By Topic

Information Theory, IEEE Transactions on

Issue 6 • Date June 2008

Filter Results

Displaying Results 1 - 25 of 39
  • Table of contents

    Publication Year: 2008 , Page(s): C1 - C4
    Save to Project icon | Request Permissions | PDF file iconPDF (45 KB)  
    Freely Available from IEEE
  • IEEE Transactions on Information Theory publication information

    Publication Year: 2008 , Page(s): C2
    Save to Project icon | Request Permissions | PDF file iconPDF (41 KB)  
    Freely Available from IEEE
  • Introduction to the Special Issue on Information Theoretic Security

    Publication Year: 2008 , Page(s): 2405 - 2407
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | PDF file iconPDF (679 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared Key Models

    Publication Year: 2008 , Page(s): 2408 - 2425
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (437 KB) |  | HTML iconHTML  

    We address the message authentication problem in two seemingly different communication models. In the first model, the sender and receiver are connected by an insecure channel and by a low-bandwidth auxiliary channel, that enables the sender to ldquomanuallyrdquo authenticate one short message to the receiver (for example, by typing a short string or comparing two short strings). We consider this model in a setting where no computational assumptions are made, and prove that for any there exists a -round protocol for authenticating -bit messages, in which only bits are manually authenticated, and any adversary (even computationally unbounded) has probability of at most to cheat the receiver into accepting a fraudulent message. Moreover, we develop a proof technique showing that our protocol is essentially optimal by providing a lower bound of on the required length of the manually authenticated string. The second model we consider is the traditional message authentication model. In this model, the sender and the receiver share a short secret key; however, they are connected only by an insecure channel. We apply the proof technique above to obtain a lower bound of on the required Shannon entropy of the shared key. This settles an open question posed by Gemmell and Naor (Advances in Cryptology-CRYPTO '93, pp. 355-367, 1993). Finally, we prove that one-way functions are necessary (and sufficient) for the existence of protocols breaking the above lower bounds in the computational setting. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information Theoretic Bounds on Authentication Systems in Query Model

    Publication Year: 2008 , Page(s): 2426 - 2436
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (295 KB) |  | HTML iconHTML  

    Authentication codes provide message integrity guarantees in an information theoretic sense within a symmetric key setting. Information theoretic bounds on the success probability of an adversary who has access to previously authenticated messages have been derived by Simmons and Rosenbaum, among others. In this paper, we consider a strong attack scenario where the adversary is adaptive and has access to authentication and verification oracles. We derive information theoretic bounds on the success probability of the adversary and on the key size of the code. This brings the study of unconditionally secure authentication systems on a par with the study of computationally secure ones. We characterize the codes that meet these bounds and compare our result with the earlier ones. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secrecy Capacities for Multiterminal Channel Models

    Publication Year: 2008 , Page(s): 2437 - 2452
    Cited by:  Papers (30)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (392 KB) |  | HTML iconHTML  

    Shannon-theoretic secret key generation by several parties is considered for models in which a secure noisy channel with one input terminal and multiple output terminals and a public noiseless channel of unlimited capacity are available for accomplishing this goal. The secret key is generated for a set A of terminals of the noisy channel, with the remaining terminals (if any) cooperating in this task through their public communication. Single-letter characterizations of secrecy capacities are obtained for models in which secrecy is required from an eavesdropper that observes only the public communication and perhaps also a set of terminals disjoint from A. These capacities are shown to be achievable with noninteractive public communication, the channel input terminal sending no public message and each output terminal sending at most one public message, not using randomization. Moreover, when the input terminal belongs to the set A, it can generate the secret key at the outset and transmit it over the noisy channel, suitably encoded, whereupon the output terminals in A securely recover this key using public communication as above. For models in which the eavesdropper also possesses side information that is not available to any of the terminals cooperating in secrecy generation, an upper bound for the secrecy capacity and a sufficient condition for its tightness are given. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Broadcasting Over Fading Channels

    Publication Year: 2008 , Page(s): 2453 - 2469
    Cited by:  Papers (88)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (503 KB) |  | HTML iconHTML  

    We study a problem of broadcasting confidential messages to multiple receivers under an information-theoretic secrecy constraint. Two scenarios are considered: 1) all receivers are to obtain a common message; and 2) each receiver is to obtain an independent message. Moreover, two models are considered: parallel channels and fast-fading channels. For the case of reversely degraded parallel channels, one eavesdropper, and an arbitrary number of legitimate receivers, we determine the secrecy capacity for transmitting a common message, and the secrecy sum-capacity for transmitting independent messages. For the case of fast-fading channels, we assume that the channel state information of the legitimate receivers is known to all the terminals, while that of the eavesdropper is known only to itself. We show that, using a suitable binning strategy, a common message can be reliably and securely transmitted at a rate independent of the number of receivers. We also show that a simple opportunistic transmission strategy is optimal for the reliable and secure transmission of independent messages in the limit of large number of receivers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Communication Over Fading Channels

    Publication Year: 2008 , Page(s): 2470 - 2492
    Cited by:  Papers (244)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1216 KB) |  | HTML iconHTML  

    The fading broadcast channel with confidential messages (BCC) is investigated, where a source node has common information for two receivers (receivers 1 and 2), and has confidential information intended only for receiver 1. The confidential information needs to be kept as secret as possible from receiver 2. The broadcast channel from the source node to receivers 1 and 2 is corrupted by multiplicative fading gain coefficients in addition to additive Gaussian noise terms. The channel state information (CSI) is assumed to be known at both the transmitter and the receivers. The parallel BCC with independent subchannels is first studied, which serves as an information-theoretic model for the fading BCC. The secrecy capacity region of the parallel BCC is established, which gives the secrecy capacity region of the parallel BCC with degraded subchannels. The secrecy capacity region is then established for the parallel Gaussian BCC, and the optimal source power allocations that achieve the boundary of the secrecy capacity region are derived. In particular, the secrecy capacity region is established for the basic Gaussian BCC. The secrecy capacity results are then applied to study the fading BCC. The ergodic performance is first studied. The ergodic secrecy capacity region and the optimal power allocations that achieve the boundary of this region are derived. The outage performance is then studied, where a long-term power constraint is assumed. The power allocation is derived that minimizes the outage probability where either the target rate of the common message or the target rate of the confidential message is not achieved. The power allocation is also derived that minimizes the outage probability where the target rate of the confidential message is not achieved subject to the constraint that the target rate of the common message must be achieved for all channel states. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Discrete Memoryless Interference and Broadcast Channels With Confidential Messages: Secrecy Rate Regions

    Publication Year: 2008 , Page(s): 2493 - 2507
    Cited by:  Papers (140)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (474 KB) |  | HTML iconHTML  

    We study information-theoretic security for discrete memoryless interference and broadcast channels with independent confidential messages sent to two receivers. Confidential messages are transmitted to their respective receivers while ensuring mutual information-theoretic secrecy. That is, each receiver is kept in total ignorance with respect to the message intended for the other receiver. The secrecy level is measured by the equivocation rate at the eavesdropping receiver. In this paper, we present inner and outer bounds on secrecy capacity regions for these two communication systems. The derived outer bounds have an identical mutual information expression that applies to both channel models. The difference is in the input distributions over which the expression is optimized. The inner bound rate regions are achieved by random binning techniques. For the broadcast channel, a double-binning coding scheme allows for both joint encoding and preserving of confidentiality. Furthermore, we show that, for a special case of the interference channel, referred to as the switch channel, derived bounds meet. Finally, we describe several transmission schemes for Gaussian interference channels and derive their achievable rate regions while ensuring mutual information-theoretic secrecy. An encoding scheme in which transmitters dedicate some of their power to create artificial noise is proposed and shown to outperform both time-sharing and simple multiplexed transmission of the confidential messages. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Some Improved Bounds for Secure Frameproof Codes and Related Separating Hash Families

    Publication Year: 2008 , Page(s): 2508 - 2514
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (184 KB) |  | HTML iconHTML  

    We present some improved bounds on necessary conditions for separating hash families of type {w, w} and type {w, w - 1}. In particular, these bounds apply to secure frame- proof codes, which are equivalent to separating hash families of type {w, w}. We also consider existence results for separating hash families of type {w, w2} that can be obtained from the probabilistic method. The asymptotic behavior of these bounds is analyzed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Wireless Information-Theoretic Security

    Publication Year: 2008 , Page(s): 2515 - 2534
    Cited by:  Papers (285)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1341 KB) |  | HTML iconHTML  

    This paper considers the transmission of confidential data over wireless channels. Based on an information-theoretic formulation of the problem, in which two legitimates partners communicate over a quasi-static fading channel and an eavesdropper observes their transmissions through a second independent quasi-static fading channel, the important role of fading is characterized in terms of average secure communication rates and outage probability. Based on the insights from this analysis, a practical secure communication protocol is developed, which uses a four-step procedure to ensure wireless information-theoretic security: (i) common randomness via opportunistic transmission, (ii) message reconciliation, (iii) common key generation via privacy amplification, and (iv) message protection with a secret key. A reconciliation procedure based on multilevel coding and optimized low-density parity-check (LDPC) codes is introduced, which allows to achieve communication rates close to the fundamental security limits in several relevant instances. Finally, a set of metrics for assessing average secure key generation rates is established, and it is shown that the protocol is effective in secure key renewal-even in the presence of imperfect channel state information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Key Distribution Protocols Based on Noisy Channels in Presence of an Active Adversary: Conventional and New Versions With Parameter Optimization

    Publication Year: 2008 , Page(s): 2535 - 2549
    Cited by:  Papers (3)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (765 KB) |  | HTML iconHTML  

    In this paper, we consider the information-theoretic secure key distribution problem over noisy wiretap channels with public discussion and in the presence of an active adversary. There are several well-known versions of the protocols proposed by Maurer and Wolf to solve this problem. We describe several new versions of the key distribution protocols for the same channel model allowing to increase the key rate given a fixed key security and under an optimization of the protocol parameters. Both asymptotic and nonasymptotic cases are presented. It is shown that in some cases the nonasymptotic key rate is not so far from the asymptotic one whenever the lengths of the transmitted strings are of the order of thousands of bits. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed Source Coding in the Presence of Byzantine Sensors

    Publication Year: 2008 , Page(s): 2550 - 2565
    Cited by:  Papers (10)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (417 KB) |  | HTML iconHTML  

    The distributed source coding problem is considered when the sensors, or encoders, are under Byzantine attack; that is, an unknown group of sensors have been reprogrammed by a malicious intruder to undermine the reconstruction at the fusion center. Three different forms of the problem are considered. The first is a variable-rate setup, in which the decoder adaptively chooses the rates at which the sensors transmit. An explicit characterization of the variable-rate achievable sum rates is given for any number of sensors and any groups of traitors. The converse is proved constructively by letting the traitors simulate a fake distribution and report the generated values as the true ones. This fake distribution is chosen so that the decoder cannot determine which sensors are traitors while maximizing the required rate to decode every value. Achievability is proved using a scheme in which the decoder receives small packets of information from a sensor until its message can be decoded, before moving on to the next sensor. The sensors use randomization to choose from a set of coding functions, which makes it probabilistically impossible for the traitors to cause the decoder to make an error. Two forms of the fixed-rate problem are considered, one with deterministic coding and one with randomized coding. The achievable rate regions are given for both these problems, and it is shown that lower rates can be achieved with randomized coding. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Combinatorial Approach to Deriving Lower Bounds for Perfectly Secure Oblivious Transfer Reductions

    Publication Year: 2008 , Page(s): 2566 - 2571
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (187 KB) |  | HTML iconHTML  

    Consider the scenario where we are given an ideal functionality of oblivious transfer (OT), and we wish to construct a larger OT by invoking the above functionality as a black box. How many invocations of an ideal OT functionality are necessary? In tackling this problem, some lower bounds were derived using entropy previously. In this paper, we manage to achieve tighter lower bounds by employing a combinatorial approach. This new approach yields lower bounds which are two times larger than the existing bounds. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Oblivious-Transfer Capacity of Noisy Resources

    Publication Year: 2008 , Page(s): 2572 - 2581
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (275 KB) |  | HTML iconHTML  

    In this paper, we deal with the task of obtaining oblivious transfer (OT) from noisy resources. We characterize which noisy channels/distributions are useful for obtaining OT. We also introduce the problem of computing the oblivious-transfer capacity of a noisy resource, which measures the optimal way of implementing OT from a noisy channel/distribution. We show that for honest-but-curious sender, the oblivious-transfer capacity of noisy resources is strictly positive. Several open questions are raised. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Perfectly Secure Message Transmission Revisited

    Publication Year: 2008 , Page(s): 2582 - 2595
    Cited by:  Papers (7)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (382 KB) |  | HTML iconHTML  

    Secure communications guaranteeing reliability and privacy (without unproven assumptions) in networks with active adversaries has been an important research issue. It has been studied for point to point networks by Dolev-Dwork-Waarts-Yung (J. ACM 1993), Desmedt-Wang (Eurocrypt 2002), and Srinathan-Narayanan-Rangan (Crypto 2004). Dolev-Dwork-Waarts-Yung gave necessary and sufficient conditions for secure communication in networks with the condition that (1) all the channels are two-way; or (2) all the channels are one-way from the sender to the receiver. In this paper, we study the general case with a network modeled by a directed graph. In this general case, there are communication channels from the sender to the receiver and there are feedback channels from the receiver to the sender. We give necessary and sufficient bounds on the number of channels that are required from sender to receiver given a number of ldquofeedbackrdquo channels from receiver to sender. We give these bounds for the case reliability is perfect, as well as for the case it is not perfect. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Resilient Network Coding in the Presence of Byzantine Adversaries

    Publication Year: 2008 , Page(s): 2596 - 2603
    Cited by:  Papers (72)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (214 KB) |  | HTML iconHTML  

    Network coding substantially increases network throughput. But since it involves mixing of information inside the network, a single corrupted packet generated by a malicious node can end up contaminating all the information reaching a destination, preventing decoding. This paper introduces distributed polynomial-time rate-optimal network codes that work in the presence of Byzantine nodes. We present algorithms that target adversaries with different attacking capabilities. When the adversary can eavesdrop on all links and jam links, our first algorithm achieves a rate of , where is the network capacity. In contrast, when the adversary has limited eavesdropping capabilities, we provide algorithms that achieve the higher rate of . Our algorithms attain the optimal rate given the strength of the adversary. They are information-theoretically secure. They operate in a distributed manner, assume no knowledge of the topology, and can be designed and implemented in polynomial time. Furthermore, only the source and destination need to be modified; nonmalicious nodes inside the network are oblivious to the presence of adversaries and implement a classical distributed network code. Finally, our algorithms work over wired and wireless networks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantum Key Distribution Based on Private States: Unconditional Security Over Untrusted Channels With Zero Quantum Capacity

    Publication Year: 2008 , Page(s): 2604 - 2620
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (414 KB) |  | HTML iconHTML  

    In this paper, we prove unconditional security for a quantum key distribution (QKD) protocol based on distilling pbits (twisted ebits) from an arbitrary untrusted state that is claimed to contain distillable key. Our main result is that we can verify security using only public communication-via parameter estimation of the given untrusted state. The technique applies even to bound-entangled states, thus extending QKD to the regime where the available quantum channel has zero quantum capacity. We also show how to convert our purification-based QKD schemes to prepare/measure schemes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Low-Dimensional Bound Entanglement With One-Way Distillable Cryptographic Key

    Publication Year: 2008 , Page(s): 2621 - 2625
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (160 KB) |  | HTML iconHTML  

    In this paper, we provide a class of bound entangled states that have positive distillable secure key rate. The smallest state of this kind is 4 otimes 4, which shows that peculiar security contained in bound entangled states does not need high-dimensional systems. We show that for these states a positive key rate can be obtained by one-way Devetak-Winter (DW) protocol. Subsequently, the volume of bound entangled key-distillable states for m otimes n Hilbert space with m, n > 4 is shown to be nonzero. We provide a scheme of verification of cryptographic quality of experimentally prepared state in terms of local observables. Proposed set of seven collective settings is proven to be optimal in number of settings. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Matroids and Nonideal Secret Sharing

    Publication Year: 2008 , Page(s): 2626 - 2643
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (462 KB) |  | HTML iconHTML  

    Secret-sharing schemes are a tool used in many cryptographic protocols. In these schemes, a dealer holding a secret string distributes shares to the parties such that only authorized subsets of participants can reconstruct the secret from their shares. The collection of authorized sets is called an access structure. An access structure is ideal if there is a secret-sharing scheme realizing it such that the shares are taken from the same domain as the secrets. Brickell and Davenport (Journal of Cryptology, 1991) have shown that ideal access structures are closely related to matroids. They give a necessary condition for an access structure to be ideal-the access structure must be induced by a matroid. Seymour (Journal of Combinatorial Theory B, 1992) has proved that the necessary condition is not sufficient: There exists an access structure induced by a matroid that does not have an ideal scheme. The research on access structures induced by matroids is continued in this work. The main result in this paper is strengthening the result of Seymour. It is shown that in any secret-sharing scheme realizing the access structure induced by the Vamos matroid with domain of the secrets of size k, the size of the domain of the shares is at least k + Omega(radic(k)). The second result considers nonideal secret-sharing schemes realizing access structures induced by matroids. It is proved that the fact that an access structure is induced by a matroid implies lower and upper bounds on the size of the domain of shares of subsets of participants even in nonideal schemes (as long as the shares are still relatively short). This generalized results of Brickell and Davenport for ideal schemes. Finally, an example of a nonideal access structure that is nearly ideal is presented. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Codes, Matroids, and Secure Multiparty Computation From Linear Secret-Sharing Schemes

    Publication Year: 2008 , Page(s): 2644 - 2657
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (378 KB) |  | HTML iconHTML  

    Error-correcting codes and matroids have been widely used in the study of ordinary secret sharing schemes. In this paper, the connections between codes, matroids, and a special class of secret sharing schemes, namely, multiplicative linear secret sharing schemes (LSSSs), are studied. Such schemes are known to enable multiparty computation protocols secure against general (nonthreshold) adversaries. Two open problems related to the complexity of multiplicative LSSSs are considered in this paper. The first one deals with strongly multiplicative LSSSs. As opposed to the case of multiplicative LSSSs, it is not known whether there is an efficient method to transform an LSSS into a strongly multiplicative LSSS for the same access structure with a polynomial increase of the complexity. A property of strongly multiplicative LSSSs that could be useful in solving this problem is proved. Namely, using a suitable generalization of the well-known Berlekamp-Welch decoder, it is shown that all strongly multiplicative LSSSs enable efficient reconstruction of a shared secret in the presence of malicious faults. The second one is to characterize the access structures of ideal multiplicative LSSSs. Specifically, the considered open problem is to determine whether all self-dual vector space access structures are in this situation. By the aforementioned connection, this in fact constitutes an open problem about matroid theory, since it can be restated in terms of representability of identically self-dual matroids by self-dual codes. A new concept is introduced, the flat-partition, that provides a useful classification of identically self-dual matroids. Uniform identically self-dual matroids, which are known to be representable by self-dual codes, form one of the classes. It is proved that this property also holds for the family of matroids that, in a natural way, is the next class in the above classification: the identically self-dual bipartite matroids. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Coding Theorems on the Threshold Scheme for a General Source

    Publication Year: 2008 , Page(s): 2658 - 2677
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (557 KB) |  | HTML iconHTML  

    In this paper, coding theorems on the (t, m) -threshold scheme for a general source are discussed, where m means the number of the shares and t means a threshold. The (t,m) -threshold scheme treated in this paper encrypts n source outputs Xn to m shares at once and is required to satisfy the two conditions that 1) Xn is reproduced from arbitrary t shares, and 2) almost no information of Xn is revealed from any t - 1 shares. It is shown that the (t,m) -threshold scheme must satisfy certain inequalities including the limit inferiors in probability. One of the inequalities is closely related to the minimum length of the fair random bits needed to a dealer for realizing the (t, m) -threshold scheme. In addition, it is shown that a certain variation of Shamir's threshold scheme meets the two conditions. The same approach can be taken to the problems of Shannon's cipher system with the perfect secrecy and fixed-length source coding with vanishing decoding error probability. It is shown that the same kind of inequalities, which indicate the converse coding theorems, hold in both two cases. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Fingerprinting Capacity Under the Marking Assumption

    Publication Year: 2008 , Page(s): 2678 - 2689
    Cited by:  Papers (12)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (335 KB) |  | HTML iconHTML  

    We address the maximum attainable rate of fingerprinting codes under the marking assumption, studying lower and upper bounds on the value of the rate for various sizes of the attacker coalition. Lower bounds are obtained by considering typical coalitions, which represents a new idea in the area of fingerprinting and enables us to improve the previously known lower bounds for coalitions of size two and three. For upper bounds, the fingerprinting problem is modeled as a communications problem. It is shown that the maximum code rate is bounded above by the capacity of a certain class of channels, which are similar to the multiple-access channel (MAC). Converse coding theorems proved in the paper provide new upper bounds on fingerprinting capacity. It is proved that capacity for fingerprinting against coalitions of size two and three over the binary alphabet satisfies and , respectively. For coalitions of an arbitrary fixed size , we derive an upper bound on fingerprinting capacity in the binary case. Finally, for general alphabets, we establish upper bounds on the fingerprinting capacity involving only single-letter mutual information quantities. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Unconditionally Secure Steganography Against Active Attacks

    Publication Year: 2008 , Page(s): 2690 - 2705
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (435 KB) |  | HTML iconHTML  

    In this paper, we study unconditionally secure stegosystems against active attacks over an insecure channel in which an adversary can read and write a message. More specifically, we propose an information-theoretic model for steganography in the presence of active adversaries by extending both Simmons' and Cachin's works; and we show a generic construction of stegosystems secure against active attacks by using authenticated encryption in unconditional setting. Although the idea behind this construction is already used in different models (i.e., computational models and/or information-theoretic models with passive adversaries) of steganography, our contribution lies in showing the construction methodology provides provable and unconditional security against active adversaries. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Perfectly Secure Steganography: Capacity, Error Exponents, and Code Constructions

    Publication Year: 2008 , Page(s): 2706 - 2722
    Cited by:  Papers (14)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (463 KB) |  | HTML iconHTML  

    An analysis of steganographic systems subject to the following perfect undetectability condition is presented in this paper. Following embedding of the message into the covertext, the resulting stegotext is required to have exactly the same probability distribution as the covertext. Then no statistical test can reliably detect the presence of the hidden message. We refer to such steganographic schemes as perfectly secure. A few such schemes have been proposed in recent literature, but they have vanishing rate. We prove that communication performance can potentially be vastly improved; specifically, our basic setup assumes independent and identically distributed (i.i.d.) covertext, and we construct perfectly secure steganographic codes from public watermarking codes using binning methods and randomized permutations of the code. The permutation is a secret key shared between encoder and decoder. We derive (positive) capacity and random-coding exponents for perfectly secure steganographic systems. The error exponents provide estimates of the code length required to achieve a target low error probability. In some applications, steganographic communication may be disrupted by an active warden, modeled here by a compound discrete memoryless channel (DMC). The transmitter and warden are subject to distortion constraints. We address the potential loss in communication performance due to the perfect-security requirement. This loss is the same as the loss obtained under a weaker order-1 steganographic requirement that would just require matching of first-order marginals of the covertext and stegotext distributions. Furthermore, no loss occurs if the covertext distribution is uniform and the distortion metric is cyclically symmetric; steganographic capacity is then achieved by randomized linear codes. Our framework may also be useful for developing computationally secure steganographic systems that have near-optimal communication performance. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

IEEE Transactions on Information Theory publishes papers concerned with the transmission, processing, and utilization of information.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Frank R. Kschischang

Department of Electrical and Computer Engineering