Embed Size (px)
DESCRIPTION
Network Coding and Information Security. Raymond W. Yeung The Chinese University of Hong Kong Joint work with Ning Cai , Xidian University. Outline. Introduction to Network Coding The Max-flow Bound Secure Network Coding Concluding Remarks. Introduction to Network Coding. - PowerPoint PPT Presentation
Citation preview
Network Coding and Information Security
Raymond W. YeungThe Chinese University of Hong Kong
Joint work with Ning Cai, Xidian University
Outline
• Introduction to Network Coding• The Max-flow Bound• Secure Network Coding• Concluding Remarks
Introduction toNetwork Coding
A Network Coding Example
The Butterfly Network
b1 b2
b1
b1b1
b2
b2
b2
b2
b1
b1 b2
b1
b1
b2
b2b1+b2
b1+b2b1+b2
A Network Coding Example
with Two Sources
b1b2
b1 b2
b1 b2 b2b1
b1 b2
b2b1
b1+b2
b1+b2
b1+b2
Wireless/Satellite Applicationb1 b2
t = 1b1
t = 2
t = 3b1+b2
b2
b1+b2
50% saving for downlink bandwidth!
Two Themes of Network Coding• When there is 1 source to be multicast in a
network, store-and-forward may fail to optimize bandwidth.
• When there are 2 or more independent sources to be transmitted in a network (even for unicast), store-and-forward may fail to optimize bandwidth.
In short, Information is NOT a commodity!
Model of a Point-to-Point Network
• A network is represented by a directed graph G = (V,E) with node set V and edge (channel) set E.
• A symbol from an alphabet F can be transmitted on each channel.
• There can be multiple edges between a pair of nodes.
Single-Source Network Coding• The source node S generates an information
vector x = (x1 x2 … xk) Fk.
• What is the condition for a node T to be able to receive the information vector x?
• Max-Flow Bound. If maxflow(T) < k, then T cannot possibly receive x.
The Basic Results• If network coding is allowed, a node T can
receive the information vector x iff maxflow(T) ≥k
i.e., the max-flow bound can be achieved simultaneously by all such nodes T. (ACLY00)
• Moreover, this can be achieved by linear network coding for a sufficiently large base field. (LYC03, KM03)
Secure Network Coding
Cai and Y, 2002(discussed with Ueli Maurer, ISIT 2000)
Problem Formulation• The underlying model is the same as network multicast
using network coding except that some sets of channels can be wiretapped.
• Let A be a collection of subsets of the edge set E.• A subset in A is called a wiretap set.• Each wiretap set may be fully accessed by a wiretapper.• No wiretapper can access more than one wiretap set.• The network code needs to be designed in a way such
that no matter which wiretap set the wiretapper has access to, the multicast message is information-theoretically secure.
Our Coding Scheme
• The multicast message is (s,w), where• s is the secure message• w is the randomness
• Both s and w are generated at the source node.
A Example of a Secure Network Code
s-w s+w
s-w
s-w
s+w
s+ww
wwOne of the 3 One of the 3 red channelsred channels can can be wiretappedbe wiretappeds is the secure messages is the secure messagew is the randomnessw is the randomness
Another Example of Secure Network Coding
The (1,2)-threshold Secret Sharing Scheme
ww s+ws+w s-ws-w
One of the 3 One of the 3 red channelsred channels can can be wiretappedbe wiretappeds is the secure messages is the secure messagew is the randomnessw is the randomness
Construction of Secure Network Codes
• Let n = minT maxflow(T).• We have obtained a sufficient condition under which a
secure linear network code can be constructed. • In particular, if A consists of all the r-subsets of E, where r <
n, then we can construct a secure network code with multicast message (s,w) such that |s|=n-r and |w|=r.
• For this case, the condition is also necessary.• Interpretation: For a sink node T, if r channels in the network
are wiretapped, the number of “secure paths” from the source node to T is still at least n-r. So n-r symbols can go through securely.
Global Encoding Kernels of a Linear Network Code
• Recall that x = (x1 x2 … xk) is the multicast message.
• For each channel e, assign a column vector fe such that the symbol sent on channel e is x fe. The vector fe is called the global encoding kernel of channel e.
• The global encoding kernel of a channel is analogous to a column in the generator matrix of a classical block code.
• The global encoding kernel of an output channel at a node must be a linear combination of the global encoding kernels of the input channels.
An Example
k = 2, let x = (b1, b2)
b1 b2
b1
b1
b2
b2b1+b2
b1+b2b1+b2
10
10
01
11
11
11
10
01
01
Idea of Code Construction• Start with a linear network code for multicasting n
symbols.• For all wiretap set A A, let fA = { fe : e A }, the set of
global encoding kernels of the channels in A.• Let dim(span(fA)) r for all A A. [sufficient condition]
• When the base field F is sufficiently large, we can find b1, b2, …, bn-r Fn such that
b1, b2, …, bn-r are linearly independent of fA
for all A A.
• Let the multicast message be (s,w), with |s| = n-r and |w| = r.
• Take a suitable linear transformation of the given linear network code to obtain the desired secure network code.
Recent Work (Cai and Y, ISIT 2007)
• We obtained a necessary and sufficient condition for the security of linear network codes.
• This condition applies in the cases when • There are more than one information source
nodes in the network.• The random keys are not uniformly distributed.
• This condition also shows that the security of a linear network code does not depend on the source distribution.
Resources
• Network Coding Homepagehttp://www.networkcoding.info
• R. W. Yeung, S.-Y. R. Li, N. Cai and Z. Zhang, Network Coding Theory, now Publishers, 2005 (Foundation and Trends in Communications and Information Theory).
• N. Cai and R. W. Yeung, “Secure network coding,” preprint.
Concluding Remarks
• Secure network coding is a generalization of both (regular) network coding and secret sharing.
• The subject is still in its infancy, and a lot of basic questions are yet to be answered.
