Upload
lisbet
View
24
Download
0
Embed Size (px)
DESCRIPTION
47th Annual Allerton Conference on Communication, Control, and Computing University of Illinois at Urbana-Champaign. Joint Compression and Protection. J.Almeida, J.Barros Instituto de Telecomunicações Universidade do Porto. Conventional Encryption. - PowerPoint PPT Presentation
Citation preview
© 2005, it - instituto de telecomunicações. Todos os direitos reservados.
J.Almeida, J.BarrosInstituto de Telecomunicações
Universidade do Porto
Joint Compression and Protection
47th Annual Allerton Conference on Communication, Control, and ComputingUniversity of Illinois at Urbana-Champaign
2 Allerton Conference 2009, University of Illinois at Urbana-Champaign
Conventional Encryption
• Insensitive to the characteristics of the communication system
• Compression, channel reliability, etc.
• Encryption of all data
• Limitations
• Delay constraints, energy and power constraints, etc.
3
Reducing Encryption Complexity
• Is it really necessary to cipher the complete set of data?
• Ex: SPOC [Vilela et al. ‘08].
• Partial encryption algorithms
• Data dependable
• Trade-off between the amount of encrypted data and security.
• Can source coding help?
• Intrinsic security
• Variable length codes are hard to cryptanalyze!
• Preffix codes – Fraenkel and Klein ‘94
• Huffman codes – Gillman, Mohtashemi and Rivest ’96
• Ambiguity
• C0 = {a:0, b:10, c:11}, C1 = {a:1, b:01, c:00}
• C-1(0001011) = AAABC or CBBA?
Allerton Conference 2009, University of Illinois at Urbana-Champaign
4
Combining Compression and Protection Features
Allerton Conference 2009, University of Illinois at Urbana-Champaign
uEncoder
Eavesdropper
Decoder
Key Source
Message Source
k
u z
• Encoder
• Compression + encryption
• Analysis-by-synthesis type of encoding
• Exploit code properties to reduce size of data to encrypt.
• Decoder
• Decompression + decryption.
z
5
Combining Compression and Protection Features
Allerton Conference 2009, University of Illinois at Urbana-Champaign
Compression
One-time padAnalysis
Encryption
Entropy coder
Multiplexeru
x
t
y = x t
k
z
t’
k’
x
• Joint design of analysis and entropy coder blocks.
• Minimize the size of t’ to reduce the computational complexity of encryption.
Encoder
Eavesdropper
Decoder
Key Source
Message Source
k
u zu
6
Combining Compression and Protection Features
Allerton Conference 2009, University of Illinois at Urbana-Champaign
Encoder
Eavesdropper
Decoder
Key Source
Message Source
k
u zu
z
Decompression
One-time pad
Decryption
Entropy coderDemultiplexer
u
tx = y t
k
t’k’
y y
y
7
The case of Huffman codes
• Catastrophic error propagation
• C = {A: 100, B: 0, C: 111, D: 101, E: 110}
• Source message: BBCBECDBBB
• Encoded bitstream: 001110110111101000
• Decoded symbols: DBDDCBAB
• Fliped two bits and changed several source symbols.
Allerton Conference 2009, University of Illinois at Urbana-Champaign
• Exploit this property for encryption
• Generated keystreams will have long runs of zeros.
• Runlength entropy coder reduces the amount of information we need to encrypt.
8
Huffman Tree and Trellis
• C = { A:00, B:01, C:10, D:110, E:111 }.
Allerton Conference 2009, University of Illinois at Urbana-Champaign
9
Trellis based keystreams
• Cryptogram cannot contain the trellis root states of the original codewords
• Define path cost function that reflects the cost of the entropy coder
• Compute the minimum path cost using greedy approach
Allerton Conference 2009, University of Illinois at Urbana-Champaign
10
Huffman Tree and Error Automaton
• C = { A:00, B:01, C:10, D:110, E:111 }.
Allerton Conference 2009, University of Illinois at Urbana-Champaign
11
Error Automaton based keystreams
• Transition function between automaton states
• If a codeword leads to a synchronization state modify codeword
• Choice can be subject to optimization regarding the efficiency of the entropy coder
• Keystream is the concatenation of the sequence of modifications
• Error states: {0, 1, 00, 01, 10, 11, 000}
• Source message: CRYPTOGRAPHY
• Cryptogram: YYOHRGOCOGA
Allerton Conference 2009, University of Illinois at Urbana-Champaign
x t s
- - I
C 0000 0010 0
R 010 000 0
Y 001 010 1
P 011 000 1
T 100 000 0
O 101 000 1
G 111 000 1
R 010 000 0
A 0001 0000 1
P 011 000 1
H 110 000 0
Y 001 000 S
12
Information Leakage
• Assume adversary that
• (a) knows the compression algorithm in use
• (b) knows the encryption algorithm in use
• ... assume also that the one-time pad is correctly used
• Eavesdropper tries to infer x (eq. t) based on y and the algorithm
• No key recovery attacks!
• When do things go wrong?
• When there is not enough diversity in codeword sizes
Allerton Conference 2009, University of Illinois at Urbana-Champaign
13
Information Leakage - Trellis
Allerton Conference 2009, University of Illinois at Urbana-Champaign
• Eavesdropper knows that his trellis path root states are forged
• Prunes the trellis
• Random choices
• Increases the size of data to encrypt
14
Information Leakage - Automaton
Allerton Conference 2009, University of Illinois at Urbana-Champaign
• Adversary knows that the 1st codeword has size different from his observation
• Loss of synchronization was induced
• Ignore the size of the 1st codeword and start to decode afterwards
• Use keystream to control how modifications are induce
• Increases the size of data to encrypt
15
Results
Allerton Conference 2009, University of Illinois at Urbana-Champaign
16
Results
Allerton Conference 2009, University of Illinois at Urbana-Champaign
17
Conclusions
• Joint compression and data protection
• Abstraction from compression algorithm
• Analysis-by-synthesis encoding
• Reduction of size of encrypted information
• Link between entropy coder and analysis block
• Trade-off between security, computational and data overheads
• Huffman codes
• Catastrophic error propagation + RL entropy coder
• Encryption algorithms based on loss of synchronization principles
• Further developments
• Cryptanalysis of the proposed algorithms
• Study trade-offs for other entropy coders
• Develop analysis algorithms for other source coders
Allerton Conference 2009, University of Illinois at Urbana-Champaign
http://nip.dcc.fc.up.pt