University of Toronto. IPSI Seminar. Nov 25th 2013. Information Theoretic
Security: Fundamentals and Applications : Ashish Khisti (University of Toronto). 1
/ 35 ...
Information Theoretic Security: Fundamentals and Applications Ashish Khisti University of Toronto
IPSI Seminar Nov 25th 2013
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
1 / 35
Layered Architectures Layered architecture for communication systems. Where is Security? Application Layer
Encryption, Authentication
(Semantics of Information)
Transport Layer
Secure Socket Layer
(End to End Connectivity)
Network Layer
Virtual Private Networks Anonymous Routing
(Routing and Path Discovery)
Data Link Layer
Device level Authentication
(Error Correction Codes)
Physical Layer
Anti-Jamming
(Signals, RF hardware)
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
2 / 35
Layered Architectures Layered architecture for communication systems. Where is Security? Application Layer
Encryption, Authentication
(Semantics of Information)
Transport Layer
Secure Socket Layer
Wireless Systems
(End to End Connectivity)
Network Layer
Virtual Private Networks Anonymous Routing
(Routing and Path Discovery)
Data Link Layer (Error Correction Codes)
Physical Layer (Signals, RF hardware)
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
2 / 35
Traditional Approach A typical graduate level course in computer security introduces Shannon’s notion of security. Shannon’s Notion
Message W
Alice key K
X
X X
Bob
decoded message W
key K
Eve
Perfect Secrecy: p(w|x)=p(w)
Note that Key Size = Message length, hence impractical Focus: computational cryptography Is this all about information theoretic security? Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
3 / 35
Outline
Motivating Applications Secure Biometrics Smart-Meter Privacy Wireless Systems
Information Theoretic Models Wiretap Channel Model Secret-key agreement
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
4 / 35
Biometric Technologies
Laptop
ATM
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Passport
5 / 35
Biometric Technologies
Laptop
ATM
Passport
Enrollment Biometric Stored in clear
Feature Extraction
=? Authentication Feature Extraction
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
5 / 35
Biometric Technologies
Laptop
ATM
Passport
Enrollment Biometric Stored in clear
Feature Extraction
=? Authentication Feature Extraction
Issue: Biometrics are stored in the clear Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
5 / 35
Biometrics: Toy Example Enrolment Biometric 0
1
1
0
1
0
0
Biometric Channel Authentication Biometric No Error
Bit 1 Flipped
Bit 6 Flipped
Bit 7 Flipped
8 Possible Events : All Equally Likely Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
6 / 35
Biometrics: Toy Example
X, Y : length seven binary sequence Channel Model: one bit flip (8 possibilities) 3 bits required.
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
7 / 35
Biometrics: Toy Example
X, Y : length seven binary sequence Channel Model: one bit flip (8 possibilities) 3 bits required. Syndrome Decoder
Syndrome Encoder
1 1 0
0
1 0
0
0
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Authentication Biometric
1
Syndrome bits
Enrollment Biometric
0
Syndr. 0
0
1
1
0
1
0
1 0 0 1 0 0
7 / 35
Biometrics: Toy Example
X, Y : length seven binary sequence Channel Model: one bit flip (8 possibilities) 3 bits required. Syndrome Decoder
Syndrome Encoder
1 1 0
0
1 0
0
0
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Authentication Biometric
1
Syndrome bits
Enrollment Biometric
0
Syndr. 1
1
1
1
0
1
0
1 0 0 1 0 0
7 / 35
Biometrics: Toy Example
X, Y : length seven binary sequence Channel Model: one bit flip (8 possibilities) 3 bits required. Syndrome Decoder
Syndrome Encoder
1 1 0
0
1 0
0
0
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Authentication Biometric
1
Syndrome bits
Enrollment Biometric
0
Syndr. 0
1
1
0
0
1
0
0 0 0 1 0 0
7 / 35
Biometrics: Toy Example
X, Y : length seven binary sequence Channel Model: one bit flip (8 possibilities) 3 bits required. Syndrome Decoder
Syndrome Encoder
1 1 0
0
1 0
0
0
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Authentication Biometric
1
Syndrome bits
Enrollment Biometric
0
Syndr. 0
1
1
0
0
0
0
1 1 0 1 0 0
7 / 35
Privacy Preserving Biometrics S. Draper, A. Khisti, et. al “Using distributed source coding to secure fingerprint biometrics” ICASSP, 2007
Encode enrollment biometric
X
Syndrome Encoding
Store syndrome S
S
Original enrollment biometric
Store syndromes Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
8 / 35
Privacy Preserving Biometrics S. Draper, A. Khisti, et. al “Using distributed source coding to secure fingerprint biometrics” ICASSP, 2007
Encode enrollment biometric
X
Syndrome Encoding
Original enrollment biometric
Store syndrome S
S
Fingerprint Channel
Decode w/ probe biometric Syndrome Decoding
Y
Original enrollment biometric
Authentication biometric
Store syndromes Reproduce enrollment biometric Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
8 / 35
Privacy Preserving Biometrics S. Draper, A. Khisti, et. al “Using distributed source coding to secure fingerprint biometrics” ICASSP, 2007 Biometric Authentication
Encode enrollment biometric
X
Original enrollment biometric
Syndrome Encoding
One way hash Store syndrome S
S
Fingerprint Channel
Decode w/ probe biometric
One way hash
Syndrome Decoding
Y
Original enrollment biometric
Authentication biometric
Store syndromes Reproduce enrollment biometric Authenticate Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
8 / 35
Smart-Meter Privacy D. Varodayan and A Khisti, ICASSP 2011
C. Efthymiou and G. Kalogridis, Smart grid privacy via anonymization of smart metering data, Smart Grid Commun. Conf., Gaithersburg, 2010.
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
9 / 35
Smart-Meter Privacy D. Varodayan and A Khisti, ICASSP 2011
X User Appliances
Rechargeable Battery
Y
Utility Company
Privacy Leakage: I (X N ; Y N ) Battery: Limited Storage Model Battery as a Finite State Communication Channel “Design the Channel” Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
9 / 35
Secret-Key Generation in Wireless Fading Channels
Forward Link y B ! hAB x A
mA
n AB
B
A y A ! hBA xB
nBA
mB
Reverse Link KB
KA
Channel Gain Forward Channel Reverse Channel
Fading Reciprocity Spatial Decorrelation Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
time
10 / 35
Secret-Key Generation in Wireless Fading Channels
Forward Link y B ! hAB x A
mA
n AB
B
A y A ! hBA xB
nBA
Reverse Link KB
KA
z AE ! g AE x A n AE Channel Gain
mB
z BE ! g BE xB
nBE
E
Eavesdropper Link Forward Channel Reverse Channel
Fading Reciprocity Spatial Decorrelation Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
time
10 / 35
Secret-Key Generation in Wireless Fading Channels A. Khisti 2013
Forward Link y B ! hAB x A
mA
n AB
B
A y A ! hBA xB KA
nBA
Reverse Link KB
z AE ! g AE x A n AE
Start
mB
z BE ! g BE xB
nBE
E Two Phase Approach:
Channel Probing N hˆAB
N hˆBA
Key Extraction
Phase I: Channel Probing and N , h ˆN ) Estimation: (hˆAB BA Phase 2: Source Reconciliation and Key Extraction Secret-Key Generation:
Limits Shared Key Information Theoretic Security: Fundamentals and Applications :
Ashish Khisti (University of Toronto)
Capacity 11 / 35
Secure MIMO Communication
Dec. 101011
Rx.
Enc.
Tx.
101011
?????? Eaves.
Signal of interest: direction of legitimate receiver. Synthetic noise: null-space of legitimate receiver.
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
12 / 35
Secure MIMO Multicast A. Khisti, 2011
Artificial Noise Alignment Noise Symbols IA Precoder
Information Symbols
Rx1 Ev 1 Rx2
Signal Masking
Transmitter
Align Noise Symbols at Legitimate Receivers Mask Information Symbols at Eavesdroppers Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
13 / 35
Outline
Motivating Applications Secure Biometrics Smart-Meter Privacy Wireless Systems
Information Theoretic Models Wiretap Channel Model Secret-key agreement
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
14 / 35
Wiretap Channel Wyner’75
AWGN Wiretap Channel Model Zrn Yrn M
Encoder
Xn
Receiver
ˆ M
Eaves.
??
Zen Yen
n ˆ −→ Reliability Constraint : Pr(M 6= M) 0
Secrecy Constraint :
1 n n H(M|Ye )
= n1 H(M) − on (1)
Secrecy Capacity Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
15 / 35
Secrecy Criterion
1 1 H(M|Yen ) = H(M) −on (1) } |n {z |n {z } Equivocation rate
Information rate
Perfect Secrecy: on (1) ≡ 0, (Shannon ’49) n
Weak Secrecy: on (1) −→ 0, (Wyner ’75) � Strong Secrecy: on (1) ∈ O n1 , (Maurer and Wolf ’00) Guessing approach : (Arikan & Merhav ’02) Focus: Wyner’s notion
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
16 / 35
Joint Encryption and Encoding Separation based approach vs. Wiretap codes Traditional Approach : Separation ... Zrn Yrn
Key
M
Encryption
Encoder
Xn
Decoder
Decryption
ˆ M
Zen Yen
Traditional Approach
Key
Eaves.
??
Wiretap Codes
Separation based
Joint encryption/encoding
Requires keys
Channel based secrecy
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
17 / 35
Joint Encryption and Encoding Separation based approach vs. Wiretap codes Wiretap Codes: Joint Encryption and Encoding Zrn Yrn M
Secure Encoder
Xn
Decoder
Decryption
ˆ M
Zen Yen
Traditional Approach
Key
Eaves.
??
Wiretap Codes
Separation based
Joint encryption/encoding
Requires keys
Channel based secrecy
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
17 / 35
Joint Encryption and Encoding Separation based approach vs. Wiretap codes Wiretap Codes: Joint Encryption and Encoding Zrn Yrn M
Secure Encoder
Xn
ˆ M
Zen Yen
Traditional Approach
Secure Decoder
Eaves.
??
Wiretap Codes
Separation based
Joint encryption/encoding
Requires keys
Channel based secrecy
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
17 / 35
Wiretap Codes
Uniform Noise Wiretap Channel Model Zrn Yrn M
Secure Encoder
Xn
ˆ M
Zen Yen
QAM Modulation
Secure Decoder
Recv. Noise
??
Eaves.
Eaves. Noise
Ɣ
Uniform noise model
σe2 = 4σr2
Ɣ
σe2 = 4σr2 Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
18 / 35
Wiretap Codes QAM Modulation
Recv. Noise
Eaves. Noise
Ɣ
Uniform noise model
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
σe2 = 4σr2
Ɣ
19 / 35
Wiretap Codes Recv. Noise
QAM Modulation
σe2 = 4σr2
Eaves. Noise
Ɣ
Ɣ
Uniform noise model Receiver’s Constellation Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Cr = log2 64 = 6 b/s Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Eavesdropper’s Constellation Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ce = log2 16 = 4 b/s 19 / 35
Wiretap Codes Recv. Noise
QAM Modulation
σe2 = 4σr2
Eaves. Noise
Ɣ
Ɣ
Uniform noise model Receiver’s Constellation Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Eavesdropper’s Constellation
Cr = log2 64 = 6 b/s
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ce = log2 16 = 4 b/s
Cs = Cr − Ce = 2 b/s Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
19 / 35
Wiretap Codes Secure QAM Constellation
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Ɣ Msg 1 Ɣ Msg 2 Ɣ Msg 3 Ɣ Msg 4
20 / 35
Wiretap Codes Encoding: Randomly select one candidate
Ɣ
Ɣ
Ɣ
Ɣ Ɣ Msg 1 Ɣ Msg 2 Ɣ Msg 3 Ɣ Msg 4
Ɣ
Ɣ
Ź
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
20 / 35
Wiretap Codes Decoding at legitimate receiver
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ Ɣ Ź Ź Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Ɣ Msg 1 Ɣ Msg 2 Ɣ Msg 3 Ɣ Msg 4
20 / 35
Wiretap Codes Confusion at the eavesdropper
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ź
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ Ź Ɣ Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Ɣ
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Ɣ Msg 1 Ɣ Msg 2 Ɣ Msg 3 Ɣ Msg 4
20 / 35
Gaussian Wiretap Channel Leung-Yan-Cheong and Hellman’78
Zrn Yrn M
Encoder
Xn
Receiver
ˆ M
Eaves.
??
Zen Yen
Secrecy Capacity Cs = {log(1 + SNRr ) − log(1 + SNRe )}+ = {C (SNRr ) − C (SNRe )}+ SNRr : Legitimate receiver’s signal to noise ratio SNRe : Eavesdropper’s signal to noise ratio Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
21 / 35
Other Classical Results
The secrecy capacity was also characterized for: Degraded Memoryless Wiretap Channel(Wyner’75) X → Yr → Ye C = max I (X ; Yr ) − I (X ; Ye ) pX
Discrete Memoryless Wiretap Channel (Csiszar-Korner ’78) C = max I (U; Yr ) − I (U; Ye ), pU,X
U → X → (Yr , Ye ) Cardinality bounds on the alphabet of U
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
22 / 35
Gaussian Wiretap Channel
101011
101011
Receiver Transmitter ?????? Eavesdropper
Strong Requirement: Eavesdropper must not be closer to the transmitter Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
23 / 35
Gaussian Wiretap Channel
101011
101011
Receiver Transmitter
101011 Eavesdropper
Strong Requirement: Eavesdropper must not be closer to the transmitter Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
23 / 35
Solution ... Multiple Antennas Khisti-Wornell 2010
Multi-antenna wiretap channel 1 0 1 1
Receiver 1 0 1 1
? ? ? ?
Transmitter
Eavesdropper
Spatial Diversity: Multiple Antennas Temporal Diversity: Fading Channels Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
24 / 35
Solution ... Multiple Antennas Khisti-Wornell 2010
Multi-antenna wiretap channel 1 0 1 1
Receiver 1 0 1 1
Transmitter
? ? ? ?
Eavesdropper
Channel Model Yr = Hr X + Zr Ye = He X + Ze Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Channel matrices: Hr ∈ CNr ×Nt , He ∈ CNe ×Nt Nt : # Tx antennas AWGN noise: Zr , Ze 24 / 35
MIMOME: Secrecy Capacity Khisti-Wornell 2010
Theorem Secrecy capacity of the Multi-antenna wiretap channel is given by, Cs =
max
Q�0:Tr (Q)≤P
log det(Ir + Hr QHr† ) − log det(Ie + He QHe† )
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
25 / 35
MIMOME: Secrecy Capacity Khisti-Wornell 2010
Theorem Secrecy capacity of the Multi-antenna wiretap channel is given by, Cs =
max
Q�0:Tr (Q)≤P
log det(Ir + Hr QHr† ) − log det(Ie + He QHe† )
Scalar Gaussian Case (Leung-Yan-Cheong & Hellman ’78), Cs = log(1 + SNRr ) − log(1 + SNRe ) New information theoretic upper-bound Convex Optimization Matrix Analysis Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
25 / 35
Secrecy Capacity: Remarks
Cs =
max
Q�0:Tr (Q)≤P
log det(Ir + Hr QHr† ) − log det(Ie + He QHe† )
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
26 / 35
Secrecy Capacity: Remarks
Cs = 1
max
Q�0:Tr (Q)≤P
log det(Ir + Hr QHr† ) − log det(Ie + He QHe† )
Convex Reformulation Cs = min max R+ (Φ, Q) Φ∈P Q∈Q
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
26 / 35
Secrecy Capacity: Remarks
Cs = 1
max
Q�0:Tr (Q)≤P
log det(Ir + Hr QHr† ) − log det(Ie + He QHe† )
Convex Reformulation Cs = min max R+ (Φ, Q) Φ∈P Q∈Q
2
MISOME Case: rank-one covariance is optimal Cs = log+ λmax (I + Phr hr† , I + PHe† He )
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
26 / 35
Secrecy Capacity: Remarks
Cs = 1
max
Q�0:Tr (Q)≤P
log det(Ir + Hr QHr† ) − log det(Ie + He QHe† )
Convex Reformulation Cs = min max R+ (Φ, Q) Φ∈P Q∈Q
2
MISOME Case: rank-one covariance is optimal Cs = log+ λmax (I + Phr hr† , I + PHe† He )
3
High SNR case: GSVD transform Simultaneous diagonalization: (Hr , He )
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
26 / 35
Masked Beamforming Scheme
MISOME Case: Yr = hr† X + Zr , Ye = He X + Ze Dec. 101011
Rx.
Enc.
Tx.
101011
?????? Eaves.
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
27 / 35
Masked Beamforming Scheme
MISOME Case: Yr = hr† X + Zr , Ye = He X + Ze Dec. 101011
Rx.
Enc.
Tx.
101011
?????? Eaves.
Signal of interest: direction of legitimate receiver. Synthetic noise: null-space of legitimate receiver.
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
27 / 35
Masked Beamforming vs. Capacity Achieving Scheme MISOME Case: Yr = hr† X + Zr , Ye = He X + Ze Masked beamforming scheme hr , H e Scalar Wiretap Code
Capacity achieving scheme hr , H e
hr Masked Beam-forming
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
Scalar Wiretap Code
Optimal Beam-forming
28 / 35
Masked Beamforming vs. Capacity Achieving Scheme MISOME Case: Yr = hr† X + Zr , Ye = He X + Ze Masked beamforming scheme hr , H e Scalar Wiretap Code
Capacity achieving scheme hr , H e
hr Masked Beam-forming
Scalar Wiretap Code
Optimal Beam-forming
� � � � P − RMB (hr , He , P) = 0 lim C hr , He , P→∞ Nt Transmit Power: P Transmit antennas: Nt Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
28 / 35
Outline
Motivating Applications Secure Biometrics Smart-Meter Privacy Wireless Systems
Information Theoretic Models Wiretap Channel Model Secret-key agreement
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
29 / 35
Secret Key Generation Maurer ’93, Ahlswede-Csiszar ’93
uN
vN F = f (u N )
A
B k = KA (u N )
kˆ = KB (v N , f )
ˆ ≤ εN Error Probability: Pr(k 6= k) 1 Equivocation: N H(k|f ) ≥ N1 H(k) − εn Rate R = N1 H(k) Ckey = I (u; v ) Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
30 / 35
Achievability Random Binning Technique (Slepian-Wolf ’73) uN
Bin-Index Slepain-Wolf Encoder
4
2
2
2 3 1
Bin 1
4
3 1
3 1
Bin 2
No. of Bins: ≈ 2nH(v |u) No. of Sequences/Bin: ≈ 2nI (u;v ) Information Theoretic Security: Fundamentals and Applications :
Ashish Khisti (University of Toronto)
4
31 / 35
Joint Source and Channel Coding Khisti-Diggavi-Wornell ’08
vN uN yn dec
xn Enc.
p(y , z|x)
zn w.t.
Two types of uncertainty Sources Channel How to combine both these equivocation for secret-key-distillation? Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
32 / 35
Achievability Wiretap Codebook Bin
uN
yn
xn
Index
Bin
vN
Wyner-Ziv Codebook W-Z
Wiretap Decoder
Codeword
W-Z
Secret-Key Codebook
k
k
Encoder
Index
Wyner-Ziv Decoder
Codeword
Secret Key Codebook
Decoder
Rkey = max βI (t; v ) + I (x; y ) − I (x; z) t,x | {z } | {z } src. equiv.
t → u → v,
channel equiv.
β{I (t; u) − I (t; v )} ≤ I (x; y )
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
33 / 35
Capacity Results
Rkey = max βI (t; v ) + I (x; y |z) t,x
t → u → v,
β{I (t; u) − I (t; v )} ≤ I (x; y )
Upper and lower bounds coincide, when channels are degraded or parallel reversely degraded broadcast. Capacity for Parallel Gaussian broadcast channels and Gaussian sources Extension to side information at the eavesdropper, when sources and channels are degraded. Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
34 / 35
Conclusions
Motivating Applications Secure Biometrics Smart-Meter Privacy Wireless Systems
Information Theoretic Models Wiretap Channel Model Secret-key agreement
Information Theoretic Security: Fundamentals and Applications : Ashish Khisti (University of Toronto)
35 / 35
![[PDF] Download Fundamentals Of Information Systems Security ...](https://m.moam.info/img/260x300/pdf-download-fundamentals-of-information-systems-s_647884b1097c474d228d3e07.jpg)
![[Ebooks] Download Fundamentals Of Information Systems Security ...](https://m.moam.info/img/260x300/ebooks-download-fundamentals-of-information-system_6477b555097c47a9708c0396.jpg)
![[PDF] Download Information Security Fundamentals ... - Google Sites](https://m.moam.info/img/260x300/pdf-download-information-security-fundamentals-goo_647773cf097c474d228c0ec1.jpg)
