Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul."— Presentation transcript:

1 Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul G. Spirakis

2 General Outline Introduction and Motivation Permutation Revealing Protocol PRP Permutation Encrypted Protocol PEP Conclusions

3 Bounded Storage Model Introduced by Maurer (‘92) Adversary – Adversary has bounded storage capacity – A source of random bits broadcasts more traffic than adversary can store Task: Shared Key Establishment Information Theoretic secure

4 Generating a Shared Key in BSM Continious Physical Layer authentication Key sharing between Alice and Bob is possible without sharing bits before protocol begins (Maurer, 1992) Ratio between storage capacity of Alice, Bob, and Adversary (Dzeiembowski, Maurer, 2004) It is impossible to overcome Birthday paradox Schemes for key expansion (Aumann, Rabin, Ding, 2002; Lu 2004; Vadhan 2004). Our protocols are comparable to protocols of Aumann, Ding, Rabin. Secure communication

5 Our Contribution Information Theoretic Secure key exchange schemes for BSM – Permutation Revealing Protocol PRP – Permutation Encrypted Protocol PEP Especially suitable for resource constrained & wireless environment – Simple – to implement and to run – Efficient – Uses typical physical implementation Bits are sent in blocks/frames Random source works in parallel over several channels

6 Setting and Notation S Wireless Network WN 1 0 … …1 m bit message M 0 0 … … 1 m bit OTP 0 0 … … 1 00 … 1 … 00 … 1 … encrypted message Memory s<s AD < n Limited to store sequence bits …

7 Setting and Notation Process 1- Generating an Initial Key (Dzeiembowski, Maurer, 2004) By Birthday paradox: for a single shared bit Record O(T 1/2 ) random bits and their indexes O(T 1/2 log T) bits of memory 0 1 1 1 1 0 0 …T bits random string 12, 9, 6, 5, 3 2, 4, 7, 9, 15 (9,1) (3, 1) (5, 0) (6, 0) (9, 1) (12, 1) (2, 1) (4, 1) (7, 0) (9, 1) (15, 0) 1...

8 Input log b (log m +k) secret bits shared in Process 1 (log m +k) indexes of channels b 1 … b log m+k c1c1 cici cbcb 1 0 … 1 m bits 1 0 … 0... cjcj 0 0 … 1 Repeat log m +k times PRP Phase 1- Sampling c1c1 cici 1 0 … 1 0 0 … 1...

9 PRP Phase 2 – Extraction & Permutation Sharing 1 0 … 1… m ( log m +k) shared bits 1 0 … 1… m ( log m +k) shared bits  = {12, 10, 1, 8, 6, …} 0 1 … 0... 1 1 … 1 0 1 … 0...1 1... 1 0 1 … 0...1 1... 1 0 1 … 0... 1 1 … 1 XOR OTP=(OTP 1 … OTP m ) Matrix size (log m +k)  m

10 Why PRP works? Number of possible channels Number of tuples among m bits Number of tuples out of bm /2 stored bits =(log m +k) Assume s Ad < bm /2

11 Permutation Encrypted Protocol PEP Motivation: Shared bits that define the permutation are used by PRP ONLY once, and can be used multiple times…

12 Permutation Encrypted Protocol PEP (N) blocks of log b bits (N)log b bits + m (N) (log m (N)) Permutation  on m (N) bits  is not revealed OTP in PEP is reusable for an exponential (in the security parameter k) number of encryptions. PRP requires more shared bits in the beginning N number of rounds to use the same shared permutation (N)=log(mN+k) k security parameter

13 Repeat (N) times N number of rounds while OTP is reusable c1c1 cici cbcb 1 0 … 1 m bits 1 0 … 0... cjcj 0 0 … 1 PEP- Sampling c1c1 cici 1 0 … 1 0 0 … 1...

14 PEP Phase 2 - Extraction 1 0 … 1… …  = {12, 10, 1, 8, 6 …} 0 1 … 0... 1 1 … 1 0 1 … 0...1 1... 1 0 1 … 0...1 1... 1 0 1 … 0... 1 1 … 1 XOR OTP=(OTP 1 … OTP m )  has been shared in Process 1 Matrix size (N)  m 1.Alice and Bob repeat this process N times 2.Each time Alice sends new random bits and Alice and Bob use the same 

15 Why PEP works? Number of (N) tuples out of bm /2 stored bits Number of possible channels Number of tuples among m bits

16 Comparison With Previous Schemes Efficiency measure- expansion factor – Ratio between length of OTP and length of initial key Unified “Sample and Extract Approach” (Lu and Vadhan) – Expander graph based schemes, high computational complexity

17 Comparison With Previous Schemes Initial secret for producing m shared bits Paper k log n Ding-Rabin [1 ] k log n Dziembowski -Maurer [2] (k+log n) 2 /log nLu [3] k+log n Vadhan [4] log b(k+log m)Our work k> log b: our expansion factor is better [1], [2] k> log b log n: our expansion factor is better than [3] b=2: our expansion factor is better by constant factor than [4]

18 Comparison With Previous Schemes Efficiency measure-number of bits read from random source – Wireless traffic is sent in blocks/frames of α bits As α grows our scheme becomes more efficient – α =m is optimal Number of bite readPaper mk α Ding-Rabin [1] mk α Dziembowski- Maurer [2] mkα Lu [3] )k+log n)α Vadhan [4] ]m/α ] α(k+log m) Our work Our scheme reads less bits than any other scheme when: n= random string length

19 Conclusions A new technique – Defining blocks/sections of random sequences, rather than bits – Random permutation of the bits among the concatenation of the chosen sections Improving Expansion Factor of PEP – Run PRP to expand the initial key for PEP – Perform PEP with the expanded shared key

20 Conclusions Improving Key Exchange Algorithms – Sample blocks of bits instead of distinct bits – Apply random permutation on random bits PRP and PEP fit multi-frequency wireless communication – Choice subset of frequencies implies exponentially growing security parameter Establishing short secret from scratch.

21 Thank you

Download ppt "Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul."

Similar presentations

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.

Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong.

Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.

Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Gillat Kol (IAS) joint work with Ran Raz (Weizmann + IAS) Interactive Channel Capacity.

Gillat Kol (IAS) joint work with Ran Raz (Weizmann + IAS) Interactive Channel Capacity.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.

Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

Similar presentations

Ads by Google