SinPack: A Security Protocol for Preventing Pollution Attacks in Network-Coded Content Distribution Networks

We present SinPack, a security protocol for preventing packet pollution attacks in network-coded content distribution networks. SinPack employs a homomorphically-addressable Bloom filter data structure to enforce the integrity of network-coded packets all the way from source to destination. Using a Bloom filter "amortizes" the functionality of traditional cryptographic integrity verification constructs (Message Authentication Codes, hash trees, digital signatures, etc) in a relatively small-sized data structure. This aids in reducing network traffic and, more significantly, allows the incremental integrity verification of out of order network packets. The novel homomorphic Bloom filter construction permits intermediate routers and destination end systems to verify the integrity of source packets even after being network-coded by routers. This methodology avoids the need to establish expensive and intricate trust relationships among the different network routers and ensures the authenticity of the integrity structures using a single source public-key operation. Moreover, SinPack not only allows the content downloader to immediately verify the integrity of coded packets, but also provides this capability to any intermediate router on the path to the destination. This helps in eliminating polluted packets in the network upstream closest to the source of attack and as a result contributes to a great reduction in bogus network traffic and hence sizeable energy savings.

[1]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[2]  Kamal Jain,et al.  Signatures for Network Coding , 2006, 2006 40th Annual Conference on Information Sciences and Systems.

[3]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[4]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[5]  Jörg Widmer,et al.  Network coding: an instant primer , 2006, CCRV.

[6]  R. Yeung,et al.  Network coding theory , 2006 .

[7]  David Mazières,et al.  On-the-fly verification of rateless erasure codes for efficient content distribution , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[8]  Tracey Ho,et al.  Byzantine modification detection in multicast networks using randomized network coding , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[9]  Edwin K. P. Chong,et al.  Efficient multicast stream authentication using erasure codes , 2003, TSEC.

[10]  Fang Zhao,et al.  Signatures for Content Distribution with Network Coding , 2007, 2007 IEEE International Symposium on Information Theory.

[11]  Baochun Li,et al.  Null Keys: Limiting Malicious Attacks Via Null Space Properties of Network Coding , 2009, IEEE INFOCOM 2009.

[12]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[13]  Jessica Staddon,et al.  Graph-based authentication of digital streams , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[14]  Rudolf Ahlswede,et al.  Network information flow , 2000, IEEE Trans. Inf. Theory.

[15]  Christos Gkantsidis,et al.  Cooperative Security for Network Coding File Distribution , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[16]  Edwin K. P. Chong,et al.  Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[17]  Yunnan Wu,et al.  Network Coding for the Internet and Wireless Networks , 2007, IEEE Signal Processing Magazine.

[18]  Tracey Ho,et al.  Resilient network coding in the presence of Byzantine adversaries , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[19]  Yong Guan,et al.  An Efficient Signature-Based Scheme for Securing Network Coding Against Pollution Attacks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[20]  Shiuh-Pyng Shieh,et al.  Lightweight, pollution-attack resistant multicast authentication scheme , 2006, ASIACCS '06.

[21]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[22]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[23]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.