1 / 24

On Detecting Pollution Attacks in Inter-Session Network Coding

On Detecting Pollution Attacks in Inter-Session Network Coding. Anh Le, Athina Markopoulou University of California, Irvine. Linear Inter-Session Network Coding. S 1. S 2. x 1. x 1. x 1. x 2. x 2. x 2. Multiple sources Packets from different sources may be (linearly) coded together.

alpha
Download Presentation

On Detecting Pollution Attacks in Inter-Session Network Coding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Detecting Pollution Attacksin Inter-Session Network Coding Anh Le, AthinaMarkopoulouUniversity of California, Irvine

  2. Linear Inter-Session Network Coding S1 S2 x1 x1 x1 x2 x2 x2 • Multiple sources • Packets from different sources may be (linearly) coded together A x1+x2 B x1+x2 R2 R1 x2 x1 Anh Le, UC Irvine, Inter-Session Pollution Detection

  3. Pollution Attacks in Inter-Session CodingMalicious Intermediate Nodes x2 x1 S1 S2 A x2 x1 y • Can be detected by existing intra-session approaches B R2 R1 x1 x2 y y Anh Le, UC Irvine, Inter-Session Pollution Detection

  4. Homomorphic MAC-Based DetectionNo Pollution x1, t1 x2,t2 S1 S2 A x2,t2 x1, t1 x1+x2, t1+t2 B R2 R1 ü ü x1, t1 x2,t2 ü ü x1+x2, t1+t2 x1+x2, t1+t2 Anh Le, UC Irvine, Inter-Session Pollution Detection

  5. Homomorphic MAC-Based DetectionAttack Case x1, t1 x2,t2 S1 S2 A x2,t2 x1, t1 x1+x’2, t B R2 R1 ü ü x1, t1 x2,t2 û û x1+x’2, t x1+x’2, t Anh Le, UC Irvine, Inter-Session Pollution Detection

  6. Pollution Attacks in Inter-Session Coding x2 x1 S1 S2 Malicious sources • Inconsistent source packets • New and main challengein inter-session pollution • The main focus of the paper A x'2 x1 x1+x2 B R2 R1 x'2 x1 x1+x2 x1+x2 Anh Le, UC Irvine, Inter-Session Pollution Detection

  7. Intra-Session MAC-Based Detection Failed for Malicious Sources S1 S2 x1, t1 x2, t2 A x'2, t’2 x1+x2, t1+t2 B R2 R1 ü x’2, t’2 ü x1+x2, t1+t2 Anh Le, UC Irvine, Inter-Session Pollution Detection

  8. Prior Work on Inter-Session Pollution Defense • Homomorphic signature for Detection[Agrawal, PKC ’10] • Expensive computation • Large signature • Signature-based Identification[Dong, WiNC ‘09] Anh Le, UC Irvine, Inter-Session Pollution Detection

  9. Outline • Background and Motivation • Inter-Session Pollution Attacks • Main Challenges • Prior Work • InterMac Detection (more in the paper: Hash and SpaceMac based Detection) • Evaluation • Conclusion Anh Le, UC Irvine, Inter-Session Pollution Detection

  10. InterMac: Threat Model S - 1 sourcesmay be malicious Intermediate nodes may be malicious Receivers are trusted Anh Le, UC Irvine, Inter-Session Pollution Detection

  11. Main Challenge and Key Observation x1 S1 S2 x2 A Sources must generate tags using different keys B R2 R1 Main Challenge: Malicious sources Anh Le, UC Irvine, Inter-Session Pollution Detection

  12. Overview of InterMac • Homomorphic (MAC) for inter-session network coding • Each source generate MAC tags using different keys • The tags are still combinable without knowing the key Anh Le, UC Irvine, Inter-Session Pollution Detection

  13. InterMac DetectionMain technique k1 k2 Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] S1 S2 x1, t1=x1·k1 x2, t2=x2·k2 A x1+x2, t1+t2 B Verify: (x1 + x2) (k1 + k2) = t1 + t2 x1k1 + x2k2 + x1k2 + x2k1= t1+ t2 R2 R1 k1, k2 k1, k2 ü x1+x2, t1+t2 Main technique: Orthogonality of ki and xj Anh Le, UC Irvine, Inter-Session Pollution Detection

  14. InterMac Construction Using a Trusted Controller: ki· xj= 0 • Inner Product Homomorphic MAC • [Le, NetCod ’10] • [Li, INFOCOM ’10] Multiple Keys Anh Le, UC Irvine, Inter-Session Pollution Detection

  15. InterMac: Security Game x2,t2 x1, t1 S1 S2 Challenger A (idi, Vi) Vi:committed source space Tags of basis vectors of Vi S-1 keys of Vi B R2 R1 Adversary • Adversary wins if: • id* = idjfor some j • y* • t* is a valid tag of y* (id*, y*, t*) Anh Le, UC Irvine, Inter-Session Pollution Detection

  16. Security of InterMac Anh Le - UCI - NC Pollution Defense

  17. Basic Key Generation in InterMac (x1 | p1) ·k2 = 0 k1, k2 (x2 | p2) ·k1= 0 C commit x2 commitx1 k2, p2 k1, p1 x1 S1 S2 x2 Send (x2 | p2) Send (x1 | p1) Key Property: Orthogonality of ki and (xj | pj) Anh Le, UC Irvine, Inter-Session Pollution Detection

  18. Efficient Key Generation in InterMac (x1·ḵ2) +p1k’2 = 0 k1= (ḵ1 | k’1) k2= (ḵ2| k’2) (x2·ḵ1) +p2k’1 = 0 C commit Enc(x1·ḵ2) commit Enc(x2·ḵ1) k2, p2 k1, p1 Enc(ḵ1) Enc(ḵ2) x1 S1 S2 x2 Bandwidth Efficiency: Sending Enc. of a single symbol instead of a full vector Anh Le, UC Irvine, Inter-Session Pollution Detection

  19. InterMac Detection Illustration k1, k2 k1, k2 now what S2sends must be orthogonal to k1 k1, p1 k2, p2 C Gen Gen S1 S2 x1 x2 p1, t1 p'2,t’2 p1, t1 p2,t2 A p1+p’2, t1+t’2 (p1+p’2) dropped because p’2 notorthogonal to k1! (p1k1+p’2k2+p’2k1) ≠ t1+t’2 B p1+p’2, t1+t’2 R2 R1 Anh Le, UC Irvine, Inter-Session Pollution Detection

  20. Outline • Background and Motivation • Inter-Session Pollution Attacks • Main Challenges • Prior Work • InterMac Detection • Evaluation • Conclusion Anh Le, UC Irvine, Inter-Session Pollution Detection

  21. InterMac Performance Evaluation Bandwidth Overhead [27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11] Anh Le, UC Irvine, Inter-Session Pollution Detection

  22. InterMac Performance Evaluation Computation Overhead [27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11] Anh Le, UC Irvine, Inter-Session Pollution Detection

  23. Conclusion • Inter-session: Malicious sources • InterMac: First multi-key MAC scheme for inter-session • Each source signs using its own key • Still homomorphic • In-network detection based on InterMac • 100 times faster than [PKC ‘10] • 5 times less bandwidth than [PKC ’10] • Require a trusted controller ( [PKC ’10] does not ) • More in the paper: Hash and SpaceMac-based detection Anh Le, UC Irvine, Inter-Session Pollution Detection

  24. Links: • Network Coding Security:http://www.ics.uci.edu/~anhml/projects.html#nc-security • UC Irvine Networking Group – Network Coding Project:http://odysseas.calit2.uci.edu/doku.php/public:network-coding Anh Le, UC Irvine, Inter-Session Pollution Detection

More Related