An Authentication Code Against Pollution Attacks in Network Coding

Systems exploiting network coding to increase their throughput suffer greatly from pollution attacks, which consist of injecting malicious packets in the network. The pollution attacks are amplified by the network coding process, resulting in a greater damage than under traditional routing. In this paper, we address this issue by designing an unconditionally secure authentication code (that is, which does not rely on computational assumptions) suitable for multicast network coding, where the keying material is initially computed and distributed by a trusted authority to the destinations and intermediate nodes. The proposed scheme allows not only destinations, but also intermediate nodes, to verify the integrity and origin of the packets received without having to decode, and thus detect and discard the malicious messages in transit that fail the verification. This way, the pollution is canceled out before reaching the destinations. The proposed scheme is robust against pollution attacks from outsiders, as well as coalitions of malicious insider nodes, which have the ability to perform the integrity check, but instead get corrupted and use their knowledge to themselves attack the network. We analyze the performance of the scheme in terms of both throughput and goodput and show that the price to pay for tolerating inside attackers is a high decrease in throughput (it is inversely proportional to the number of insider attackers that can collude). We finally discuss applications to file distribution.

[1]  Moti Yung,et al.  Multi-receiver/multi-sender network security: efficient authenticated multicast/feedback , 1992, [Proceedings] IEEE INFOCOM '92: The Conference on Computer Communications.

[2]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[3]  Reihaneh Safavi-Naini,et al.  New Results on Multi-Receiver Authentication Codes , 1998, EUROCRYPT.

[4]  Junji Shikata,et al.  Unconditionally Secure Digital Signature Schemes Admitting Transferability , 2000, ASIACRYPT.

[5]  Rudolf Ahlswede,et al.  Network information flow , 2000, IEEE Trans. Inf. Theory.

[6]  Muriel Médard,et al.  An algebraic approach to network coding , 2003, TNET.

[7]  K. Jain,et al.  Practical Network Coding , 2003 .

[8]  Christos Gkantsidis,et al.  Network coding for large scale content distribution , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[9]  Kamal Jain,et al.  Signatures for Network Coding , 2006, 2006 40th Annual Conference on Information Sciences and Systems.

[10]  Huimin Chen Distributed File Sharing: Network Coding Meets Compressed Sensing , 2006, 2006 First International Conference on Communications and Networking in China.

[11]  Christos Gkantsidis,et al.  Comprehensive view of a live network coding P2P system , 2006, IMC '06.

[12]  Baochun Li,et al.  How Practical is Network Coding? , 2006, 200614th IEEE International Workshop on Quality of Service.

[13]  Christos Gkantsidis,et al.  Cooperative Security for Network Coding File Distribution , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[14]  Alexandros G. Dimakis,et al.  Network Coding for Distributed Storage Systems , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[15]  Fang Zhao,et al.  Signatures for Content Distribution with Network Coding , 2007, 2007 IEEE International Symposium on Information Theory.

[16]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[17]  Frank R. Kschischang,et al.  Coding for Errors and Erasures in Random Network Coding , 2007, IEEE Transactions on Information Theory.

[18]  Yong Guan,et al.  An Efficient Signature-Based Scheme for Securing Network Coding Against Pollution Attacks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[19]  H. Fathi,et al.  Multi-receiver authentication code for network coding , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[20]  Frank R. Kschischang,et al.  A Rank-Metric Approach to Error Control in Random Network Coding , 2007, IEEE Transactions on Information Theory.

[21]  Muriel Médard,et al.  XORs in the Air: Practical Wireless Network Coding , 2006, IEEE/ACM Transactions on Networking.

[22]  Dan Boneh,et al.  Homomorphic MACs: MAC-Based Integrity for Network Coding , 2009, ACNS.

[23]  Yong Guan,et al.  An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks , 2009, IEEE INFOCOM 2009.

[24]  T. Ho,et al.  On Linear Network Coding , 2010 .