SANC: Source authentication using network coding

In this paper, we explore the security merits of network coding and potential trade-offs with the widely accepted throughput benefits, especially in multicast scenarios. In particular, we propose a novel Source Authentication using Network Coding (SANC) scheme that can either complement state-of-the-art application-layer authentication schemes proposed in the literature or be used as a stand-alone scheme in network coding-based networks. Towards this objective, we propose a general framework for embedding the authentication information within the network coding Global Encoding Vector. This is attained using a mapping function that enforces a structure on the Global Encoding Vector to facilitate authentication at the destination. First, we illustrate the proposed concept using a simple mapping function, namely a parity bit within each network coding coefficient. Second, we present a detailed security analysis that reveals the security merits of the proposed scheme, contrasted against two baseline schemes that solely adopt application-layer authentication. Finally, we present simulation results pertaining to the network coding performance. Simulation results show that, for plausible scenarios, SANC achieves the same throughput as regular network coding. Furthermore, the results reveal that, for the same packet header, stronger security can be attained. This is confirmed for small as well as scalable networks encountered in practice.

[1]  Claudio Casetti,et al.  Performance of network coding for ad hoc networks in realistic simulation scenarios , 2009, 2009 International Conference on Telecommunications.

[2]  R. Koetter,et al.  An algebraic approach to network coding , 2001, Proceedings. 2001 IEEE International Symposium on Information Theory (IEEE Cat. No.01CH37252).

[3]  Frédérique E. Oggier,et al.  An Authentication Code Against Pollution Attacks in Network Coding , 2009, IEEE/ACM Transactions on Networking.

[4]  Dan Boneh,et al.  Homomorphic MACs: MAC-Based Integrity for Network Coding , 2009, ACNS.

[5]  M. Gerla,et al.  Performance of Network Coding in Ad Hoc Networks , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[6]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[7]  Pallavi R Mane,et al.  Performance of Network Coding , 2010 .

[8]  João Barros,et al.  Lightweight Security for Network Coding , 2008, 2008 IEEE International Conference on Communications.

[9]  Yong Guan,et al.  An Efficient Signature-Based Scheme for Securing Network Coding Against Pollution Attacks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[10]  Muriel Médard,et al.  XORs in the Air: Practical Wireless Network Coding , 2006, IEEE/ACM Transactions on Networking.

[11]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[12]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[13]  Xuemin Shen,et al.  P-Coding: Secure Network Coding against Eavesdropping Attacks , 2010, 2010 Proceedings IEEE INFOCOM.

[14]  Rudolf Ahlswede,et al.  Network information flow , 2000, IEEE Trans. Inf. Theory.

[15]  Shuo-Yen Robert Li,et al.  Linear network coding , 2003, IEEE Trans. Inf. Theory.

[16]  Jörg Widmer,et al.  Network coding: an instant primer , 2006, CCRV.

[17]  Xuemin Shen,et al.  An Efficient Privacy-Preserving Scheme against Traffic Analysis Attacks in Network Coding , 2009, IEEE INFOCOM 2009.

[18]  Muriel Médard,et al.  Random Linear Network Coding: A free cipher? , 2007, 2007 IEEE International Symposium on Information Theory.