An Algebraic Watchdog for Wireless Network Coding MinJi Kim † Joint work with Muriel Médard †, João Barros ‡, Ralf Kötter * † Massachusetts Institute of Technology ‡ University of Porto * Technischen Universität München

Background Secure network coding – Network error correction [Yeung et al. 2006] – Resilient coding in presence of Byzantine adversaries [Jaggi et al. 2007] – Signature scheme [Charles et al. 2006][Zhao et al. 2007] – Locating attackers [Siavoshani et al. 2008] – NOTE: downstream nodes check for adversaries, the upstream nodes unaware. Watchdog and pathrater [Marti et al. 2000] – Extensions of Dynamic Source Routing – Detect/mitigate misbehavior of the next node – Use wireless medium: promiscuous monitoring Combine the benefits of network coding and watchdog – Focus on two-hop network

Problem Statement Intended transmission in E 1 Overhearing with noise in E 2 Wireless network G = (V, E 1,E 2 ). – V : Set of nodes in the network – E 1 : Set of hyperedges for connectivity/wireless links – E 2 : Set of hyperedges for interference Transition probability known (Binary symmetric channel) Is v 3 consistent with… Overheard packets from v 2 and v 3 ? Channel statistics?

Problem Statement Intended transmission in E 1 Overhearing with noise in E 2 How can upstream nodes ( v 1 and v 2 ) detect misbehaving node ( v 3 ) with high probability? Routing: Packets individually recognizable Network Coding: Packets are mixed Errors from BSC channel : Probabilistic detection Few bit errors can make dramatic change in the algebraic interpretation

Packet Structure A node v i that receives messages x j ’s and transmits p i – Note: hash is contained in one hop, dependent on in-degree Goal: If v i transmits x i = e + Σ α j x j where e≠0, detect it with high probability. – Even if | e | small, the algebraic interpretation may change dramatically. a j ’sxixi coding coefficients a j ’s coded data x i = Σ α j x j p i = h(x j ) hash of received messages h(x j ) h(x i ) hash of message h(x i ) a j ’sh(x j ) h(x i ) header: protected with error correction codes

Algebraic Analysis v 1 knows: x 1 h(x 1 ) Estimate of x 2 : 2 h(x 2 ) Estimate of x 3 : 3 h(x 3 ) a 1 and a 2 Note: h(x 3 ) and x 3 consistent Errors in a 1 and a 2 translates to errors in x 3

Algebraic Analysis v 1 knows: x 1 h(x 1 ) Estimate of x 2 : 2 h(x 2 ) Estimate of x 3 : 3 h(x 3 ) a 1 and a 2 v 1 computed all “plausible” x 3 Intersect this with all typical x 3 v 1 claims that v 3 is misbehaving if this intersection is empty.

Algebraic Analysis Lemma 1: For n large enough, probability of false detection ≤ ε for any constant ε. – If a neighbor sends valid packets, then the node overhears valid information with noise introduced by the channel only. Lemma 2: P(A malicious v 3 is undetected by v 1 ) is where r i→j is the radius such that the probability that the interference channel/noise from v i to v j is within a ball of radius r i→j is at least 1- ε. Using Lemma 2 (and equivalent result for v 2 ), probability of misdetection is: Prob that v 3 passes v 2 ’s check Prob that v 3 passes v 1 ’s check Number of potential msgs v 3 can send

Graphical Model v 1 knows: x 1 h(x 1 ) Estimate of x 2 : 2 h(x 2 ) Estimate of x 3 : 3 h(x 3 ) a 1 and a 2 Layer 1: ( 2, h(x 2 ) )Layer 2: x 2 hash value: h(x 2 ) Layer 3: x 3 Layer 4: ( 3, h(x 3 ) ) hash value: h(x 3 )a 1 x 1 + a 2 x 2 PermutationChannel Errors

Graphical Model 4 Layers: – Layer 1 & 4: 2 n+h vertices, representing [codeword, hash] pairs – Layer 2 & 3: 2 n vertices, representing codewords Layer 1: ( 2, h(x 2 ) )Layer 2: x 2 Layer 3: x 3 Layer 4: ( 3, h(x 3 ) ) P( x 2 |Channel ∆( 2, x 2 ) & h( x 2 ))P( x 3 |Channel ∆( 2, x 3 ) & h( x 3 )) Compute x 3 given x 2

Graphical Model Start & destination point in Layer 1 and 4: what v 1 overhears. Computes the sum of the product of the weights of all possible paths from start to destination (= the probability that v 3 is consistent) This model illustrates sequentially/visually the inference process. Layer 1: ( 2, h(x 2 ) )Layer 2: x 2 Layer 3: x 3 Layer 4: ( 3, h(x 3 ) )

Summary Probabilistically police downstream neighbors Algebraic analysis: – Exact formulae for probabilities of misdetection and false- detection Graphical model: – Capture inference process – Compute/approximate probabilities of consistency within the network Future Work: – Generalize to multiple sources, multi-hop network – Combine with reputation based protocol and some practical considerations

Extra Slides

Is v 3 behaving? Is v 3 consistent with… Overheard packets from v 1 and v 3 ? Channel statistics? Problem Statement How to fool v 2 ? Insert errors without being noticed? Lie about message from v 1 ?

Two-hop Network Graphical model – Explains the decision process Algebraic analysis – Understand the performance of the protocol

Graphical Model 4 Layers: – Layer 1 & 4: 2 n+h vertices, representing [codeword, hash] pairs – Layer 2 & 3: 2 n vertices, representing codewords

Graphical Model Edges: – [v,u] in Layer 1 to w in Layer 2 iff h(w) = u. Normalized, but edge weight proportional to: – v in Layer 2 to w in Layer 3 iff All edge weights = 1. – v in Layer 3 to [w,u] in Layer 4 iff h(v) = u. Normalized, but edge weight proportional to:

Extensions More than 2 sources: – Generalized graphical model – Use Viterbi-like Algorithm to compute: Most likely path (i.e. set of codewords) Total probability of reaching a linear combination Multi-hop: – As long as not dominated by the adversaries – Hidden terminal problem: the probability of detecting decreases, but still possible.

Future Work Generalize to multiple sources, multi-hop network – Develop models/framework (cascading graphical model?) Develop inference methods/approximation algorithms to efficiently make decision regarding malicious neighbors Combine with reputation based protocol and some practical considerations Eventually, develop/analyze a protocol which allows nodes to probabilistically verify and locally police their neighbors (especially downstream) – Self-checking network