Upload
theodore-kelly
View
214
Download
0
Embed Size (px)
Citation preview
Network Coding and Information Security
Raymond W. YeungThe Chinese University of Hong Kong
Joint work with
Ning Cai, Xidian University
Outline
• Introduction to Network Coding• The Max-flow Bound• Secure Network Coding• Concluding Remarks
Introduction toNetwork Coding
A Network Coding Example
The Butterfly Network
b1 b2
b1
b1b1
b2
b2
b2
b2
b1
b1 b2
b1
b1
b2
b2b1+b2
b1+b2b1+b2
A Network Coding Example
with Two Sources
b1b2
b1 b2
b1 b2 b2b1
b1 b2
b2b1
b1+b2
b1+b2
b1+b2
Wireless/Satellite Application
b1 b2
t = 1b1
t = 2
t = 3b1+b2
b2
b1+b2
50% saving for downlink bandwidth!
Two Themes of Network Coding
• When there is 1 source to be multicast in a network, store-and-forward may fail to optimize bandwidth.
• When there are 2 or more independent sources to be transmitted in a network (even for unicast), store-and-forward may fail to optimize bandwidth.
In short, Information is NOT a commodity!
Model of a Point-to-Point Network
• A network is represented by a directed graph G = (V,E) with node set V and edge (channel) set E.
• A symbol from an alphabet F can be transmitted on each channel.
• There can be multiple edges between a pair of nodes.
Single-Source Network Coding
• The source node S generates an information vector
x = (x1 x2 … xk) Fk.• What is the condition for a node T to be able to
receive the information vector x?• Max-Flow Bound. If maxflow(T) < k, then T
cannot possibly receive x.
The Basic Results
• If network coding is allowed, a node T can receive the information vector x iff
maxflow(T) ≥ki.e., the max-flow bound can be achieved simultaneously by all such nodes T. (ACLY00)
• Moreover, this can be achieved by linear network coding for a sufficiently large base field. (LYC03, KM03)
Secure Network Coding
Cai and Y, 2002(discussed with Ueli Maurer, ISIT 2000)
Problem Formulation
• The underlying model is the same as network multicast using network coding except that some sets of channels can be wiretapped.
• Let A be a collection of subsets of the edge set E.• A subset in A is called a wiretap set.• Each wiretap set may be fully accessed by a wiretapper.• No wiretapper can access more than one wiretap set.• The network code needs to be designed in a way such
that no matter which wiretap set the wiretapper has access to, the multicast message is information-theoretically secure.
Our Coding Scheme
• The multicast message is (s,w), where• s is the secure message
• w is the randomness
• Both s and w are generated at the source node.
A Example of a Secure Network Code
s-w s+w
s-w
s-w
s+w
s+ww
wwOne of the 3 One of the 3 red channelsred channels can can be wiretappedbe wiretappeds is the secure messages is the secure messagew is the randomnessw is the randomness
Another Example of Secure Network Coding
The (1,2)-threshold Secret Sharing Scheme
wws+ws+w
s-ws-w
One of the 3 One of the 3 red channelsred channels can can be wiretappedbe wiretappeds is the secure messages is the secure messagew is the randomnessw is the randomness
Construction of Secure Network Codes
• Let n = minT maxflow(T).• We have obtained a sufficient condition under which a
secure linear network code can be constructed. • In particular, if A consists of all the r-subsets of E, where r <
n, then we can construct a secure network code with multicast message (s,w) such that |s|=n-r and |w|=r.
• For this case, the condition is also necessary.• Interpretation: For a sink node T, if r channels in the network
are wiretapped, the number of “secure paths” from the source node to T is still at least n-r. So n-r symbols can go through securely.
Global Encoding Kernels of a Linear Network Code
• Recall that x = (x1 x2 … xk) is the multicast message.
• For each channel e, assign a column vector fe such that the symbol sent on channel e is x fe. The vector fe is called the global encoding kernel of channel e.
• The global encoding kernel of a channel is analogous to a column in the generator matrix of a classical block code.
• The global encoding kernel of an output channel at a node must be a linear combination of the global encoding kernels of the input channels.
An Example
k = 2, let x = (b1, b2)
b1 b2
b1
b1
b2
b2b1+b2
b1+b2b1+b2
1
0
1
0
0
1
1
1
1
1
1
1
1
0
0
1
0
1
Idea of Code Construction
• Start with a linear network code for multicasting n symbols.
• For all wiretap set A A, let fA = { fe : e A }, the set of global encoding kernels of the channels in A.
• Let dim(span(fA)) r for all A A. [sufficient condition]
• When the base field F is sufficiently large, we can find b1, b2, …, bn-r Fn such that
b1, b2, …, bn-r are linearly independent of fA
for all A A.
• Let the multicast message be (s,w), with |s| = n-r and |w| = r.
• Take a suitable linear transformation of the given linear network code to obtain the desired secure network code.
Recent Work (Cai and Y, ISIT 2007)
• We obtained a necessary and sufficient condition for the security of linear network codes.
• This condition applies in the cases when • There are more than one information source
nodes in the network.• The random keys are not uniformly distributed.
• This condition also shows that the security of a linear network code does not depend on the source distribution.
Resources
• Network Coding Homepage
http://www.networkcoding.info• R. W. Yeung, S.-Y. R. Li, N. Cai and Z. Zhang,
Network Coding Theory, now Publishers, 2005 (Foundation and Trends in Communications and Information Theory).
• N. Cai and R. W. Yeung, “Secure network coding,” preprint.
Concluding Remarks
• Secure network coding is a generalization of both (regular) network coding and secret sharing.
• The subject is still in its infancy, and a lot of basic questions are yet to be answered.