Fighting byzantine adversaries in networks network error correcting codes
Download
1 / 73

Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on

Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes. Sidharth Jaggi. Michelle Effros Michael Langberg Tracey Ho. Sachin Katti Muriel Médard Dina Katabi. Obligatory Example/History. s. [ACLY00]. [ACLY00] Characterization Non-constructive. b 1. b 2. E V

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes' - genna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Fighting byzantine adversaries in networks network error correcting codes

Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes

Sidharth Jaggi

Michelle Effros

Michael Langberg

Tracey Ho

Sachin Katti

Muriel Médard

Dina Katabi


Obligatory example history
Obligatory Example/History

s

[ACLY00]

[ACLY00] Characterization Non-constructive

b1

b2

E

V

E

R

B

E

T

T

E

R

C=2

[LYC03], [KM02] Constructive (linear) Exp-time design

b1

b2

[JCJ03], [SET03] Poly-time design Centralized design

b1

b1

b2

[HKMKE03], [JCJ03]Decentralized design

b1+b2

.

.

.

b1

b1

b1+b2

b1+b2

Tons of work

t1

t2

[This work]All the above, plus security

(b1,b2)

b1

(b1,b2)

[SET03] Gap provably exists


Multicast
Multicast

Network Model

ALL of Alice’s

information

decodable

EXACTLY

by

EACH Bob

Wireless

Wired

Network = Hypergraph

Simplifying assumptions

  • All links unit capacity

    • (1 packet/transmission)

[GDPHE04],[LME04] – No intereference

  • Acyclic network


Multicast networks
Multicast Networks

Webcasting

P2P networks

Sensor networks


Multicast network model
Multicast Network Model

2

ALL of Alice’s

information

decodable

EXACTLY

by

EACH Bob

2

3

Upper bound for multicast capacity C,

C ≤ min{Ci}

[ACLY00] With mixing, C = min{Ci} achievable!

[LCY02],[KM01],[JCJ03],[HKMKE03] Simple (linear) distributed codes suffice!


Mixing
Mixing

F(2m)-linear network

[KM01]

b1

b2

bm

Source:- Group together m bits,

Every node:- Perform linear combinations

over finite field F(2m)

X1

β1

X2

β2

Generalization: The X are

length n vectors over F(2m)

βk

Xk


Problem
Problem!

Corrupted

links

Eavesdropped

links

Attacked

links


Setup
Setup

Eureka

Who

knows

what

Stage

  • Scheme A B C

  • Network C

  • Message A C

  • Code C

  • Bad links C

  • Coin A

  • Transmit B C

  • Decode B

Eavesdropped

links ZI

Attacked

links ZO

Privacy


Result s
Result(s)

First codes

  • Optimal rates (C-2ZO,C-ZO)

  • Poly-time

  • Distributed

  • Unknown topology

  • End-to-end

  • Rateless

  • Information theoretically secure

  • Information theoretically private

  • Wired/wireless

    [HLKMEK04],[JLHE05],[CY06],[CJL06],[GP06]


Error correcting codes
Error Correcting Codes

T

Y

X

Y=TX+E

Generator

matrix

Low-weight

vector

(Reed-Solomon Code)

E


Error correcting codes1
Error Correcting Codes

T

Y

X

Y=TX+E

=TX+TZZ

TZ

Network

transform

matrices

Low-weight

vector

Unknown

Z


When stuck
When stuck…

  • Useful abstraction/

  • building block

“ε-rate secret uncorrupted channels”

  • Existing model

  • ([GP06],[CJL06])

  • We improve!


Example
Example

6 secret hashes of X

C=3

n-length vectors

scalars

non-linear

ZO=1

4n known

3n known

4n+6 known

4n unknown

4n+6 unknown

R = C - Zo

X3=X1+X2

Redundancy added

at source

2 3 1

Solve for


Example1
Example

6 secret hashes of X

C=3

Invertible with high probability

ZO=1

4n+6 known

4n+6 unknown

X3=X1+X2

Z=(0 z(2) z(3)… z(n))


Thm 1 proof
Thm 1,Proof

T

R = C - Zo

Theorem 1: Rate C-ZO-ε achievable with ZI={E},

ε-rate secret uncorrupted channel

Improves on [GP06/Avalanche] (Decentralized)

and [CJL06] (optimal)

packets

CxC identity

matrix

n>>C

[HKMKE03]


Thm 1 proof1
Thm 1,Proof

T

Theorem 1: Rate C-ZO-ε achievable with ZI={E},

ε-rate secret uncorrupted channel

TZ

CxC matrix

Invertible w.h.p.


Thm 2
Thm 2

Theorem 2: Rate C-2ZO-ε achievable with ZI={E}


Example revisited
Example revisited

nZO

nZO

R = C – Zo - redundancy

R = C – Zo

R = C – 2Zo

X3=X1+X2

2 3 1

1 3 1 1

Z=(0 z(2) z(3)… z(n))

Z=(0 0 0… 0)

n more constraints added on X

Tight (ECC, [CY06])

DX=0


Thm 2 proof
Thm 2,“Proof”

R = C - 2Zo

Theorem 2: Rate C-2ZO-ε achievable with ZI={E}

nZO extra constraints

D chosen uniformly at random,

known to Alice, Bob and Calvin


Thm 2 proof1
Thm 2,“Proof”

Theorem 2: Rate C-2ZO-ε achievable with ZI={E}

non-linear

linear

May not

be

Basis change

Invertible

T’’

?

D of appropriate

dimensions crucial

Disjoint


Thm 3 proof
Thm 3,Proof

Theorem 3: Rate C-ZO-ε achievable, with ZI+2ZO<C

Theorem 4, etc:

ZI<C-2ZO

ZI<R

Algorithm 2 rate

Information-theoretic Privacy

Eavesdropping rate

Using algorithm 2 for

small header, can transmit

secret, correct information…

… which can be used for

algorithm 1 decoding!


Summary
Summary

Optimal rates

Poly-time

Distributed

Unknown topology

End-to-end

Rateless

Information theoretically secure/private

Wired/wireless



Network coding justification
Network Coding “Justification”

R. Ahlswede, N. Cai, S.-Y. R. Li and R. W. Yeung,

"Network information flow," IEEE Trans. on Information Theory, vol. 46, pp. 1204-1216, 2000.

  • http://tesla.csl.uiuc.edu/~koetter/NWC/Bibliography.html

    ≈ 200 papers in 3 years

  • NetCod Workshops, DIMACS working group, ISIT 2005 - 4+ sessions, tutorials, …

  • Several patents, theses…


But what is network coding
But what IS Network Coding?

“The core notion of network coding is to allow and encourage mixing of data at intermediate network nodes.”

(Network Coding homepage)


Point to point flows
Point-to-point flows

Min-cut Max-flow (Menger’s) Theorem [M27]

Ford-Fulkerson Algorithm [FF62]

C

t

s


Multicasting
Multicasting

Webcasting

t1

t2

s1

Network

P2P networks

s|S|

t|T|

Sensor networks


Justifications revisited i
Justifications revisited - I

s

Throughput

b1

b2

b1

b2

b1

b1+b2

b1

?

b2

b1

b1

b1+b2

b1+b2

t1

t2

[ACLY00]

(b1,b2)

b1

(b1,b2)


Gap without coding
Gap Without Coding

s

[JSCEEJT05]

. . .

. . .

Coding capacity = h

Routing capacity≤2


Multicasting1
Multicasting

Upper bound for multicast capacity C,

C ≤ min{Ci}

t1

[ACLY00] - achievable!

C1

[LYC02] - linear codes suffice!!

C2

t2

[KM01] - “finite field” linear codes suffice!!!

s

Network

C|T|

t|T|


Multicasting2
Multicasting

F(2m)-linear network

[KM01]

b1

b2

bm

Source:- Group together `m’ bits,

Every node:- Perform linear combinations

over finite field F(2m)

β1

β2

βk


Multicasting3
Multicasting

Upper bound for multicast capacity C,

C ≤ min{Ci}

t1

[ACLY00] - achievable!

C1

[LYC02] - linear codes suffice!!

C2

t2

[KM01] - “finite field” linear codes suffice!!!

s

Network

[JCJ03],[SET03] - polynomial time code design!!!!

C|T|

t|T|


Thms deterministic codes
Thms: Deterministic Codes

For m ≥ log(|T|), exists an F(2m)-linear network which can be designed in O(|E||T|C(C+|T|)) time.

[JCJ03],[SET03]

[JCJ03],[LL03]

Exist networks for which minimum m≈0.5(log(|T|))


Justifications revisited ii
Justifications revisited - II

s

Robustness/Distributed

design

One link breaks

t1

t2


Justifications revisited ii1
Justifications revisited - II

s

Robustness/Distributed

design

b1

b2

b1

b2

b1+b2

b1+2b2

b1

b2

(Finite field arithmetic)

b1+b2

b1+b2

b1+2b2

t1

t2

(b1,b2)

(b1,b2)


Thm random robust codes
Thm: Random Robust Codes

t1

C1

C = min{Ci}

C2

t2

Original Network

s

C|T|

t|T|


Thm random robust codes1
Thm: Random Robust Codes

t1

C1'

C' = min{Ci'}

C2'

t2

Faulty Network

s

If value of C' known to s,

same code can achieve C' rate!

(interior nodes oblivious)

C|T|'

t|T|


Thm random robust codes2
Thm: Random Robust Codes

m sufficiently large, rate R<C

Choose random [ß] at each node

b1

b2

bm

’

b’1

b’2

b’m

Probability over [ß] that

code works

>1-|E||T|2-m(C-R)+|V|

’’

[JCJ03] [HKMKE03]

(different notions of linearity)

b’’1

b’’2

b’’m

Much “sparser” linear operations

(O(m) instead of O(m2)) [JCE06]

Decentralized design

Vs. prob of error - necessary evil?


Zero error decentralized codes
Zero-error Decentralized Codes

No a priori network topological

information available - information

can only be percolated down links

Desired - zero-error code design

One additional resource - each

node vi has a unique ID number i

(GPS coordinates/IP address/…)

Need to use yet other types of linear codes

[JHE06?]


Inter relationships between notions of linearity
Inter-relationships between notions of linearity

M Multicast

G General

Global

Local I/O ≠

Local I/O =

a Acyclic

A Algebraic

B Block

C Convolutional

Does not exist

Є epsilon rate loss

[JEHM04]

B

G

G

G

Є

G

M

a

G

M

M

a

a

G

?

M

a

A

C

M

a

M

a

G


Justifications revisited iii
Justifications revisited - III

s

Security

Evil adversary hiding in network

eavesdropping,

injecting false information

[JLHE05],[JLHKM06?]

t1

t2


Greater throughput

Robust against random errors

.

.

.

Aha!

Network Coding!!!


?

?

?


?

?

?

Yvonne1

.

.

.

?

?

?

Xavier

Yvonne|T|

Zorba


Setup1
Setup

Eureka

Who

knows

what

Stage

  • Scheme X Y Z

  • Network Z

  • Message X Z

  • Code Z

  • Bad links Z

  • Coin X

  • Transmit Y Z

  • Decode Y

Wired

Wireless (packet losses, fading)

Eavesdropped

links ZI

Attacked

links ZO


Setup2
Setup

?

C

?

?

Yvonne1

?

?

?

MO

Xavier

Yvonne|T|

Zorba

Xavier and Yvonnes share no resources (private key, randomness)

Distributed design (interior nodes oblivious/overlay to network coding)

Zorba (hidden) knows network; Xavier and Yvonnes don’t

Zorba sees MI links ZI, controls MO links ZO pI=MI/C, pO=MO/C

Zorba computationally unbounded; Xavier and Yvonnes -- “simple” computations

Zorba knows protocols and already knows almost all of Xavier’s message

(except Xavier’s private coin tosses)

Goal: Transmit at “high” rate and w.h.p. decode correctly


Background
Background

  • Noisy channel models (Shannon,…)

    • Binary Symmetric Channel

1

C (Capacity)

H(p)

0

1

0

0.5

1

p (“Noise parameter”)


Background1
Background

  • Noisy channel models (Shannon,…)

    • Binary Symmetric Channel

    • Binary Erasure Channel

1

C (Capacity)

1-p

0

E

0

0.5

1

p (“Noise parameter”)


Background2
Background

  • Adversarial channel models

    • “Limited-flip” adversary, pI=1 (Hamming,Gilbert-Varshanov,McEliece et al…)

      • Large alphabets (Fq instead of F2)

    • Shared randomness, cryptographic assumptions…

1

C (Capacity)

0

1

0

0.5

1

pO (“Noise parameter”)


Upper bounds
Upper bounds

1

C (Capacity)

0.5

0

1

0.5

pO (“Noise parameter”)

1-pO


Upper bounds1
Upper bounds

1

?

C (Capacity)

?

?

0.5

0

1

0.5

pO (“Noise parameter”)

0


Unicast results jlhe05
Unicast – Results [JLHE05]

1

C (Capacity)

0.5

0

1

0.5

pI=pO (“Noise parameter” = “Knowledge parameter”)


Full knowledge folklore
Full knowledge [Folklore]

1

C (Capacity)

0

1

0.5

pO (“Noise parameter”)

(“Knowledge parameter” pI=1)


Multicast networks hkmke03
Multicast Networks [HKMKE03]

Rate h=C-MO

xb(i)

Block

t1

y1

xs(j)

hxh identity

matrix

h<<n

Slice

S

x

xb(1)

β1

T

xb(i)

x’b(i)

βi

ys(j)=Txs(j)

t|T|

y|T|

xs(j)=T-1ys(j)

βh

xb(h)


Multicast networks1
Multicast Networks

Observation 1: Can treat

adversaries as new sources

1

C (Normalized by h)

R1

S’1

0.5

S

S’2

0

1

0.5

R|T|

pO

S’|Z|


Multicast networks2
Multicast Networks

y’s(j)=Txs(j)+T’x’s(j)

Supersource

SS

Observation 2: w.h.p. over network

code design, {TxS(j)} and {T’x’S(j)}

do not intersect (robust codes…).

Corrupted

Unknown


Multicast networks3
Multicast Networks

y’s(j)=Txs(j)+T’x’s(j)

ε redundancy

xs(2)+xs(5)-xs(3)=0

xs(3)+2xs(9)-5xs(1)=0

ys(3)+2ys(9)-5ys(1)=

another vector in {T’x’s(j)}

ys(2)+ys(5)-ys(3)=

vector in {T’x’s(j)}

{Txs(j)}

{T’x’s(j)}


Multicast networks4

when you have eliminated the impossible, whatever remains, however improbable, must be the truth

Multicast Networks

y’s(j)=Txs(j)+T’x’s(j)

ε redundancy

Repeat MO times

Discover {T’x’s(j)}

“Zero out” {T’x’s(j)}

Estimate T (redundant

xs(j) known)

Decode

Linear algebra

{Txs(j)}

{T’x’s(j)}


Multicast networks5
Multicast Networks however improbable, must be the truth

y’s(j)=Txs(j)+T’x’s(j)

xs(2)+xs(5)-xs(3)=0

ys(2)+ys(5)-ys(3)=

vector in {T’x’s(j)}

x’s(2)+x’s(5)-x’s(3)=0

ys(2)+ys(5)-ys(3)=0


Scheme 1 a
Scheme 1(a) however improbable, must be the truth

“ε-rate secret uncorrupted channels”

Useful abstraction


Scheme 1 b
Scheme 1(b) however improbable, must be the truth

“sub-header based scheme”

… kind of…

Works

… for “many” networks


Scheme 2
Scheme 2 however improbable, must be the truth

“distributed network error-correcting code”

(Knowledge parameter pI=1)

[CY06] – bounds, high complexity construction

[JHLMK06?] – tight, poly-time construction

1

C (Capacity)

0

1

0.5

pO (“Noise parameter”)


Scheme 21
Scheme 2 however improbable, must be the truth

“distributed network error-correcting code”

error vector

y’s(j)=Txs(j)+T’x’s(j)

1-2pO

pO

pO


Scheme 22
Scheme 2 however improbable, must be the truth

“distributed network error-correcting code”

y’s(j)=Txs(j)+T’x’s(j)


Scheme 23
Scheme 2 however improbable, must be the truth

“distributed network error-correcting code”

y’s(j)=T’’xs(j)+T’x’s(j)

e

e’

e


Scheme 24
Scheme 2 however improbable, must be the truth

Linear algebra

“distributed network error-correcting code”

y’s(j)=T’’xs(j)+T’x’s(j)

e

e’

e


Scheme 3
Scheme 3 however improbable, must be the truth

“non-omniscient adversary”

y’s(j)=T’’xs(j)+T’x’s(j)

MI+2MO<C

MI<C-2MO

Scheme 2 rate

Zorba’s observations

Using Scheme 2 as

small header, can transmit

secret, correct information…

… which can be used for

Scheme 1(a) decoding!


Variations feedback
Variations - Feedback however improbable, must be the truth

1

C

0

1

p


Variations know thy enemy
Variations – Know thy enemy however improbable, must be the truth

1

1

C

C

0

0

1

1

p

p


Variations random noise
Variations – Random Noise however improbable, must be the truth

S

E

P

A

R

A

T

I

O

N

CN

C

0

1

p


ad