Applying error correction codes to achieve security and dependability

https://doi.org/10.1016/j.csi.2012.06.009Get rights and content

Abstract

We apply Linear Error Correction (LEC) code to a novel encoding scheme to assure two fundamental requirements for transmission channels and storage units: security and dependability. Our design has the capacity to adapt itself to different applications and their various characteristics such as availability, error rate, and vulnerabilities. Based on simple logic operations, our scheme affords fast encryption, scalability (dual or more column erasures), and flexibility (LEC encoder employed as a front end to any conventional compression scheme). Performance results are very promising: Experiments on dual erasures outperform conventional compression algorithms including Arithmetic Coding, Huffman, and LZ77.

Highlights

► We employ error correction codes to provide security and dependability. ► Dual erasures are implemented for use as a front end to conventional compression. ► The underlying functionality is provided by the fast and simple XOR scheme.

Introduction

There is an unavoidable tradeoff between security and dependability. Whereas security strives for reducing redundancy to prevent unintended exposure of data, dependability relies on augmented redundancy to ensure recovery in case of failure. Despite this tradeoff, both security and dependability are the essential components of a data transmission and storage system, and have been studied in many scholar works, such as [1], [2], [3]. In case the field of application allows so, separate manipulation of security and dependability would be the ultimate solution. But in practice, very few systems provide this flexibility, due to bandwidth and/or storage restrictions.

In general, problems that we encounter in the area of security and dependability can be grouped into two categories: From the security point of view, network vulnerabilities (e.g. attacks towards confidentiality, integrity, availability, authentication, and non-repudiation), export restrictions enforced on some cryptographic tools (which may further lead to underperforming systems), and conflicting security requirements of multi-layered systems that are in interaction can be listed among these problems [4], [5]. From the dependability perspective, common problems are intolerably high error rates, excessive amount of disconnections, physical vulnerabilities of network devices, and insufficient bandwidth [6], [7]. These issues are especially related to the main concerns of mobile networks, for which we think our encryption scheme would be a good fit.

As the basis of our work, we use the idea of Forward Error Correction (FEC) code, which is a common technique that is used for error recovery. In a transmission system, errors occur out of erasures when highly corrupt data cannot be accepted and dropped deliberately at lower layers of the network protocol. Therefore, erasures are missing data at known locations. FEC codes append redundant data to the original payload to guarantee recovery on the receiving end [8]. In our design, we utilize an error recovery implementation that uses FEC: The Linear Error Correction (LEC) developed by [9]. In LEC, data is rearranged as a 2-dimensional matrix and redundant data (called check elements) are calculated with a series of XOR operations on the matrix. In general, LEC guarantees to recover k columns by introducing k redundant columns. We use LEC to serve our purpose of providing a security scheme that will accompany a transmission/storage system: We first deliberately erase parts of the original data on the sender side, then recover the original data using LEC on the receiver. To ensure correct recovery, we let an encoding key shared by sender and receiver.

The rest of the paper is organized as follows: Section 2 presents the background and the underlying motivation behind our design, Section 3 describes the theoretical basis of our scheme, Section 4 presents experimental results, and Section 5 concludes the paper and suggests future work.

Section snippets

Background and motivation

In literature, several scholar works that employ error correction codes for encryption exist. McEliece [10] has introduced the idea of transforming plaintext into Goppa codes (a type of error correcting code) for public key encryption, and Govaerts et al. [11] developed a software implementation of this encryption. McEliece encryption did not gain too much acceptance because it involves 219 bits long public key, and yields a ciphertext double the size of plaintext. In [12], authors introduce a

Theoretical basis

Originally, LEC was designed as a tool to recover original data on the receiving end. For our implementation, its gain is two fold: (1) LEC provides improved reliability when transmission channel has poor performance; (2) it provides extra security, when data transmitted needs to be disguised from unintended third parties.

In this section, we describe the details of the encryption that are provided by the LEC scheme. We first explain the details of the simplified approach, where LEC encoding

Experimental work and results

Essentially being an encoding scheme, LEC provides security by rendering input text in such a way that it becomes unintelligible to the unintended third parties. Moreover, LEC, implemented as a front end to a conventional compression tool, helps improve its compression rate.

The LEC encoder deliberately removes arbitrary columns from input data so that during transmission (or storage) these lost columns help provide enhanced security. Even though data is acquired by unintended third parties, it

Conclusion

We present a novel encryption scheme based on LEC encoding to provide security and dependability. We get promising results that improve compression performances of existing algorithms, namely Arithmetic Coding, Huffman, and LZ77, and are comparable with existing encryption tools. LEC encoder can lend itself as a front end to any compression algorithm. Applying compression with LEC also provides an extra security feature with amplified confusion for the overall system.

As a separate stand alone

Ebru Celikel Cankaya is a Senior Lecturer at the University of Texas at Dallas Department of Computer Science. Dr. Cankaya has received the PhD degree from Ege University, Turkey in 2004. As an Assistant Professor, she has taught and conducted research in several institutions such as Ege University, Izmir University of Economics, Izmir University in Turkey, and Earlham College in Richmond, IN, and — as an adjunct professor — Southern Methodist University in Dallas, TX. Dr. Cankaya did

References (29)

  • Y. Asnar et al.

    Organizational patterns for sec.&dependability: from design to appl

    International Journal of Secure Software Engineering

    (2010)
  • M. Al-Kuwaiti et al.

    Analysis of N/w dependability, fault-tolerance, reliability, security, and survivability

    IEEE Communications Surveys & Tutorials

    (2009)
  • N. Ahmed et al.

    Security of dependable systems

    (2012)
  • D. Gollmann et al.

    Quality of protection: sec. measurements&metrics

    AIS

    (2010)
  • G. Spanoudakis et al.

    Security&dependability for ambient intelligence

    (2010)
  • A. Casimiro et al.

    Architecting dependable systems VII

    LNCS

    (2011)
  • P. Limbourg

    Dependability modelling under uncertainty: an imprecise probabilistic approach

    Studies in Computational Intelligence

    (2010)
  • T. Mizuochi

    Forward error correction (chapter in high spectral density optical communication technologies

  • Z. Alkhalifa et al.

    IEEE Int'l Workshop on On-Line Testing

    (July 1998)
  • D.J. Bernstein et al.

    Wild McEliece

  • R. Govaerts et al.

    A software implementation of the McEliece Public-Key cryptosystem

    D.J. Bernstein

    Grover vs. McEliece

  • C.H. Mathur et al.

    High diffusion cipher: encryption and error correction in a single cryptographic primitive

    LNCS

    (June 2006)
  • E.A. Okolnishnikova

    Lower bound for the computation complexity of BCH-codes for branching programs

    Diskretnyj Analiz i Issledovanie Operatsij

    (2009)
  • S. Bahmani et al.

    Joint decoding of unequally protected JPEG2000 bitstreams and Reed–Solomon codes

    IEEE Transactions on Image Processing

    (2010)
  • Ebru Celikel Cankaya is a Senior Lecturer at the University of Texas at Dallas Department of Computer Science. Dr. Cankaya has received the PhD degree from Ege University, Turkey in 2004. As an Assistant Professor, she has taught and conducted research in several institutions such as Ege University, Izmir University of Economics, Izmir University in Turkey, and Earlham College in Richmond, IN, and — as an adjunct professor — Southern Methodist University in Dallas, TX. Dr. Cankaya did postdoctoral research at the University of Texas at Dallas Department of Computer Science on database security and risk management and is currently continuing research with the cyber security group. She has worked as a lecturer, and then as a senior lecturer at the University of North Texas between 2007 and 2011.

    Suku Nair is a Professor and Chair in the Computer Science and Engineering Department at Southern Methodist University in Dallas where he held a J. Lindsay Embrey Trustee Professorship in Engineering. His research interests include Network Security, Network Restoration, and Fault-Tolerant Computing. He is the founding director of HACNet (High Assurance Computing and Networking) Labs, the premier security research lab in SMU. He has published more than 100 journal and conference papers in the area of high assurance computing and networking. His research has been supported through funds from the National Science Foundation (NSF), the National Security Agency (NSA), the National Institute for Standards and Technology (NIST), the Office of Naval Research (ONR), and various industries including Lockheed Martin, Alcatel, Nortel, DSC (now Alcatel), Electronic Warfare Associates, Globeranger, and Revere Security. He received his B.S. in Electronics and Telecommunication Engineering from the University of Kerala, India and M.S. and Ph.D. in Electrical and Computer Engineering from the University of Illinois at Urbana in 1988 and 1990, respectively.

    Dr. Hakki C. Cankaya is currently a technical assurance lead and a solutions architect at Fujitsu Network Communications, Richardson, Texas. He is also an adjunct professor at Lyle School of Engineering in Southern Methodist University. Dr. Cankaya has worked as a research scientist in Alcatel-Lucent Bell-Labs and served as a member of Alcatel-Lucent Technical Academy. He completed his postdoc research studies at Erik Jonsson School of Engineering and Computer Science, University of Texas at Dallas.

    View full text