Embed Size (px)
Citation preview
On Detecting Pollution Attacksin Inter-Session Network Coding
Anh Le, Athina MarkopoulouUniversity of California, Irvine
Linear Inter-Session Network Coding
Anh Le, UC Irvine, Inter-Session Pollution Detection 2
S1 S2
R2 R1
A
B
x1+x2
x2
x1 x2x1 x2x1 x2
x1+x2
x1
• Multiple sources
• Packets from different sources may be (linearly) coded together
Pollution Attacks in Inter-Session Coding
Malicious Intermediate Nodes
3
S1 S2
R2 R1
A
B
x2
x1 x2
y y
x1
x1
x2
• Can be detected by existing intra-session approaches
y
Anh Le, UC Irvine, Inter-Session Pollution Detection
Homomorphic MAC-Based DetectionNo Pollution
4
S1 S2
R2 R1
A
B
x1, t1 x2,t2
x2,t2x1, t1
x2,t2x1, t1
x1+x2, t1+t2
x1+x2, t1+t2 x1+x2, t1+t2
ü üü ü
Anh Le, UC Irvine, Inter-Session Pollution Detection
Homomorphic MAC-Based DetectionAttack Case
5
S1 S2
R2 R1
A
B
x1, t1 x2,t2
x2,t2x1, t1
x2,t2x1, t1
x1+x’2, t
x1+x’2, t x1+x’2, t
ü üûû
Anh Le, UC Irvine, Inter-Session Pollution Detection
Pollution Attacks in Inter-Session Coding
6
S1 S2
R2 R1
A
B
x'2
x'2
x1
x1
x2
Malicious sources
• Inconsistent source packets
• New and main challenge in inter-session pollution
• The main focus of the paper
x1
x1+x2
x1+x2 x1+x2
Anh Le, UC Irvine, Inter-Session Pollution Detection
Intra-Session MAC-Based Detection Failed for Malicious Sources
7
S1 S2
R2 R1
A
B
x1, t1 x2, t2
Anh Le, UC Irvine, Inter-Session Pollution Detection
x'2, t’2
x’2, t’2 ü
x1+x2, t1+t2
x1+x2, t1+t2 ü
Prior Work on Inter-Session Pollution Defense
8
• Homomorphic signature for Detection [Agrawal, PKC ’10]
• Expensive computation• Large signature
• Signature-based Identification[Dong, WiNC ‘09]
Anh Le, UC Irvine, Inter-Session Pollution Detection
1. Background and Motivationo Inter-Session Pollution Attackso Main Challenges
2. Prior Work
3. InterMac Detection (more in the paper: Hash and SpaceMac based Detection)
4. Evaluation
5. Conclusion
Outline
9Anh Le, UC Irvine, Inter-Session Pollution Detection
InterMac: Threat Model
10
• S - 1 sourcesmay be malicious
• Intermediate nodes may be malicious
• Receivers are trusted
Anh Le, UC Irvine, Inter-Session Pollution Detection
Main Challenge and Key Observation
11
• Main Challenge: Malicious sources
Sources must generate tags using different keys
S1 S2
R2 R1
A
B
x1 x2
Anh Le, UC Irvine, Inter-Session Pollution Detection
Overview of InterMac
12
• Homomorphic (MAC) for inter-session network coding
– Each source generate MAC tags using different keys
– The tags are still combinable without knowing the key
Anh Le, UC Irvine, Inter-Session Pollution Detection
13
InterMac DetectionMain technique
Anh Le, UC Irvine, Inter-Session Pollution Detection
x2, t2=x2·k2S1 S2
R2 R1
A
B
k1
k1, k2
x1, t1=x1·k1
k2
k1, k2
x1+x2, t1+t2
x1+x2, t1+t2
Verify:(x1 + x2) (k1 + k2) = t1 + t2
x1k1 + x2k2 + x1k2 + x2k1 = t1+ t2
Inner Product Homomorphic MAC[Le, NetCod ’10][Li, INFOCOM ’10]
Main technique: Orthogonality of ki and xj
ü
InterMac Construction
14Anh Le, UC Irvine, Inter-Session Pollution Detection
Inner Product Homomorphic MAC• [Le, NetCod ’10]• [Li, INFOCOM ’10]
Multiple Keys
Using a Trusted Controller:
ki · xj = 0
InterMac: Security Game
15
o Adversary wins if:• id* = idj for some j
• y* • t* is a valid tag of y*
Anh Le, UC Irvine, Inter-Session Pollution Detection
S1 S2
R2 R1
A
B
x1, t1 x2,t2
(idi, Vi)
Vi :
committed source space
(id*, y*, t*)
Tags of basis vectors of Vi
S-1 keys of Vi
Adversary
Challenger
Security of InterMac
Anh Le - UCI - NC Pollution Defense 16
Basic Key Generation in InterMac
17
k1, k2
x1 x2
commit
x1
commit
x2
C
k1, p1 k2, p2
(x1 | p1) · k2 = 0
(x2 | p2) · k1 = 0
S1 S2
Send (x1 | p1) Send (x2 | p2)
Anh Le, UC Irvine, Inter-Session Pollution Detection
Key Property: Orthogonality of ki and (xj | pj)
Efficient Key Generation in InterMac
18
k1= (ḵ1 | k’1) k2= (ḵ2 | k’2)
x1 x2
commit
Enc(x1·ḵ2)commit
Enc(x2·ḵ1)
k1, p1 k2, p2
(x1·ḵ2) + p1 k’2 = 0
Enc(ḵ2) Enc(ḵ1)
C
S1 S2
(x2·ḵ1) + p2 k’1 = 0
Bandwidth Efficiency: Sending Enc. of a single symbol instead of a full vector
Anh Le, UC Irvine, Inter-Session Pollution Detection
x2
k1, k2
19
S1 S2
R2 R1
A
B
InterMac Detection Illustration
CGen Gen
k1, p1 k2, p2
p1, t1p1, t1
p1+p’2, t1+t’2
p1+p’2, t1+t’2
p'2, t’2
(p1+p’2) dropped because p’2 not orthogonal to k1!
(p1k1+p’2k2+p’2k1) ≠ t1+t’2
p2, t2
now what S2 sends must be orthogonal to k1
Anh Le, UC Irvine, Inter-Session Pollution Detection
x1
k1, k2
1. Background and Motivationo Inter-Session Pollution Attackso Main Challenges
2. Prior Work
3. InterMac Detection
4. Evaluation
5. Conclusion
Outline
20Anh Le, UC Irvine, Inter-Session Pollution Detection
21
InterMac Performance Evaluation
Bandwidth Overhead
[27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11]
Anh Le, UC Irvine, Inter-Session Pollution Detection
22
InterMac Performance Evaluation
Computation Overhead
[27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11]
Anh Le, UC Irvine, Inter-Session Pollution Detection
o Inter-session: Malicious sources
o InterMac: First multi-key MAC scheme for inter-session• Each source signs using its own key• Still homomorphic
o In-network detection based on InterMac• 100 times faster than [PKC ‘10]
• 5 times less bandwidth than [PKC ’10]
• Require a trusted controller ( [PKC ’10] does not )
o More in the paper: Hash and SpaceMac-based detection
Conclusion
23Anh Le, UC Irvine, Inter-Session Pollution Detection
24
Links:
• Network Coding Security:http://www.ics.uci.edu/~anhml/projects.html#nc-security
• UC Irvine Networking Group – Network Coding Project:http://odysseas.calit2.uci.edu/doku.php/public:network-coding
Anh Le, UC Irvine, Inter-Session Pollution Detection
