XOR network coding pollution prevention without homomorphic functions

Network coding is a way of transmitting information where nodes in a network combine incoming packets into a single one to increase throughput in some scenarios, nodes wishing to get the original information can perform decoding when enough packets have been received. Given its efficiency, the exclusive or (XOR) operation is very popular for network coding. One security concern for networks using network coding is the so called “pollution attack”, where an adversary introduces packets that are not combinations of the original ones. In this paper, we present a construction to prevent pollution attacks in XOR network coding that is suitable for networks where nodes must perform fast verifications. Unlike existing constructions in the literature which are based on XOR-homomorphic authentication functions, our construction can be instantiated with existing cryptographic primitives that are not related to the XOR operation. The core insight of our proposal is a carefully selected set of authenticated packets that are used to authenticate the network coding stream. We show that our proposal is computationally efficient at the intermediate nodes and that can be computed efficiently at the nodes which are generating the content.

[1]  Adrian Perrig,et al.  Distillation Codes and Applications to DoS Resistant Multicast Authentication , 2004, NDSS.

[2]  Alexandros G. Dimakis,et al.  Instantly decodable network codes for real-time applications , 2013, 2013 International Symposium on Network Coding (NetCod).

[3]  David Mazières,et al.  On-the-fly verification of rateless erasure codes for efficient content distribution , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[4]  Dan Boneh,et al.  Homomorphic MACs: MAC-Based Integrity for Network Coding , 2009, ACNS.

[5]  Yong Guan,et al.  An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks , 2009, IEEE INFOCOM 2009.

[6]  Patrick D. McDaniel,et al.  Security and Privacy Challenges in the Smart Grid , 2009, IEEE Security & Privacy.

[7]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[8]  Kaisa Nyberg,et al.  Fast Accumulated Hashing , 1996, FSE.

[9]  C. Bron,et al.  Algorithm 457: finding all cliques of an undirected graph , 1973 .

[10]  Edwin K. P. Chong,et al.  Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[11]  Xuemin Shen,et al.  Padding for orthogonality: Efficient subspace authentication for network coding , 2011, 2011 Proceedings IEEE INFOCOM.

[12]  Muriel Médard,et al.  XORs in the Air: Practical Wireless Network Coding , 2006, IEEE/ACM Transactions on Networking.

[13]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[14]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[15]  Nelly Fazio,et al.  Cryptographic Accumulators: Definitions, Constructions and Applications , 2002 .

[16]  Reza Curtmola,et al.  Practical defenses against pollution attacks in wireless network coding , 2011, TSEC.

[17]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[18]  L. Keller,et al.  Online Broadcasting with Network Coding , 2008, 2008 Fourth Workshop on Network Coding, Theory and Applications.

[19]  Dan Boneh,et al.  Homomorphic Signatures for Polynomial Functions , 2011, EUROCRYPT.