joint compression and protection

17
© 2005, it - instituto de telecomunicações. Todos os direitos reservados. J.Almeida, J.Barros Instituto de Telecomunicações Universidade do Porto Joint Compression and Protection 47th Annual Allerton Conference on Communication, Control, and Computing University of Illinois at Urbana-Champaign

Upload: lisbet

Post on 20-Jan-2016

24 views

Category:

Documents


0 download

DESCRIPTION

47th Annual Allerton Conference on Communication, Control, and Computing University of Illinois at Urbana-Champaign. Joint Compression and Protection. J.Almeida, J.Barros Instituto de Telecomunicações Universidade do Porto. Conventional Encryption. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Joint Compression and Protection

© 2005, it - instituto de telecomunicações. Todos os direitos reservados.

J.Almeida, J.BarrosInstituto de Telecomunicações

Universidade do Porto

Joint Compression and Protection

47th Annual Allerton Conference on Communication, Control, and ComputingUniversity of Illinois at Urbana-Champaign

Page 2: Joint Compression and Protection

2 Allerton Conference 2009, University of Illinois at Urbana-Champaign

Conventional Encryption

• Insensitive to the characteristics of the communication system

• Compression, channel reliability, etc.

• Encryption of all data

• Limitations

• Delay constraints, energy and power constraints, etc.

Page 3: Joint Compression and Protection

3

Reducing Encryption Complexity

• Is it really necessary to cipher the complete set of data?

• Ex: SPOC [Vilela et al. ‘08].

• Partial encryption algorithms

• Data dependable

• Trade-off between the amount of encrypted data and security.

• Can source coding help?

• Intrinsic security

• Variable length codes are hard to cryptanalyze!

• Preffix codes – Fraenkel and Klein ‘94

• Huffman codes – Gillman, Mohtashemi and Rivest ’96

• Ambiguity

• C0 = {a:0, b:10, c:11}, C1 = {a:1, b:01, c:00}

• C-1(0001011) = AAABC or CBBA?

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Page 4: Joint Compression and Protection

4

Combining Compression and Protection Features

Allerton Conference 2009, University of Illinois at Urbana-Champaign

uEncoder

Eavesdropper

Decoder

Key Source

Message Source

k

u z

• Encoder

• Compression + encryption

• Analysis-by-synthesis type of encoding

• Exploit code properties to reduce size of data to encrypt.

• Decoder

• Decompression + decryption.

z

Page 5: Joint Compression and Protection

5

Combining Compression and Protection Features

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Compression

One-time padAnalysis

Encryption

Entropy coder

Multiplexeru

x

t

y = x t

k

z

t’

k’

x

• Joint design of analysis and entropy coder blocks.

• Minimize the size of t’ to reduce the computational complexity of encryption.

Encoder

Eavesdropper

Decoder

Key Source

Message Source

k

u zu

Page 6: Joint Compression and Protection

6

Combining Compression and Protection Features

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Encoder

Eavesdropper

Decoder

Key Source

Message Source

k

u zu

z

Decompression

One-time pad

Decryption

Entropy coderDemultiplexer

u

tx = y t

k

t’k’

y y

y

Page 7: Joint Compression and Protection

7

The case of Huffman codes

• Catastrophic error propagation

• C = {A: 100, B: 0, C: 111, D: 101, E: 110}

• Source message: BBCBECDBBB

• Encoded bitstream: 001110110111101000

• Decoded symbols: DBDDCBAB

• Fliped two bits and changed several source symbols.

Allerton Conference 2009, University of Illinois at Urbana-Champaign

• Exploit this property for encryption

• Generated keystreams will have long runs of zeros.

• Runlength entropy coder reduces the amount of information we need to encrypt.

Page 8: Joint Compression and Protection

8

Huffman Tree and Trellis

• C = { A:00, B:01, C:10, D:110, E:111 }.

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Page 9: Joint Compression and Protection

9

Trellis based keystreams

• Cryptogram cannot contain the trellis root states of the original codewords

• Define path cost function that reflects the cost of the entropy coder

• Compute the minimum path cost using greedy approach

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Page 10: Joint Compression and Protection

10

Huffman Tree and Error Automaton

• C = { A:00, B:01, C:10, D:110, E:111 }.

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Page 11: Joint Compression and Protection

11

Error Automaton based keystreams

• Transition function between automaton states

• If a codeword leads to a synchronization state modify codeword

• Choice can be subject to optimization regarding the efficiency of the entropy coder

• Keystream is the concatenation of the sequence of modifications

• Error states: {0, 1, 00, 01, 10, 11, 000}

• Source message: CRYPTOGRAPHY

• Cryptogram: YYOHRGOCOGA

Allerton Conference 2009, University of Illinois at Urbana-Champaign

x t s

- - I

C 0000 0010 0

R 010 000 0

Y 001 010 1

P 011 000 1

T 100 000 0

O 101 000 1

G 111 000 1

R 010 000 0

A 0001 0000 1

P 011 000 1

H 110 000 0

Y 001 000 S

Page 12: Joint Compression and Protection

12

Information Leakage

• Assume adversary that

• (a) knows the compression algorithm in use

• (b) knows the encryption algorithm in use

• ... assume also that the one-time pad is correctly used

• Eavesdropper tries to infer x (eq. t) based on y and the algorithm

• No key recovery attacks!

• When do things go wrong?

• When there is not enough diversity in codeword sizes

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Page 13: Joint Compression and Protection

13

Information Leakage - Trellis

Allerton Conference 2009, University of Illinois at Urbana-Champaign

• Eavesdropper knows that his trellis path root states are forged

• Prunes the trellis

• Random choices

• Increases the size of data to encrypt

Page 14: Joint Compression and Protection

14

Information Leakage - Automaton

Allerton Conference 2009, University of Illinois at Urbana-Champaign

• Adversary knows that the 1st codeword has size different from his observation

• Loss of synchronization was induced

• Ignore the size of the 1st codeword and start to decode afterwards

• Use keystream to control how modifications are induce

• Increases the size of data to encrypt

Page 15: Joint Compression and Protection

15

Results

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Page 16: Joint Compression and Protection

16

Results

Allerton Conference 2009, University of Illinois at Urbana-Champaign

Page 17: Joint Compression and Protection

17

Conclusions

• Joint compression and data protection

• Abstraction from compression algorithm

• Analysis-by-synthesis encoding

• Reduction of size of encrypted information

• Link between entropy coder and analysis block

• Trade-off between security, computational and data overheads

• Huffman codes

• Catastrophic error propagation + RL entropy coder

• Encryption algorithms based on loss of synchronization principles

• Further developments

• Cryptanalysis of the proposed algorithms

• Study trade-offs for other entropy coders

• Develop analysis algorithms for other source coders

Allerton Conference 2009, University of Illinois at Urbana-Champaign

http://nip.dcc.fc.up.pt