1 / 16

TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding

TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding. Anh Le, Athina Markopoulou University of California, Irvine. Pollution Attacks in P2P Systems with NC. b 1 + 2b 2. b 2. b 2. b 1. b 1. b 3. b 3. b 3. S. A. B. b' 1. 2b' 1 + b 3. C.

xia
Download Presentation

TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding Anh Le, AthinaMarkopoulouUniversity of California, Irvine

  2. Pollution Attacks in P2P Systems with NC b1+ 2b2 b2 b2 b1 b1 b3 b3 b3 S A B b'1 2b'1 + b3 C Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  3. Pollution Attacks in P2P Systems with NC • Large number of corrupted packets • Waste network resources • Prevent decoding Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  4. Prior Pollution Defense Mechanisms • Homomorphic Signatures and Hash Functions • Large verification time [Boneh09] [Gkantsidis06] • Homomorphic MACs (better) • Only c-collusion resistant, small c [Agrawal09] [Zhang11] • Only work on directed acyclic graphs [Li10] • No elimination of attackers Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  5. Prior Pollution Defense Mechanisms • Our prior work: SpaceMac • Provide in-network detection by parent-child cooperation • In-network detection does not work when there is colluding adversaries • Used with a probabilistic non-repudiation protocol to support attacker identification • Higher communication overhead per security Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  6. Our Proposal A Complete Defense Mechanism • In-network detection • Precise identification • Arbitrary collusion resistance • Low overhead • Require time synchronization Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  7. Outline • Background and Motivation • Pollution Attacks • Existing Defense • Detection Scheme • Identification Scheme • Performance Evaluation • Conclusion Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  8. Building Blocks • Homomorphic message authentication codes (MACs) • TESLA broadcast authentication (delayed key disclosure) t1 bi ti t2 b = α1b1+ α2b2+ α3b3 t t = α1 t1+ α2 t2+ α3 t3 t3 SpaceMac A A S S b b t t Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  9. TESLA-Based Detection b1 t11 , t12, t13 t11 , t12, t13 t11 , t12, t13 • Key idea:Pre-distribution of source tags • All nodes are time-sync’d • Nodes know key release schedule of S • Nodes only accept “safe” blocks k2 k2 k1 k3 k1 k2 k2 k1 k1 b1+ b2 , t11 + t21 t21 , t22, t23 t21 , t22, t23 t21 , t22, t23 b2 S b'1 , t11 b’1 , t12 A b1+ b2 , t11 + t21 B b1+ b2 , t13 + t23 C Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  10. TESLA-Based Identification k1, k2, k3 S • Key idea:Non-repudiationproperty of TESLA • Controller knows key release schedule of sender • Sender sends an evidence tag • Receiver reports evidence tag • Tag can only be generated by sender by the time the report reaches controller Valid tag, B is the attacker! k1, k2, k3 A b , t2 B k1 Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  11. TESLA-Based Identification (cont.) k1, k2, k3 S • To prevent the sender from sending bogus tag: • Sender needs to eventually release keys to make receiver accept it blocks k1, k2, k3 k2 A b , t2 b , t2 B k1 Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  12. Security Guarantee • Detection Scheme: • q : field size • l1: # detection tags • Prob. of failed detection : • Identification Scheme: • h : # corrupted blocks uploaded • l2: # identification tags • Prob. of identification : • Prob. of framing a benign sender : Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  13. Outline • Background and Motivation • Detection Scheme • Identification Scheme • Performance Evaluation • Conclusion Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  14. Performance Evaluation • Setting: • 64 KBps, q=28, n=2048, m=128, l1=l2=3 • 2.8 Ghz CPU, 32 GB RAM • SpaceMac implementation in Java and C/C++Available at http://www.ics.uci.edu/~anhml/software.html • Bandwidth Efficiency: • Pre-distribution overhead = 1% • Online detection overhead = 0.1% • Online identification overhead = 0.3% • Computation Efficiency (C/C++): • Detection delay = 201 μs • Identification delay = 402 μs • Combined delay = 603 μs Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  15. Conclusion • A Complete Defense Mechanism for P2P Systems: • Main building blocks: • Key properties: • In-network detection • Precise identification • Arbitrary collusion resistance • Low overhead • Require time sync Detection + Identification HomomorphicMACs + TESLA Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

  16. Questions Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

More Related