Créer une présentation
Télécharger la présentation

Télécharger la présentation
## Network Coding and Information Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Network Coding and Information Security**Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai, Xidian University**Outline**• Introduction to Network Coding • The Max-flow Bound • Secure Network Coding • Concluding Remarks**A Network Coding Example**The Butterfly Network**b1**b2 b1 b2 b1 b2 b1 b2 b1 b2 b1 b2 b1 b1+b2 b2 b2 b1 b1+b2 b1+b2**A Network Coding Example**with Two Sources**b1**b2 b1 b2 b1+b2 b2 b2 b2 b1 b1 b1 b1+b2 b1+b2 b2 b1**b1**b2 b1 t = 1 b2 t = 2 b1+b2 b1+b2 t = 3 Wireless/Satellite Application 50% saving for downlink bandwidth!**Two Themes of Network Coding**• When there is 1 source to be multicast in a network, store-and-forward may fail to optimize bandwidth. • When there are 2 or more independent sources to be transmitted in a network (even for unicast), store-and-forward may fail to optimize bandwidth. In short, Information is NOT a commodity!**Model of a Point-to-Point Network**• A network is represented by a directed graph G = (V,E) with node set V and edge (channel) set E. • A symbol from an alphabet F can be transmitted on each channel. • There can be multiple edges between a pair of nodes.**Single-Source Network Coding**• The source node S generates an information vector x = (x1 x2 … xk) Fk. • What is the condition for a node T to be able to receive the information vector x? • Max-Flow Bound. If maxflow(T) < k, then T cannot possibly receive x.**The Basic Results**• If network coding is allowed, a node T can receive the information vector x iff maxflow(T) ≥k i.e., the max-flow bound can be achieved simultaneously by all such nodes T. (ACLY00) • Moreover, this can be achieved by linear network coding for a sufficiently large base field. (LYC03, KM03)**Secure Network Coding**Cai and Y, 2002 (discussed with Ueli Maurer, ISIT 2000)**Problem Formulation**• The underlying model is the same as network multicast using network coding except that some sets of channels can be wiretapped. • Let A be a collection of subsets of the edge set E. • A subset in A is called a wiretap set. • Each wiretap set may be fully accessed by a wiretapper. • No wiretapper can access more than one wiretap set. • The network code needs to be designed in a way such that no matter which wiretap set the wiretapper has access to, the multicast message is information-theoretically secure.**Our Coding Scheme**• The multicast message is (s,w), where • s is the secure message • w is the randomness • Both s and w are generated at the source node.**s-w**s+w s+w s-w s-w w s+w • One of the 3 red channels can be wiretapped • s is the secure message • w is the randomness w w**Another Example of Secure Network Coding**The (1,2)-threshold Secret Sharing Scheme**w**s-w s+w • One of the 3 red channels can be wiretapped • s is the secure message • w is the randomness**Construction of Secure Network Codes**• Let n = minT maxflow(T). • We have obtained a sufficient condition under which a secure linear network code can be constructed. • In particular, if Aconsists of all the r-subsets of E, where r < n, then we can construct a secure network code with multicast message (s,w) such that |s|=n-r and |w|=r. • For this case, the condition is also necessary. • Interpretation: For a sink node T, if r channels in the network are wiretapped, the number of “secure paths” from the source node to T is still at least n-r. So n-r symbols can go through securely.**Global Encoding Kernels of a Linear Network Code**• Recall that x = (x1 x2 … xk) is the multicast message. • For each channel e, assign a column vector fe such that the symbol sent on channel e is x fe. The vector fe is called the global encoding kernel of channel e. • The global encoding kernel of a channel is analogous to a column in the generator matrix of a classical block code. • The global encoding kernel of an output channel at a node must be a linear combination of the global encoding kernels of the input channels.**An Example**k = 2, let x = (b1, b2)**b1**b2 b1 b2 b1 b1+b2 b2 b1+b2 b1+b2**Idea of Code Construction**• Start with a linear network code for multicasting n symbols. • For all wiretap set A A, let fA = { fe : e A }, the set of global encoding kernels of the channels in A. • Let dim(span(fA)) r for all A A. [sufficient condition] • When the base field F is sufficiently large, we can find b1, b2, …, bn-r Fn such that b1, b2, …, bn-r are linearly independent of fA for allA A.**Let the multicast message be (s,w), with |s| = n-r and |w| =**r. • Take a suitable linear transformation of the given linear network code to obtain the desired secure network code.**Recent Work (Cai and Y, ISIT 2007)**• We obtained a necessary and sufficient condition for the security of linear network codes. • This condition applies in the cases when • There are more than one information source nodes in the network. • The random keys are not uniformly distributed. • This condition also shows that the security of a linear network code does not depend on the source distribution.**Resources**• Network Coding Homepage http://www.networkcoding.info • R. W. Yeung, S.-Y. R. Li, N. Cai and Z. Zhang, Network Coding Theory, now Publishers, 2005 (Foundation and Trends in Communications and Information Theory). • N. Cai and R. W. Yeung, “Secure network coding,” preprint.**Concluding Remarks**• Secure network coding is a generalization of both (regular) network coding and secret sharing. • The subject is still in its infancy, and a lot of basic questions are yet to be answered.