The Secrecy Graph and Some of its Properties

A new random geometric graph model, the so-called secrecy graph, is introduced and studied. The graph represents a wireless network and includes only edges over which secure communication in the presence of eavesdroppers is possible. The underlying point process models considered are lattices and Poisson point processes. In the lattice case, analogies to standard bond and site percolation can be exploited to determine percolation thresholds. In the Poisson case, the node degrees are determined and percolation is studied using analytical bounds and simulations. It turns out that a small density of eavesdroppers already has a drastic impact on the connectivity of the secrecy graph.Comment: 5 pages. Accepted at 2008 IEEE Symposium on Information Theory (ISIT'08

Wireless Secrecy in Large-Scale Networks

The ability to exchange secret information is critical to many commercial, governmental, and military networks. The intrinsically secure communications graph (iS-graph) is a random graph which describes the connections that can be securely established over a large-scale network, by exploiting the physical properties of the wireless medium. This paper provides an overview of the main properties of this new class of random graphs. We first analyze the local properties of the iS-graph, namely the degree distributions and their dependence on fading, target secrecy rate, and eavesdropper collusion. To mitigate the effect of the eavesdroppers, we propose two techniques that improve secure connectivity. Then, we analyze the global properties of the iS-graph, namely percolation on the infinite plane, and full connectivity on a finite region. These results help clarify how the presence of eavesdroppers can compromise secure communication in a large-scale network.Comment: To appear: Proc. IEEE Information Theory and Applications Workshop (ITA'11), San Diego, CA, Feb. 2011, pp. 1-10, Invited Pape

Percolation and Connectivity in the Intrinsically Secure Communications Graph

The ability to exchange secret information is critical to many commercial, governmental, and military networks. The intrinsically secure communications graph (iS-graph) is a random graph which describes the connections that can be securely established over a large-scale network, by exploiting the physical properties of the wireless medium. This paper aims to characterize the global properties of the iS-graph in terms of: (i) percolation on the infinite plane, and (ii) full connectivity on a finite region. First, for the Poisson iS-graph defined on the infinite plane, the existence of a phase transition is proven, whereby an unbounded component of connected nodes suddenly arises as the density of legitimate nodes is increased. This shows that long-range secure communication is still possible in the presence of eavesdroppers. Second, full connectivity on a finite region of the Poisson iS-graph is considered. The exact asymptotic behavior of full connectivity in the limit of a large density of legitimate nodes is characterized. Then, simple, explicit expressions are derived in order to closely approximate the probability of full connectivity for a finite density of legitimate nodes. The results help clarify how the presence of eavesdroppers can compromise long-range secure communication.Comment: Submitted for journal publicatio

Techniques for Enhanced Physical-Layer Security

Information-theoretic security--widely accepted as the strictest notion of security--relies on channel coding techniques that exploit the inherent randomness of propagation channels to strengthen the security of communications systems. Within this paradigm, we explore strategies to improve secure connectivity in a wireless network. We first consider the intrinsically secure communications graph (iS-graph), a convenient representation of the links that can be established with information-theoretic security on a large-scale network. We then propose and characterize two techniques--sectorized transmission and eavesdropper neutralization--which are shown to dramatically enhance the connectivity of the iS-graph.Comment: Pre-print, IEEE Global Telecommunications Conference (GLOBECOM'10), Miami, FL, Dec. 201

Continuum Percolation in the Intrinsically Secure Communications Graph

The intrinsically secure communications graph (iS-graph) is a random graph which captures the connections that can be securely established over a large-scale network, in the presence of eavesdroppers. It is based on principles of information-theoretic security, widely accepted as the strictest notion of security. In this paper, we are interested in characterizing the global properties of the iS-graph in terms of percolation on the infinite plane. We prove the existence of a phase transition in the Poisson iS-graph, whereby an unbounded component of securely connected nodes suddenly arises as we increase the density of legitimate nodes. Our work shows that long-range communication in a wireless network is still possible when a secrecy constraint is present.Comment: Accepted in the IEEE International Symposium on Information Theory and its Applications (ISITA'10), Taichung, Taiwan, Oct. 201

CamFlow: Managed Data-sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure