Perfect Secrecy in Wireless Networks - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Perfect Secrecy in Wireless Networks

Description:

Perfect Secrecy. in. Wireless Networks. Phillip G. Bradford. Olga V. ... A wireless network of n nodes is t-perfectly secure iff its key space is t-wise ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 17
Provided by: csUa
Category:

less

Transcript and Presenter's Notes

Title: Perfect Secrecy in Wireless Networks


1
Perfect Secrecy in Wireless Networks
  • Phillip G. Bradford
  • Olga V. Gavrylyako
  • Randy K. Smith
  • The University of Alabama

2
Outline
  • Claude Shannons 1949 paper
  • Communication theory of secrecy systems
  • Unconditional, Computational and Perfect Secrecy
  • Perfect Secrecy
  • Definition Motivation
  • Examples
  • Generalizing Perfect Secrecy
  • New Definition
  • More extensive applications

3
Shannons 1949 Security Paper
  • Perhaps the start of modern Computer Security
  • Unconditional Security
  • Computational Security
  • Perfect Security (Secrecy)
  • PrA e PrA and e/Pre
  • Independence of A and e
  • PrA e PrA

4
The Model
A
A
A
A
5
Classical Perfect Secrecy
  • Knowing the ciphertext gives no information about
    the plaintext
  • ProbPp Cc ProbPp
  • What does this mean?
  • A cipher so good it gives no evidence of the
    plaintext
  • If not perfect, then what?
  • Communication issues What about many ciphertexts
    from related keys?

6
Shannons Theorem forPrefect Secrecy
  • Assume K P C.
  • Each bijection between P and C is chosen by a key
    in K.
  • A Cipher has perfect secrecy iff its keys are
    uniformly chosen
  • More precisely, let c Ekp
  • ProbPp Cc ProbPp iff PrK k 1/K
  • How does Shannon prove this?

7
Bayes Theorem Shannons Proof
  • Bayes Theorem If Pry gt 0, Then
  • Prxy (PryxPrx)/Pry
  • One Dir. Assume Perfect Secrecy
  • PrPpCc (PrCcPpPrPp)/PrCc
  • P-Secrecy PrPpCc PrPp
  • PrPp (PrCcPpPrPp)/PrCc
  • PrCc PrCcPp PrKk 1/K

8
The Wireless Model
9
Wireless Perfect Secrecy
  • Knowing the ciphertexts gives no information
    about the plaintext
  • For i?1 to k
  • Pr AND Pipi AND Cici ProbAND Pipi
  • Pr OR Pipi AND Cici ProbOR Pipi
  • What does this mean?
  • Cipher so good it gives no evidence of the
    plaintexts

10
Wireless Perfect Secrecy
  • Shannons perfect secrecy is about ciphertext
    only attacks
  • What does wireless add?
  • The possibility of chosen-plaintext attacks
  • In wireless sensor devices
  • Supply the venue for chosen-plaintext insertion
  • Then Observe the ciphertext(s)

11
Wireless Perfect Secrecy
  • What else is needed?
  • The ciphertexts must be independent of each other
  • If an adversary can listen to t wireless devices,
    then we need t-wise independence for the keys ?
    independence of the ciphertexts
  • A set of random variables X1,,Xn is t-wise
    independent iff PrXi1,...,Xit PrXi1PrXit
    for all i1,,it subset of 1,2,,n

12
Wireless Perfect Secrecy
  • Is t-wise independence cheap?
  • Linear-congurential pseudo-random number
    generators 2-wise independent
  • Generating t-wise independent random variables
    for large t is expensive!
  • Need t uniform independent values!
  • Evaluating t-1 degree polynomial for each value
  • Solid lower bounds on size of sample-space for
    t-wise independent set of random variables

13
Our Generalized Theorems
  • Assume K P C.
  • t-perfect security i?1 to t
  • Pr AND Pipi AND Cici ProbAND Pipi
  • Each key uniquely chooses a bijection between P
    and C.
  • A wireless network of n nodes is t-perfectly
    secure iff its key space is t-wise independent
    and the keys are selected randomly and uniformly

14
Our Generalized Theorem
  • In a wireless network of n nodes and for i?1 to
    t
  • Pr AND Pipi AND Cici ProbAND Pipi
  • iff
  • the set of keys K is t-wise independent
  • PrKi1ki1,...,Kitkit PrKi1ki1PrKitkit
    1/Kt

15
Our Theorems Proof
  • Not a straightforward generalization
  • Use measure-theoretic definitions of random
    variables to model the encryption functions
  • The ? direction is based on Bayes Theorem and
    careful tracking of the bjiections between P and
    C.
  • The ? direction is based on t-wise independence
    transitivity by composition of
    measure-theoretic random variables.

16
Other Ramifications of Our Generalization
  • Incorporating Noise
  • Hammings theory
  • Uniform independent bit failures
  • Random collision detection
  • Actual attacks based on similar (non-independent)
    seed generation?
  • Building more secure systems and seeding keys
Write a Comment
User Comments (0)
About PowerShow.com