Reliable and perfectly secret communication over the generalized Ozarow-Wyner’s wire-tap channel
Introduction
Secure communications require two equally important conditions being concurrently guaranteed: (i) integrity, i.e., correct reception of the message by the intended recipient; and, (ii) confidentiality, i.e., only authorized users should be able to access the content of the message. The integrity of the message received by the addressee may be voluntarily endangered by an adversary (e.g., through jamming) or disturbed by natural phenomena such as noise, distortion, and fading. Even when the adversary is not able (or not intending) to modify the message, she can easily eavesdrop on the transmissions whenever the communication channel is insecure (e.g., wireless). Regardless of the origin of the noise, reliable communication over noisy channels is usually made possible by adding redundancy to the data transmitted through Error-Correcting Codes (ECC), whereas cryptography is the standard solution to enforce data confidentiality and integrity under active attacks [1].
In many circumstances, the adversary can access and/or modify only a limited amount of information with respect to the intended recipient. To describe a similar scenario, Wyner introduced a model for physical layer security, called wire-tap channel model [2], in which the message travels over two different channels: the main channel, accessible to the addressee, and the eavesdropper’s channel, suffering from superior noise. The model was later simplified by Ozarow and Wyner with the introduction of the wire-tap channel II (or Ozarow-Wyner’s wire-tap channel) [3], in which the main channel is noiseless, and the concept of eavesdropper’s channel is substituted by the assumption that the adversary can choose any subset of l ≤ n noiseless digits, where n is the message length. The Generalized Ozarow-Wyner’s wire-tap (GOW) channel [4] combines the wide applicability of the original wire-tap channel with the precisely defined eavesdropper of the wire-tap II, assuming that the main channel is a Discrete Memoryless Channel (DMC), and that the adversary can eavesdrop on a subset of l codeword digits of her choice.
For traditional channels, Shannon proved that it is possible to reliably communicate at rates arbitrarily close to the channel’s capacity, provided that codewords are sufficiently long. Similarly, Wyner proved that it is possible to reliably and securely communicate (i.e., achieving perfect secrecy) over the wire-tap channel at rates arbitrarily close to what he called the secrecy capacity of the channel. Wyner did not propose any practical construction for a perfectly secret and reliable code, but recent work showed how the secrecy capacity of the channel can be actually achieved with advanced coding schemes [5], [6]. Unfortunately, all similar results consider the asymptotic behaviour of the code, i.e., perfect secrecy is only guaranteed when the message becomes “infinitely long”. Traditional ECCs that achieve some level of secrecy exist [7], and secret sharing [8] or similar techniques can provide perfect secrecy over the wire-tap channel II, but none of them alone can provide both security requirements over the GOW channel.
While trying to maximize the rate of secure communications is extremely fascinating, it is likewise important to understand whether current protocols, that do not require cryptography or unrealistically long codewords, can concurrently guarantee perfect secrecy and resilience to transmission errors, and what is the related overhead. In this paper, we show how to combine ECCs and secret sharing to achieve perfect secrecy while enforcing arbitrary error correction capabilities in the GOW wire-tap channel model. What we propose is a thorough analysis of a constructive solution that can serve as a benchmark to which previous and future proposals can be compared.
In this paper we provide the following contributions:
- •
We introduce the uncertainty rate security metric, defined as a special case of the well known equivocation rate [9]. We show that the proposed metric is particularly suitable for measuring the security of a code in the GOW channel;
- •
Relying on the proposed uncertainty rate, we show how to easily measure the level of confidentiality guaranteed by a linear ECC when used over the GOW channel. In particular, we exhibit a simple proof that such codes alone cannot achieve perfect secrecy—as already known in the literature for the traditional wire-tap channel;
- •
We propose a novel, general and constructive procedure based on secret sharing that transforms any ECC into a secure wire-tap code. Analytic results prove that through this procedure we achieve perfect secrecy and resilience to data loss;
- •
We thoroughly analyse the pros and cons of the solution proposed, discussing them with the help of a toy example, and outlining a more realistic case study.
To the best of our knowledge, our approach to secure communications leveraging the physical layer is completely independent from similar solutions in the literature, with the further benefit of being extremely practical and constructive.
We start with a complete characterization of our system model in Section 2, that includes an overview of linear ECCs and secret sharing schemes1. In Section 3 we discuss related work. In Section 4 we introduce the notion of uncertainty rate and use it to discuss deficiencies and limitations of linear codes under the considered threat model. In Section 5, after highlighting why secret sharing alone is not a feasible option, we propose a constructive solution based on a combination of secret sharing with an ECC, and discuss it via a toy example. Finally, Section 6 reports our conclusions.
Section snippets
Coding primitives and channel model
In this section, we recall the definition and the main properties of the coding primitives that will be used in the sequel of this paper, and we characterize our channel model. More specifically, in Section 2.1 we briefly review linear ECCs and secret sharing schemes, while in Section 2.2 we describe the Generalized Ozarow-Wyner’s wire-tap (GOW) channel model [3]. Hereinafter, Fq will denote the finite field of order q, where is a prime power.
Related work
Whenever communication occurs over an insecure channel, it is fundamental to concurrently ensure integrity and confidentiality of the transmitted data. In particular, the recent rise of wireless transmissions drew the attention to physical-layer security as a promising paradigm to protect communications against eavesdropping attacks by exploiting the physical characteristics of the channel [11]. The fundamentals for physical-layer security [7] were laid in the early seventies with the
Security of linear codes in the generalized Ozarow-Wyner’s model
In this section we provide fundamental results helpful to determine the level of security provided by linear ECCs when used as encoders in the Generalized Ozarow-Wyner’s (GOW) model. To this end, we first introduce in Section 4.1 the notion of uncertainty rate, to capture to which extent a code used over a specific channel leaks information concerning the transmitted data. Then, in Section 4.2 we introduce two practical formulas binding the uncertainty rate of the code to its parameters and to
A constructive solution: combining secret sharing and ECC
In Section 4, we showed that deterministic ECCs cannot offer perfect secrecy, and that the error correcting capability of a code is proportional to the information leakage it causes. Randomized encoders can represent a viable solution, but only when the main channel is noiseless, as discussed in Section 4.4. However, the negative results of deterministic encoders suggest exploring other constructions relying on the same rationale of randomized encoders, that is, obfuscating the codeword of
Conclusion
In this paper, we focused on the Generalized Ozarow-Wyner’s wire-tap (GOW) channel model and, to the best of our knowledge, we are the first to provide constructive solutions that combine secret sharing and linear error-correcting codes to overcome the presence of transmission errors, while guaranteeing perfect security. We also introduced a security metric, called uncertainty rate, that specifies the equivocation rate in the context of linear error-correcting codes. This newly introduced
Acknowledgements
We would like to thank the anonymous reviewers for their comments, that helped improve the quality of the manuscript.
Giulio Aliberti is a third year PhD student in Mathematics at the University of Roma Tre. His main research interests include security and privacy in communication networks, models of complex networks, knowledge discovery and data mining, distributed algorithms and data compression techniques.
References (38)
- et al.
Physical-layer security: combining error control coding and cryptography
Communications, 2009. ICC ’09. IEEE International Conference on
(2009) The Wire-tap Channel
Bell Syst. Tech. J.
(1975)- et al.
Wire-tap channel II
- et al.
Wiretap channel ii with a noisy main channel
Information Theory (ISIT), 2015 IEEE International Symposium on
(2015) - et al.
On perfect and adaptive security in exposure-resilient cryptography.
- et al.
Invertible extractors and wiretap protocols
Inf. Theor. IEEE Trans.
(2012) - et al.
Physical-Layer Security: From Information Theory to Security Engineering
(2011) How to share a secret
Commun. ACM
(1979)- et al.
The secrecy capacity of the mimo wiretap channel
Inf. Theor. IEEE Trans.
(2011) Safeguarding cryptographic keys
Proceedings of the 1979 AFIPS National Computer Conference
(1979)
Improving physical-layer security in wireless communications using diversity techniques
Netw. IEEE
Broadcast channels with confidential messages.
IEEE Trans. Inf. Theor.
The gaussian wire-tap channel
Inf. Theor. IEEE Trans.
The strong secret key rate of discrete random triples
Information-theoretic key agreement: From weak to strong secrecy for free
Coding for secrecy: An overview of error-control coding techniques for physical-layer security.
IEEE Signal Process. Mag.
On the continuity of the secrecy capacity of compound and arbitrarily varying wiretap channels
IEEE Trans. Inf. Foren. Security
Secrecy capacity region of some classes of wiretap broadcast channels.
IEEE Trans. Inf. Theor.
On the secrecy capacity of the wiretap channel with imperfect main channel estimation
Commun. IEEE Trans.
Cited by (0)
Giulio Aliberti is a third year PhD student in Mathematics at the University of Roma Tre. His main research interests include security and privacy in communication networks, models of complex networks, knowledge discovery and data mining, distributed algorithms and data compression techniques.
Prof. Dr. Roberto Di Pietro is Global Security Research Head for Nokia Bell Labs. His main research interests include security and privacy for wireless systems, cloud and virtualization security, security and privacy for distributed systems, applied cryptography, computer forensics, and analytics for role and profile mining. He is also an Associate Professor in Computer Science at University of Padova.
Dr. Stefano Guarino is a research fellow at the Institute for Applied Maths of the Italian National Research Council (IAC - CNR), within the Project IANCIS funded by the 2013 ISEC Programme of the European Commission. His main research interests comprehend coding theory, cryptography and distributed algorithms, with focus on information security and privacy, physical-layer security, ad-hoc networks, cloud storage, and automated (dark) web mining.