IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, ACCEPTED … · IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, ACCEPTED FOR PUBLICATION 1 Secure Wireless Multicast for Delay-Sensitive

IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, ACCEPTED FOR PUBLICATION 1

Secure Wireless Multicast forDelay-Sensitive Data via Network Coding

Tuan T. Tran, Member, IEEE, Hongxiang Li, Senior Member, IEEE, Guanying Ru, Student Member, IEEE,Robert J. Kerczewski, Member, IEEE, Lingjia Liu, Member, IEEE, and Samee U. Khan, Member, IEEE

Abstract—Wireless multicast for delay-sensitive data is chal-lenging because of the heterogeneity effect where each receivermay experience different packet losses. Fortunately, networkcoding, a new advanced routing protocol, offers significantadvantages over the traditional Automatic Repeat reQuest (ARQ)protocols in that it mitigates the need for retransmission and hasthe potential to approach the min-cut capacity. Network-codedmulticast would be, however, vulnerable to false packet injectionattacks, in which the adversary injects bogus packets to preventreceivers from correctly decoding the original data. Without aright defense in place, even a single bogus packet can completelychange the decoding outcome. Existing solutions either incurhigh computation cost or cannot withstand high packet loss. Inthis paper, we propose a novel scheme to defend against falsepacket injection attacks on network-coded multicast for delay-sensitive data. Specifically, we propose an efficient authenticationmechanism based on null space properties of coded packets,aiming to enable receivers to detect any bogus packets with highprobability. We further design an adaptive scheduling algorithmbased on the Markov Decision Processes (MDP) to maximizethe number of authenticated packets received within a giventime constraint. Both analytical and simulation results havebeen provided to demonstrate the efficacy and efficiency of ourproposed scheme.

Index Terms—Wireless multicast, network coding, Markovdecision process, security, denied-of-service attack.

I. INTRODUCTION

MULTICASTING delay sensitive data in wireless net-works is of great interest in many applications. For

example, in a cellular or WiFi network, multiple users maywatch a National Basketball Association (NBA) live show or

Manuscript received October 8, 2012; revised April 2, 2013; accepted May28, 2013. The associate editor coordinating the review of this paper andapproving it for publication was T. Hou.

This work was supported by US National Science Foundation (1156395& 1228071) and Kentucky NASA EPSCoR 2012 Research InfrastructureDevelopment Grant. This paper was presented in part at the IEEE InternationalConference on Communications (ICC), June, 2012.

T. T. Tran was with the Department of Electrical and Computer Engi-neering, J. B. Speed School of Engineering, University of Louisville whenhe performed this work. He is currently with InfoBeyond Technology LLC,Louisville, KY 40223 USA (e-mail: [email protected]).

H. Li and G. Ru are with the Department of Electrical and ComputerEngineering, J. B. Speed School of Engineering, University of Louisville,Louisville, KY 40292 USA (e-mail: {h.li, g0ru0001}@louisville.edu).

R. J. Kerczewski is with the NASA Glenn Research Center, Cleveland, OH44135 USA (e-mail: [email protected]).

L. Liu is with the Department of Electrical Engineering and ComputerScience, the University of Kansas, Lawrence, KS 66045 USA (e-mail:[email protected]).

S. U. Khan is with the Department of Electrical and Computer Engi-neering, North Dakota State University, Fargo, ND 58102 USA (e-mail:[email protected]).

Digital Object Identifier 10.1109/TWC.2013.062413.121557

subscribe to the realtime stock market information updatedthrough the same base station or access point. In theseapplications, a common requirement is that the informationmust be delivered to as many receivers as possible withincertain time constraint.

In general, multicasting delay-sensitive data in a lossyenvironment is challenging. In particular, wireless channels arelossy in nature where packets may be lost during transmissionsdue to many reasons, such as radio frequency (RF) interferenceor channel fading. Additionally, at any given time point, eachreceiver may experience different packet losses. TraditionalAutomatic Repeat reQuest (ARQ) protocols are generallynot suitable for lossy wireless multicast due to excessiveretransmissions and high latency [1].

Network coding is a promising communication paradigm,and it has been proved that random network coding canapproach the min-cut capacity of a multicast/broadcast session[2]. Simply put, using random network coding, the transmitterencodes a batch of original data packets and transmits randomlinear combinations to all the receivers. Any receiver canreconstruct the original data packets as long as it receives asufficient number of linear independent coded packets. Thereis no need of retransmission; thus, it maximizes the number ofreceivers which successfully recover the original informationwithin given time interval.

However, network coding is vulnerable to false packetinjection attacks in a hostile environment. In particular, theadversary may inject bogus coded packets to prevent receiversfrom decoding the original data. Without any defense in place,the effect of this attack can be devastating. For example,because a set of coded packets is used to decode the originalpackets, e.g., using Gaussian elimination, even a single boguscoded packet can completely change the decoding outcome,rendering other genuine coded packets meaningless. The ap-proach to let the transmitter digitally sign every packet wouldnot resolve this issue as it incurs significant transmissionbandwidth and computation overhead at the receivers. Inaddition, the adversary may also send many bogus packetsor replay intercepted packets to force receivers into wastefulpacket processing so as their limited energy and storage bufferare quickly deplete.

Notably, some schemes have been proposed to enableefficient stream authentication by amortizing one signatureover multiple packets [3]–[6], which, however, cannot with-stand high packet losses. In addition, Wang et al. [7] andSun et al. [8] proposed group key management techniques

1536-1276/13$31.00 c© 2013 IEEE

This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

2 IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, ACCEPTED FOR PUBLICATION

for cellular-like networks to reduce the communication cost.Further, [9] investigated the use of data embedding for keytransmission by adding one more security layer. To accessto the transmitted messages, adversaries must successfullybreak the key governing the data embedding rule. Using adifferent approach, Sarkar et al. [10] investigated a physicallayer security scheme to protect the transmitted data overRayleigh fading channels in wireless multicast. In anotherwork, Canetti et al. [11] presented a taxonomy of securemulticast methods on the Internet from a practical viewpoint.Further, using a graphical approach, Wong et al. [12] proposedsome strategies to manage the keys for group communications.Along in a different research line, packet authentication innetwork coded system has recently been investigated in thecontext of pollution attack. Most of the existing solutions,e.g., [13]–[15], are based on expensive homomorphic hashcomputation, which are vulnerable to denial-of-service (DoS)attacks.

In this paper, we study secure wireless multicast and de-vise a novel technique that enables efficient packet authen-tication at the receiver side, while maximizing the numberof authenticated packets at each receiver within given timeconstraints. Specifically, our proposed technique has two maincomponents. (1) Inspired by null space properties originallyproposed to defend against pollution attack in wired-codednetworks [16], the first component lets the transmitter generateand transmit a set of null key packets besides coded packets.On receiving the null key packets, each receiver can detectany bogus packet in the buffer with high probability. Wefurther design an efficient authentication scheme to signif-icantly reduce the computational cost incurred by null keypacket authentication. (2) The second component aims atmaximizing the authentication rate (defined later) at eachreceiver. Particularly, we design a novel efficient schedulingalgorithm to adaptively transmit the null key packets based onthe framework of MDP.

Our main contributions in this paper are summarized asfollows:

1) We propose a novel scheme to enable efficient authen-tication of transmitted data at the receivers.

2) We show that without a careful transmission scheduling,the network performance would be detrimental.

3) We then propose an MDP-based scheduling techniqueto maximize the authentication rate across the receivers.

4) To leverage the time complexity of the MDP-basedscheduling algorithm, we further propose a simulation-based scheduling to approximate the optimal scheduling.

5) The effectiveness of the proposed techniques is corrob-orated through both theoretical analysis and extensivesimulations.

The organization of the paper is as follows. We first providea review on secure data multicast and secure network codedsystems in Section II. In Section III, we describe the systemmodel, attack model, and security objectives. We then presentour proposed authentication scheme in Section IV. Section Vdemonstrates the effects of transmission scheduling on the net-work authentication rate. We then investigate in detail a varietyof transmission techniques and analyze their correspondingnetwork recovery performance in Section VI. In Section VII,

we formulate and solve the authentication scheduling problemby using the framework of the Markov Decision Processes.Simulation results and discussions are presented in SectionVIII. Finally, a conclusion is drawn in Section IX.

II. RELATED WORK

In this section, we review related work on secure datamulticast and secure network coded systems.

Secure Multicasting. The problem of secure multicastingdata over lossy channels has been investigated in many re-search papers such as [3],[5],[6],[11],[17]. In the work of[3],[5], the authors proposed efficient schemes to authenticatethe information of finite and infinite streams by dividingthe data into small blocks and utilizing the signature chain.Particularly, the transmitter embeds authentication informationin the stream itself and signs the first block of the data. Thesignature verification is propagated to the rest of the streamthrough the embedded authentication information. However,the shortcoming of the proposed schemes is that they werenot designed to defense against pollution attacks. In addition,the network performance will significantly decrease when thetransmission channels are heterogeneous. Similarly, the workof [6] divided the transmitted information into small blocksand amortized a signature over many packets for verification.It showed substantial performance gain over the schemes of[3]. However, this scheme was originally designed for theInternet multicast; thus, its performance significantly dropswhen applying to heterogeneous wireless multicast over lossychannels. Alternatively, the work of [11] presented a taxonomyof multicasting on the Internet and proposed keying techniquesuch that it allows source authentication and key revocation.The main focus of this work is efficient key managementwhich reduces the data latency and overhead. Again, thistechnique cannot be applied to the data multicasting overlossy wireless channel. Notably, the work of [17] proposedan efficient time-based stream authentication technique overlossy channel, named TESLA. The proposed scheme can copewith the losses of transmissions. However, the main drawbackof this technique is that it requires clock synchronizationbetween transmitter and receivers, which is practically difficultto achieve in a wireless multicast.

Secure Network Coding. In a different avenue, severalaspects of network security in the network coded systems havebeen studied such as [18]–[25]. In particular, Dong et al. haveproposed solutions [26]–[28] to defense against pollution at-tacks in intra-flow network coding for wireless mesh networks.In these systems, the attackers inject corrupted packets intothe network which will gradually propagate over the network,depleting the network resources and decreasing the networkthroughput. Ho et al. [23] derived an information theoreticapproach to detect Byzantine adversaries in random networkcoding multicast networks. The analytical result showed antradeoff among the detection probability, the data redundancy,the coding field size and the amount of information observedby the adversary. Similarly, Jaggi et al. [22] proposed al-gorithms which are information-theoretically secure and rateoptimal for Byzantine adversary attacks. Performance of theproposed algorithms depends on the strength of the adversarieson observing the transmitted information.


TRAN et al.: SECURE WIRELESS MULTICAST FOR DELAY-SENSITIVE DATA VIA NETWORK CODING 3

In a different context, the work of [16],[18] showed ap-proaches to defense against the malicious attacks in the peer-to-peer (P2P) based content distribution networks. The mainidea of those approaches is to exploit the orthogonal propertiesof the span and null spaces generated by the coded packetsto detect the attack assuming that the attackers can onlyobserve portion of the transmitted data. Similarly, [29] alsoprovided a TESLA-based scheme to defense against pollutionattacks in P2P systems with network coding. However, thisscheme required a time synchronization between the senderand receivers. In another work [30], the author proposed atechnique combined between homomorphic and traditionalhash function to defense against the pollution attacks in theInternet.

In the context of wireless inter-flow network coding, Newellet al. proposed Split Null Keys (SNK) scheme to protecttransmitted data from pollution attacks. Using a differentapproach, Le et al. proposed a cooperative strategy to defenseagainst pollution attacks in network coding using homomor-phic MAC (SpaceMac) [31]. The proposed scheme requiresa cooperation between the parents and children. When acentralized coordinator is available, [32] proposed a techniqueto locate the attackers. Additionally, [25] proposed a frame-work to defense against entropy attacks where an attackercreates and injects noninnovative packets into the network(i.e., packets that contain information already known by thesystem). The defense capabilities of the proposed schemeshave also provided.

We also recognized that there are some excellent papers,e.g., [33],[34], on reviewing the threats and challenges inthe network coded systems. Several security goals and designchallenges in achieving security for network coding systemshave been discussed. Those papers are viewed as a cautionarynote pointing out the frailty of current network coding-basedwireless systems and a general guideline in the effort ofachieving security for network coding systems.

Different from all these techniques, we proposed a noveltechnique to defend against pollution attacks on network codedmulticast for delay-sensitive data. The data transmissions inour model is constrained by a deadline beyond that thereceived information is useless. The investigated model canbe used for many practical transmission scenarios such asmultimedia streaming or time-sensitive applications. Further-more, in our paper we assume transmission channels areheterogeneous, each receiver may experience different erasurepacket rates. This creates significant challenges in schedulingdata transmissions. Finally, we assume coordinated attacks inour model where the attackers coordinate with each otherto pollute the received data of the receivers. We proposean efficient coding and adaptive scheduling algorithm tomitigate the bogus data at the receivers while maximizing thedata transmission rate. Both theoretical analysis and intensivesimulations are provided.

III. SYSTEM, ATTACK MODEL, AND SECURITY

OBJECTIVESA. System Model

We consider a single-hop wireless network, where a trans-mitter securely multicasts delay-sensitive data to M users.

We assume that the system is time-slotted and each slotlength corresponds to one packet transmission. Furthermore,we assume that a block of m − 1 data packets arrives atthe transmitter periodically, and each block is associatedwith a deadline of T time slots, T ≥ m. That is, to beuseful at the receivers, a packet needs to be received andauthenticated by the deadline. Additionally, we assume thatthe transmitter employs random network coding to generatecoded packets over a large finite field Fq . Further, we as-sume that the links between the transmitter and receivers arelossy, i.e., each packet transmitted to receiver Rj is subjectto an erasure with probability pj . The erasure probabilitiesare independent across the receivers and independent andidentically distributed (i.i.d) across time slots. We assume thatthe network implements the distributed coordination function(DCF) [35] for medium access control (MAC). In our paper,all data processing functions are performed at the applicationlayers.

B. Attack Model

We consider a computationally bounded adversary consist-ing of both external attackers (i.e., outsiders) and internalattackers (i.e., insiders). The model studied in our paper iscoordinated attack where insiders cooperate with outsidersto launch the attack. Outsiders do not belong to the targetnetwork, but they are capable of overhearing packet trans-missions, injecting bogus packets, and replaying interceptedpackets. On the other hand, insiders are compromised yetundetected nodes which are fully controlled by the adversary.In fact, our attack model with attack contention probability ρis analogous to the adversarial queuing model in [36], whereadversary injects a rate of ρ into the network over a timewindow w, (w, ρ). As an example, to perform the attack, theinsiders content, jam or block the legitimate transmitter whilethe outsiders (transmitter rogue), with the same IP and MACaddresses, spoofs transmitter’s data to deliver bogus data tothe receivers. Without any defense in place, the receivers maynot be able to decode the received data. In addition, followingthe conventional assumption, we assume that the transmittercannot be compromised and that non-compromised receiversare always the majority.

Among the many attacks the adversary can launch, thispaper focuses on tackling the following two types of attackson network coding based multicast.

• The attackers may inject bogus coded packets to pollutethe receiver’s buffer to prevent receiver from successfullydecoding the original packets.

• The attackers may send many bogus packets or replayintercepted packets to force receivers into wasteful packetprocessing so as to quickly deplete their limited energyand/or memory buffer.

In addition, we assume that the transmitter has a public andprivate key pair K/K−1 and the public key K is publiclyknown.C. Security Objectives

In the view of the two aforementioned attacks, our objec-tives are two folds:

• Packet integrity: Any bogus packet should be detectedwith high probability.



• DoS attack resilience: Packet authentication should beefficient.

IV. PACKET AUTHENTICATION

In this section, we present our proposed scheme that enablesefficient packet authentication for multicasting delay-sensitivedata. Particularly, our scheme is inspired by the null spaceoriginally proposed for defending against pollution attackin wired networks [16]. To enable efficient coded packetauthentication, we let the transmitter generate a set of nullkey packets to be transmitted besides the coded packets. Uponreceiving the null key packets, each receiver can authenticateall the coded packets it has received so far and detect boguspackets with high probability, if any. In addition, we proposean efficient scheme for null key packet authentication atthe receivers. In what follows, we detail the design of ourscheme, including data packet preprocessing, null key packetgeneration, and packet authentication at the receivers.

A. Data Packet Preprocessing

As standard, we assume that network coding is applied toa batch of m − 1 incoming packets, denoted by {Ni}m−1

i=1 .For secure transmission, each batch needs a signature packet,denoted as

S = K−1(h(N1|| · · · ||Nm−1)) , (1)

where K−1(·) denotes the transmitter’s signature using itsprivate key, h(·) is a good hash function (e.g., Secure HashAlgorithm (SHA-2)), and || denotes concatenation operator.For convenience, we subsequently treat the signature packetas a normal packet, i.e., S = Nm.

The transmitter interprets each packet Ni as an n-dimensional vector (Ni,1, · · · , Ni,n) over the finite field Fq

and appends a unit vector of length m to the vector Ni tocreate m augmented vector N̂i as

N̂i = 〈Ni,

i︷︸︸︷0, · · · , 0, 1, 0, · · · , 0︸︷︷︸

m

〉. (2)

The jth coded packet is generated from the m original packets,in the form of

Cj =m∑i=1

αj,iN̂i

= 〈Cj,1, · · · , Cj,n, αj,1, · · · , αj,m〉 ,(3)

where Cj,i =∑m

i=1 αj,iNi,j ; αj,i and Ni,j are coding coeffi-cients and original data packets, respectively. The coefficientsαj,i are selected randomly from a sufficient large finite fieldFq to ensure that all generated coded packets are independent.In order to allows the receivers to recover the original data,the coefficients are included within each coded packet. Thegraphical representation of the coding process is illustrated inFig. 1. We note that using network coding, each coded packetwill create some overhead compared with the original packet.However, the augmentation part has a size of m×symbol size(bits) (m is the generation size (order of ten), which is small,about 3% [37]), compared with the packet payload, order ofKbytes; therefore, it is negligible.

v1

z1 z2 z3 z4

v2 v3 v4

v1-2 v3-4

v1-4

v5

z5 z6 z7 z8

v6 v7 v8

v5-6 v7-8

v5-8

v1-8

Fig. 2. An example of construction Merkle hash tree over {z1, · · · , zn},where n = 8.

B. Null Key Packet Generation

The adversary may inject bogus data packets to preventreceivers from successfully decoding the original packets.Recall that the transmitter signs the original packets, which canbe verified after successful decoding. One challenge here isthat if the receiver cannot differentiate genuine coded packetsfrom bogus ones, it may be difficult to identify the sets ofpackets to correctly decode the original packets. For example,assume that a receiver has received m genuine and b boguspackets. To find the correct m packets for decoding, thereceiver needs to examine possibly

(m+bm

)combinations, a

number that grows exponentially in b.To generate null key packets, we adopt the technique

proposed in [16]. The transmitter then optimally sends the nullkey packets to the receivers to filter out bogus packets (detailof the optimal transmission scheduling is described in sectionVII.) The main idea of our bogus packet detection is basedon the orthogonal property of the null space and subspacespanned by the original packets, i.e., any valid coded packetmultiples with a null key packet will equal to zero. We nextshow how the null key packets are computed.

Let N denote the m × (m + n) matrix whose ith row isN̂i. Thus, the subspace of matrix N, i.e., span(N), whichis spanned by {N̂ }mi=1, will contain all coded packet Cj(cf. equation (3)). In addition, the null space of N, de-noted as null(N), which consists of the set of all vectorsz for which Nz = 0. Furthermore, let the dimension ofnull(N) be nullity(N), based on the rank-nullity theorem[38], we then have rank(N)+nullity(N) = m+n. Becauserank(N) = m, we obtain nullity(N) = n. The basisvectors {z1, · · · , zn}, which span null(N), can be efficientlycomputed by using Singular Value Decomposition (SVD) [39].The null key packets are any combination of the basis vectors{zi}ni=1, which can be used to verify the validity of the codedpackets, i.e., Cjzi = 0, for ∀j, i.

However, the adversary may also inject bogus null keypackets. Without an appropriate authentication mechanism inplace, genuine data packets may be misidentified as bogusones. Further, null key packet authentication must be efficient,which may otherwise be exploited by the adversary to injecta large number of bogus packets to force the receivers toperform expensive signature verification.

We leverage a combination of Merkle hash tree [40] anddigital signature to realize efficient authentication for nullkey packets. Specifically, let n = 2d for some integer d.To authenticate {z1, · · · , zn}, the transmitter builds a Merkle



1,1N 1,2N 1,nN,1 1ˆ

j N 1 0 0

,1iN ,2iN ,i nN,ˆ

j i iN 0 1 0

,1mN ,2mN ,m nN,ˆ

j m mN 0 0 1

i

m

,1j

,j i

,j m

Original Data Augmentation

Fig. 1. Encoded packet is generated by linearly combining augmented vectors. Coding coefficients are included within the payload.

hash tree of depth d on top of {z1, · · · , zn}, as illustratedin Fig. 2. In particular, the transmitter computes vi = h(zi),for all i ∈ [1, n], and builds a binary tree by computing eachinternal node as the hash of its adjacent children nodes. Forexample, v3−4 = h(v3||v4) and v1−4 = h(v1−2||v3−4) inFig. 2.

The transmitter signs the root of the Merkle hash tree, e.g.,v1−8 using its private key K−1. Given the Merkle hash tree,the base station constructs one null key packet for each zi,which consists of zi itself and its authentication information,i.e., all the siblings of the nodes in the path from vi to theroot of the Merkle hash tree. For example, we have

K2 := 〈z2,v1,v3−4,v5−8,v1−8,K−1(h(v1−8))〉

C. Packet Authentication at the Receiver

We defer the scheduling at the transmitter and introduce thefollowing operation at the receivers in this subsection.

Upon receiving a data packet Cj , the receiver marks it as anunverified packet and stores it in the receiver’s buffer. When anew null key packet arrived, the receiver takes the followingsteps:

1) Step 1: check if a valid root of the Merkle hash treeof the current batch, e.g., v1−8, has been receivedbefore. If not, verify the signature K−1(h(v1−8)) usingthe transmitter’s public key K . Otherwise, check if itmatches the one in new null key packet. The null packetis dropped if either v1−8 does not match or the signatureis invalid .

2) Step 2: verify the authenticity of the received null keyzi using the authentication information along the pathto the root of the Merkle hash tree. For example, fornull key packet K1, the receiver checks if

v1−8 = h(h(h(h(z1)||v2)||v3−4)||v5−8) .

3) Step 3: using the received null key to check all thereceived data packets to detect bogus packets, if any.

4) Step 4: repeat Step 1 to Step 3 until it reaches thedeadline. If the number of coded packets passed the au-thentication is larger or equal to m, decode the originaldata packets {Ni}mi=1. If the number of authenticatedcoded packets is less than m, say m′, then randomlychoose a m − m′ packets from unverified packets toproceed to the decoding.

5) Step 5: verify if Nm is the valid signature ofN1|| · · · ||Nm−1 (cf. Eq. (1)). If so, the batch is con-sidered authenticated, and dropped otherwise.

Note that, the recovery of the transmitted data succeededonly if sufficient coded packets have been received and thereceiver chooses a correct set of the coded packets for decod-ing.

D. Security Analysis

In what follows, we outline the security analysis of theproposed authentication scheme.

1) The integrity of null key packet: The transmitter signsthe root of the Merkle hash tree using its private key K−1,which is included in every null key packet. All the receiversknow the public key of the transmitter, and thus can verify thesignature. That said, all the receivers can authenticate the rootof the Merkle hash tree, whereby to authenticate all the nullkeys. Therefore, any forged null key packet can be detected.

2) The integrity of coded packet: Each coded packet mustpass the authentication using all received null key packets.Without loss of generality, assume that the transmitter havereleased g < n null key packets, say {zi}gi=1. In the worstcase, assume they have also been received by the adversary.The adversary then generates a bogus packet B such thatBzi = 0 for ∀i ∈ [1, g]. Because the adversary cannot predictzi+1, the probability that B is also orthogonal to the nextnull key zi+1 is 1/q, where q is the underlying field size.In other words, any bogus coded packet can be detectedwith probability at least 1/q before being used to decode theoriginal packets.

V. TIME-DELAY NULL KEY RELEASE

We observe that when the transmitter sends a null keypacket to the receivers, it likely will be overheard and inter-cepted by the adversary who then can generate bogus data topass the authentication. Therefore, to defend against the falseinjection attacks we need to carefully schedule transmissions.Finding an optimal scheduling boils down to how the trans-mitter chooses which packet to transmit at each time slot. Letus illustrate the intuition via the following example.

Example 1: Consider a single-source single-receiver wire-less network with one attacker. The transmitter wishes todeliver a delay-sensitive data file consisting of m = 4 packets



within a deadline of T = 10 time slots. For now, let us assumethat the receiver has small buffer size |Q| = 6 packets. Whenthe receiver buffer is full and a new packet arrived, one ofthe received packets will be discarded uniformly at random.For the sake of exposition, we assume that there is no lossin transmissions. Further, at the beginning of each time slot,all users who want to send data over the network contend thetransmission medium. Assume we have a realization in whichthe transmitter obtains the channel for transmissions at timeslots {1, 3, 4, 6, 8, 10}, and the attacker obtains the channelfor transmissions at time slots {2, 5, 7, 9} as shown in Fig. 3.We let Ci, Ki, and Bi denote the coded packets, null keys, andbogus packets, respectively. We also assume that all packetshave the same size and each packet is fitted into one time slot.

In the first scheme shown in Fig. 3(a), after time slot ts4the receiver obtains four packets C1, C2, B3, and K1. By usingnull key K1, the receiver is able to detect and discard thebogus packet B1. The receiver then also discards null keypacket K1 to save space because with high probability theattacker might also receive K1, thus, it can generate next boguspackets that satisfy the checking conditions of K1. At time slotts9, the attacker obtains the transmission medium and sendsanother bogus packet B4. For illustration, we assume that thereceiver implements random discard policy when the bufferis full. However, the problem is unchanged under any otherqueuing policies, e.g., random early discard, tail drop, etc.,because of the random packet arrivals. There are more codedpackets in the buffer; thus, with high chance one of them willbe discarded, assumed C2. Hence, after nine time slots, thereceiver has six packets {C1, B2, C3, B3, C4, B4}. Assumethat at the last time slot ts10, the transmitter sends anothercoded packet C5. Upon receiving it, the receiver also selectsone of the received packets uniformly at random for discard. Itmay happen that another coded packet will be discarded, sayC3. In the end, the receiver obtains only three coded packetsand cannot recover the transmitted data.

We now show a better transmission strategy in Fig. 3(b). Asshown, all the transmissions are scheduled the same way asbefore except for time slot ts8. Instead of transmitting codedpacket C4, the transmitter releases another null key packet K2.Upon receiving K2, the receiver uses it to detect and eliminatebogus packets B2 and B3. Using this transmission strategy,after ten time slots, the receiver obtains four coded and onebogus packets; thus, with high probability it is able to recoverthe transmitted data.

We observe that without careful scheduling, the networkperformance may be devastating. For example, sending toomany null key packets will help the receiver filter out all boguspackets; however, it also decreases the number of time slots forcoded packet transmission. On the other hand, sending onlya few null key packets will leave many bogus packets in thereceivers’ buffer, making the decoding expensive. The networkperformance is maximized when the transmitter knows “whento send null key packets” and “how many null key packets willbe sent”. The framework of adaptive transmission schedulingis investigated in the next section.

Time slot 1 2 3 4 5 6 7 8 9 10

Data sentTransmitter C1 C2 1 C3 C4 C5

Attacker B1 B2 B3 B4

Receiver’sbuffer

At time slot 3 C1 B1 C2

At time slot 4 C1 B1 C2 1

At time slot 9 C1 C2 B2 C3 B3 C4 B4

At time slot 10 C1 B2 C3 B3 C4 B4 C5

Null key check

Random discard

Random discard(a)

Time slot 1 2 3 4 5 6 7 8 9 10

Data sentTransmitter C1 C2 1 C3 2 C4

Attacker B1 B2 B3 B4

Receiver’sbuffer

At time slot 3 C1 B1 C2

At time slot 4 C1 B1 C2 1

At time slot 8 C1 C2 B2 C3 B3 2

At time slot 10 C1 C2 C3 B4 C4

Null key check

Null key check

(b)

Fig. 3. An example of two different time-delay null key releases for thecase of one transmitter, one receiver, and one attacker with m = 4, |Q| = 6,and T = 10.

VI. TRANSMISSION TECHNIQUES: PERFORMANCE

ANALYSIS

In this section, we will study network performance of someNC transmission techniques using different scheduling strate-gies. The network performance is measured by the recoveryprobability, i.e., the probability that all receivers in the networkcan recover (decode and authenticate) the transmitted data.Particularly, we focus on three techniques: network coding,network coding with randomly distributed null keys, andMDP-based adaptive null key scheduling. Due to the adaptivescheduling of the proposed MDP-based technique, there is noclosed form to express its performance, and we describe howthe transmitter adaptively selects a packet for transmission atevery time slot in Section VII. For all techniques, we assumethat the transmitter has m data packets consisting of m − 1data and one signature packets that need to be delivered to Mreceivers in T time slots. Further, we assume that the erasureprobabilities from the transmitter and attacker to receiver Rj

are pj and εj , respectively. For the sake of clarity, we assumethat all the receivers have the same buffer size |Q| and denoteρ to be the transmitter contention probability.

A. Network Coding (NC)

In this technique, the transmitter does not generate nullkeys and sends out only coded packets at every transmissionopportunity. In order to recover the transmitted data, a receiverneeds to obtain at least m coded packets1 and choose a correctset of the coded packets among all the received ones. We havethe following result.

Theorem 6.1: The recovery probability of a network con-sisting of M receivers is given by

1We assume that the operating finite field Fq is large so that all codedpackets are independent.



0 1 x 1 x x+1 |Q|

(x,x 1) (x,x)

(x,x+1)

(0,0) (|Q|,|Q|)

(a)

0,0 0,y 1 0,y 0,y+1 0,T 1 0,T

T y,y

x,0

T,0

x,y 1 x,y x,y+1

x+1,y

([x,y];[x,0]) ([x,y];[x,y])

([x,y];[x+1,y]) ([x,y];[x,y+1])

T 1,1

1,T 1

x,T x

T 1,0

(b)

Fig. 4. Markov chain model for the revolution of the receiver’s buffer: a)Network coding without null keys for |Q| ≤ T ; b) Network coding withrandomly distributed null keys for T ≤ |Q|. The final states are indicatedwith double circles.

Pdec =

M∏j=1

Pdec(j), (4)

where:1) Case 1: T ≤ |Q|

Pdec(j) =

T∑T1=m

T1∑l=m

T2∑k=0

(lm

)(l+km

)(T

T1

)ρT1(1− ρ)T2

×(T1

l

)(1− pj)

lpT1−lj

(T2

k

)(1− εj)

kεT2−kj . (5)

2) Case 2: T > |Q|

Pdec(j) =T∑

T1=m

min{T1,|Q|−1}∑l=m

|Q|−1−l∑k=0

(lm

)(l+km

)(T

T1

)ρT1(1− ρ)T2

×(T1

l

)(1− pj)

lpT1−lj

(T2

k

)(1− εj)

kεT2−kj

+

T∑h=|Q|

|Q|∑n=0

h∑u=n

(jm

)(|Q|

m

)(T

u

)ρu(1− ρ)T−u

(u

n

)pu−nj (1− pj)

n

×(

h− u

|Q| − n

)εh−u−|Q|+nj (1− εj)

|Q|−nΨT−hj (n,≥ m),

(6)

where Ψtj(x, y) represents the transition probability

from state x to state y in t steps and T2 = T − T1.Proof: Consider receiver Rj and let Zc(t) and Zb(t)

respectively be the number of coded and bogus packetsreceived after t time slots. The theorem is proved in two cases.

1) Case 1: T ≤ |Q|In this case, there is no received packet discarded asT ≤ |Q|. Let T1 and T2 respectively be the number

of time slots the transmitter and attacker attained fortransmissions; thus, T1+T2 = T . Let Pdec(j) denote theprobability that receiver Rj can recover the transmitteddata. Because the transmitter does not use the null keysto filter out the bogus packets, the recovery probabilityis computed as the probability that receiver Rj correctlyselects a set of m coded packets among all the receivedpackets. We have that

Pdec(j) =

T2∑k=0

(lm

)(l+km

)Pr (Zc(T ) = l ≥ m,Zb(T ) = k)

=

T∑T1=m

T2∑k=0

T1∑l=m

(lm

)(l+km

)(T

T1

)ρT1(1− ρ)T2

×(T1

l

)(1− pj)

lpT1−lj

(T2

k

)(1− εj)

kεT2−kj .

(7)

The explanation is as follows. The probability Pdec(j) isobtained by adding all possible combinations of whichRj receives and selects a correct full set of codedpackets out of the received packets (which may havebogus data packets). For example, the first term inequation (7) represents the probability that the receivercan pick a correct set of coded packets out of allreceived packets, i.e.,

(lm

) \ (l+km

), where l and k is

the number of coded and bogus packets, respectively,and m is the number of coded packets requires fordecoding. The second term indicates the probability thatat least full set of coded data (≥ m) is received afterT time slots, i.e., P (Zc(T ) = l ≥ m,Zb(T ) = k).This probability is further computed using the geometrydistribution based on the contention probability ρ, datapacket error rate pj , and bogus packet error rate εj . Theterm

(TT1

)ρT1(1 − ρ)T2 computes the probability that

the transmitter attain T1 ≥ m time slots and attackerattains T2 = T − T1 time slots, out of total T timeslots. The term

(T1

l

)(1 − pj)

lpT1−lj accounts for the

probability that at least a full set of coded packets isreceived, i.e., l ≥ m. Finally, the last term representsthe probability that the Rj receives k bogus packets,i.e.,

(T2

k

)(1 − εj)

kεT2−kj . Combining all the terms we

obtain equation (7).2) Case 2: |Q| < T

Let the binary random variable F = 1 denote thefull-buffer event and the random variable T ∗ denotethe “dropping threshold”, i.e., T ∗ � min{t ∈ N

+ :Zc(t) + Zb(t) = |Q|}, where N

+ is the set of non-negative integer. We note that in this case some receivedpackets might be dropped when T ∗ < T . Thus, therecovery probability of receiver Rj can be written as

Pdec(j) = Prj(Zc(T ) ≥ m,F = 0)

+ Prj(Zc(T ) ≥ m,F = 1). (8)

The first term in equation (8) represents the case wherethe receiver is able to recover the transmitted datawithout filling the buffer during the transmission. Thisprobability can be computed as



Prj(Zc(T ) ≥ m,F = 0) =T∑

T1=m

min{T1,|Q|−1}∑l=m

|Q|−1−l∑k=0

(lm

)(l+km

)×(T

T1

)ρT1(1− ρ)T2

(T1

l

)(1− pj)

lpT1−lj

×(T2

k

)(1− εj)

kεT2−kj . (9)

The second term in equation (8) corresponds to the casewhere the receiver can recover the transmitted data witha full-buffer event occurred. The change of the receivedpackets is more complicated than the previous case as ithas random packet discarded. To characterize the changeof the received data packets, we model it as the statetransition of a Markov chain. Each state corresponds toa number of coded packets received. The state spaceis then written as S = {0, 1, . . . , |Q|}. The recoveryprobability with a full-buffer event is written as

Prj(Zc(T ) ≥ m,F = 1)

=

|Q|∑l=0

T∑k=|Q|

Pr(Zc(k) = l, Zb(k) = |Q| − l)

×ΨT−kj (Zc(k) = l, i ≥ m)

=

|Q|∑l=0

T∑k=|Q|

k∑u=l

∑i≥m

( im

)(|Q|m

)(Tu

)ρu(1 − ρ)T−u

(ul

)pu−lj (1− pj)

l

×( k − u

|Q| − l

)εk−u−|Q|+lj (1 − εj)

|Q|−lΨT−kj (Zc(k) = l, i),

(10)

where Ψtj(x, y) denotes the transition probability from

state x to state y in t steps as illustrated in Fig. 4(a). Inparticular, for a state 0 < x < |Q|, the valid transitionsare only to states x−1, x+1 or itself x. For the extremecases where the buffer is empty or full, states 0 and|Q| can only transit to itself or states 1 and |Q| − 1,respectively. The transition probabilities are specified as

Ψj(x, y) =

⎧⎪⎪⎪⎪⎪⎪⎨⎪⎪⎪⎪⎪⎪⎩

(1− ρ)(1− εj)x

|Q|+1, if y = x− 1 > 0

ρ(1− pj)x+1

|Q|+1+ (1− ρ)εj + ρpj

+(1− ρ)(1− εj)|Q|−x+1|Q|+1

, if y = x

ρ(1− pj)|Q|−x|Q|+1

, if y = x+ 1 < |Q|0 otherwise.

(11)

The first equation in (11) accounts for the case wherethe number of received coded packets decreases by one.This occurs only when the receiver correctly receives abogus packet and randomly discards a coded packet. Thesecond equation accounts for the case where the numberof received coded packets is unchanged. It happens whennew packet transmission is unsuccessful, or correctlyreceived but the same type of the packet is discarded.The third case models the system after a successfulcoded packet transmission with a bogus packet discardafterward. That said, based on (11), we can write downthe transition probability matrix Ψ and compute thetransition probability from any state x to any state yin an arbitrary time steps.

The network recovery probability is computed based on(7), (9), (10), and noticing that the received data at thereceivers is independent. We have that

Pdec =M∏j=1

Pdec(j).

B. Network Coding with Randomly Distributed Null Keys(NC-RDNK)

In this technique, when the transmitter successfully attainsthe channel, it randomly selects a packet among the codedand null key packets for transmission. If the receiver correctlyreceives the transmitted null key packet, it then can filter out allbogus packets having been stored in its buffer with probabilityat least 1/q (cf. Section IV-D). For the sake of clarity, inour analysis we assume that the field size is large so thatthe probability that a null key fails to detect a bogus packetis negligible. Similarly, we model the change of the numberof the received packets as the revolution of a Markov chain.In particular, we represent each network state by a vectors = [nc, nb], where nc and nb respectively are the numberof received coded and bogus packets. We have the followingresults.

Theorem 6.2: The recovery probability of a network con-sisting of M receivers is given by

Pdec =

M∏j=1

Pdec(j), (12)

where:1) Case 1: T ≤ |Q|

Pdec(j) =∑u≥m

(um

)(u+vm

)ΨTj ([0, 0]; [u, v]), (13)

2) Case 2: for |Q| < T ,

Pdec(j) =∑

u≥m;u+v<|Q|

(um

)(u+vm

)ΨTj ([0, 0]; [u, v])

+∑u≥m

T∑k=|Q|

∑x+y=|Q|

(um

)(u+vm

)Ψkj ([0, 0]; [x, y])Φ

T−kj ([x, y]; [u, v]),

(14)

and Ψkj ([x, y]; [u, v]) and ΦT−k

j ([x, y]; [u, v]) are transi-tion probabilities from state [x, y] to state [u, v] in k andT − k steps, respectively.

Proof: The theorem is also proved in two cases corre-sponding to the order of the transmission window and thequeue size.

1) Case 1: T ≤ |Q|As we notice that, in this case there is no receivedpacket dropped as the the transmission window T isless than the queue size |Q|. The transition probabilitiesfrom non-final state [x, y] to its neighboring state [u, v]are illustrated in Fig. 4(b). Particularly, there are fourvalid transitions corresponding to the success or failureof the transmission of coded, null key, or bogus packet.We note that there are T + 1 final states, indicatedwith double circles, representing the termination of the



network operation. The transition probabilities of a non-final state are specified as

Ψj([x, y]; [u, v]) =

⎧⎪⎪⎪⎪⎪⎨⎪⎪⎪⎪⎪⎩

12ρ(1− pj) if u = x, v = 0

ρpj + (1− ρ)εj if u = x, v = y12ρ(1− pj) if u = x+ 1, v = y

(1− ρ)(1− εj) if u = x, v = y + 1

0 otherwise.(15)

The first equation accounts for the case where the trans-mitter attains the transmission channel and successfullydelivers a null key packet to the receiver. The receiverthen uses the received null key to filter out all thereceived bogus packets in its buffer, i.e., v = 0. Themultiply factor 1/2 indicates the fact that the transmitteruniformly randomly selects a packet among null keyand coded packets for each transmission. The secondequation accounts for a loop transition where there isno change in the number of received packets. Thisrepresents the scenario where either the transmitter orattacker fails to deliver their packets to the receiver. Thelast two equations correspond to the scenarios wherethe transmitter and attacker successfully deliver a codedand bogus packets to the receiver, respectively. Basedon these observations, we can write down the transitionprobability matrix Ψj between two arbitrary states ofreceiver Rj . Therefore, the recovery probability of thetransmitted data of receiver Rj after T time slots canbe computed as

Pdec(j) =∑u≥m

(um

)(u+vm

)ΨTj ([0, 0]; [u, v]) . (16)

2) Case 2: |Q| < TIn this case, some received packets might be discardedwhen the buffer is full and a new transmission arrives.We characterize the transition probability matrix Ψj ofreceiver Rj in two scenarios:

• When the start state [x, y] with the total numberof received packets less than the queue size, i.e.,x + y < |Q|, the transition probabilities from state[x, y] to its neighboring state [u, v] are specified in(15).

• In the other case, the start state [x, y] satisfies thecondition x+ y = |Q|, when a new packet arrives,one of the received packets will be discarded. Thetransition probabilities from state [x, y] to its neigh-boring state [u, v] are written as

Φj([x, y]; [u, v]) =

⎧⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎨⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎩

x2(|Q|+1)

ρ(1 − pj) if u = x− 1, v = 0y

2(|Q|+1)ρ(1 − pj) if u = x, v = 0

ρpj + x+12(|Q|+1)

ρ(1− pj)

+(1− ρ)εj + y+1|Q|+1

×(1− ρ)(1 − εj) if u = x, v = y12ρ(1 − pj)

y|Q|+1

if u = x+ 1, v = y − 1

(1 − ρ)(1 − εj)

× x|Q|+1

if u = x− 1, v = y + 1

0 otherwise.

(17)

In this formula, the first and second equations accountfor the fact that a new null key packet is received cor-rectly, then, a coded and bogus packets are discarded atrandom, respectively. The null key is then used to filterout all the bogus packets in the buffer, i.e., v = 0. Thethird equation represents the case where the state loopsto itself. This occurs when either the new transmissionfails to reach to the receiver or the same type of packetsis discarded after a new successful transmission. The lasttwo equations correspond to two contradictory scenarioswhere a successful coded packet transmission with abogus packet discard and a successful bogus packettransmission with a coded packet discard. Therefore, thedata recovery probability of receiver Rj can be writtenas

Pdec(j) =∑

u≥m;u+v<|Q|

(um

)(u+vm

)ΨTj ([0, 0]; [u, v])

+∑u≥m

T∑k=|Q|

∑x+y=|Q|

(um

)(u+vm

)Ψkj ([0, 0]; [x, y])

× ΦT−kj ([x, y]; [u, v]), (18)

From (16) and (18), and using the fact that received data atthe receivers is independent, we then can write the networkrecovery probability as

Pdec =

M∏j=1

Pdec(j).

VII. THE PROPOSED ADAPTIVE TRANSMISSION

SCHEDULING

As discussed, at every attained time slot, the transmittercan send either coded or null key packets to the receivers.Each transmitted packet additively affects to the receivers’authentication rate at the end of the transmission period,depending on whether it is able to be decoded. That said,without careful transmissions scheduling, the overall networkperformance can be detrimental. In this section, we investigateour proposed adaptive transmission scheduling that maximizesthe network authentication rate.

A. MDP-based Scheduling

In this subsection, we show how the transmitter adaptivelyschedules transmissions (data packets and null keys), basedon the network state, to maximize the network authenticationrate. For now, we assume that at the beginning of each timeslot the transmitter reliably receives one-bit feedback messagesfrom the receivers to indicate whether the previous transmittedpacket has been received successfully. The network dynamicsis modeled as an MDP, and at each time slot, the transmitterchooses an action from the action set to maximize the ac-cumulative reward at the end of the transmission period. Inparticular, we specify the network dynamics by a six-tuple(S,A,P, r, T, γ), where boldface letters refer to matrix orvector.



1) State space S: A state s is defined by a matrix

s =

⎡⎢⎢⎣c1 b1c2 b2. . . . . .cM bM

⎤⎥⎥⎦ , (19)

where the first and second columns of the ith row [ci, bi],respectively, represent the numbers of coded and boguspackets received by receiver Ri.

2) The action set A consists of i) sending a coded packet,ii) sending a null key, and iii) sending nothing (at timeslots the transmitter cannot attain the channel).

3) The transition distribution P (st+1|st, at) is computedbased on the network current state, st, action taken,at, and the packet erasure probability of each receiver.For example, in the case of one receiver with codedand bogus packet erasure probabilities respectively arep and ε, and assume that the transmitter attains thechannel, the probability P (st+1 = [00]|st = [00], at =“sending a coded packet”) = p, or P (st+1 = [10]|st =[00], at = “sending a coded packet”) = 1 − p, corre-sponding to the scenarios where the transmitted codedpacket is received successfully or lost.

4) The immediate reward matrix r(s, a) is computed basedon the future-dependent reward function, which is de-fined by

r(s′|s, a) ={f(.) if s′ is a data-recoverable state

0 otherwise,(20)

where f(.) is a non-negative function, and it is designedto reflect whether the receivers are able to recover thetransmitted data and how easy the decoding processis performed. This is analogous to the delay rewardassignment, i.e., the intermediate states, in which thereceivers cannot recover the transmitted data, shouldhave a zero-immediate reward. Detail of the design isillustrated via the example in Section VIII.

5) T is the number of stages or time slots associated withthe current data batch.

6) Discount factor γ is in [0, 1). When γ is close to zero,the transmitter tends to consider only immediate reward,and when γ is close to one, the transmitter prefers futurereward with higher weight.

Once the parameters are specified, we use the backwardinduction algorithm (BIA), summarized in Algorithm 1, tofind an optimal policy. The main idea of this algorithm isthat it computes the immediate rewards and expected rewardsbackwardly from the final stage to the initial stage. Theoptimal policy is the one that results in the maximum expectedreward.

Remark 1: We note that all the transition probabilitiesdiscussed above are conditional probability. Specifically, thetransmission is performed only if the transmitter has attainedthe transmission medium. If we let a binary random variableΓ = 1 denote the event that the transmitter attains thetransmission medium, the transition probability is computed

Algorithm 1 : Backward Induction Algorithm (BIA)Input: S,A,P, r, T, γ.Output: π∗ = {d(s1), d(s2), . . . , d(sT )}

1: Initialize: t = T , set V ∗(sT ) = 0 for all sT ∈ S2: for t = T − 1 to 0 do3: r(st, at) =

∑st+1∈S r(st+1|st, at)P (st+1|st, at)

4: V ′(st) = γ∑

st+1∈S P (st+1|st, at)V ∗(st+1)5: V ∗(st) = maxat∈A {r(st, at) + V ′(st)}6: d(st) = argmaxat∈A {V ∗(st)}7: end for

as

P (s′|s, a) = P (s′,Γ = 1|s, a) + P (s′,Γ = 0|s, a)= ρP (s′|s, a,Γ = 1)

+ (1− ρ)P (s′|s, “sending a bogus packet”,Γ = 0),

where ρ is the contention probability of the transmitter.

B. Approximation for MDP-ATS

As discussed above, when the network parameters suchas the number of receivers, receivers’ buffer size, and trans-mission window increase, the MDP-ATS technique is subjectto the curse of dimensionality as state space size increasesexponentially; its time complexity is given as O(T|S|2|A|).To tackle this problem, we use the simulation-based method[41] to approximate the optimal policy. In particular, ouralgorithm combines the simulation-based method with back-ward induction (SBIA) to reduce the time complexity toO(TΔ|S||A|) with Δ � S. Pseudocode of the SBIA algo-rithm is summarized in Algorithm 2.

Algorithm 2 : Simulation-based using Backward InductionAlgorithm (SBIA)Input: S,A,T, γ.Output: π∗ = {d(s1), d(s2), . . . , d(sT )}

1: Initialize: t = T , set V ∗(sT ) = 0 for all sT ∈ S2: for t := T − 1 to 1 do3: for each state st ∈ S do4: try all actions at ∈ A for Δ iterations, and compute5: V̂ ∗(st, at) = 1

Δ

∑Δ [r(st+1|st, at) + γV ∗(st+1)]

6: V ∗(st) = maxat∈A

{V̂ ∗(st, at)

}7: d(st) = argmaxat∈A

{V̂ ∗(st, at)

}8: end for9: end for

Remark 2: So far, we have solved the problem with perfectfeedback from the receivers. However, in practice feedbackmessages are subject to losses and errors; thus, the transmitterobserves only partial of the states. Fortunately, the problem canbe formulated and solved as a Partially Observable MarkovDecision Process (POMDP) and the POMDP problem can alsobe solved by using the same SBIA algorithm as

V̂ ∗(ot, at) =1

Δ

∑Δ

[r(ot+1|ot, at) + γV ∗(ot+1)] , (21)



where ot is an observed state at time step t. This equationis similar to the formula in line 5 of Algorithm 2 (SBIA).However, in this case, the transmitter schedules its transmis-sion (selects an action) based on its observed state, ot, whichmay be different from the actual network state, st. The rewardvalue is performed via the simulation-based approach whereΔ is the number of iterations.

VIII. SIMULATION RESULTS AND DISCUSSIONS

In this section, we will demonstrate the effectiveness ofthe proposed technique via simulations. In particular, wefocus on comparing the network authentication rate of thefollowing techniques: network coding (NC), network codingwith randomly distributed null keys (NC-RDNK), networkcoding with greedy null key scheduling (NC-GNKS), MDP-based adaptive transmission scheduling (MDP-ATS), and theapproximation for MDP-ATS technique (AMDP-ATS). Weuse the well-known TESLA scheme [17] for authenticationof multicast stream over lossy channels as the benchmark inour comparison. In our simulation, TESLA is implementedwith the key chain approach to tolerate packet losses duringthe transmission. In NC-GNKS technique, the transmittersends out a null key packet only when existing a bufferoverflow. This technique is of interest because it has low timecomplexity and may result in a good performance. We startwith the basic setup.

A. Basic Setup

In our simulation, we assume that each delay-sensitive databatch consists of m = 10 layers that correspond to m − 1original data packets and one signature packet. The signaturepacket needs to be available at the receivers in order toauthenticate the received data. This scenario is well suitedto model the transmission of a Group of Picture (GOP) ofthe MPEG standard [42]. In addition, we assume that theerasure channels between the transmitter and receivers areindependent. We consider two scenarios corresponding to thecases where the buffer size |Q| is smaller or larger thanthe deadline T . For all simulations, we set the number ofiterations for our simulation-based scheme Δ = 5, discountfactor γ = 0.8, and packet erasure probabilities pi = 10%for ∀i ∈ {1, . . . ,M} and ε = 20%. Different attack modelsare simulated by varying the value of ρ. In our simulation,the network authentication network rate is determined as themean of the network authentication rates across all receiversdefined in Eq. (22) over 10, 000 trials.

Definition 8.1: Assume that the transmitter has a batch ofm − 1 data packets {N1,N2, . . . ,Nm−1} to be delivered toM receivers within a deadline of T time slots. A receiverRj achieves an authentication rate of ηj if there exists a setof ηj packets which are decoded and authenticated by thedeadline T . The average network authentication rate acrossall the receivers per unit time is defined as

η = limτ→∞

1

τ

∑τ

∑Mj=1 ηj

MT, (22)

where τ is the operating time of the network.

We use the average network authentication rate as ourperformance measure to compare different techniques. A tech-nique X is better than a technique Y if ηX > ηY . We startthe simulation by a simple example to demonstrate how thereward function is assigned in the MDP-ATS.

B. Reward Function: An Illustrative Example

We now demonstrate how the MDP-based scheduling worksin a simple transmission scenario consisting of one transmitter,one receiver, and one attacker. Let us assume that the batchsize m = 2, and the buffer size |Q| = 3. Since there is onlyone receiver in this example, a state can be represented bya vector, and there are total ten states as shown in Fig. 5.At each time slot, based on the feedback message from thereceiver, the transmitter adaptively decides which packet willbe transmitted.

To compute the transition probability matrix, let us denotep the packet erasure probabilities of the channels betweenthe transmitter and receiver. In Fig. 5(a), we show theconditional transition probability associated with the action“sending a coded packet” given that the transmitter alreadyattained the transmission channel. Each cell (i, j) in the matrixrepresents the probability of moving to state j from thecurrent state i taking the action “sending a coded packet”,P (j|i, “sending a coded packet”, Γ = 1), where Γ = 1 de-notes the event that the transmitter attains the transmissionchannel. For example, probability of transition from statest = [10] to state st+1 = [20] is 1 − p, corresponding to thescenario where the receiver correctly obtains the transmittedpacket. We recall that in our paper, we use uniformly randomdiscard when the buffer overflows, for instance, the transitionprobability from state s = [21] to state s = [30] is (1− p)/4.This accounts for the case where the receiver receives thecoded packet successfully, with probability 1 − p, and itrandomly discards the bogus packet, with probability 1/4(three stored and one new arrived packets). Carrying out thesame procedure, one can compute all the other transitionprobabilities associated with the action “sending a codedpacket” as shown in Fig. 5(a).

We now compute the transition probabilities associated withthe action “sending a null-key packet”. Note that when thereceiver successfully receives a null-key packet, it first storesthe packet in its buffer, then uses it to filter out the boguspackets in the buffer. We emphasize that each null-key packetis authenticated separately, thus, the receiver can distinguishit from the other packets, i.e, coded and bogus packets. Asa result, when the buffer overflows, the transmitter discardsonly either coded or bogus packets. For instance, the transitionprobability from state st = [02] to state st+1 = [00] is1−p, corresponding to a scenario where the receiver receivesthe null-key packet successfully and uses it to filter out allthe bogus packets. Similarly, one can compute the transitionprobabilities associated with the action “sending a null keypacket” as shown in Fig. 5(b).

Fig. 5(c) shows a reward assignment that satisfies the con-ditions imposed in Eq. (20). In particular, if the receiver candecode and authenticate the transmitted data with probabilityone, then the transmitter obtains a reward of r > 0 units.



[00] [01] [02] [03] [10] [11] [12] [20] [21] [30]

[00] p 0 0 0 1-p 0 0 0 0 0

[01] 0 p 0 0 0 1-p 0 0 0 0

[02] 0 0 p 0 0 0 1-p 0 0 0

[03] 0 0 (1-p)/4 p 0 0 3(1-

p)/4 0 0 0

[10] 0 0 0 0 p 0 0 1-p 0 0

[11] 0 0 0 0 0 p 0 0 1-p 0

[12] 0 0 0 0 0 0 p+(1-p)/2 0 (1-

p)/2 0

[20] 0 0 0 0 0 0 0 1 0 0

[21] 0 0 0 0 0 0 0 0 p+3(1-p)/4

(1-p)/4

[30] 0 0 0 0 0 0 0 0 0 1

st st+1 [00] [01] [02] [03] [10] [11] [12] [20] [21] [30]

[00] 1 0 0 0 0 0 0 0 0 0

[01] 1-p p 0 0 0 0 0 0 0 0

[02] 1-p 0 p 0 0 0 0 0 0 0

[03] 1-p 0 0 p 0 0 0 0 0 0

[10] 0 0 0 0 1 0 0 0 0 0

[11] 0 0 0 0 1-p p 0 0 0 0

[12] (1-p)/3 0 0 0 2(1-

p)/3 0 p 0 0 0

[20] 0 0 0 0 0 0 0 1 0 0

[21] 0 0 0 0 2(1-p)/3 0 0 (1-

p)/3 p 0

[30] 0 0 0 0 0 0 0 0 0 1

stst+1 [00] [01] [02] [03] [10] [11] [12] [20] [21] [30]

[00] 0 0 0 0 0 0 0 0 0 0

[01] 0 0 0 0 0 0 0 0 0 0

[02] 0 0 0 0 0 0 0 0 0 0

[03] 0 0 0 0 0 0 0 0 0 0

[10] 0 0 0 0 0 0 0 r 0 0

[11] 0 0 0 0 0 0 0 0 r/3 0

[12] 0 0 0 0 0 0 0 0 r/3 0

[20] 0 0 0 0 0 0 0 r 0 0

[21] 0 0 0 0 0 0 0 0 r/3 r

[30] 0 0 0 0 0 0 0 0 0 r

st st+1

(a) (b) (c)

Fig. 5. Conditional transition probability associated with different actions: a) sending a coded packet, b) sending a null-key packet, and c) reward associatedwith the action of “sending a coded packet” r(s′|s, a).

On the other hand, with only some probability, the receivercan decode and authenticate the transmitted data, then thetransmitter needs to pay a cost and achieves only a portion ofthe total reward ζ.r with ζ < 1. In our simulation, the cost isdefined by the probability that the transmitter is able to selecta correct set of coded packets out of all received packets fordecoding. For example, assume the current state is st = [10],the transmitter has only one more time slot for transmission,and it decides to take the action “sending a coded packet”.If the receiver correctly receives the transmitted packet, thenext state will be st+1 = [20], and the transmitter obtains areward of r units because with probability one, the receiver candecode and authenticate the transmitted data. On the contrary,if the receiver fails to receive the transmitted packet, thus thenext state is the same as before, st+1 = [10], hence, it cannotdecode and authenticate the transmitted data. The transmitterachieves a reward of zero unit. Another example, if the finalstate is sT = [21], then with probability 1/3 the receiver canselect a correct set of the received packets for decoding; thus,the reward achieved by taking this action is r/3.

C. Simulation Results

We first investigate the impact of contention probability ρon the network performance of different techniques. We recallthat the value of ρ indicates how severe the attack is to thenetwork. Specifically, the lower value of ρ corresponds to anaggressive attack in which the attacker attains most of thetime slots within the transmission deadline T . Figs. 6(a) and(b) show the network authentication rate with respect to ρin the cases of small and large buffer sizes, respectively. Weobserve that NC-RDNK has the worst performance, whereasMDP-ATS achieves the best performance of all networkcoding-based schemes with a substantial gain in the regimeof severe and mediate attack. Our explanation is that NC-RDNK randomly selects a packet for each transmission, thus,most of the time the receivers may not be able to collectenough data for the decoding process. On the other hand,MDP-ATS technique that optimizes the scheduling over allthe transmission period T and adaptively selects a packetfor each transmission in every time slot, consequentially, allthe receivers are able to decode the data (i.e., most of thebogus packets are filtered out). In addition, in the case ofno attack, i.e., ρ = 1, the two techniques MDP-ATS andNC achieve the same performance. Our intuition is that whenthere is no attacker, MDP-ATS technique will never transmit

null key packets; thus, its transmission schedule is equivalentwith that of NC. We further observe that the TESLA schemeoutperforms all other schemes in the regime of smaller ρ. Thisis because TESLA uses separate authentication key attachedto each data packet. Thus, it allows the receivers to verify aportion of the transmitted data when only partial of the datais received. On the contrary, when ρ increases, the transmitterattains more time slots for data transmission, network codingbased schemes outperforms TESLA. This is because whenmore number of time slots available for data transmission,with high chance the receivers will obtain a whole set ofcoded packets, which allows the receivers to reconstruct andauthenticate all data, resulting in a higher authenticationthroughput. As expected, the performance of TESLA schemeincreases with respect to ρ. However, the increase is confinedby the overhead of authentication key attached to each datapacket. We observe the same network performance in thescenario of large buffer size as shown in Fig. 6(b). Asexpected, the two techniques NC and NC-GNKS have anidentical performance. This is because when there is no bufferoverflow, NC-GDNK technique transmits only coded packets,equivalent to NC. Furthermore, we observe that AMDP-ATSapproximates the performance of MDP-ATS in both scenarioswhile requiring much lower time complexity. Furthermore, allschemes achieve higher performance compared with the smallbuffer size in Fig. 6(a) as there is no received data packetdropped.

Next, we study the impact of the transmission deadlineT on the network performance. In this experiment we setthe attack intensity as mediate, i.e., ρ = 0.7 and varythe transmission deadline T . Figs. 7(a) and (b) indicate thenetwork performances of different techniques in the cases ofsmall and large buffer sizes, respectively. Several insights areobserved. First, as would be expected, NC-RDNK techniquehas the worst performance due to the lack of received datafor the recovering process. Next, the MDP-based techniques,MDP-ATS and AMDP-ATS, achieve the best performances,substantially higher than that of the other techniques, and in-crease with T . Our intuition is as follows: when more numberof time slots available for transmissions, most of the time thereceivers are guaranteed to receive at least a full set of thecoded packets and more null keys. Therefore, as T increases,the MDP-based techniques result in higher performances. Wealso observe that the performance of TESLA scheme increases



0.5 0.6 0.7 0.8 0.9 10

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

0.45

contention probability ρ

Net

wor

k au

then

ticat

ion

rate

(pa

cket

/slo

t)

T = 20, m = 10, M = 2, |Q| = 15

NC

NC−RDNK

NC−GNKS

MDP−ATS

AMDP−ATS

TESLA

0.5 0.6 0.7 0.8 0.9 10

0.1

0.2

0.3

0.4

0.5

0.6

0.7

contention probability ρ

Net

wor

k au

then

ticat

ion

rate

(pa

cket

/slo

t)

T = 15, m = 10, M = 2, |Q| = 1000

NC

NC−RDNK

NC−GNKS

MDP−ATS

AMDP−ATS

TESLA

(a) (b)

Fig. 6. Network authentication rate per time slot vs. the contention probability ρ for a) small buffer size, b) large buffer size.

15 16 17 18 19 200

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

0.45

0.5

Transmission deadline T (time slots)

Net

wor

k au

then

ticat

ion

rate

(pa

cket

/slo

t)

ρ = 0.7, m = 10, M = 2, |Q| = 13

NCNC−RDNKNC−GNKSMDP−ATSAMDP−ATSTESLA

10 12 14 16 18 200

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

0.45

0.5

Transmission deadline T (time slots)

Net

wor

k au

then

ticat

ion

rate

(pa

cket

/slo

t)

ρ = 0.7, m = 10, M = 2, |Q| = 1000


(a) (b)

Fig. 7. Network authentication rate per time slot vs. transmission deadline T for a) small buffer size, b) large buffer size.

with T , but it is lower than that of MDP-ATS and AMDP-ATSin Fig. 7(a). The reason of this is due to the combined effectof the overhead of the authentication key and the droppeddata packet. On the contrary, the network authenticationrates of NC and NC-GNKS techniques slightly decrease asT increases. The appealing explanation is that because thegreater T implies that more opportunities the attacker caninject the bogus packets into the network, exaggerating theoverflowed-dropping effect and preventing the decoding. Thesame network performance behavior is observed in the caseof large buffer size as shown in Fig. 7(b). Particularly, whenthe number of time slots available for transmissions is equalto the number of coded packets, the four techniques, MDP-ATS, AMDP-ATS, NC, and NC-GNKS, are equivalent, that is,transmit coded packet at every time slot as shown in Fig. 7(b).TESLA offers the ability to allow receivers to authenticateeach data packet separately, resulting in higher performancein the case of limited transmission time, i.e., T ≤ 14. However,we emphasize that TESLA requires clock synchronizationbetween the transmitter and receivers and in the simulationwe assume perfect synchronization. However, in practice it isvery difficult to achieve this, especially, in the multiple accesswireless networks.

Figs. 8(a) and (b) describe the network performances of thescheduling techniques with respect to the erasure packet prob-ability. Similarly, we set the contention probability ρ = 0.7for both cases of large and small buffer sizes. Further, inthis experiment we assume that all the receivers experiencethe same packet erasure probability p, and we vary p from10% to 20% with a step of 2%. As expected, the networkauthentication rate of each technique decreases with the packeterasure probability. This is because there are more packetlosses due to higher erasure probability. Again, NC-RDNKtechnique results in the worst performance. It is clear thatthe MDP-based techniques, MDP-ATS and AMDP-ATS, out-perform all other techniques with a considerable gaps whenthe packet loss rate is less than 12% and 14% in the caseof small and large buffer, respectively. Intuitively, the MDP-based techniques optimize their transmission at every timeslot, depending on the network state. As a result, most ofthe time the receivers correctly obtain at least a full set ofthe coded packets, leading to higher network performance.In the high-erasure regime, TESLA outperforms all the otherschemes thanks to its partial authentication capability. How-ever, this gain comes with perfect synchronization betweenthe transmitter and receivers by assumption in our simulation;



0.1 0.12 0.14 0.16 0.18 0.20

0.05

0.1

0.15

0.2

0.25

packet erasure rate

Net

wor

k au

then

ticat

ion

rate

(pa

cket

/slo

t)

ρ = 0.7, m = 10, M = 2, T = 20, |Q| = 15

NC

NC−RDNK

NC−GNKS

MDP−ATS

AMDP−ATS

TESLA

0.1 0.12 0.14 0.16 0.18 0.20

0.05

0.1

0.15

0.2

0.25

0.3

0.35

packet erasure rate

Net

wor

k au

then

ticat

ion

rate

(pa

cket

/slo

t)

ρ = 0.7, m = 10, M = 2, T = 15, |Q| = 1000

NC

NC−RDNK

NC−GNKS

MDP−ATS

AMDP−ATS

TESLA

(a) (b)

Fig. 8. Network authentication rate per time slot vs. packet erasure probability for a) small buffer size, b) large buffer size.

thus, the actual gain should be much less than that. In addition,we observe that AMDP-ATS technique closely approximatesMDP-ATS in the whole range of packet erasure probabilityunder consideration.

Finally, we examine the network authentication rate byvarying the number of receivers in Figs. 9. We note thatwhen the number of receivers increases, the state space sizeof the MDP-base schemes increases as well. Consequentially,it slows down the running time of the MDP-based techniques.When there is only a single receiver, TESLA achieves thebest performance because of its partial authentication property.On the other hand, network coding-based schemes requirereceiving a full set for authentication which is hard to achieveunder stressed time constraints. When the number of receiversincreases, as expected, the MDP-based scheduling techniquesoutperform all the other schemes with a substantial gain. Par-ticularly, the performance of TESLA scheme decreases steeplywith the increase of receivers. The intuition of this is due tothe effect of packet losses, i.e., the transmitter only sends newdata packet when all receivers obtain the current transmitteddata successfully. Differently, network coding based schemessend innovative information in each transmitted data packet,resulting in higher performance. Further, we observe thatthe network authentication rate of the AMDP-ATS techniquedeclines slightly when number of receivers increases. Thereason for this is that when increasing the number of receivers,the state space increases exponentially. As we keep the numberof iterations Δ constant, some of the states will not beexplored. Consequently, it results in a suboptimal policy whichis slightly lower than that of the MDP-ATS scheme.

IX. CONCLUSION

In this paper we have studied the impact of the DoSattacks in a one-hop wireless network, where the transmitterwishes to multicast delay-sensitive data to multiple receiversover lossy channels. In particular, to defend against the falsepacket injection attacks, we proposed an efficient authenti-cation mechanism with small overhead and light verificationcomputation, which is resilient to data loss. One key idea in theauthentication method is to exploit the null space propertiesof network coding combined with adaptive scheduling. To

1 2 3 4 50

0.05

0.1

0.15

0.2

0.25

Number of receivers

Net

wor

k au

then

ticat

ion

rate

(pa

cket

/slo

t)

ρ = 0.7, m = 4, T = 8, |Q| = 1000


Fig. 9. Average authentication rate per time slot vs. number of receivers M .

find an optimal transmission strategy, we casted the prob-lem into the framework of the MDP. The BIA was thenused to find an optimal solution for the scheduling problem.Further, to reduce the time complexity of the BIA method,we proposed a simulation-based algorithm to approximate theoptimal solution. Analysis and simulations have been providedto demonstrate the effectiveness of the proposed techniques.

ACKNOWLEDGMENT

The authors would like to thank the Associate Editor andanonymous reviewers for their thorough reading and construc-tive comments which improved the quality of the paper.

REFERENCES

[1] A. Kumar, “Comparative performance analysis of versions of TCP ina local network with a lossy link,” IEEE/ACM Trans. Netw., vol. 6,pp. 485–498, Aug. 1998.

[2] T. Ho, M. Medard, D. R. Karger, M. Effros, J. Shi, and B. Leong, “Arandom linear network coding approach to multicast,” IEEE Trans. Inf.Theory, vol. 52, no. 10, pp. 4413–4430, 2006.

[3] R. Gennaro and P. Rohatgi, “How to sign digital streams,” in Proc. 1997International Cryptology Conference on Advances in Cryptology.

[4] J. Min, P. Edwin, K. Chong, and H. Siegel, “Efficient multicast packetauthentication using signature amortization,” in Proc. 2002 IEEE Sym-posium on Security and Privacy.



[5] P. Rohatgi, “A compact and fast hybrid signature scheme for multicastpacket authentication,” in Proc. 1999 ACM Conference on Computerand Communications Security.

[6] C. Wong, W. Simon, and S. Lam, “Digital signatures for flows andmulticasts,” in IEEE/ACM Trans. Networking, 1998.

[7] Y. Wang, P. Le, and B. Srinivasan, “Hybrid group key managementscheme for secure wireless multicast,” in Proc. 2007 IEEE/ACIS Inter-national Conference on Computer and Information, pp. 346–351.

[8] Y. Sun, W. Trappe, and K. Liu, “An efficient key management schemefor secure wireless multicast,” in Proc. 2002 IEEE International Con-ference on Communications.

[9] W. Jie, J. Song, R. Poovendran, and K. J. Liu, “Key distribution forsecure multimedia multicasts via data embedding,” in Proc. 2001 IEEEICASSP, pp. 1449–1452.

[10] M. Sarkar, T. Ratnarajah, and M. Sellathurai, “Secure wireless multicas-ting through Rayleigh fading channels—a secrecy tradeoff,” in CognitiveWireless Systems (UKIWCWS), pp. 1–5, 2009.

[11] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas,“Multicast security: a taxonomy and some efficient constructions,” inProc. 1999 IEEE INFOCOM.

[12] C. Wong, M. Gouda, and S. Lam, “Secure group communications usingkey graphs,” IEEE/ACM Trans. Netw., vol. 8, 2000.

[13] S. Agrawal and D. Boneh, “Homomorphic MACs: MAC-based integrityfor network coding,” in Applied Cryptography and Network Security,pp. 292–305, 2009.

[14] D. Boneh, D. Freeman, J. Katz, and B. Waters, “Signing a linearsubspace: signature schemes for network coding,” in Proc. 2009 PKC,vol. 5443, pp. 68–87.

[15] C. Gkantsidis and P. Rodriguez, “Cooperative security for networkcoding file distribution,” in Proc. 2006 IEEE INFOCOM, pp. 1–13.

[16] E. Kehdi and B. Li, “Null keys: limiting malicious attacks via null spaceproperties of network coding,” in Proc. 2009 IEEE INFOCOM.

[17] A. Perrig, R. Canetti, J. Tyagar, and D. Song, “Efficient authenticationand signing of multicast streams over lossy channels,” 2000 IEEESymposium on Security and Privacy.

[18] F. Zhao, T. Kalker, M. Medard, and K. Han, “Signatures for content dis-tribution with network coding,” in Proc. 2007 International Symposiumon Information Theory.

[19] M. Krohn, M. Freedman, and D. Mazieres, “On the fly verificationof rateless erasure codes for efficient content distribution,” 2004 IEEESymposium on Security and Privacy.

[20] N. Cai and R. Yeung, “Secure network coding on a wiretap network,”IEEE Trans. Inf. Theory, 2011.

[21] S. Jaggi, M. Langberg, R. Ho, and M. Effros, “Correction of adver-sarial erros in networks,” in Proc. 2005 International Symposium onInformation Theory.

[22] S. Jaggi, M. Langberg, S. Katti, T. Ho, D. Katabi, and M. Medard,“Resilient network coding in the presence of byzantine adversaries,” inProc. 2007 IEEE INFOCOM.

[23] T. Ho, B. Leong, R. Koetter, M. Medard, M. Effros, and D. Karger,“Byzantine modification detection in multicast networks with randomnetwork coding,” IEEE Trans. Inf. Theory, 2008.

[24] A. Newell and C. Nita-Rotaru, “Split null keys: a null space baseddefense for pollution attacks in wireless network coding,” 2012 IEEESECON.

[25] A. Newell, R. Curtmola, and C. Nita-Rotaru, “Entropy attacks andcountermeasures in wireless network coding,” in Proc. 2012 ACMConference on Security and Privacy in Wireless and Mobile Network.

[26] J. Dong, R. Curtmola, and C. Nita-Rotaru, “Practical defenses againstpollution attacks in intra-flow network coding for wireless mesh net-works,” in Proc. 2009 ACM Conference on Wireless Network Security.

[27] J. Dong, R. Curtmola, and C. Nita-Rotaru, “Practical defenses againstpollution attacks in wireless network coding,” ACM Trans. Systems andInf. Security, 2011.

[28] J. Dong, R. Curtmola, C. Nita-Rotaru, and D. Yau, “Pollution attacks anddefenses in wireless inter-flow network coding systems,” IEEE Trans.Dependable and Secure Computing, 2012.

[29] A. Le and A. Markopoulou, “Tesla-based defense against pollutionattacks in p2p systems with network coding,” in Proc. 2011 InternationalSymposium on Network Coding.

[30] A. Le and A. Markopoulou, “On detecting pollution attacks in inter-session network coding,” in Proc. 2012 IEEE INFOCOM.

[31] A. Le and A. Markopoulou, “Cooperative defense against pollution at-tacks in network coding using spacemac,” IEEE J. Sel. Areas Commun.,2012.

[32] A. Le and A. Markopoulou, “Locating Byzantine attackers in intra-session network coding using spacemac,” in Proc. 2010 InternationalSymposium on Network Coding.

[33] J. Dong, R. Curtmola, R. Sethi, and C. Nita-Rotaru, “Toward securenetwork coding in wireless networks: threats and challenges,” Proc.2008 Workshop on Secure Network Protocols.

[34] J. Dong, R. Curtmola, and C. Nita-Rotaru, “Secure network codingfor wireless mesh networks: threats, challenges, and directions,” J.Computer Commun., 2009.

[35] “IEEE Standard for Wireless LAN Medium Acess Control (MAC) andPhysical Layer (PHY) Specifications,” Nov. 1997. P802.11.

[36] A. Borodin, J. Kleinberg, P. Raghavan, M. Sudan, and D. Williamson,“Adversarial queuing theory,” in Proc. 1996 ACM Symposium on Theoryof Computing.

[37] P. A. Chou, Y. Wu, and K. Jain, “Practical network coding,” inProc. 2003 Allerton Conf. Communication, Control and ComputingMonticello.

[38] H. Anton and C. Rorres, Elementary Linear Algebra: ApplicationsVersion. John Wiley & Sons, 2010.

[39] O. Alter, P. Brown, and D. Botstein, “Singular value decomposition forgenome-wide expression data processing and modeling,” in Proc. 2000National Academy of Science of the United States of America.

[40] R. Merkle, “Protocols for public key cryptosystems,” in Proc. 1980 IEEES&P, pp. 122–134.

[41] H. Chang, M. Fu, J. Hu, and S. Marcus, Simulation-Based Algorithms forMarkov Decision Processes (Communications and Control Engineering)Springer-Verlag, Inc., 2007.

[42] V. Goebel and T. Plagemann, Interactive Distributed Multimedia Systemsand Telecommunication Services. Springer, 1998.

Tuan T. Tran is currently a research scientistat InfoBeyond Technology LLC. He received hisPh.D. degree from Oregon State University, Corval-lis in 2010 and his B.S. degree in Electronics andTelecommunications from Hanoi University of Tech-nology (HUT), Vietnam, in 2000. Prior to joiningInfoBeyond, he worked as postdocs at Arizona StateUniversity and the University of Louisville from2010 to 2012. His research interests include networksecurity, network and channel codings, wirelesscommunications, and multimedia networking.

Hongxiang Li is currently an assistant professorwith the Department of Electrical and ComputerEngineering, University of Louisville, Louisville,KY. Prior to that, he was an assistant professor atNorth Dakota State University from 2008 to 2011.He received a B.S. degree from Xi’an JiaotongUniversity, China in 2000, a M.S. degree fromOhio University in 2004, and a Ph.D. degree fromUniversity of Washington, Seattle in 2008, all inelectrical engineering.

Dr. Li’s general research area is wireless commu-nications and networks. He has published over 70 journal and conferencearticles in the field. He won the Best Paper Award in the IEEE InternationalConference on Electro/Information Technology (EIT) in 2013. His researchhas been funded by National Science Foundation (NSF), National Aeronauticsand Space Administration (NASA) and Air Force Research Lab (AFRL). Inthe year of 2008, he received the Chinese Government Award for OutstandingSelf-Financed Students Abroad, the University of Washington OutstandingResearch Assistant Award and was nominated for the YANG ResearchAward. He is also the recipient of the 2012 Ralph E. Powe Junior FacultyEnhancement Award.

Guanying Ru is currently pursuing her Ph.D. de-gree in the Department of Electrical and ComputerEngineering at University of Louisville. She visitedthe University of California, Davis for six monthsin 2011. She did her Ph.D. studies at North DakotaState University from 2009-2011. She received theB.S. degree and the M.S. degree (both with honors)in telecommunication engineering from ZhengzhouUniversity, China, in 2006 and 2009, respectively.Her current research interests include resource man-agement and capacity analysis for next generation

communication systems and heterogeneous networks.



Robert J Kerczewski received the MS degree inElectrical Engineering and Applied Physics fromCase Western Reserve University (1987) and Bach-elor of Electrical Engineering from Cleveland StateUniversity (1982). He has been working for NASAGlenn Research Center since 1986 in the field ofspace and aeronautical communications systems andapplications. During that time he has served as Prin-ciple Investigator for interference and telemedicineexperiments with the Advanced CommunicationsTechnology Satellite, and as Project Manager for the

Advanced Communications for Air Traffic Management Project, Space BasedTechnologies Project, and the Integrated Vehicle Health Management Project.He is currently Deputy Project Manager for the Unmanned Aircraft SystemsIntegration in the National Airspace System Project, and actively engaged inaeronautical communications research activities for unmanned aerial vehiclecommand and control communications, air-ground data communications,airport surface wireless communications, and aviation spectrum.

Lingjia Liu received the Ph.D. degree at TexasA&M University in Electrical and Computer En-gineering, the B.S. degree with highest honor atShanghai Jiao Tong University in Electronic En-gineering. He is currently working as an Assis-tant Professor in the Electrical Engineering andComputer Science Department at the University ofKansas (KU). Prior to joining the EECS at KU,he spent more than three years in Samsung Re-search America Dallas (SRA-D) leading Samsung’swork on downlink multi-user MIMO, Coordinated

multipoint (CoMP) transmission, and Heterogeneous Networks for 3GPPLTE/LTE-Advanced standards where he has more than 10 essential intellectualproperty rights (IPRs). His general research interests lie in the areas of wire-less communication systems including cooperative communications, energy-efficient communications, multi-user MIMO systems, coordinated multipointtransmissions, and heterogeneous networks.

Lingjia Liu is a recipient of the Texas Telecommunications EngineeringConsortium (TxTEC) Fellowship from the Department of Electrical andComputer Engineering at Texas A&M University in 2003 - 2004. He receivedthe Global Samsung Best Paper Award in 2008 and 2010 respectively. He isthe best paper finalist for the ICC 2012 Wireless Communication Symposium(5/508). He has also been selected by the National Engineers Week FoundationDiversity Council as New Faces of Engineering 2011 and was recognizedduring the 2011 National Asian American Engineers of The Year (AAEOY)Awards Banquet in Seattle 2012.

Lingjia Liu has been actively involved in beyond 4G technologies wherehe has been serving as the Chair of Technical Program Committee (TPC) ofGLOBECOM International Workshop on Emerging Technologies for LTE-Advanced and Beyond-4G 2012 and 2013 (http://wcsp.eng.usf.edu/b4g/). Heis the TPC co-Chair of the Communication Theory Symposium (CTS) ofWCSP 2013 and TPC co-Chair of the Wireless Ad Hoc and Sensor NetworksSymposium (WAHS) of ICNC 2014. Lingjia Liu is also serving as anEditor for IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, andas Associate Editors for EURASIP Journal on Wireless Communicationsand Networking as well as Wiley’s International Journal on CommunicationSystems.

Samee U. Khan received a B.S. degree from Ghu-lam Ishaq Khan Institute of Engineering Sciencesand Technology, Topi, Pakistan, and a Ph.D. fromthe University of Texas, Arlington, TX, USA. Cur-rently, he is Assistant Professor of Electrical andComputer Engineering at the North Dakota StateUniversity, Fargo, ND, USA. Prof. Khans researchinterests include cloud and big-data computing, so-cial networking, and reliability. His work has ap-peared in over 200 publications. He is a Fellow ofthe Institution of Engineering and Technology (IET,

formally IEE), and a Fellow of the British Computer Society (BCS).


Documents

IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, ACCEPTED … · IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, ACCEPTED FOR PUBLICATION 1 Secure Wireless Multicast for Delay-Sensitive