Expander Graphs for Digital Stream Authentication and Robust Overlay Networks Presented by Neeraj Agrawal, Zifei Zhong

Expander Graphs for Digital Expander Graphs for Digital Stream Authentication and Stream Authentication and Robust Overlay NetworksRobust Overlay Networks

Presented byPresented by

Neeraj Agrawal, Zifei ZhongNeeraj Agrawal, Zifei Zhong

ContentsContents

• Introduction• Authentication of Digital Broadcast Data• Overlay Networks• Basic Definitions & Theorems• Expander-Based Authentication: -- DAG Expander Construction & Analysis -- Authentication Graph

• Expander-Based Overlay Network-- Construction & Analysis

-- Applications • Conclusion and Future work.

IntroductionIntroduction

Expander Graphs for

• Authenticating the digital data over lossy network

• Construction of robust Overlay Networks

Authentication of Digital Broadcast Authentication of Digital Broadcast DataData

• Goal

To ensure that digitally broadcast streams originate from the purported source.

• Challenge

Internet and other networks are not perfect and lost packets are generally not transmitted.

Possible SolutionsPossible Solutions

• Shared Secret between sender and receivers

Sender computes the MAC using a shared key and receiver uses this key to authenticate the packets.

• Disadvantage Anyone with the shared secret could forge

or leak the shared secret.

Possible Solutions (Cont…)Possible Solutions (Cont…)

• Asymmetric Cryptography Sender can sign each packet with its private

key and each receiver verifies the signature of each packet with corresponding public key.

• Disadvantage Heavy overhead of generation and

verification of packets.


• Graph Based Authentication


• Drawbacks:Since the degree of the vertices in the graph are not constant they grow linearly to the number of nodes in the graph.

Due to this the efficiency of the implementation is reduced.

Overlay NetworksOverlay Networks

• Overlay networks are formed from a subset of nodes in underlying network. The participating nodes communicate via virtual links between two nodes that may not be directly connected in the underlying network. (ex. MBone, ABone, Gnutella).

• Goal is to improve the reachability of any node in the network using expander graphs thereby making the network robust.

Expander Graph based Expander Graph based AuthenticationAuthentication

Expander Graph based Expander Graph based Authentication (Cont…)Authentication (Cont…)

• Let {P0, …, Pn-1} be the consecutive packets that need to be broadcasted. Then a directed acyclic graph is constructed out of these n vertices where vertex i corresponds to the packet Pi. An edge (i,j) in the graph indicates the authentication relationship between packet Pi and Pj

• To authenticate a packet Pj receiver simply computes the hash of Pj and checks whether it equals the corresponding hash value carried in Pi.

• The DAG formed by the n nodes and the edges corresponding to the authentication relationship is known as authentication graph.


• NotationsUp Vertex: A vertex is said to be up if the corresponding

packet is received. Up Path: A path is said to be up if all the vertices on

the path are up.Signature Packet:

Starting packet of the stream is called signature packet which is signed by

senders public key. Receivers authenticate other packets by following the edge starting from

this signature packet.


• Assumptions1. All receivers receive the signature packet.

2. Senders and Receivers have large buffering capacity.

3. Probabilistic model for packet loss is assumed where each packet in the stream can be received with probability p independent of other packets.

4. Hash function is assumed to be collision resistant, i.e. it is computationally infeasible to find two different values that hash to the same value.

Basic Definitions & TheoremsBasic Definitions & Theorems

• Definition 1. Bipartite Graph A bipartite graph is an undirected graph

consisting of two non-overlapping sets of vertices V1 and V2 and edges connecting the two sets of vertices, i.e. if an edge , then either or

. G is called a (n1,n2)-bipartite graph with degree (d1,d2) if |V1| = n1, |V2| = n2; and every node in V1 has degree at most d1, every node in V2 has degree at most d2. If d1 = d2 we say the degree is d1

Now the boring journey starts…Now the boring journey starts…

12 , VvVu


• Definition 2. Bipartite Expander A bipartite graph is (c1,c2)-expanding

if for i = 1,2, for every , where

, where T(S) is the set of neighbors of S in V3-I. if c1=c2, we say the graph is c1-expanding.

,2|||| 3 ii cVS

|||| ScST i

… … definitions are hard to remember, especially long ones…definitions are hard to remember, especially long ones…


• Definition 3. Ordinary Expander Graph An undirected graph is c-expanding if for

every where ,

where T(S) is the set of neighbors of S (not including S).

EVG , cVS 2|||| ||1|| ScST

… … they do not grow longer, fortunately …they do not grow longer, fortunately …


• Theorem 1. Ramanujan Graph The Ramanujan graph construction give a (n, n)-bipartite

expander graph of degree d for every n = q +1, d = p+1 where p and q are two primes congruent to 1 modulo 4. These graphs are (d/8)-expanding. The same construction can be used to construct ordinary expander graphs with n vertices and degree d and (d/8)-expanding.

… … let’s simply call it Rama graph…let’s simply call it Rama graph…


• Theorem 2. Chernoff Bound Let X1, X2, …, Xn be independent random variables such

that for

where .

Define and define Then for

,1 ni ,]1Pr[ ii pX ii pX 1]0Pr[10 ip

,1n

iXX ].[XE

,10 .2exp]1Pr[ 2 X

……chernoff bound is useful, we should know it…chernoff bound is useful, we should know it…


• Corollary 3 Given a set of s no des where each node is up

independently with probability p, the probability that at least (ps/2) nodes are up is at least .8exp1 ps

Yeah…, just apply the chernoff bound, we get it…Yeah…, just apply the chernoff bound, we get it…

Expander-Based Authentication: Expander-Based Authentication: -- DAG Expander Construction & Analysis-- DAG Expander Construction & Analysis

• How to construct… Use the expansion property of expanders to construct an

authentication graph allowing a receiver to authenticate a received packet with high probability.

Let’s first see how to use a (n, n)-bipartite expander graph with degree d and expander factor c to construct a (n/a, n)-bipartite expander…

The idea seems not difficult…The idea seems not difficult…


• Lemma 1 Given a (n, n)-bipartite expander graph with degree d

and expansion factor c, we can explicitly construct a (n/a, n)-bipartite expander of degree (da, d) and is (ac, c/a)-expanding.

This point is obvious…This point is obvious…


• Construction

We construct a layered DAG expander using the (na, n)-bipartite expanders found by applying Lemma 1 to any (n, n)-bipartite expander graph.

1). The 0-th layer contains the root R, and for all i the i-th layer contains vertices. Layers i-1 and i are connected using a copy of an -bipartite expander graph from Lemma 1.

2). The edges point from layer i-1 to layer i. Let c denote the expansion factor from the i-th layer to i-1th layer.

ia ii aa ,1

Wow~, somehow complicated…Wow~, somehow complicated…


• An example of construction

……it’s a dull figure…it’s a dull figure…


• Property Analysis

Claim 1: suppose

Then the probability that is at least

.22 1 cacp iit

……but…, how can you claim that …but…, how can you claim that …

iti cpS 2||

.8exp1

8exp1

24

1exp1

1 cp

cpcpit



Claim 2: with probability at least

there is an m for which

,

8exp1

8exp1

cp

cp

caS mm 2|| 1

……terrible… this one is based on the previous …terrible… this one is based on the previous …



Claim 3: if

then for all i < m, with probability at least

caS mm 2|| 1

4|| ii paS

.16exp1

16exp116exp1

1

1 ap

appa

m

i

i

……well… we require LESS complicated things…well… we require LESS complicated things…



Theorem 4: Assume each vertex except the root R in our DAG expander is up independently with probability p, where c is the expansion factor from i-1th layer, c>4/p and a>4/p. If a vertex v is up, then there exists an up path from R to v with probability at least

……en~…, this is from the previous 3 claims.. en~…, this is from the previous 3 claims..

.16exp1

16exp

8exp1

8exp1

cp

cp

cp

cp

Expander-Based Authentication: Expander-Based Authentication: -- Authentication Graph-- Authentication Graph

• How to build the authentication graph?

1). Exploit the DAG construction, let the root be the 1st packet P0.

2). Number the vertices from 0 to n-1 layer by layer. Any vertex on layer i has a lower number than any vertex on layer i+1. Let vertex i correspond to packet Pi.

……well~…, finally we come out from the hell ... well~…, finally we come out from the hell ...


• Properties

1). Each packet except for those corresponding to leaves on the DAG expander has a constant number d*a embedded hash values, and the constant number d*a is independent of the size of graph.

2). The authentication probability is at least

16exp1

16exp

8exp1

8exp1

ap

ap

cp

cp

……aha, …now I know what the theorem 4 does.. aha, …now I know what the theorem 4 does..


• Properties-- We can control the arrival probability by a and d…

Corollary 5. Assume we have a DAG expander, each vertex in it except the root R is up independently with probability p, and d>32a/p and a>4/p. If a vertex v is up, then there exists an up path from R to v with probability at least

16exp1

16exp

64exp1

64exp1

ap

ap

adp

adp

……???, …this is somewhat different... ???, …this is somewhat different...

Expander-Based Overlay Expander-Based Overlay Networks:Networks:

-- Construction & Analysis-- Construction & Analysis

• Construction

1). Given n nodes, we build the overlay network as the Ramanujan expander graph with n nodes and degree d.

2). Each node corresponds to a host in the overlay network, while each edge represent a virtual link between the two connected hosts.

3). Assume transmission time and latency are bounded.

……ooh, …what’s this… ooh, …what’s this…



• Analysis

Lemma 2. With probability at least

any up node v can reach more than pn/4 up nodes within distance O(log n) via up paths.

64exp1

64exp1

dp

dp

……well, …something not easy … well, …something not easy …

• Analysis

Claim 1. Suppose .

Then the probability that is at least

dndp i 416 1

ii dpS 16||

64exp1

64exp1

164

1exp1

1 dp

dpdpi

l



……god, …it’s another nightmare … god, …it’s another nightmare …



• Analysis

Claim 2. With probability at least ,

there is an m for which

and m = O(log n).

64exp1

64exp1

dp

dp

dnSi /4||

……somehow not as tough as before …somehow not as tough as before …



• Analysis

Lemma 3. Any two sets of size at least

in a Ramanujan expander with n nodes and degree d have at least one edge between the two sets.

dn2

……but, …where is the proof…but, …where is the proof…


-- Construction & Analysis-- Construction & Analysis• Analysis

Theorem 6. Let G be an undirected Ramanujan expander graph on n nodes with degree d. Assume each node in the graph is up independently with probability p. For any two up nodes v and w, the probability that there is an up path of length O(log n) from v to w is given that . Similarly a broadcast message by v will reach a particular node in an up path of length O(log n) with probability at least

)64/exp(1

)64/exp(21

dp

dp

)8(2

pd

)64/exp(1

)64/exp(21

dp

dp

……good~, …we are approaching the end…good~, …we are approaching the end…


-- Application to Decentralized Certificate Revocation-- Application to Decentralized Certificate Revocation

• Overlay networks can have an effective graph for distributing certificate revocation messages.

• Since the graph for representing the overlay network is constant degree it requires only constant number of messages to send or receive the revocation message.

• Each node is reachable by an up path of length O(log n)• Even if a high fraction of node fails each up node will

receive the revocation message in O(log n) steps with probability

)64/exp(1

)64/exp(21

dp

dp


-- Application in building Survival Networks-- Application in building Survival Networks

• If an adversary can take out nodes in the network with independent probability then the results described in the previous slide implies that we can always build up the overlay network that is highly survivable.

ConclusionConclusion

• An efficient construction for authentication graph of constant degree. It is an improvement over previous solution which used O(n) degree.

• This construction provides high probability of authentication.

• A proven lower bound of probability that a packet can be authenticated upon arrival has be provided

Conclusion (cont...)Conclusion (cont...)

• The lower bound is independent of the size of the graph.

• Undirected expander graphs and results discussed can be used to construct efficient, robust and scalable overlay networks.

• Overlay networks provide efficient solution to the decentralized certification revocation problem.

Future WorkFuture Work

• Expander Construction is still an active area in the graph theory.

• There is still lots of scope for improvement ex. Probability bound can be improved by using Kahle’s results.

Questions, please ~:-)

Documents

Expander Graphs for Digital Stream Authentication and Robust Overlay Networks Presented by Neeraj Agrawal, Zifei Zhong