Continuous Variable Quantum Cryptography using Two-Way Quantum Communication

Quantum cryptography has been recently extended to continuous variable systems, e.g., the bosonic modes of the electromagnetic field. In particular, several cryptographic protocols have been proposed and experimentally implemented using bosonic modes with Gaussian statistics. Such protocols have shown the possibility of reaching very high secret-key rates, even in the presence of strong losses in the quantum communication channel. Despite this robustness to loss, their security can be affected by more general attacks where extra Gaussian noise is introduced by the eavesdropper. In this general scenario we show a "hardware solution" for enhancing the security thresholds of these protocols. This is possible by extending them to a two-way quantum communication where subsequent uses of the quantum channel are suitably combined. In the resulting two-way schemes, one of the honest parties assists the secret encoding of the other with the chance of a non-trivial superadditive enhancement of the security thresholds. Such results enable the extension of quantum cryptography to more complex quantum communications.Comment: 12 pages, 7 figures, REVTe

Perfectly Secure Communication, based on Graph-Topological Addressing in Unique-Neighborhood Networks

We consider network graphs $G=(V,E)$ in which adjacent nodes share common secrets. In this setting, certain techniques for perfect end-to-end security (in the sense of confidentiality, authenticity (implying integrity) and availability, i.e., CIA+) can be made applicable without end-to-end shared secrets and without computational intractability assumptions. To this end, we introduce and study the concept of a unique-neighborhood network, in which nodes are uniquely identifiable upon their graph-topological neighborhood. While the concept is motivated by authentication, it may enjoy wider applicability as being a technology-agnostic (yet topology aware) form of addressing nodes in a network

Privacy-preserving Cross-domain Routing Optimization -- A Cryptographic Approach

Today's large-scale enterprise networks, data center networks, and wide area networks can be decomposed into multiple administrative or geographical domains. Domains may be owned by different administrative units or organizations. Hence protecting domain information is an important concern. Existing general-purpose Secure Multi-Party Computation (SMPC) methods that preserves privacy for domains are extremely slow for cross-domain routing problems. In this paper we present PYCRO, a cryptographic protocol specifically designed for privacy-preserving cross-domain routing optimization in Software Defined Networking (SDN) environments. PYCRO provides two fundamental routing functions, policy-compliant shortest path computing and bandwidth allocation, while ensuring strong protection for the private information of domains. We rigorously prove the privacy guarantee of our protocol. We have implemented a prototype system that runs PYCRO on servers in a campus network. Experimental results using real ISP network topologies show that PYCRO is very efficient in computation and communication costs

iPDA: An Integrity-Protecting Private Data Aggregation Scheme for Wireless Sensor Networks

Data aggregation is an efficient mechanism widely used in wireless sensor networks (WSN) to collect statistics about data of interests. However, the shared-medium nature of communication makes the WSNs are vulnerable to eavesdropping and packet tampering/injection by adversaries. Hence, how to protect data privacy and data integrity are two major challenges for data aggregation in wireless sensor networks. In this paper, we present iPDA??????an integrity-protecting private data aggregation scheme. In iPDA, data privacy is achieved through data slicing and assembling technique; and data integrity is achieved through redundancy by constructing disjoint aggregation paths/trees to collect data of interests. In iPDA, the data integrity-protection and data privacy-preservation mechanisms work synergistically. We evaluate the iPDA scheme in terms of the efficacy of privacy preservation, communication overhead, and data aggregation accuracy, comparing with a typical data aggregation scheme--- TAG, where no integrity protection and privacy preservation is provided. Both theoretical analysis and simulation results show that iPDA achieves the design goals while still maintains the efficiency of data aggregation