1 / 10

Counteracting Byzantine Adversaries with Network Coding: An Overhead Analysis

Counteracting Byzantine Adversaries with Network Coding: An Overhead Analysis MinJi Kim, Muriel M édard, João Barros. IAMANET DARPA. Background and Motivation. Network coding offers throughput gains [Ho et al. '03], robustness against failures and erasures [Lun et al. '04]

elda
Download Presentation

Counteracting Byzantine Adversaries with Network Coding: An Overhead Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Counteracting Byzantine Adversaries with Network Coding: An Overhead Analysis • MinJi Kim, Muriel Médard, João Barros IAMANET DARPA

  2. Background and Motivation • Network coding offers throughput gains [Ho et al. '03], robustness against failures and erasures [Lun et al. '04] • Problem 1:Impact of Byzantine adversaries • End-to-end network error correction [Yeung et al. '06] [Jaggi et al. '07] • Packet-based Byzantine detection scheme [Zhao et al. '07] • Generation-based Byzantine detection scheme [Ho et al. '06] • Problem 2:Overhead for detection of attacks We ask: • Can we do better than just using error correction codes? • What kind of detection scheme? • Coding + Byzantine detection vs. non-coding approach?

  3. Network model • Network: directed graphG = (V,E). • Node v:non-malicious, has public key K, receives m packets (nbits each) per unit time. • Probability p of corrupted packets (from Byzantine adversary). • If node vdetects an attack, then it discards data; otherwise, forwards data. • Destinations perform erasure correction.

  4. End-to-end network error correction • [Jaggi et al. '07] offers distributed, polynomial-time, rate-optimal network codes that are information-theoretically secure against Byzantine attacks. • Idea: • Byzantine adversaries = secondary sources. Adds redundancy to distinguish the packets. • Analysis: • Node v does not check for attacks, and naively performs network coding. • Transmits at the remaining network capacity. • Error correction at destinations (more expensive than erasure correction). • Expected ratio of corrupted bits transmitted and total bits received is: p.

  5. Packet-based detection scheme • [Zhao et al. '07] Signature scheme for linear network coding. • Idea: • Valid packets span a subspace; • Add signature (discrete log) to check the membership in the given subspace. • Requires public key infrastructure. • Analysis: • Node v checks the validity of every packet using K. • Size of the public key K and signature: 6% and 0.1% of the packet, respectively. • Approximate overhead: hp≈ 0.06n. • Maximum throughput: • Expected ratio of overhead bits and total bits received is: • When , then “bandwidth saved” > “cost of detection”.

  6. Generation-based detection scheme • [Ho et al. '04] Information-theoretic approach to detect Byzantine adversaries (assumption: secrets from adversaries). • Idea: • Data and hash symbols must be consistent with its coefficient vector. • Analysis: • Node v checks for error on a generation. • If error, then discards the entire generation of Gpackets; otherwise, it forwards the data. • Can extend to a localByzantine detection scheme. • Ex. 2% overhead, the detection probability is at least 98.9%. • Approximate overhead: hg≈ 0.02nG. • Maximum throughput: • Expected ratio of overhead bits and total bits received is: where is the probability of dropping a generation.

  7. Comparison of three schemes • Cost of error correction scheme = O(p). • p<0.03: the cost of detection >> cost introduced by the attacker. • Cost of generation-based scheme: • p≈ 0.2: few corrupted packets, but many invalid generations. • p<< 0.2: cost effective: hash across G packets. • p>> 0.2: many invalid generations. • Cost of packet-based scheme high for small p. • Largep: the hashes become “cheaper”. • Infrastructure needed (authentication and public key distribution). Ratio between the expected overhead and the total bits received by a node v with hp≈ 0.06n and hg≈ 0.02nG

  8. Comparison of coded and non-coded systems Secure routing protocols for uncoded systems (especially for wireless ad hoc networks) has on average 24% overhead [Marti et al. '00]. • Coded systems need to authentication as well; but also benefit from the throughput gain. Coded systems always dobetter than the non-codedsystem. • Before this point, packet-based and end-to-end error correction achieve lower overhead. • After this point, generation-based schemes (with G ≤ 4) perform better. Cost of authentication, and size of signature grows linearly with number of hops for uncoded systems. • Packet-based scheme's signatures remain constant in size. • Public key infrastructure. • Authentication for all nodes. At the very best, the uncoded system will achieve this(assuming no losses in the channel). • In a non-coded system, overhead is equal to probability of attack. • Coding gives throughput gains as well as robustness against erasures. Ratio between the expected overhead and the total bits received by a node v with hp≈ 0.06n and hg≈ 0.02nG

  9. Conclusions • Network coding: throughput gains, robustness against failures and erasures. • When under attack, Byzantine detections can be beneficial: • Data in network is clean; thus, increases throughput. • Erasure correction (not error correction); thus, computationally cheaper. • Choice of scheme: varies with p. • Very small p: detection too costly; use end-to-end error correction. • Small p:generation-based scheme is effective. • Distribute the cost of hash across G packets. • Right balance between G and p needed. • Large p:packet-based scheme is effective. • Future work: • Watchdog scheme for network coding.

  10. Generation size G in the generation-based scheme • As generation size G increases, the cost increases dramatically. • The probability that at least one packet is corrupted in a generation grows exponentially, for any p. • Asymptotically, the cost approaches: where • However, this should not be too much of a problem in MANET, since Gis usually kept small. Ratio between the expected overhead and the total bits received by a node vfor generation-based detection generation size G, packet size n=1000, andhg≈ 0.02nG.

More Related