The secrecy capacity of a network, for a given collection of permissible
wiretap sets, is the maximum rate of communication such that observing links in
any permissible wiretap set reveals no information about the message. This
paper considers secure network coding with nonuniform or restricted wiretap
sets, for example, networks with unequal link capacities where a wiretapper can
wiretap any subset of k links, or networks where only a subset of links can
be wiretapped. Existing results show that for the case of uniform wiretap sets
(networks with equal capacity links/packets where any k can be wiretapped),
the secrecy capacity is given by the cut-set bound, and can be achieved by
injecting k random keys at the source which are decoded at the sink along
with the message. This is the case whether or not the communicating users have
information about the choice of wiretap set. In contrast, we show that for the
nonuniform case, the cut-set bound is not achievable in general when the
wiretap set is unknown, whereas it is achievable when the wiretap set is made
known. We give achievable strategies where random keys are canceled at
intermediate non-sink nodes, or injected at intermediate non-source nodes.
Finally, we show that determining the secrecy capacity is a NP-hard problem.Comment: 24 pages, revision submitted to IEEE Transactions on Information
Theor