tesla based defense against pollution attacks in p2p systems with network coding n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding PowerPoint Presentation
Download Presentation
TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding

Loading in 2 Seconds...

play fullscreen
1 / 16

TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding - PowerPoint PPT Presentation


  • 157 Views
  • Uploaded on

TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding. Anh Le, Athina Markopoulou University of California, Irvine. Pollution Attacks in P2P Systems with NC. b 1 + 2b 2. b 2. b 2. b 1. b 1. b 3. b 3. b 3. S. A. B. b' 1. 2b' 1 + b 3. C.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding' - xia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
tesla based defense against pollution attacks in p2p systems with network coding

TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding

Anh Le, AthinaMarkopoulouUniversity of California, Irvine

pollution attacks in p2p systems with nc
Pollution Attacks in P2P Systems with NC

b1+ 2b2

b2

b2

b1

b1

b3

b3

b3

S

A

B

b'1

2b'1 + b3

C

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

pollution attacks in p2p systems with nc1
Pollution Attacks in P2P Systems with NC
  • Large number of corrupted packets
  • Waste network resources
  • Prevent decoding

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

prior pollution defense mechanisms
Prior Pollution Defense Mechanisms
  • Homomorphic Signatures and Hash Functions
    • Large verification time [Boneh09] [Gkantsidis06]
  • Homomorphic MACs (better)
    • Only c-collusion resistant, small c [Agrawal09] [Zhang11]
    • Only work on directed acyclic graphs [Li10]
    • No elimination of attackers

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

prior pollution defense mechanisms1
Prior Pollution Defense Mechanisms
  • Our prior work: SpaceMac
    • Provide in-network detection by parent-child cooperation
      • In-network detection does not work when there is colluding adversaries
    • Used with a probabilistic non-repudiation protocol to support attacker identification
      • Higher communication overhead per security

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

our proposal
Our Proposal

A Complete Defense Mechanism

  • In-network detection
  • Precise identification
  • Arbitrary collusion resistance
  • Low overhead
  • Require time synchronization

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

outline
Outline
  • Background and Motivation
    • Pollution Attacks
    • Existing Defense
  • Detection Scheme
  • Identification Scheme
  • Performance Evaluation
  • Conclusion

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

building blocks
Building Blocks
  • Homomorphic message authentication codes (MACs)
  • TESLA broadcast authentication (delayed key disclosure)

t1

bi

ti

t2

b = α1b1+ α2b2+ α3b3

t

t = α1 t1+ α2 t2+ α3 t3

t3

SpaceMac

A

A

S

S

b

b

t

t

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

tesla based detection
TESLA-Based Detection

b1

t11 , t12, t13

t11 , t12, t13

t11 , t12, t13

  • Key idea:Pre-distribution of source tags
  • All nodes are time-sync’d
  • Nodes know key release schedule of S
  • Nodes only accept “safe” blocks

k2

k2

k1

k3

k1

k2

k2

k1

k1

b1+ b2 , t11 + t21

t21 , t22, t23

t21 , t22, t23

t21 , t22, t23

b2

S

b'1 , t11

b’1 , t12

A

b1+ b2 , t11 + t21

B

b1+ b2 , t13 + t23

C

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

tesla based identification
TESLA-Based Identification

k1, k2, k3

S

  • Key idea:Non-repudiationproperty of TESLA
    • Controller knows key release schedule of sender
    • Sender sends an evidence tag
    • Receiver reports evidence tag
    • Tag can only be generated by sender by the time the report reaches controller

Valid tag, B is the attacker!

k1, k2, k3

A

b , t2

B

k1

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

tesla based identification cont
TESLA-Based Identification (cont.)

k1, k2, k3

S

  • To prevent the sender from sending bogus tag:
  • Sender needs to eventually release keys to make receiver accept it blocks

k1, k2, k3

k2

A

b , t2

b , t2

B

k1

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

security guarantee
Security Guarantee
  • Detection Scheme:
    • q : field size
    • l1: # detection tags
    • Prob. of failed detection :
  • Identification Scheme:
    • h : # corrupted blocks uploaded
    • l2: # identification tags
    • Prob. of identification :
    • Prob. of framing a benign sender :

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

outline1
Outline
  • Background and Motivation
  • Detection Scheme
  • Identification Scheme
  • Performance Evaluation
  • Conclusion

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

performance evaluation
Performance Evaluation
  • Setting:
    • 64 KBps, q=28, n=2048, m=128, l1=l2=3
    • 2.8 Ghz CPU, 32 GB RAM
    • SpaceMac implementation in Java and C/C++Available at http://www.ics.uci.edu/~anhml/software.html
  • Bandwidth Efficiency:
    • Pre-distribution overhead = 1%
    • Online detection overhead = 0.1%
    • Online identification overhead = 0.3%
  • Computation Efficiency (C/C++):
    • Detection delay = 201 μs
    • Identification delay = 402 μs
    • Combined delay = 603 μs

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

conclusion
Conclusion
  • A Complete Defense Mechanism for P2P Systems:
  • Main building blocks:
  • Key properties:
    • In-network detection
    • Precise identification
    • Arbitrary collusion resistance
    • Low overhead
    • Require time sync

Detection + Identification

HomomorphicMACs + TESLA

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems

slide16
Questions

Anh Le - UC Irvine - TESLA-BasedDefenseagainstPollutionAttacks in P2P Systems