Expander Graphs for Digital Stream Authentication and Robust Overlay Networks

1
Expander Graphs for Digital Stream Authentication
and Robust Overlay Networks

• Presented by
• Neeraj Agrawal, Zifei Zhong

2
Contents

• Introduction
• Authentication of Digital Broadcast Data
• Overlay Networks
• Basic Definitions Theorems
• Expander-Based Authentication
• -- DAG Expander Construction Analysis
• -- Authentication Graph
• Expander-Based Overlay Network
• -- Construction Analysis
• -- Applications
• Conclusion and Future work.

3
Introduction

• Expander Graphs for
• Authenticating the digital data over lossy
  network
• Construction of robust Overlay Networks

4
Authentication of Digital Broadcast Data

• Goal
• To ensure that digitally broadcast
  streams originate from the purported source.
• Challenge
• Internet and other networks are not
  perfect and lost packets are generally not
  transmitted.

5
Possible Solutions

• Shared Secret between sender and receivers
• Sender computes the MAC using a shared key and
  receiver uses this key to authenticate the
  packets.
• Disadvantage
• Anyone with the shared secret could forge or
  leak the shared secret.

6
Possible Solutions (Cont)

• Asymmetric Cryptography
• Sender can sign each packet with its
  private key and each receiver verifies the
  signature of each packet with corresponding
  public key.
• Disadvantage
• Heavy overhead of generation and verification
  of packets.

7
Possible Solutions (Cont)

• Graph Based Authentication

8
Possible Solutions (Cont)

• Drawbacks
• Since the degree of the vertices in the graph
  are not constant they grow linearly to the number
  of nodes in the graph.
• Due to this the efficiency of the
  implementation is reduced.

9
Overlay Networks

• Overlay networks are formed from a subset of
  nodes in underlying network. The participating
  nodes communicate via virtual links between two
  nodes that may not be directly connected in the
  underlying network. (ex. MBone, ABone, Gnutella).
• Goal is to improve the reachability of any node
  in the network using expander graphs thereby
  making the network robust.

10
Expander Graph based Authentication
11
Expander Graph based Authentication (Cont)

• Let P0, , Pn-1 be the consecutive packets that
  need to be broadcasted. Then a directed acyclic
  graph is constructed out of these n vertices
  where vertex i corresponds to the packet Pi. An
  edge (i,j) in the graph indicates the
  authentication relationship between packet Pi and
  Pj
• To authenticate a packet Pj receiver simply
  computes the hash of Pj and checks whether it
  equals the corresponding hash value carried in
  Pi.
• The DAG formed by the n nodes and the edges
  corresponding to the authentication relationship
  is known as authentication graph.

12
Expander Graph based Authentication (Cont)

• Notations
• Up Vertex A vertex is said to be up if the
  corresponding packet is received.
• Up Path A path is said to be up if all the
  vertices on the path are up.
• Signature Packet
• Starting packet of the stream is called
  signature packet which is signed by senders
  public key. Receivers authenticate other
  packets by following the edge starting from
  this signature packet.

13
Expander Graph based Authentication (Cont)

• Assumptions
• 1. All receivers receive the signature packet.
• 2. Senders and Receivers have large buffering
  capacity.
• 3. Probabilistic model for packet loss is assumed
  where each packet in the stream can be received
  with probability p independent of other packets.
• 4. Hash function is assumed to be collision
  resistant, i.e. it is computationally infeasible
  to find two different values that hash to the
  same value.

14
Basic Definitions Theorems

• Definition 1. Bipartite Graph
• A bipartite graph is
  an undirected graph consisting of two
  non-overlapping sets of vertices V1 and V2 and
  edges connecting the two sets of vertices, i.e.
  if an edge , then either
  or
• . G is called a
  (n1,n2)-bipartite graph with degree (d1,d2) if
  V1 n1, V2 n2 and every node in V1 has
  degree at most d1, every node in V2 has degree at
  most d2. If d1 d2 we say the degree is d1

Now the boring journey starts
15
Basic Definitions Theorems

• Definition 2. Bipartite Expander
• A bipartite graph is
  (c1,c2)-expanding if for i 1,2, for every
  , where
• , where T(S) is the set of
  neighbors of S in V3-I. if c1c2, we say the
  graph is c1-expanding.

definitions are hard to remember, especially
long ones
16
Basic Definitions Theorems

• Definition 3. Ordinary Expander Graph
• An undirected graph is
  c-expanding if for every where
  ,
• where T(S) is the set of neighbors of S (not
  including S).

they do not grow longer, fortunately
17
Basic Definitions Theorems

• Theorem 1. Ramanujan Graph
• The Ramanujan graph construction give a (n,
  n)-bipartite expander graph of degree d for every
  n q 1, d p1 where p and q are two primes
  congruent to 1 modulo 4. These graphs are
  (d/8)-expanding. The same construction can be
  used to construct ordinary expander graphs with n
  vertices and degree d and (d/8)-expanding.

lets simply call it Rama graph
18
Basic Definitions Theorems

• Theorem 2. Chernoff Bound
• Let X1, X2, , Xn be independent random
  variables such that for
• where .
• Define and define
  Then for

chernoff bound is useful, we should know it
19
Basic Definitions Theorems

• Corollary 3
• Given a set of s no des where each node is up
  independently with probability p, the probability
  that at least (ps/2) nodes are up is at least

Yeah, just apply the chernoff bound, we get it
20
Expander-Based Authentication -- DAG Expander
Construction Analysis

• How to construct
• Use the expansion property of expanders to
  construct an authentication graph allowing a
  receiver to authenticate a received packet with
  high probability.
• Lets first see how to use a (n, n)-bipartite
  expander graph with degree d and expander factor
  c to construct a (n/a, n)-bipartite expander

The idea seems not difficult
21
Expander-Based Authentication -- DAG Expander
Construction Analysis

• Lemma 1
• Given a (n, n)-bipartite expander graph with
  degree d and expansion factor c, we can
  explicitly construct a (n/a, n)-bipartite
  expander of degree (da, d) and is (ac,
  c/a)-expanding.

This point is obvious
22
Expander-Based Authentication -- DAG Expander
Construction Analysis

• Construction
• We construct a layered DAG expander using the
  (na, n)-bipartite expanders found by applying
  Lemma 1 to any (n, n)-bipartite expander graph.
• 1). The 0-th layer contains the root R, and for
  all i the i-th layer contains vertices.
  Layers i-1 and i are connected using a copy of an
  -bipartite expander graph from Lemma
  1.
• 2). The edges point from layer i-1 to layer i.
  Let c denote the expansion factor from the i-th
  layer to i-1th layer.

Wow, somehow complicated
23
Expander-Based Authentication -- DAG Expander
Construction Analysis

• An example of construction

its a dull figure
24
Expander-Based Authentication -- DAG Expander
Construction Analysis

• Property Analysis
• Claim 1 suppose
• Then the probability that
  is at least

but, how can you claim that
25
Expander-Based Authentication -- DAG Expander
Construction Analysis

• Property Analysis
• Claim 2 with probability at least
• there is an m for which

terrible this one is based on the previous
26
Expander-Based Authentication -- DAG Expander
Construction Analysis

• Property Analysis
• Claim 3 if
• then for all i lt m,
  with probability at least

well we require LESS complicated things
27
Expander-Based Authentication -- DAG Expander
Construction Analysis

• Property Analysis
• Theorem 4 Assume each vertex except the
  root R in our DAG expander is up independently
  with probability p, where c is the expansion
  factor from i-1th layer, cgt4/p and agt4/p. If a
  vertex v is up, then there exists an up path from
  R to v with probability at least

en, this is from the previous 3 claims..
28
Expander-Based Authentication --
Authentication Graph

• How to build the authentication graph?
• 1). Exploit the DAG construction, let the
  root be the 1st packet P0.
• 2). Number the vertices from 0 to n-1 layer
  by layer. Any vertex on layer i has a lower
  number than any vertex on layer i1. Let vertex i
  correspond to packet Pi.

well, finally we come out from the hell ...
29
Expander-Based Authentication --
Authentication Graph

• Properties
• 1). Each packet except for those
  corresponding to leaves on the DAG expander has a
  constant number da embedded hash values, and the
  constant number da is independent of the size of
  graph.
• 2). The authentication probability is at
  least

aha, now I know what the theorem 4 does..
30
Expander-Based Authentication --
Authentication Graph

• Properties
• -- We can control the arrival probability by a
  and d
• Corollary 5. Assume we have a DAG expander, each
  vertex in it except the root R is up
  independently with probability p, and dgt32a/p and
  agt4/p. If a vertex v is up, then there exists an
  up path from R to v with probability at least

???, this is somewhat different...
31
Expander-Based Overlay Networks-- Construction
Analysis

• Construction
• 1). Given n nodes, we build the overlay network
  as the Ramanujan expander graph with n nodes and
  degree d.
• 2). Each node corresponds to a host in the
  overlay network, while each edge represent a
  virtual link between the two connected hosts.
• 3). Assume transmission time and latency are
  bounded.

ooh, whats this
32
Expander-Based Overlay Networks-- Construction
Analysis

• Analysis
• Lemma 2. With probability at least
• any up node v can reach more than pn/4 up nodes
  within distance O(log n) via up paths.

well, something not easy
33

Expander-Based Overlay Networks-- Construction
Analysis

• Analysis
• Claim 1. Suppose .
• Then the probability that
  is at least

god, its another nightmare
34
Expander-Based Overlay Networks-- Construction
Analysis

• Analysis
• Claim 2. With probability at least
  ,
• there is an m for which
  
• and m O(log n).

somehow not as tough as before
35
Expander-Based Overlay Networks-- Construction
Analysis

• Analysis
• Lemma 3. Any two sets of size at least
  
• in a Ramanujan expander with n nodes and degree
  d have at least one edge between the two sets.

but, where is the proof
36
Expander-Based Overlay Networks-- Construction
Analysis

• Analysis
• Theorem 6. Let G be an undirected Ramanujan
  expander graph on n nodes with degree d. Assume
  each node in the graph is up independently with
  probability p. For any two up nodes v and w, the
  probability that there is an up path of length
  O(log n) from v to w is given that
  .
• Similarly a broadcast message by v will reach a
  particular node in an up path of length O(log n)
  with probability at least

good, we are approaching the end
37
Expander-Based Overlay Networks-- Application
to Decentralized Certificate Revocation

• Overlay networks can have an effective graph for
  distributing certificate revocation messages.
• Since the graph for representing the overlay
  network is constant degree it requires only
  constant number of messages to send or receive
  the revocation message.
• Each node is reachable by an up path of length
  O(log n)
• Even if a high fraction of node fails each up
  node will receive the revocation message in O(log
  n) steps with probability

38
Expander-Based Overlay Networks-- Application
in building Survival Networks

• If an adversary can take out nodes in the network
  with independent probability then the results
  described in the previous slide implies that we
  can always build up the overlay network that is
  highly survivable.

39
Conclusion

• An efficient construction for authentication
  graph of constant degree. It is an improvement
  over previous solution which used O(n) degree.
• This construction provides high probability of
  authentication.
• A proven lower bound of probability that a packet
  can be authenticated upon arrival has be provided

40
Conclusion (cont...)

• The lower bound is independent of the size of the
  graph.
• Undirected expander graphs and results discussed
  can be used to construct efficient, robust and
  scalable overlay networks.
• Overlay networks provide efficient solution to
  the decentralized certification revocation
  problem.

41
Future Work

• Expander Construction is still an active area in
  the graph theory.
• There is still lots of scope for improvement ex.
  Probability bound can be improved by using
  Kahles results.

42

• Questions, please -)