Upload
silvester-harper
View
283
Download
0
Embed Size (px)
DESCRIPTION
3 Agenda Problem Description Heuristic algorithm for outer problem (Initial) Lagrangean Relaxation problem Heuristic algorithm for inner problem
Citation preview
論文進度報告
Advisor: Professor Frank Y.S. Lin Presented by G.W. Chen 陳冠瑋
2
Title考慮服務品質需求下達到資訊遺漏最小化之近似最佳化機密分享與防禦資源配置規劃Near Optimal Secret Sharing and Defense Resource Allocation Plans for QoS Constrained Information Leakage Minimization
3
AgendaProblem DescriptionHeuristic algorithm for outer problem (Initial)Lagrangean Relaxation problemHeuristic algorithm for inner problem
4
Problem DescriptionNetwork operatorDeploy the network topology Select appropriate material in order to achieve the reliability of the networkEnforce QoS routing mechanism and the secret sharing strategyAllocate the defense budget on nodesAttackerApply attack power to compromise more valuable nodesRecover information and maximize damageSteal the threshold number of sharesGet the corresponding decrypt key
5
Objective function
ZS Max ,Minpiiiimil x,a,y,Z,,b,,k
6
Outer problem
7
Reliability
Defense
QoS requirement
8
Initial Outer problemStep 1: Determine the number of nodes and secretStep 2: Use the lowest material to construct the grid networkStep 3: Depend on the request of users to determine the candidate location which shares and keys can be placedStep 4: Check QoS requirements
if ok, go to Step 5if not, execute replication mechanism
Step 5: Execute reliability verificationStep 6: Use the remaining resource to allocate defense capability
1) Degree based 2) Uniform based 3) Share_count based
9
Replication MechanismStep 1: For each user, check their receivable range, to check how many shares or key they need
Step 2: If there is the same candidate node, we assign the replicate key or share to this node, or we assign the replicate share or key in receivable range depending on their degree
Step 3: Repeat Step 1 and Step 2 until all constrain are satisfied
10
User
User
Secret 1
Secret 1
Secret 2
Secret 2
Secret 2
Secret 2
Secret 1
Secret 1
User
11
j
1 2 3 4 m
22
Secretv
2
1
2
1
LLNN
Mesh networ
k
12
Reliability Verification (Artificial flow)-1Step 1: Set important level: User to Secret
For each user, mark the farther node which is the most hop counts from secret to user
Step 2: Use the min cost flow algorithm to reach marked nodes (artificial capacity= 1)
Step 3: Execute step 2 until all artificial flows can be achieved then go to Step 5, if not, then go to Step 4
13
User 1User 2
Secret 1
Secret 1
Secret 2
Secret 2
Secret 2
Secret 2
Secret 1
Secret 1
14
Reliability Verification (Artificial flow)-2Step 4: Find the nearest distance between node (N1) where artificial flow can arrive from the user and the other node (N2) where artificial flow can arriveCheck whether the nodes exist or not
If yes, to construct the link between Node1 and Node2If no, to construct the link between User and Marked nodeAdd them to total_construction_cost
15
User 1User 2
Secret 1
Secret 1
Secret 2
Secret 2
N1
N2
16
Reliability Verification (Artificial flow)-3Step 5: Check the reliability of each artificial path,
If yes, go to Step 6If no, to enhance the level of the material to achieve reliability
• The rule: choose the smaller latency link to enhance Step 6: Stop
17
Inner problem
18
19
20
21
1 1
1
2,3
2
2
3
3
S
key1
key2
key3
Share Key
1
2
3
22
Sub-problem 11 1
1
2,3
2
2
3
3
S
key1
key2
key3
每個 Node 都會有唯一的攻擊路徑
px
23
Sub-problem 2
2 3
2S
3S
1S 1S
2S
3S
1
1S
2S
3S
全部資訊皆復原Z
24
Sub-problem 3 1 1
1
2,3
2
2
3
3
S
key1
key2
key3
攻擊預算為 四單位的防禦資源
ii y and a
25
Heuristic AlgorithmStep 1: Make Xp’s value as the candidate attack pathStep 2: Compromise all nodes on the candidate attack pathsStep 3: If total_attack_cost >attack_budget, then go to Step 4, otherwise go to Step 6Step 4: Calculate the weight of node dynamically and choose the largest weight to remove its attack_budget Step 5: Execute step 4 repeatedly until total_attack_cost <= attack_budget
26
Heuristic AlgorithmTotal_attack_cost > Budget
27
1 1
1
2,3
2
2
3
3
S
key1
key2
key3
Share Key
1
2
3
28
Check basket
RecoveredSecret
UnrecoveredSecret
RedundantNo Yes
Key Share
1 3 2 3
Leaf node
Node damage
29
Compromised node damage (1) The recovered secret:
Shares or Key in Node i:
Redundant share or key:
2*shold[j]share_thre[j])[j](*ge[j]Secretdama mageNode[i].da 43
shold[j]share_thre
[j])[j](age[j])*(Secretdam*5 mageNode[i].da 43
30
Compromised node damage (2)The unrecovered Secret
Key
Share
shold[j]share_thre
[j])[j](*ge[j]Secretdama mageNode[i].da 43
2*shold[j]share_thre
[j])[j](*ge[j]Secretdama mageNode[i].da 43
31
Compromised node weightCalculate the weight of Node i
Node[i].weight)[i] u* NodeNum.damage)/(Node[i](AnCap[i] ightNode[i].we 1
2
32
1 1
1
2,3
2
2
3
3
S
key1
key2
key3
Share Key
1
2
3
2,3
33
1 1
1
2,3
2
2
3
3
S
key1
key2
key3
Share Key
1
2
3
2,3
1
34
Heuristic AlgorithmTotal_attack_cost < Budget
35
Heuristic AlgorithmStep 6: Check the basket of the attacker and recalculate the weight of the node, then set compromised node’s weight to 0 Step 7: Find shortest path using this weight by dijkstra’s algorithm and calculate each node’s path weight and sort themStep 8: For all unrecovered secret, we sum up the weight of the path until it could be recovered, and set the smallest weight to be the target secret Step 9: To find the smallest weight of the path in the target secret, if path_cost <= remaining_budget to compromise all nodes on path and set the weight of node to 0, otherwise to find next path Step 10: Execute Step 6~ Step 8 repeatedly until all secret are already checked
36
Check basket UnrecoveredSecret
IS_keyin_basket IS_enough_sharein_basket
diff_threshold
NeitherKey nor en_share
diff_threshold
1 3
1 2
4 5Yes
No
Key
Yes
No
Share
Check Node
Share Key
Uncompromised node damage
37
Uncompromised node damage (1)For the unrecovered secret:
If key in the basketSome shares in Node i
Acquire few shares to recover
Enough shares in the basket
re[j])basket_sha-eshold[j](share_thr[j])[j](*ge[j]Secretdama*2 mageNode[i].da 43
[j])[j](*ge[j]Secretdama*5 mageNode[i].da 43
[j])[j](*ge[j]Secretdama*5 mageNode[i].da 43
38
Uncompromised node damage (2) Neither key nor enough shares
If the key in Node i
If the share in Node i
Acquire few shares to meet threshold
re[j])basket_sha-eshold[j](share_thr[j])[j](*ge[j]Secretdama*4 mageNode[i].da 43
re[j]basket_sha-shold[j]share_thre[j])[j](*ge[j]Secretdama mageNode[i].da 43
[j])[j](*ge[j]Secretdama*3 mageNode[i].da 43
39
Compromised node weightCalculate the weight of Node i
Node[i].weight
path[i].weight)[i] u* NodeNum.damage)/(Node[i](AnCap[i] ightNode[i].we 1
2
iPi
ightnode[i].we ightpath[i].we
40
1 1
1
2,3
2
2
3
3
S
key1
key2
key3
Share Key
1
2
3
41
1 1
1
2,3
2
2
3
3
S
key1
key2
key3
Share Key
1
2
3
42
1 1
1
2,3
2
2
3
3
S
key1
key2
key3
Share Key
1
2
3
43
Thanks !!