Download presentation
Presentation is loading. Please wait.
1
1 Quantitative Evaluation of Secure Network Coding Dawn Meeting UCSC Nov 4, 2010 SeungHoon Lee, Mario Gerla In collaboration with IBM researchers
2
2 Improves throughput and reliability in disruptive MANETs Packets mixed by intermediate nodes Receivers still can recover original data under partial packet drop 2 Network Coding (NC) Decoding success pkt drop
3
3 Single Source PUSHES data to mobile nodes Typically, real time stream (say, from a UAV); unicast or multicast Errors/losses can be tolerated; latency requirements are strict Stream can be directed to a selected set of destinations, or coalitions A data file (say terrain file) is available at many mobile nodes (servers); multiple clients PULL the file from the servers in an asynchronous way, as they need Non real time requirement File integrity is important 3 Network Coding in Coalition Operations
4
4 Network Coding characteristics: Small generation size (8 or 16 blocks) to meet latency constraints High throughput to meet Quality of Service requirements An incomplete generation is dropped after time-out Redundancy control (at intermediate nodes) Rate/congestion control via backpressure 4 Push Scenario
5
Network Coding characteristics: Generation can be ENTIRE file, say up to 1000 blocks optionally, subdivided for O/H mitigation Soldiers can pull from UAVs, trucks or other soldiers BitTorrent, CarTorrent type downloading No delay or throughput constraints (DTN OK) File integrity required security and protection from attacks is critical Line O/H must be minimized (background process) 5 Pull Scenario
6
No pollution detection/prevention in conventional NC protocols Internal/ external attacks possible Even one invalid packet can disrupt the entire data Homomorphic cryptography can protect NC However, Computation is cumbersome, discouraging implementations 6 Vulnerability of NC Decoding Failure Pollution Attack
7
Investigate the scalability of secure network coding based on homomorphic functions We address PUSH scenario only (PULL is an extension) Perform practical evaluation of the theoretical work [1] GKKR by TA2 researchers on secure network coding Over the INTEGERS (as opposed to Galois field) 7 Objective of this work [1] R. Gennaro, J. Katz, H. Krawczyk, and T. Rabin. Secure network coding over the integers. In Public Key Cryptography, pages 142–160, 2010. Implementation of Secure NC (Linux) Experimental Measurement Qualnet Network Simulator
8
8 Implementation: NC + NSig Source Intermediate node Destination X1X1 X2X2 X3X3
9
9 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination X1X1 X2X2 X3X3 σ1σ1 σ2σ2 σ3σ3
10
10 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination + X1X1 X2X2 X3X3 e1e1 e2e2 e3e3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ1σ1 σ2σ2 σ3σ3 (2) encode(): Generating a coded block NC: Random linear network coding
11
11 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination x X1X1 X2X2 X3X3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ1σ1 σ2σ2 σ3σ3 (2) encode(): Generating a coded block NC: Random linear network coding (3) combine(): Combining signatures σ e1e1 e2e2 e3e3
12
12 Implementation: NC + NSig (1)NSig(): Computing signatures of each block *Only once at the beginning Source Intermediate node Destination x X1X1 X2X2 X3X3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ1σ1 σ2σ2 σ3σ3 (2) encode(): Generating a coded block NC: Random linear network coding (3) combine(): Combining signatures σ e1e1 e2e2 e3e3
13
13 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ
14
14 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination)
15
15 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination) If independent, (2) vry_Sig(): Validating signatures
16
16 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination) If independent, (2) vry_Sig(): Validating signatures If valid, store the coded block *If either verification fails, immediately drop.
17
17 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(): Checking linear independency (By Gaussian Elimination) If independent, (2) vry_Sig(): Validating signatures If valid, store the coded block *If either verification fails, immediately drop. Generate a new coded block by encode(data), combine(signatures)
18
18 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(), vry_Sig() If valid, store the coded block.
19
19 Implementation: NC + NSig Source Intermediate node Destination e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] σ (1)vry_NC(), vry_Sig() If valid, store the coded block. Once collect m blocks (valid & independent), (2) decode(): Recover the original data *m: # of blocks of data in the generation
20
Another way of Secure Network Coding instead of NSig (computing/validating signatures) Hash Verification: verify multiple coded blocks with a single verification 20 Implementation: NC + NHash + X1X1 X2X2 X3X3 e1e1 e2e2 e3e3 e 1 X 1 +e 2 X 2 +e 3 X 3 [e 1,e 2, e 3 ] x encode() vry_Hash() If vry_Hash() passes, sends out the coded block
21
Hardware Intel Core 2 Duo T9600 processor (2.8GHz, 6MB cache) RAM: 2GB Software Linux platform C++ / GMP library [2] (for cryptography implementation) 21 Experimental Setup (1) [2] The GNU Multiple Precision Arithmetic Library. http://gmplib.org/
22
A coded block fits into a single IP packet, thus Generation Size S decided by S/m + (m+n)*L*(8+log m) <= 1500*8 (1500Bytes: Size of IP packet) m: # of blocks per generation, n: # of symbols per block L: maximum hop counts Size of e (RSA exponent) |e| > L * (log m + log 256 ) + |M| + log m |M|: maximum symbol size of initial vector) We use generation size: 10KB(m=8), 20KB(m=16) Block Size: 1280Bytes Symbol Sizes: 1280Bytes(n=1), 320Bytes(n=4) 22 Experimental Setup (2)
23
23 Experimental Results (1) vry_NC() Processing delays are proportional to # of blocks As downloaded more blocks, vry_NC() requires more delay for processing Gaussian elimination
24
24 Experimental Results (2) Processing delays of vry_Sig() and vry_Hash() do not depend on m The operations done with only a coded block being verified In general, Secure NC operations require more delay than NC 0.015ms (vry_NC) vs 22.5ms (vry_Sig), m=8
25
Evaluate the performance in realistic network scenario (PUSH Model) QualNet 3.9.5 Bandwidth: 2Mbps (broadcasting) Data rate at source: 256Kbps Network Topology (static topology) 1 Source/ 1 destination Variable # of hops H We compare four schemes NC_Only: Plain NC NC + Nsig NC + Nhash BFKW [3] : Previously proposed homomorphic signature schemes 25 Simulation Setup [3] D. Boneh, D. Freeman, J. Katz, and B. Waters. Signing a linear subspace: Signature schemes for network coding. In Public Key Cryptography (PKC), 2009.
26
26 Network Coding characteristics: Small generation size (8 or 16 blocks) to meet latency constraints High throughput to meet Quality of Service requirements An incomplete generation is dropped after time-out Redundancy control (at intermediate nodes) Rate/congestion control via backpressure 26 Corridor Scenario
27
27 Simulation Results Delay increases with more hops between Src/ Dst NSig/NHash take less delay than BFKW
28
Conclusion 28 Studied feasibility of secure network coding schemes Implemented the theoretical works and measured processing overhead from experiments Integrated the experimental results into a packet-level network simulator, and evaluated the schemes in a realistic network scenario Secure NC increases delay by only 30% with respect to plain NC GKKR secure NC outperforms previously proposed BFKW Ongoing work Extend to PULL model (large generation) Comparison with end-to-end coding schemes (Fountain/ Raptor codes) Protected from internal attacks by conventional signatures More dynamic network scenarios: node mobility, pollution attacks Heterogeneous nodes(some cannot do Homomorphic operations)
29
Question & Answer 29 Thank You!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.