PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY A Framework for Partial Secrecy.

Slides:



Advertisements
Similar presentations
PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Causal Secrecy: An Informed Eavesdropper.
Advertisements

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Paul Cuff THE SOURCE CODING SIDE OF SECRECY TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA.
PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Information Theory for Secrecy and Control.
Enhancing Secrecy With Channel Knowledge
Equivocation A Special Case of Distortion-based Characterization.
Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.

Information Theoretical Security and Secure Network Coding NCIS11 Ning Cai May 14, 2011 Xidian University.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Ref. Cryptography: theory and practice Douglas R. Stinson
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Shannon ’ s theory part II Ref. Cryptography: theory and practice Douglas R. Stinson.
CS470, A.SelcukIntroduction1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
Xiaohua (Edward) Li1 and E. Paul Ratazzi2
Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
Presentation Layer Network Format Local Format Information Transformation “few standards, but a lot of ideas”
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Computer Security CS 426 Lecture 3
Secure Communication for Signals Paul Cuff Electrical Engineering Princeton University.
PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY Secure Communication for Distributed Systems.
Solitaire CRyptography Applications Bistro 8 April 2004.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Cryptography Week-6.
Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.
EE5552 Network Security and Encryption block 4 Dr. T.J. Owens CEng MIET Dr T. Itagaki MIET, MIEEE, MAES.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
Lecture 2 Overview.
Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.
Rate-distortion Theory for Secrecy Systems
Week 2 - Wednesday.  What did we talk about last time?  Encryption  Shift ciphers  Transposition ciphers.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Lec. 5 : History of Cryptologic Research II
LIS508 last lecture: Cryptography & Security Thomas Krichel
Secure Communication for Distributed Systems Paul Cuff Electrical Engineering Princeton University.
Rei Safavi-Naini University of Calgary Joint work with: Hadi Ahmadi iCORE Information Security.
Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001.
Toward a Secure Data-Rate Theorem Paul Cuff. Control Setting Controller Encoder System (Plant) Sensors Rate R UiUi XiXi YiYi.
1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.
CRYPTANALYSIS OF STREAM CIPHER Bimal K Roy Cryptology Research Group Indian Statistical Institute Kolkata.
Traditional Symmetric-Key Ciphers
1 Information Theory Nathanael Paul Oct. 09, 2002.
Introduction to Quantum Key Distribution
Cryptography and Authentication A.J. Han Vinck Essen, 2008
The Classically Enhanced Father Protocol
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
Cryptography and Coding Theory
Cryptography Lecture 2 Arpita Patra. Recall >> Crypto: Past and Present (aka Classical vs. Modern Cryto) o Scope o Scientific Basis (Formal Def. + Precise.
1 Space-Time Transmissions for Wireless Secret-Key Agreement with Information-Theoretic Secrecy Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Cryptography Lecture 3 Arpita Patra © Arpita Patra.
1 Introduction CS 303 Algorithmic Number Theory and Cryptography Jeremy R. Johnson.
CHAPTER 14 ENCRYPTION AND DECRYPTION Sajina Pradhan
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
CMSC 414 Computer (and Network) Security Lecture 3 Jonathan Katz.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Tutorial-5 Theory of Secret-Key.
CS/ECE 578 Cyber-Security Dr. Attila Altay Yavuz
CS/ECE 478 Network Security Dr. Attila Altay Yavuz
Using Secret Key to Foil an Eavesdropper
Cryptology Design Fundamentals
Information Theoretical Analysis of Digital Watermarking
Presentation transcript:

PAUL CUFF ELECTRICAL ENGINEERING PRINCETON UNIVERSITY A Framework for Partial Secrecy

Main Idea Secrecy for distributed systems  Adversary observes the system  Design encryption specifically for a system objective Node A Node B Message Information Action Adversary Distributed System Attack

Communication in Distributed Systems “Smart Grid” Image from

Cipher Plaintext: Source of information:  Example: English text: Communication Theory Ciphertext: Encrypted sequence:  Example: Non-sense text: EnciphererDecipherer Ciphertext Key Plaintext

Example: Substitution Cipher AlphabetA B C D E … Mixed AlphabetF Q S A R … Simple Substitution  Example:  Plaintext: …RANDOMLY GENERATED CODEB…  Ciphertext:…DFLAUIPV WRLRDFNRA SXARQ… Caesar Cipher AlphabetA B C D E … Mixed AlphabetD E F G H …

Shannon Model Schematic Assumption  Enemy knows everything about the system except the key Requirement  The decipherer accurately reconstructs the information EnciphererDecipherer Ciphertext Key Plaintext Adversary C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp , Oct For simple substitution:

Shannon Analysis Perfect Secrecy  Adversary learns nothing about the information  Only possible if the key is larger than the information C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp , Oct

Shannon Analysis Equivocation vs Redundancy  Equivocation is conditional entropy:  Redundancy is lack of entropy of the source:  Equivocation reduces with redundancy: C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp , Oct

Computational Secrecy Assume limited computation resources Public Key Encryption  Trapdoor Functions Difficulty not proven  Often “cat and mouse” game Vulnerable to quantum computer attack W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. on Info. Theory, 22(6), pp , X

Information Theoretic Secrecy Achieve secrecy from randomness (key or channel), not from computational limit of adversary.  Physical layer secrecy  Wyner’s Wiretap Channel [Wyner 1975]  Partial Secrecy  Typically measured by “equivocation:”  Other approaches: Error exponent for guessing eavesdropper [Merhav 2003] Cost inflicted by adversary [this talk]

Equivocation Not an operationally defined quantity Bounds:  List decoding  Additional information needed for decryption Not concerned with structure

Competitive Secrecy Node ANode B Message Key InformationAction Adversary Attack Encoder: System payoff:. Decoder: Adversary:

Operational Metric for Secrecy Value obtained by system: Objective  Maximize payoff Node ANode B Message Key Information Reconstruction Adversary Attack

Secrecy-Distortion Literature [Yamamoto 97]:  Cause an eavesdropper to have high reconstruction distortion  Replace payoff (π) with distortion [Yamamoto 88]:  No secret key  Lossy compression

Secrecy-Distortion Literature [Theorem 3, Yamamoto 97]: Theorem: ChooseYields

How to Force High Distortion Randomly assign bins Size of each bin is Adversary only knows bin Reconstruction of only depends on the marginal posterior distribution of Example:

INFORMATION THEORETIC RATE REGIONS PROVABLE SECRECY AGAINST INFORMED ADVERSARY Theoretical Results

Theorem: [Cuff 10] Maximum Guaranteed Payoff Theoretic guarantees of system performance  Related to Yamamoto’s work [97]  Difference: Adversary is more capable with more information Also required:

Linear Program on the Simplex Constraint: Minimize: Maximize: U will only have mass at a small subset of points (extreme points)

Binary-Hamming Case Binary Source: Hamming Distortion Naïve approach  Random hashing or time-sharing Optimal approach  Reveal excess 0’s or 1’s to condition the hidden bits **00**0*0* Source Public message (black line) (orange line)

Hamming Distortion – Low Key Rate Arbitrary i.i.d. source (on finite alphabet) Hamming Distortion Small Key Rate Confuse with sets of size two  Either reveal X or reveal that X is in {0,1} during each instance  ∏ = R 0 / 2

Summary Framework for Encryption  Average cost inflicted by adversary  Dynamic settings where information is available causally  No use of “equivocation”  Optimal communication separates information into two streams: public and secure

Traditional View of Encryption Information inside

Proposed View of Encryption Information obscured Images from albo.co.uk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.