[ { "id": "authors:q4798-q1h04", "collection": "authors", "collection_id": "q4798-q1h04", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20180828-142513016", "type": "book_section", "title": "How to Best Share a Big Secret", "book_title": "Proceedings of the 11th ACM International Systems and Storage Conference", "author": [ { "family_name": "Shor", "given_name": "Roman", "clpid": "Shor-R" }, { "family_name": "Yadgar", "given_name": "Gala", "clpid": "Yadgar-G" }, { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Yaakobi", "given_name": "Eitan", "orcid": "0000-0002-9851-5234", "clpid": "Yaakobi-E" }, { "family_name": "Bruck", "given_name": "Jehoshua", "orcid": "0000-0001-8474-0812", "clpid": "Bruck-J" } ], "abstract": "When sensitive data is stored in the cloud, the only way to ensure its secrecy is by encrypting it before it is uploaded. The emerging multi-cloud model, in which data is stored redundantly in two or more independent clouds, provides an opportunity to protect sensitive data with secret-sharing schemes. Both data-protection approaches are considered computationally expensive, but recent advances reduce their costs considerably: (1) Hardware acceleration methods promise to eliminate the computational complexity of encryption, but leave clients with the challenge of securely managing encryption keys. (2) Secure RAID, a recently proposed scheme, minimizes the computational overheads of secret sharing, but requires non-negligible storage overhead and random data generation. Each data-protection approach offers different tradeoffs and security guarantees. However, when comparing them, it is difficult to determine which approach will provide the best application-perceived performance, because previous studies were performed before their recent advances were introduced.\n\nTo bridge this gap, we present the first end-to-end comparison of state-of-the-art encryption-based and secret sharing data protection approaches. Our evaluation on a local cluster and on a multi-cloud prototype identifies the tipping point at which the bottleneck of data protection shifts from the computational overhead of encoding and random data generation to storage and network bandwidth and global availability.", "doi": "10.1145/3211890.3211896", "isbn": "978-1-4503-5849-1", "publisher": "Association for Computing Machinery", "place_of_publication": "New York, NY", "publication_date": "2018-06", "pages": "76-88" }, { "id": "authors:62pqt-f5y63", "collection": "authors", "collection_id": "62pqt-f5y63", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20170816-162125720", "type": "book_section", "title": "Secure RAID schemes from EVENODD and STAR codes", "book_title": "2017 IEEE International Symposium on Information Theory (ISIT)", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Bruck", "given_name": "Jehoshua", "orcid": "0000-0001-8474-0812", "clpid": "Bruck-J" } ], "abstract": "We study secure RAID, i.e., low-complexity schemes to store information in a distributed manner that is resilient to node failures and resistant to node eavesdropping. We describe a technique to shorten the secure EVENODD scheme in [6], which can optimally tolerate 2 node failures and 2 eavesdropping nodes. The shortening technique allows us to obtain secure EVENODD schemes of arbitrary lengths, which is important for practical application. We also construct a new secure RAID scheme from the STAR code. The scheme can tolerate 3 node failures and 3 eavesdropping nodes with optimal encoding/decoding and random access complexity.", "doi": "10.1109/ISIT.2017.8006600", "isbn": "978-1-5090-4096-4", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2017-06", "pages": "609-613" }, { "id": "authors:6v3tf-gx561", "collection": "authors", "collection_id": "6v3tf-gx561", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20170816-153318334", "type": "book_section", "title": "Secret sharing with optimal decoding and repair bandwidth", "book_title": "2017 IEEE International Symposium on Information Theory (ISIT)", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Bruck", "given_name": "Jehoshua", "orcid": "0000-0001-8474-0812", "clpid": "Bruck-J" } ], "abstract": "This paper studies the communication efficiency of threshold secret sharing schemes. We construct a family of Shamir's schemes with asymptotically optimal decoding bandwidth for arbitrary parameters. We also construct a family of secret sharing schemes with both optimal decoding and optimal repair bandwidth for arbitrary parameters. The construction leads to a family of regenerating codes allowing centralized repair of multiple node failures with small sub-packetization.", "doi": "10.1109/ISIT.2017.8006842", "isbn": "978-1-5090-4096-4", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2017-06", "pages": "1813-1817" }, { "id": "authors:5q6h9-6cr80", "collection": "authors", "collection_id": "5q6h9-6cr80", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20160823-165433889", "type": "book_section", "title": "Secure RAID Schemes for Distributed Storage", "book_title": "2016 IEEE International Symposium on Information Theory (ISIT)", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Bruck", "given_name": "Jehoshua", "orcid": "0000-0001-8474-0812", "clpid": "Bruck-J" } ], "abstract": "We propose secure RAID, i.e., low-complexity\nschemes to store information in a distributed manner that is\nresilient to node failures and resistant to node eavesdropping. We generalize the concept of systematic encoding to secure RAID and show that systematic schemes have significant advantages in the efficiencies of encoding, decoding and random access. For\nthe practical high rate regime, we construct three XOR-based\nsystematic secure RAID schemes with optimal encoding and\ndecoding complexities, from the EVENODD codes and B codes,\nwhich are array codes widely used in the RAID architecture.\nThese schemes optimally tolerate two node failures and two\neavesdropping nodes. For more general parameters, we construct efficient systematic secure RAID schemes from Reed-Solomon codes. Our results suggest that building \"keyless\", information-theoretic security into the RAID architecture is practical.", "doi": "10.1109/ISIT.2016.7541529", "isbn": "978-1-5090-1806-2", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2016-07", "pages": "1401-1405" }, { "id": "authors:6vsed-x7y38", "collection": "authors", "collection_id": "6vsed-x7y38", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20151012-142447290", "type": "book_section", "title": "Rewriting Flash Memories by Message Passing", "author": [ { "family_name": "En Gad", "given_name": "Eyal", "clpid": "En-Gad-E" }, { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Li", "given_name": "Yue", "clpid": "Li-Yue" }, { "family_name": "Bruck", "given_name": "Jehoshua", "orcid": "0000-0001-8474-0812", "clpid": "Bruck-J" } ], "abstract": "This paper constructs WOM codes that combine rewriting and error correction for mitigating the reliability and the endurance problems in flash memory.We consider a rewriting model that is of practical interest to flash applications where only the second write uses WOM codes. Our WOM code construction is based on binary erasure quantization with LDGM codes, where the rewriting uses message passing and has potential to share the efficient hardware implementations with LDPC codes in practice. We show that the coding scheme achieves the capacity of the rewriting model. Extensive simulations show that the rewriting performance of our scheme compares favorably with that of polar WOM code in the rate region where high rewriting success probability is desired. We further augment our coding schemes with error correction capability. By drawing a connection to the conjugate code pairs studied in the context of quantum error correction, we develop a general framework for constructing error-correction WOM codes. Under this framework, we give an explicit construction of WOM codes whose codewords are contained in BCH codes.", "doi": "10.1109/ISIT.2015.7282534", "publisher": "IEEE", "publication_date": "2015-06" }, { "id": "authors:ckjhf-c3388", "collection": "authors", "collection_id": "ckjhf-c3388", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20151006-093456107", "type": "book_section", "title": "Connecting multiple-unicast and network error correction: Reduction and unachievability", "book_title": "2015 IEEE International Symposium on Information Theory", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Langberg", "given_name": "Michael", "orcid": "0000-0002-7470-0718", "clpid": "Langberg-M" }, { "family_name": "Kliewer", "given_name": "Joerg", "clpid": "Kliewer-J" } ], "abstract": "We show that solving a multiple-unicast network coding problem can be reduced to solving a single-unicast network error correction problem, where an adversary may jam at most a single edge in the network. Specifically, we present an efficient reduction that maps a multiple-unicast network coding instance to a network error correction instance while preserving feasibility. The reduction holds for both the zero probability of error model and the vanishing probability of error model. Previous reductions are restricted to the zero-error case. As an application of the reduction, we present a constructive example showing that the single-unicast network error correction capacity may not be achievable, a result of separate interest.", "doi": "10.1109/ISIT.2015.7282477", "isbn": "978-1-4673-7704-1", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2015-06", "pages": "361-365" }, { "id": "authors:sgn93-r3818", "collection": "authors", "collection_id": "sgn93-r3818", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20151007-140543269", "type": "book_section", "title": "Rateless and pollution-attack-resilient network coding", "book_title": "2015 IEEE International Symposium on Information Theory", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Wang", "given_name": "Ting", "clpid": "Wang-Ting" }, { "family_name": "Hu", "given_name": "Xin", "clpid": "Hu-Xin" }, { "family_name": "Jang", "given_name": "Jiyong", "clpid": "Jang-Jiyong" }, { "family_name": "Salonidis", "given_name": "Theodoros", "clpid": "Salonidis-T" } ], "abstract": "Consider the problem of reliable multicast over a network in the presence of adversarial errors. In contrast to traditional network error correction codes designed for a given network capacity and a given number of errors, we study an arguably more realistic setting that prior knowledge on the network and adversary parameters is not available. For this setting we propose efficient and throughput-optimal error correction schemes, provided that the source and terminals share randomness that is secret form the adversary. We discuss an application of cryptographic pseudorandom generators to efficiently produce the secret randomness, provided that a short key is shared between the source and terminals. Finally we present a secure key distribution scheme for our network setting.", "doi": "10.1109/ISIT.2015.7282931", "isbn": "978-1-4673-7704-1", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2015-06", "pages": "2623-2627" }, { "id": "authors:mbg4h-86y07", "collection": "authors", "collection_id": "mbg4h-86y07", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20150203-103001898", "type": "book_section", "title": "Single-source/sink network error correction is as hard as multiple-unicast", "book_title": "2014 52nd Annual Allerton Conference on Communication, Control, and Computing", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Ho", "given_name": "Tracey", "clpid": "Ho-Tracey" }, { "family_name": "Langberg", "given_name": "Michael", "orcid": "0000-0002-7470-0718", "clpid": "Langberg-M" }, { "family_name": "Kliewer", "given_name": "Joerg", "clpid": "Kliewer-J" } ], "abstract": "We study the problem of communicating over a single-source single-terminal network in the presence of an adversary that may jam a single link of the network. If any one of the edges can be jammed, the capacity of such networks is well understood and follows directly from the connection between the minimum cut and maximum flow in single-source single-terminal networks. In this work we consider networks in which some edges cannot be jammed, and show that determining the network communication capacity is at least as hard as solving the multiple-unicast network coding problem for the error-free case. The latter problem is a long standing open problem.", "doi": "10.1109/ALLERTON.2014.7028486", "isbn": "978-1-4799-8009-3", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2014-10", "pages": "423-430" }, { "id": "authors:v9fdm-ba038", "collection": "authors", "collection_id": "v9fdm-ba038", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20150227-080252781", "type": "book_section", "title": "Reverse Edge Cut-Set Bounds for Secure Network Coding", "book_title": "2014 IEEE International Symposium on Information Theory (ISIT)", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Ho", "given_name": "Tracey", "clpid": "Ho-Tracey" }, { "family_name": "Langberg", "given_name": "Michael", "orcid": "0000-0002-7470-0718", "clpid": "Langberg-M" }, { "family_name": "Kliewer", "given_name": "Joerg", "clpid": "Kliewer-J" } ], "abstract": "We consider the problem of secure communication\nover a network in the presence of wiretappers. We give a new\ncut-set bound on secrecy capacity which takes into account the\ncontribution of both forward and backward edges crossing the\ncut, and the connectivity between their endpoints in the rest of\nthe network. We show the bound is tight on a class of networks,\nwhich demonstrates that it is not possible to find a tighter bound\nby considering only cut-set edges and their connectivity.", "doi": "10.1109/ISIT.2014.6874804", "isbn": "978-1-4799-5186-4", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2014-07", "pages": "106-110" }, { "id": "authors:58wzs-dz975", "collection": "authors", "collection_id": "58wzs-dz975", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20150720-132416191", "type": "book_section", "title": "A novel channel aware stage ARQ in wide area Wireless Sensor Networks", "book_title": "IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP)", "author": [ { "family_name": "Wei", "given_name": "Yunkai", "clpid": "Wei-Yunkai" }, { "family_name": "Mao", "given_name": "Yuming", "clpid": "Mao-Yuming" }, { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Che", "given_name": "Pak Hou", "clpid": "Che-Pak-Hou" } ], "abstract": "In wide area Wireless Sensor Networks, end-to-end ARQ (Automatic Repeat reQuest) may incur frequent retransmissions and significant energy consumption due to packet loss in multi-hop routes. On the other hand, hop-by-hop ARQ requires each node to be equipped with sufficient buffer and energy for data caching and retransmission, which is not always practical in wide area networks. To achieve a balance between communication reliability and resource consumption, this paper proposes a novel Channel Aware Stage ARQ (CASA), which divides the multi-hop route into several ARQ segments according to the channel quality. Each ARQ segment implements packet confirmation and retransmission separately. Comparing to traditional ARQ schemes, CASA achieves required reliability with reduced network cost and energy consumption. Extensive simulation validated the performance of CASA.", "doi": "10.1109/ISSNIP.2014.6827595", "isbn": "978-1-4799-2842-2", "publisher": "IEEE", "place_of_publication": "Piscataway, NJ", "publication_date": "2014-05", "pages": "1-5" }, { "id": "authors:prjy9-16e50", "collection": "authors", "collection_id": "prjy9-16e50", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20131213-144743708", "type": "book_section", "title": "On Secure Network Coding with Uniform Wiretap Sets", "book_title": "Network Coding (NetCod) 2013", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Ho", "given_name": "Tracey", "clpid": "Ho-Tracey" }, { "family_name": "Langberg", "given_name": "Michael", "orcid": "0000-0002-7470-0718", "clpid": "Langberg-M" }, { "family_name": "Kliewer", "given_name": "Joerg", "clpid": "Kliewer-J" } ], "abstract": "This paper studies secure unicast communication over a network with uniform wiretap sets and shows that, when network nodes can independently generate randomness, determining the secrecy capacity is at least as difficult as the k-unicast network coding problem. In particular, we show that a general k-unicast problem can be reduced to the problem of finding the secrecy capacity of a corresponding single unicast network with uniform link capacities and any one wiretap link. We propose a low-complexity linear optimization-based achievable strategy involving global random keys that can be generated anywhere in the network, and an efficient greedy algorithm that further improves achievable rate by exploiting local random keys.", "doi": "10.1109/NetCod.2013.6570814", "isbn": "978-1-4799-0821-9", "publisher": "IEEE", "place_of_publication": "New York, NY", "publication_date": "2013-06", "pages": "1-6" }, { "id": "authors:p2m5h-yc703", "collection": "authors", "collection_id": "p2m5h-yc703", "cite_using_url": "https://resolver.caltech.edu/CaltechAUTHORS:20131212-093836091", "type": "book_section", "title": "Rateless Resilient Network Coding Against Byzantine Adversaries", "book_title": "Infocom, 2013 Proceedings", "author": [ { "family_name": "Huang", "given_name": "Wentao", "orcid": "0000-0003-0963-3624", "clpid": "Huang-Wentao" }, { "family_name": "Ho", "given_name": "Tracey", "clpid": "Ho-Tracey" }, { "family_name": "Yao", "given_name": "Hongyi", "clpid": "Yao-Hongyi" }, { "family_name": "Jaggi", "given_name": "Sidharth", "clpid": "Jaggi-Sidharth" } ], "abstract": "This paper studies rateless network error correction codes for reliable multicast in the presence of adversarial errors. We present rateless coding schemes for two adversarial models, where the source sends more redundancy over time, until decoding succeeds. The first model assumes there is a secret channel between the source and the destination that the adversaries cannot overhear. The rate of the channel is negligible compared to the main network. In the second model the source and destination share random secrets independent of the input information. The amount of secret information required is negligible compared to the amount of information sent. Both schemes are capacity optimal, distributed, polynomial-time and end-to-end in that other than the source and destination nodes, other intermediate nodes carry out classical random linear network coding.", "doi": "10.1109/INFCOM.2013.6566776", "isbn": "978-1-4673-5944-3", "publisher": "IEEE", "place_of_publication": "New York, NY", "publication_date": "2013-04", "pages": "265-269" } ]