Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine.

Similar presentations


Presentation on theme: "On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine."— Presentation transcript:

1 On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine

2 Linear Inter-Session Network Coding Anh Le, UC Irvine, Inter-Session Pollution Detection 2 S1S1 S2S2 R2R2 R1R1 A B x 1 +x 2 x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 x1x1 x1x1 Multiple sources Packets from different sources may be (linearly) coded together

3 Pollution Attacks in Inter-Session Coding Malicious Intermediate Nodes 3 S1S1 S2S2 R2R2 R1R1 A B x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 y y y y x1x1 x1x1 x1x1 x1x1 x2x2 x2x2 Can be detected by existing intra-session approaches y y Anh Le, UC Irvine, Inter-Session Pollution Detection

4 Homomorphic MAC-Based Detection No Pollution 4 S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2,t 2 x 1, t 1 x 2,t 2 x 1, t 1 x 1 +x 2, t 1 +t 2 Anh Le, UC Irvine, Inter-Session Pollution Detection

5 Homomorphic MAC-Based Detection Attack Case 5 S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2,t 2 x 1, t 1 x 2,t 2 x 1, t 1 x 1 +x’ 2, t  Anh Le, UC Irvine, Inter-Session Pollution Detection

6 Pollution Attacks in Inter-Session Coding 6 S1S1 S2S2 R2R2 R1R1 A B x' 2 x1x1 x1x1 x1x1 x1x1 x2x2 x2x2 Malicious sources Inconsistent source packets New and main challenge in inter-session pollution The main focus of the paper x1x1 x1x1 x 1 +x 2 Anh Le, UC Irvine, Inter-Session Pollution Detection

7 Intra-Session MAC-Based Detection Failed for Malicious Sources 7 S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2, t 2 Anh Le, UC Irvine, Inter-Session Pollution Detection x' 2, t’ 2 x’ 2, t’ 2 x 1 +x 2, t 1 +t 2

8 Prior Work on Inter-Session Pollution Defense 8 Homomorphic signature for Detection [Agrawal, PKC ’10] Expensive computation Large signature Signature-based Identification [Dong, WiNC ‘09] Anh Le, UC Irvine, Inter-Session Pollution Detection

9 1.Background and Motivation oInter-Session Pollution Attacks oMain Challenges 2.Prior Work 3.InterMac Detection (more in the paper: Hash and SpaceMac based Detection) 4.Evaluation 5.Conclusion Outline 9 Anh Le, UC Irvine, Inter-Session Pollution Detection

10 InterMac: Threat Model 10 S - 1 sources may be malicious Intermediate nodes may be malicious Receivers are trusted Anh Le, UC Irvine, Inter-Session Pollution Detection

11 Main Challenge and Key Observation 11 Main Challenge: Malicious sources Sources must generate tags using different keys S1S1 S2S2 R2R2 R1R1 A B x1x1 x1x1 x2x2 x2x2 Anh Le, UC Irvine, Inter-Session Pollution Detection

12 Overview of InterMac 12 Homomorphic (MAC) for inter-session network coding – Each source generate MAC tags using different keys – The tags are still combinable without knowing the key Anh Le, UC Irvine, Inter-Session Pollution Detection

13 13 InterMac Detection Main technique Anh Le, UC Irvine, Inter-Session Pollution Detection x 2, t 2 =x 2 ·k 2 S1S1 S2S2 R2R2 R1R1 A B k1k1 k1k1 k 1, k 2 x 1, t 1 =x 1 ·k 1 k2k2 k2k2 k 1, k 2 x 1 +x 2, t 1 +t 2 Verify: (x 1 + x 2 ) (k 1 + k 2 ) = t 1 + t 2 x 1 k 1 + x 2 k 2 + x 1 k 2 + x 2 k 1 = t 1 + t 2 Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Main technique: Orthogonality of k i and x j

14 InterMac Construction 14 Anh Le, UC Irvine, Inter-Session Pollution Detection Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Multiple Keys Using a Trusted Controller: k i · x j = 0 Using a Trusted Controller: k i · x j = 0

15 InterMac: Security Game 15 Anh Le, UC Irvine, Inter-Session Pollution Detection S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2,t 2 (id i, V i ) V i : committed source space (id*, y *, t * ) Tags of basis vectors of V i S-1 keys of V i Adversary Challenger

16 Security of InterMac Anh Le - UCI - NC Pollution Defense16

17 Basic Key Generation in InterMac 17 k 1, k 2 x1x1 x2x2 commit x 1 commit x 2 C k 1, p 1 k 2, p 2 (x 1 | p 1 ) · k 2 = 0 (x 2 | p 2 ) · k 1 = 0 S1S1 S2S2 Send (x 1 | p 1 ) Send (x 2 | p 2 ) Anh Le, UC Irvine, Inter-Session Pollution Detection Key Property: Orthogonality of k i and (x j | p j )

18 Efficient Key Generation in InterMac 18 k 1 = ( ḵ 1 | k’ 1 ) k 2 = ( ḵ 2 | k’ 2 ) x1x1 x2x2 commit Enc(x 1 · ḵ 2 ) commit Enc(x 2 · ḵ 1 ) k 1, p 1 k 2, p 2 (x 1 · ḵ 2 ) + p 1 k’ 2 = 0 Enc( ḵ 2 ) Enc( ḵ 1 ) C S1S1 S2S2 (x 2 · ḵ 1 ) + p 2 k’ 1 = 0 Bandwidth Efficiency: Sending Enc. of a single symbol instead of a full vector Anh Le, UC Irvine, Inter-Session Pollution Detection

19 x2x2 x2x2 k 1, k 2 19 S1S1 S2S2 R2R2 R1R1 A B InterMac Detection Illustration C Gen k 1, p 1 k 2, p 2 p 1, t 1 p 1 +p’ 2, t 1 +t’ 2 p' 2, t’ 2 (p 1 +p’ 2 ) dropped because p’ 2 not orthogonal to k 1 ! (p 1 k 1 +p’ 2 k 2 +p’ 2 k 1 ) ≠ t 1 +t’ 2 (p 1 +p’ 2 ) dropped because p’ 2 not orthogonal to k 1 ! (p 1 k 1 +p’ 2 k 2 +p’ 2 k 1 ) ≠ t 1 +t’ 2 p2, t2p2, t2 p2, t2p2, t2 now what S 2 sends must be orthogonal to k 1 Anh Le, UC Irvine, Inter-Session Pollution Detection x1x1 x1x1 k 1, k 2

20 1.Background and Motivation oInter-Session Pollution Attacks oMain Challenges 2.Prior Work 3.InterMac Detection 4.Evaluation 5.Conclusion Outline 20 Anh Le, UC Irvine, Inter-Session Pollution Detection

21 21 InterMac Performance Evaluation Bandwidth Overhead [27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11] Anh Le, UC Irvine, Inter-Session Pollution Detection

22 22 InterMac Performance Evaluation Computation Overhead [27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11] Anh Le, UC Irvine, Inter-Session Pollution Detection

23 o Inter-session: Malicious sources o InterMac: First multi-key MAC scheme for inter-session Each source signs using its own key Still homomorphic o In-network detection based on InterMac 100 times faster than [PKC ‘10] 5 times less bandwidth than [PKC ’10] Require a trusted controller ( [PKC ’10] does not ) o More in the paper: Hash and SpaceMac-based detection Conclusion 23 Anh Le, UC Irvine, Inter-Session Pollution Detection

24 24 Links: Network Coding Security: http://www.ics.uci.edu/~anhml/projects.html#nc-security http://www.ics.uci.edu/~anhml/projects.html#nc-security UC Irvine Networking Group – Network Coding Project: http://odysseas.calit2.uci.edu/doku.php/public:network-coding http://odysseas.calit2.uci.edu/doku.php/public:network-coding Anh Le, UC Irvine, Inter-Session Pollution Detection


Download ppt "On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine."

Similar presentations


Ads by Google