secure communication for distributed systems n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Communication for Distributed Systems PowerPoint Presentation
Download Presentation
Secure Communication for Distributed Systems

Loading in 2 Seconds...

play fullscreen
1 / 50

Secure Communication for Distributed Systems - PowerPoint PPT Presentation


  • 148 Views
  • Uploaded on

Secure Communication for Distributed Systems. Paul Cuff Electrical Engineering Princeton University. Overview. Application A framework for secrecy of distributed systems Theoretical result Information theory in a competitive context (zero-sum game) Two methods of coordination. Main Idea.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure Communication for Distributed Systems' - appollo-kristin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure communication for distributed systems

Secure Communication for Distributed Systems

Paul Cuff

Electrical Engineering

Princeton University

overview
Overview
  • Application
    • A framework for secrecy of distributed systems
  • Theoretical result
    • Information theory in a competitive context (zero-sum game)
  • Two methods of coordination
main idea
Main Idea
  • Secrecy for distributed systems
    • Design encryption specifically for a system objective

Distributed System

Action

Node B

Message

Information

Node A

Attack

Adversary

communication in distributed systems
Communication in Distributed Systems

“Smart Grid”

Image from http://www.solarshop.com.au

example rate limited control
Example: Rate-Limited Control

Communication

Signal (sensor)

Signal (control)

00101110010010111

Attack Signal

Adversary

example feedback stabilization
Example: Feedback Stabilization

Controller

Dynamic System

Adversary

Sensor

Decoder

Encoder

10010011011010101101010100101101011

Feedback

“Data Rate Theorem” [Wong-Brockett 99, Baillieul 99]

shannon analysis
Shannon Analysis
  • 1948
    • Channel Capacity
    • Lossless Source Coding
    • Lossy Compression
  • 1949 - Perfect Secrecy
    • Adversary learns nothing about the information
    • Only possible if the key is larger than the information

C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.

shannon model
Shannon Model
  • Schematic
  • Assumption
    • Enemy knows everything about the system except the key
  • Requirement
    • The decipherer accurately reconstructs the information

Key

Key

Plaintext

Ciphertext

Plaintext

Encipherer

Decipherer

Adversary

C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.

For simple substitution:

shannon analysis1
Shannon Analysis
  • Equivocation vs Redundancy
    • Equivocation is conditional entropy:
    • Redundancy is lack of entropy of the source:
    • Equivocation reduces with redundancy:

C. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, vol. 28, pp. 656-715, Oct. 1949.

computational secrecy
Computational Secrecy
  • Assume limited computation resources
  • Public Key Encryption
    • Trapdoor Functions
  • Difficulty not proven
    • Can become a “cat and mouse” game
  • Vulnerable to quantum computer attack

W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. on Info. Theory, 22(6), pp. 644-654, 1976.

X

2147483647

1125897758 834 689

524287

information theoretic secrecy
Information Theoretic Secrecy
  • Achieve secrecy from randomness (key or channel), not from computational limit of adversary.
    • Physical layer secrecy
      • Wyner’s Wiretap Channel [Wyner 1975]
    • Partial Secrecy
      • Typically measured by “equivocation:”
      • Other approaches:
        • Error exponent for guessing eavesdropper [Merhav 2003]
        • Cost inflicted by adversary [this talk]
equivocation
Equivocation
  • Not an operationally defined quantity
  • Bounds:
    • List decoding
    • Additional information needed for decryption
  • Not concerned with structure
our framework
Our Framework
  • Assume secrecy resources are available (secret key, private channel, etc.)
  • How do we encode information optimally?
  • Game Theoretic
    • Eavesdropper is the adversary
    • System performance (for example, stability) is the payoff
    • Bayesian games
    • Information structure
competitive distributed system
Competitive Distributed System

Decoder:

Encoder:

Key

Information

Action

Message

Node A

Node B

Attack

Adversary

System payoff: .

Adversary:

zero sum game
Zero-Sum Game
  • Value obtained by system:
  • Objective
    • Maximize payoff

Key

Information

Message

Action

Node A

Node B

Attack

Adversary

secrecy distortion literature
Secrecy-Distortion Literature
  • [Yamamoto 97]:
    • Cause an eavesdropper to have high reconstruction distortion
      • Replace payoff (π) with distortion
      • No causal information to the eavesdropper
  • Warning: Problem statement can be too optimistic!
how to force high distortion
How to Force High Distortion
  • Randomly assign bins
  • Size of each bin is
  • Adversary only knows bin
  • Reconstruction of only depends on the marginal posterior distribution of

Example (Bern(1/3)):

two categories of results
Two Categories of Results

Lossless Transmission

General Reward Function

Common Information

Secret Key

  • Simplex interpretation
    • Linear program
  • Hamming Distortion
competitive distributed system1
Competitive Distributed System

Decoder:

Encoder:

Key

Information

Action

Message

Node A

Node B

Attack

Adversary

System payoff: .

Adversary:

zero sum game1
Zero-Sum Game
  • Value obtained by system:
  • Objective
    • Maximize payoff

Key

Information

Message

Action

Node A

Node B

Attack

Adversary

lossless case
Lossless Case
  • Require Y=X
    • Assume a payoff function
  • Related to Yamamoto’s work [97]
    • Difference: Adversary is more capable with more information

Theorem:

[Cuff 10]

Also required:

linear program on the simplex
Linear Program on the Simplex

Constraint:

Minimize:

Maximize:

U will only have mass at a small subset of points (extreme points)

binary hamming case
Binary-Hamming Case
  • Binary Source:
  • Hamming Distortion
  • Optimal approach
    • Reveal excess 0’s or 1’s to condition the hidden bits

Source

Public message

binary source example
Binary Source (Example)
  • Information source is Bern(p)
    • Usually zero (p < 0.5)
    • Hamming payoff
  • Secret key rate R0 required to guarantee eavesdropper error

p

R0

Eavesdropper Error

general payoff function

Any payoff function π(x,y,z)

  • Any source distribution (i.i.d.)

Adversary:

General Payoff Function

No requirement for lossless transmission.

payoff rate function
Payoff-Rate Function
  • Maximum achievable average payoff
  • Markov relationship:

Theorem:

unlimited public communication
Unlimited Public Communication
  • Maximum achievable average payoff
  • Conditional common information:

Theorem (R=∞):

coordination capacity
Coordination Capacity
  • References:
    • [C., Permuter, Cover – IT Trans. 09]
    • [C. - ISIT 08]
    • [Bennett, Shor, Smolin, Thapliyal – IT Trans. 02]
    • [C., Zhao – ITW 11]
  • Ability to coordinate sequences (“actions”) with communication limitations.
    • Empirical Coordination
    • Strong Coordination
empirical coordination
Empirical Coordination

X1 X2 X3 X4 X5 X6 … Xn

Y1 Y2 Y3 Y4 Y5 Y6 … Yn

Z1 Z2 Z3 Z4 Z5 Z6 … Zn

Empirical Distribution

empirical distribution
Empirical Distribution

1 0 1 1 0 0 0 1

0 1 1 0 1 0 1 1

1 1 0 1 0 0 1 0

000

001

010

011

100

101

110

111

average distortion
Average Distortion
  • Average values are a function of the empirical distribution
  • Example: Squared error distortion
  • Rate distortion theory fits in the empirical coordination context.
no rate no channel
No Rate – No Channel
  • No explicit communication channel
  • Signal “A” serves an analog and information role.
    • Analog: symbol-by-symbol relationship
    • (Digital): uses complex structure to carry information.

Source

Processor 1

Processor 2

Actuator 1

Actuator 2

define empirical coordination
Define Empirical Coordination

Source

Processor 1

Processor 2

is achievable if:

coordination region
Coordination Region
  • The coordination region

gives us all results concerning average distortion.

Source

Processor 1

Processor 2

result no constraints
Result – No constraints

Source

Processor 1

Processor 2

Achievability: Make a codebook of (An , Bn ) pairs

general results
General Results
  • Variety of causality constraints (delay)

Source

Processor 1

Processor 2

Finite Look-ahead

alice and bob game
Alice and Bob Game
  • Alice and Bob want to cooperatively score points by both correctly guessing a sequence of random binary numbers (one point if they both guess correctly).
  • Alice gets entire sequence ahead of time
  • Bob only sees that past binary numbers and guesses of Alice.
  • What is the optimal score in the game?
alice and bob game answer
Alice and Bob Game (answer)
  • Online Matching Pennies
    • [Gossner, Hernandez, Neyman, 2003]
    • “Online Communication”
  • Solution
general causal solution
General (causal) solution
  • Score in Alice and Bob Game is a first-order statistic
  • Achievable empirical distributions
    • (Processor 2 is strictly causal)
  • Surprise: Bob doesn’t need to see the past of the sequence.
strong coordination
Strong Coordination

X1 X2 X3 X4 X5 X6 … Xn

Y1 Y2 Y3 Y4 Y5 Y6 … Yn

Z1 Z2 Z3 Z4 Z5 Z6 … Zn

Joint distribution of sequences is i.i.d.

with respect to the desired joint distribution.

(Allow epsilon total variation distance.)

point to point coordination
Point-to-point Coordination

Synthetic Channel p(y|x)

  • Theorem [C. 08]:
    • Strong Coordination involves picking a V such that X-V-Y
    • Message: R > I(X;V)
    • Common Randomness: R0 + R > I(X,Y;V)
    • Uses randomized decoder (channel from V to Y)

Common Randomness

Message

Output

Source

Node A

Node B

zero sum game2
Zero-Sum Game
  • Value obtained by system:
  • Objective
    • Maximize payoff

Key

Information

Message

Action

Node A

Node B

Attack

Adversary

encoding scheme
Encoding Scheme
  • Coordination Strategies
    • Empirical coordination for U
    • Strong coordination for Y

K

what the adversary doesn t know can hurt him
What the Adversary doesn’t know can hurt him.

Knowledge of Adversary:

[Yamamoto 97]

[Yamamoto 88]:

proposed view of encryption
Proposed View of Encryption

Information obscured

Images from albo.co.uk