Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Quantitative Evaluation of Secure Network Coding Dawn Meeting UCSC Nov 4, 2010 SeungHoon Lee, Mario Gerla In collaboration with IBM researchers.

Similar presentations


Presentation on theme: "1 Quantitative Evaluation of Secure Network Coding Dawn Meeting UCSC Nov 4, 2010 SeungHoon Lee, Mario Gerla In collaboration with IBM researchers."— Presentation transcript:

1 1 Quantitative Evaluation of Secure Network Coding Dawn Meeting UCSC Nov 4, 2010 SeungHoon Lee, Mario Gerla In collaboration with IBM researchers

2 2  Improves throughput and reliability in disruptive MANETs  Packets mixed by intermediate nodes  Receivers still can recover original data under partial packet drop 2 Network Coding (NC) Decoding success pkt drop

3 3  Single Source PUSHES data to mobile nodes  Typically, real time stream (say, from a UAV); unicast or multicast  Errors/losses can be tolerated; latency requirements are strict  Stream can be directed to a selected set of destinations, or coalitions  A data file (say terrain file) is available at many mobile nodes (servers); multiple clients PULL the file from the servers in an asynchronous way, as they need  Non real time requirement  File integrity is important 3 Network Coding in Coalition Operations

4 4  Network Coding characteristics:  Small generation size (8 or 16 blocks) to meet latency constraints  High throughput to meet Quality of Service requirements  An incomplete generation is dropped after time-out  Redundancy control (at intermediate nodes)  Rate/congestion control via backpressure 4 Push Scenario

5  Network Coding characteristics:  Generation can be ENTIRE file, say up to 1000 blocks optionally, subdivided for O/H mitigation  Soldiers can pull from UAVs, trucks or other soldiers BitTorrent, CarTorrent type downloading  No delay or throughput constraints (DTN OK)  File integrity required security and protection from attacks is critical  Line O/H must be minimized (background process) 5 Pull Scenario

6  No pollution detection/prevention in conventional NC protocols  Internal/ external attacks possible  Even one invalid packet can disrupt the entire data  Homomorphic cryptography can protect NC However, Computation is cumbersome, discouraging implementations 6 Vulnerability of NC Decoding Failure Pollution Attack

7  Investigate the scalability of secure network coding based on homomorphic functions  We address PUSH scenario only (PULL is an extension)  Perform practical evaluation of the theoretical work [1] GKKR by TA2 researchers on secure network coding  Over the INTEGERS (as opposed to Galois field) 7 Objective of this work [1] R. Gennaro, J. Katz, H. Krawczyk, and T. Rabin. Secure network coding over the integers. In Public Key Cryptography, pages 142–160, 2010. Implementation of Secure NC (Linux) Experimental Measurement Qualnet Network Simulator

8 8 Implementation: NC + NSig Source Intermediate node Destination X1X1 X2X2 X3X3

9 9 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination X1X1 X2X2 X3X3 σ1σ1 σ2σ2 σ3σ3

10 10 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination + X1X1 X2X2 X3X3 e1e1 e2e2 e3e3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ1σ1 σ2σ2 σ3σ3 (2) encode(): Generating a coded block NC: Random linear network coding

11 11 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination x X1X1 X2X2 X3X3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ1σ1 σ2σ2 σ3σ3 (2) encode(): Generating a coded block NC: Random linear network coding (3) combine(): Combining signatures σ e1e1 e2e2 e3e3

12 12 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination x X1X1 X2X2 X3X3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ1σ1 σ2σ2 σ3σ3 (2) encode(): Generating a coded block NC: Random linear network coding (3) combine(): Combining signatures σ e1e1 e2e2 e3e3

13 13 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ

14 14 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination)

15 15 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination) If independent, (2) vry_Sig(): Validating signatures

16 16 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination) If independent, (2) vry_Sig(): Validating signatures If valid, store the coded block *If either verification fails, immediately drop.

17 17 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination) If independent, (2) vry_Sig(): Validating signatures If valid, store the coded block *If either verification fails, immediately drop. Generate a new coded block by encode(data), combine(signatures)

18 18 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(), vry_Sig() If valid, store the coded block.

19 19 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(), vry_Sig() If valid, store the coded block. Once collect m blocks (valid & independent), (2) decode(): Recover the original data *m: # of blocks of data in the generation

20  Another way of Secure Network Coding instead of NSig (computing/validating signatures)  Hash Verification: verify multiple coded blocks with a single verification 20 Implementation: NC + NHash + X1X1 X2X2 X3X3 e1e1 e2e2 e3e3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] x encode() vry_Hash() If vry_Hash() passes, sends out the coded block

21  Hardware  Intel Core 2 Duo T9600 processor (2.8GHz, 6MB cache)  RAM: 2GB  Software  Linux platform  C++ / GMP library [2] (for cryptography implementation) 21 Experimental Setup (1) [2] The GNU Multiple Precision Arithmetic Library. http://gmplib.org/

22  A coded block fits into a single IP packet, thus Generation Size S decided by S/m + (m+n)*L*(8+log m) <= 1500*8 (1500Bytes: Size of IP packet)  m: # of blocks per generation, n: # of symbols per block  L: maximum hop counts  Size of e (RSA exponent) |e| > L * (log m + log 256 ) + |M| + log m  |M|: maximum symbol size of initial vector)  We use generation size:  10KB(m=8), 20KB(m=16)  Block Size: 1280Bytes  Symbol Sizes: 1280Bytes(n=1), 320Bytes(n=4) 22 Experimental Setup (2)

23 23 Experimental Results (1) vry_NC()  Processing delays are proportional to # of blocks  As downloaded more blocks, vry_NC() requires more delay for processing Gaussian elimination

24 24 Experimental Results (2)  Processing delays of vry_Sig() and vry_Hash() do not depend on m  The operations done with only a coded block being verified  In general, Secure NC operations require more delay than NC  0.015ms (vry_NC) vs 22.5ms (vry_Sig), m=8

25  Evaluate the performance in realistic network scenario (PUSH Model)  QualNet 3.9.5  Bandwidth: 2Mbps (broadcasting)  Data rate at source: 256Kbps  Network Topology (static topology)  1 Source/ 1 destination  Variable # of hops H  We compare four schemes  NC_Only: Plain NC  NC + Nsig  NC + Nhash  BFKW [3] : Previously proposed homomorphic signature schemes 25 Simulation Setup [3] D. Boneh, D. Freeman, J. Katz, and B. Waters. Signing a linear subspace: Signature schemes for network coding. In Public Key Cryptography (PKC), 2009.

26 26  Network Coding characteristics:  Small generation size (8 or 16 blocks) to meet latency constraints  High throughput to meet Quality of Service requirements  An incomplete generation is dropped after time-out  Redundancy control (at intermediate nodes)  Rate/congestion control via backpressure 26 Corridor Scenario

27 27 Simulation Results  Delay increases with more hops between Src/ Dst  NSig/NHash take less delay than BFKW

28 Conclusion 28  Studied feasibility of secure network coding schemes  Implemented the theoretical works and measured processing overhead from experiments  Integrated the experimental results into a packet-level network simulator, and evaluated the schemes in a realistic network scenario  Secure NC increases delay by only 30% with respect to plain NC  GKKR secure NC outperforms previously proposed BFKW  Ongoing work  Extend to PULL model (large generation)  Comparison with end-to-end coding schemes (Fountain/ Raptor codes)  Protected from internal attacks by conventional signatures  More dynamic network scenarios: node mobility, pollution attacks  Heterogeneous nodes(some cannot do Homomorphic operations)

29 Question & Answer 29 Thank You!


Download ppt "1 Quantitative Evaluation of Secure Network Coding Dawn Meeting UCSC Nov 4, 2010 SeungHoon Lee, Mario Gerla In collaboration with IBM researchers."

Similar presentations


Ads by Google