Elsevier

Computer Networks

Volume 109, Part 1, 9 November 2016, Pages 21-30
Computer Networks

Reliable and perfectly secret communication over the generalized Ozarow-Wyner’s wire-tap channel

https://doi.org/10.1016/j.comnet.2016.06.034Get rights and content

Abstract

In a typical secure communication system, messages undergo two different encodings: an error-correcting code is applied at the physical layer to ensure correct reception by the addressee (integrity), while at an upper protocol layer cryptography is leveraged to enforce secrecy with respect to eavesdroppers (confidentiality). All constructive solutions proposed so far to concurrently achieve both integrity and confidentiality at the physical layer, aim at meeting the secrecy capacity of the channel, i.e., at maximizing the rate of the code while guaranteeing an asymptotically small information leakage.

In this paper, we propose a viable encoding scheme that, to the best of our knowledge, is the first one to guarantee both perfect secrecy (i.e., no information leakage) and reliable communication over the generalized Ozarow-Wyner’s wire-tap channel. To this end, we first introduce a metric called uncertainty rate that, similarly to the equivocation rate metric, captures the amount of information leaked by a coding scheme in the considered threat model, but it is simpler to apply in the context of linear codes. Based on this metric, we provide an alternative and simpler proof of the known result that no linear error-correcting code alone can achieve perfect secrecy. Finally, we propose a constructive solution combining secret sharing and linear error-correcting codes, and we show that our solution provides the desired combination of reliable and perfectly secret communication. The provided solution, other than being supported by thorough analysis, is viable in practical communication systems.

Introduction

Secure communications require two equally important conditions being concurrently guaranteed: (i) integrity, i.e., correct reception of the message by the intended recipient; and, (ii) confidentiality, i.e., only authorized users should be able to access the content of the message. The integrity of the message received by the addressee may be voluntarily endangered by an adversary (e.g., through jamming) or disturbed by natural phenomena such as noise, distortion, and fading. Even when the adversary is not able (or not intending) to modify the message, she can easily eavesdrop on the transmissions whenever the communication channel is insecure (e.g., wireless). Regardless of the origin of the noise, reliable communication over noisy channels is usually made possible by adding redundancy to the data transmitted through Error-Correcting Codes (ECC), whereas cryptography is the standard solution to enforce data confidentiality and integrity under active attacks [1].

In many circumstances, the adversary can access and/or modify only a limited amount of information with respect to the intended recipient. To describe a similar scenario, Wyner introduced a model for physical layer security, called wire-tap channel model [2], in which the message travels over two different channels: the main channel, accessible to the addressee, and the eavesdropper’s channel, suffering from superior noise. The model was later simplified by Ozarow and Wyner with the introduction of the wire-tap channel II (or Ozarow-Wyner’s wire-tap channel) [3], in which the main channel is noiseless, and the concept of eavesdropper’s channel is substituted by the assumption that the adversary can choose any subset of ln noiseless digits, where n is the message length. The Generalized Ozarow-Wyner’s wire-tap (GOW) channel [4] combines the wide applicability of the original wire-tap channel with the precisely defined eavesdropper of the wire-tap II, assuming that the main channel is a Discrete Memoryless Channel (DMC), and that the adversary can eavesdrop on a subset of l codeword digits of her choice.

For traditional channels, Shannon proved that it is possible to reliably communicate at rates arbitrarily close to the channel’s capacity, provided that codewords are sufficiently long. Similarly, Wyner proved that it is possible to reliably and securely communicate (i.e., achieving perfect secrecy) over the wire-tap channel at rates arbitrarily close to what he called the secrecy capacity of the channel. Wyner did not propose any practical construction for a perfectly secret and reliable code, but recent work showed how the secrecy capacity of the channel can be actually achieved with advanced coding schemes [5], [6]. Unfortunately, all similar results consider the asymptotic behaviour of the code, i.e., perfect secrecy is only guaranteed when the message becomes “infinitely long”. Traditional ECCs that achieve some level of secrecy exist [7], and secret sharing [8] or similar techniques can provide perfect secrecy over the wire-tap channel II, but none of them alone can provide both security requirements over the GOW channel.

While trying to maximize the rate of secure communications is extremely fascinating, it is likewise important to understand whether current protocols, that do not require cryptography or unrealistically long codewords, can concurrently guarantee perfect secrecy and resilience to transmission errors, and what is the related overhead. In this paper, we show how to combine ECCs and secret sharing to achieve perfect secrecy while enforcing arbitrary error correction capabilities in the GOW wire-tap channel model. What we propose is a thorough analysis of a constructive solution that can serve as a benchmark to which previous and future proposals can be compared.

In this paper we provide the following contributions:

  • We introduce the uncertainty rate security metric, defined as a special case of the well known equivocation rate [9]. We show that the proposed metric is particularly suitable for measuring the security of a code in the GOW channel;

  • Relying on the proposed uncertainty rate, we show how to easily measure the level of confidentiality guaranteed by a linear ECC when used over the GOW channel. In particular, we exhibit a simple proof that such codes alone cannot achieve perfect secrecy—as already known in the literature for the traditional wire-tap channel;

  • We propose a novel, general and constructive procedure based on secret sharing that transforms any ECC into a secure wire-tap code. Analytic results prove that through this procedure we achieve perfect secrecy and resilience to data loss;

  • We thoroughly analyse the pros and cons of the solution proposed, discussing them with the help of a toy example, and outlining a more realistic case study.

To the best of our knowledge, our approach to secure communications leveraging the physical layer is completely independent from similar solutions in the literature, with the further benefit of being extremely practical and constructive.

We start with a complete characterization of our system model in Section 2, that includes an overview of linear ECCs and secret sharing schemes1. In Section 3 we discuss related work. In Section 4 we introduce the notion of uncertainty rate and use it to discuss deficiencies and limitations of linear codes under the considered threat model. In Section 5, after highlighting why secret sharing alone is not a feasible option, we propose a constructive solution based on a combination of secret sharing with an ECC, and discuss it via a toy example. Finally, Section 6 reports our conclusions.

Section snippets

Coding primitives and channel model

In this section, we recall the definition and the main properties of the coding primitives that will be used in the sequel of this paper, and we characterize our channel model. More specifically, in Section 2.1 we briefly review linear ECCs and secret sharing schemes, while in Section 2.2 we describe the Generalized Ozarow-Wyner’s wire-tap (GOW) channel model [3]. Hereinafter, Fq will denote the finite field of order q, where q=pv is a prime power.

Related work

Whenever communication occurs over an insecure channel, it is fundamental to concurrently ensure integrity and confidentiality of the transmitted data. In particular, the recent rise of wireless transmissions drew the attention to physical-layer security as a promising paradigm to protect communications against eavesdropping attacks by exploiting the physical characteristics of the channel [11]. The fundamentals for physical-layer security [7] were laid in the early seventies with the

Security of linear codes in the generalized Ozarow-Wyner’s model

In this section we provide fundamental results helpful to determine the level of security provided by linear ECCs when used as encoders in the Generalized Ozarow-Wyner’s (GOW) model. To this end, we first introduce in Section 4.1 the notion of uncertainty rate, to capture to which extent a code used over a specific channel leaks information concerning the transmitted data. Then, in Section 4.2 we introduce two practical formulas binding the uncertainty rate of the code to its parameters and to

A constructive solution: combining secret sharing and ECC

In Section 4, we showed that deterministic ECCs cannot offer perfect secrecy, and that the error correcting capability of a code is proportional to the information leakage it causes. Randomized encoders can represent a viable solution, but only when the main channel is noiseless, as discussed in Section 4.4. However, the negative results of deterministic encoders suggest exploring other constructions relying on the same rationale of randomized encoders, that is, obfuscating the codeword of

Conclusion

In this paper, we focused on the Generalized Ozarow-Wyner’s wire-tap (GOW) channel model and, to the best of our knowledge, we are the first to provide constructive solutions that combine secret sharing and linear error-correcting codes to overcome the presence of transmission errors, while guaranteeing perfect security. We also introduced a security metric, called uncertainty rate, that specifies the equivocation rate in the context of linear error-correcting codes. This newly introduced

Acknowledgements

We would like to thank the anonymous reviewers for their comments, that helped improve the quality of the manuscript.

Giulio Aliberti is a third year PhD student in Mathematics at the University of Roma Tre. His main research interests include security and privacy in communication networks, models of complex networks, knowledge discovery and data mining, distributed algorithms and data compression techniques.

References (38)

  • W. Harrison et al.

    Physical-layer security: combining error control coding and cryptography

    Communications, 2009. ICC ’09. IEEE International Conference on

    (2009)
  • A.D. Wyner

    The Wire-tap Channel

    Bell Syst. Tech. J.

    (1975)
  • L. Ozarow et al.

    Wire-tap channel II

  • M. Nafea et al.

    Wiretap channel ii with a noisy main channel

    Information Theory (ISIT), 2015 IEEE International Symposium on

    (2015)
  • Y. Dodis et al.

    On perfect and adaptive security in exposure-resilient cryptography.

  • M. Cheraghchi et al.

    Invertible extractors and wiretap protocols

    Inf. Theor. IEEE Trans.

    (2012)
  • M. Bloch et al.

    Physical-Layer Security: From Information Theory to Security Engineering

    (2011)
  • A. Shamir

    How to share a secret

    Commun. ACM

    (1979)
  • F. Oggier et al.

    The secrecy capacity of the mimo wiretap channel

    Inf. Theor. IEEE Trans.

    (2011)
  • G. Blakley

    Safeguarding cryptographic keys

    Proceedings of the 1979 AFIPS National Computer Conference

    (1979)
  • ZouY. et al.

    Improving physical-layer security in wireless communications using diversity techniques

    Netw. IEEE

    (2015)
  • I. Csiszár et al.

    Broadcast channels with confidential messages.

    IEEE Trans. Inf. Theor.

    (1978)
  • S. Leung-Yan-Cheong et al.

    The gaussian wire-tap channel

    Inf. Theor. IEEE Trans.

    (1978)
  • U. Maurer

    The strong secret key rate of discrete random triples

  • U. Maurer et al.

    Information-theoretic key agreement: From weak to strong secrecy for free

  • W.K. Harrison et al.

    Coding for secrecy: An overview of error-control coding techniques for physical-layer security.

    IEEE Signal Process. Mag.

    (2013)
  • H. Boche et al.

    On the continuity of the secrecy capacity of compound and arbitrarily varying wiretap channels

    IEEE Trans. Inf. Foren. Security

    (2015)
  • M. Benammar et al.

    Secrecy capacity region of some classes of wiretap broadcast channels.

    IEEE Trans. Inf. Theor.

    (2015)
  • Z. Rezki et al.

    On the secrecy capacity of the wiretap channel with imperfect main channel estimation

    Commun. IEEE Trans.

    (2014)
  • Cited by (0)

    Giulio Aliberti is a third year PhD student in Mathematics at the University of Roma Tre. His main research interests include security and privacy in communication networks, models of complex networks, knowledge discovery and data mining, distributed algorithms and data compression techniques.

    Prof. Dr. Roberto Di Pietro is Global Security Research Head for Nokia Bell Labs. His main research interests include security and privacy for wireless systems, cloud and virtualization security, security and privacy for distributed systems, applied cryptography, computer forensics, and analytics for role and profile mining. He is also an Associate Professor in Computer Science at University of Padova.

    Dr. Stefano Guarino is a research fellow at the Institute for Applied Maths of the Italian National Research Council (IAC - CNR), within the Project IANCIS funded by the 2013 ISEC Programme of the European Commission. His main research interests comprehend coding theory, cryptography and distributed algorithms, with focus on information security and privacy, physical-layer security, ad-hoc networks, cloud storage, and automated (dark) web mining.

    View full text