to be transmitted in a network (even for unicast), store-and-forward may fail to optimize bandwidth.

In short, Information is NOT a commodity!

Page 10: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Model of a Point-to-Point Network

• A network is represented by a directed graph G = (V,E) with node set V and edge (channel) set E.

• A symbol from an alphabet F can be transmitted on each channel.

• There can be multiple edges between a pair of nodes.

Page 11: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Single-Source Network Coding

• The source node S generates an information vector

x = (x1 x2 … xk) Fk.• What is the condition for a node T to be able to

receive the information vector x?• Max-Flow Bound. If maxflow(T) < k, then T

cannot possibly receive x.

Page 12: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

The Basic Results

• If network coding is allowed, a node T can receive the information vector x iff

maxflow(T) ≥ki.e., the max-flow bound can be achieved simultaneously by all such nodes T. (ACLY00)

• Moreover, this can be achieved by linear network coding for a sufficiently large base field. (LYC03, KM03)

Page 13: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Secure Network Coding

Cai and Y, 2002(discussed with Ueli Maurer, ISIT 2000)

Page 14: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Problem Formulation

• The underlying model is the same as network multicast using network coding except that some sets of channels can be wiretapped.

• Let A be a collection of subsets of the edge set E.• A subset in A is called a wiretap set.• Each wiretap set may be fully accessed by a wiretapper.• No wiretapper can access more than one wiretap set.• The network code needs to be designed in a way such

that no matter which wiretap set the wiretapper has access to, the multicast message is information-theoretically secure.

Page 15: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Our Coding Scheme

• The multicast message is (s,w), where• s is the secure message

• w is the randomness

• Both s and w are generated at the source node.

Page 16: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

A Example of a Secure Network Code

Page 17: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

s-w s+w

s-w

s-w

s+w

s+ww

wwOne of the 3 One of the 3 red channelsred channels can can be wiretappedbe wiretappeds is the secure messages is the secure messagew is the randomnessw is the randomness

Page 18: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Another Example of Secure Network Coding

The (1,2)-threshold Secret Sharing Scheme

Page 19: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

wws+ws+w

s-ws-w

One of the 3 One of the 3 red channelsred channels can can be wiretappedbe wiretappeds is the secure messages is the secure messagew is the randomnessw is the randomness

Page 20: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Construction of Secure Network Codes

• Let n = minT maxflow(T).• We have obtained a sufficient condition under which a

secure linear network code can be constructed. • In particular, if A consists of all the r-subsets of E, where r <

n, then we can construct a secure network code with multicast message (s,w) such that |s|=n-r and |w|=r.

• For this case, the condition is also necessary.• Interpretation: For a sink node T, if r channels in the network

are wiretapped, the number of “secure paths” from the source node to T is still at least n-r. So n-r symbols can go through securely.

Page 21: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Global Encoding Kernels of a Linear Network Code

• Recall that x = (x1 x2 … xk) is the multicast message.

• For each channel e, assign a column vector fe such that the symbol sent on channel e is x fe. The vector fe is called the global encoding kernel of channel e.

• The global encoding kernel of a channel is analogous to a column in the generator matrix of a classical block code.

• The global encoding kernel of an output channel at a node must be a linear combination of the global encoding kernels of the input channels.

Page 22: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

An Example

k = 2, let x = (b1, b2)

Page 23: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

b1 b2

b1

b1

b2

b2b1+b2

b1+b2b1+b2

1

0

1

0

0

1

1

1

1

1

1

1

1

0

0

1

0

1

Page 24: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Idea of Code Construction

• Start with a linear network code for multicasting n symbols.

• For all wiretap set A A, let fA = { fe : e A }, the set of global encoding kernels of the channels in A.

• Let dim(span(fA)) r for all A A. [sufficient condition]

• When the base field F is sufficiently large, we can find b1, b2, …, bn-r Fn such that

b1, b2, …, bn-r are linearly independent of fA

for all A A.

Page 25: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

• Let the multicast message be (s,w), with |s| = n-r and |w| = r.

• Take a suitable linear transformation of the given linear network code to obtain the desired secure network code.

Page 26: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Recent Work (Cai and Y, ISIT 2007)

• We obtained a necessary and sufficient condition for the security of linear network codes.

• This condition applies in the cases when • There are more than one information source

nodes in the network.• The random keys are not uniformly distributed.

• This condition also shows that the security of a linear network code does not depend on the source distribution.

Page 27: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Resources

• Network Coding Homepage

http://www.networkcoding.info• R. W. Yeung, S.-Y. R. Li, N. Cai and Z. Zhang,

Network Coding Theory, now Publishers, 2005 (Foundation and Trends in Communications and Information Theory).

• N. Cai and R. W. Yeung, “Secure network coding,” preprint.

Page 28: Network Coding and Information Security Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University

Concluding Remarks

• Secure network coding is a generalization of both (regular) network coding and secret sharing.

• The subject is still in its infancy, and a lot of basic questions are yet to be answered.