skip to main content

Title: Threshold-Secure Coding with Shared Key
Cryptographic protocols are often implemented at upper layers of communication networks, while error-correcting codes are employed at the physical layer. In this paper, we consider utilizing readily-available physical layer functions, such as encoders and decoders, together with shared keys to provide a threshold-type security scheme. To this end, the effect of physical layer communication is abstracted out and the channels between the legitimate parties, Alice and Bob, and the eaves-dropper Eve are assumed to be noiseless. We introduce a model for threshold-secure coding, where Alice and Bob communicate using a shared key in such a way that Eve does not get any information, in an information-theoretic sense, about the key as well as about any subset of the input symbols of size up to a certain threshold. Then, a framework is provided for constructing threshold-secure codes form linear block codes while characterizing the requirements to satisfy the reliability and security conditions. Moreover, we propose a threshold-secure coding scheme, based on Reed-Muller (RM) codes, that meets security and reliability conditions. Furthermore, it is shown that the encoder and the decoder of the scheme can be implemented efficiently with quasi-linear time complexity. In particular, a low-complexity successive cancellation decoder is shown for more » the RM-based scheme. Also, the scheme is flexible and can be adapted given any key length. « less
Authors:
;
Award ID(s):
1763348
Publication Date:
NSF-PAR ID:
10177944
Journal Name:
2019 57th Annual Allerton Conference on Communication, Control, and Computing (Allerton)
Page Range or eLocation-ID:
552 to 559
Sponsoring Org:
National Science Foundation
More Like this
  1. Orthogonal blinding based schemes for wireless physical layer security aim to achieve secure communication by injecting noise into channels orthogonal to the main channel and corrupting the eavesdropper’s signal reception. These methods, albeit practical, have been proven vulnerable against multiantenna eavesdroppers who can filter the message from the noise. The venerability is rooted in the fact that the main channel state remains stasis in spite of the noise injection, which allows an eavesdropper to estimate it promptly via known symbols and filter out the noise. Our proposed scheme leverages a reconfigurable antenna for Alice to rapidly change the channel statemore »during transmission and a compressive sensing based algorithm for her to predict and cancel the changing effects for Bob. As a result, the communication between Alice and Bob remains clear, whereas randomized channel state prevents Eve from launching the knownplaintext attack. We formally analyze the security of the scheme against both single and multi-antenna eavesdroppers and identify its unique anti-eavesdropping properties due to the artificially created fast changing channel. We conduct extensive simulations and real-world experiments to evaluate its performance. Empirical results show that our scheme can suppress Eve’s attack success rate to the level of random guessing, even if she knows all the symbols transmitted through other antenna modes.« less
  2. We consider the multiple-input multiple-output (MIMO) wiretap channel with intersymbol interference (ISI) in which a transmitter (Alice) wishes to securely communicate with a receiver (Bob) in presence of an eavesdropper (Eve). We focus on the practically relevant setting in which there is no channel state information (CSI) at Alice about either of the channels to Bob or Eve, except statistical information about the ISI channels (i.e., Alice only knows the effective number of ISI taps). The key contribution of this work is to show that even with no CSI at Alice, positive secure degrees of freedom (SDoF) are achievable bymore »carefully exploiting a) the heterogeneity of the ISI links to Bob and Eve, and b) the relative number of antennas at all the three terminals. To this end, we propose a novel achievable scheme that carefully mixes information and artificial noise symbols in order to exploit ISI heterogeneity to achieve positive SDoF. To the best of our knowledge, this is the first work to explore the idea of exploiting ISI channel length heterogeneity to achieve positive SDoF for the MIMO wiretap channel with no CSI at the legitimate transmitter.« less
  3. We present and analyze UDM, a new protocol for user discovery in anonymous communication systems that minimizes the information disclosed to the system and users. Unlike existing systems, including those based on private set intersection, UDM learns nothing about the contact lists and social graphs of the users, is not vulnerable to off-line dictionary attacks that expose contact lists, does not reveal platform identifiers to users without the owner’s explicit permission, and enjoys low computation and communication complexity. UDM solves the following user-discovery problem. User Alice wishes to communicate with Bob over an anonymous communication system, such as cMix ormore »Tor. Initially, each party knows each other’s public contact identifier (e.g., email address or phone number), but neither knows the other’s private platform identifier in the communication system. If both parties wish to communicate with each other, UDM enables them to establish a shared key and learn each other’s private platform identifier. UDM uses an untrusted user-discovery system, which processes and stores only public information, hashed values, or values encrypted with keys it does not know. Therefore, UDM cannot learn any information about the social graphs of its users. Using the anonymous communication system, each pair of users who wish to communicate with each other uploads to the user-discovery system their private platform identifier, encrypted with their shared key. Indexing their request by a truncated cryptographic hash of their shared key, each user can then download each other’s encrypted private platform identifier.« less
  4. Quantum cryptography provides absolute security against an all-powerful eavesdropper (Eve). However, in practice Eve's resources may be restricted to a limited aperture size so that she cannot collect all paraxial light without alerting the communicating parties (Alice and Bob). In this paper we study a quantum wiretap channel in which the connection from Alice to Eve is lossy, so that some of the transmitted quantum information is inaccessible to both Bob and Eve. For a pureloss channel under such restricted eavesdropping, we show that the key rates achievable with a two-mode squeezed vacuum state, heterodyne detection, and public classical communicationmore »assistance-given by the Hashing inequality-can exceed the secret key distillation capacity of the channel against an omnipotent eavesdropper. We report upper bounds on the key rates under the restricted eavesdropping model based on the relative entropy of entanglement, which closely match the achievable rates. For the pure-loss channel under restricted eavesdropping, we compare the secret-key rates of continuous-variable (CV) quantum key distribution (QKD) based on Gaussian-modulated coherent states and heterodyne detection with the discrete variable (DV) decoystate BB84 QKD protocol based on polarization qubits encoded in weak coherent laser pulses.« less
  5. We consider the secure computation problem in a minimal model, where Alice and Bob each holds an input and wish to securely compute a function of their inputs at Carol without revealing any additional information about the inputs. For this minimal secure computation problem, we propose a novel coding scheme built from two steps. First, the function to be computed is expanded such that it can be recovered while additional information might be leaked. Second, a randomization step is applied to the expanded function such that the leaked information is protected. We implement this expand-and-randomize coding scheme with two algebraicmore »structures—the finite field and the modulo ring of integers, where the expansion step is realized with the addition operation and the randomization step is realized with the multiplication operation over the respective algebraic structures.« less