Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine.

Published byGerard Oliver Modified over 9 years ago

Similar presentations

Presentation on theme: "On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine."— Presentation transcript:

1 On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine

2 Linear Inter-Session Network Coding Anh Le, UC Irvine, Inter-Session Pollution Detection 2 S1S1 S2S2 R2R2 R1R1 A B x 1 +x 2 x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 x1x1 x1x1 Multiple sources Packets from different sources may be (linearly) coded together

3 Pollution Attacks in Inter-Session Coding Malicious Intermediate Nodes 3 S1S1 S2S2 R2R2 R1R1 A B x2x2 x2x2 x1x1 x1x1 x2x2 x2x2 y y y y x1x1 x1x1 x1x1 x1x1 x2x2 x2x2 Can be detected by existing intra-session approaches y y Anh Le, UC Irvine, Inter-Session Pollution Detection

4 Homomorphic MAC-Based Detection No Pollution 4 S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2,t 2 x 1, t 1 x 2,t 2 x 1, t 1 x 1 +x 2, t 1 +t 2 Anh Le, UC Irvine, Inter-Session Pollution Detection

5 Homomorphic MAC-Based Detection Attack Case 5 S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2,t 2 x 1, t 1 x 2,t 2 x 1, t 1 x 1 +x’ 2, t  Anh Le, UC Irvine, Inter-Session Pollution Detection

6 Pollution Attacks in Inter-Session Coding 6 S1S1 S2S2 R2R2 R1R1 A B x' 2 x1x1 x1x1 x1x1 x1x1 x2x2 x2x2 Malicious sources Inconsistent source packets New and main challenge in inter-session pollution The main focus of the paper x1x1 x1x1 x 1 +x 2 Anh Le, UC Irvine, Inter-Session Pollution Detection

7 Intra-Session MAC-Based Detection Failed for Malicious Sources 7 S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2, t 2 Anh Le, UC Irvine, Inter-Session Pollution Detection x' 2, t’ 2 x’ 2, t’ 2 x 1 +x 2, t 1 +t 2

8 Prior Work on Inter-Session Pollution Defense 8 Homomorphic signature for Detection [Agrawal, PKC ’10] Expensive computation Large signature Signature-based Identification [Dong, WiNC ‘09] Anh Le, UC Irvine, Inter-Session Pollution Detection

9 1.Background and Motivation oInter-Session Pollution Attacks oMain Challenges 2.Prior Work 3.InterMac Detection (more in the paper: Hash and SpaceMac based Detection) 4.Evaluation 5.Conclusion Outline 9 Anh Le, UC Irvine, Inter-Session Pollution Detection

10 InterMac: Threat Model 10 S - 1 sources may be malicious Intermediate nodes may be malicious Receivers are trusted Anh Le, UC Irvine, Inter-Session Pollution Detection

11 Main Challenge and Key Observation 11 Main Challenge: Malicious sources Sources must generate tags using different keys S1S1 S2S2 R2R2 R1R1 A B x1x1 x1x1 x2x2 x2x2 Anh Le, UC Irvine, Inter-Session Pollution Detection

12 Overview of InterMac 12 Homomorphic (MAC) for inter-session network coding – Each source generate MAC tags using different keys – The tags are still combinable without knowing the key Anh Le, UC Irvine, Inter-Session Pollution Detection

13 13 InterMac Detection Main technique Anh Le, UC Irvine, Inter-Session Pollution Detection x 2, t 2 =x 2 ·k 2 S1S1 S2S2 R2R2 R1R1 A B k1k1 k1k1 k 1, k 2 x 1, t 1 =x 1 ·k 1 k2k2 k2k2 k 1, k 2 x 1 +x 2, t 1 +t 2 Verify: (x 1 + x 2 ) (k 1 + k 2 ) = t 1 + t 2 x 1 k 1 + x 2 k 2 + x 1 k 2 + x 2 k 1 = t 1 + t 2 Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Main technique: Orthogonality of k i and x j

14 InterMac Construction 14 Anh Le, UC Irvine, Inter-Session Pollution Detection Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Inner Product Homomorphic MAC [Le, NetCod ’10] [Li, INFOCOM ’10] Multiple Keys Using a Trusted Controller: k i · x j = 0 Using a Trusted Controller: k i · x j = 0

15 InterMac: Security Game 15 Anh Le, UC Irvine, Inter-Session Pollution Detection S1S1 S2S2 R2R2 R1R1 A B x 1, t 1 x 2,t 2 (id i, V i ) V i : committed source space (id*, y *, t * ) Tags of basis vectors of V i S-1 keys of V i Adversary Challenger

16 Security of InterMac Anh Le - UCI - NC Pollution Defense16

17 Basic Key Generation in InterMac 17 k 1, k 2 x1x1 x2x2 commit x 1 commit x 2 C k 1, p 1 k 2, p 2 (x 1 | p 1 ) · k 2 = 0 (x 2 | p 2 ) · k 1 = 0 S1S1 S2S2 Send (x 1 | p 1 ) Send (x 2 | p 2 ) Anh Le, UC Irvine, Inter-Session Pollution Detection Key Property: Orthogonality of k i and (x j | p j )

18 Efficient Key Generation in InterMac 18 k 1 = ( ḵ 1 | k’ 1 ) k 2 = ( ḵ 2 | k’ 2 ) x1x1 x2x2 commit Enc(x 1 · ḵ 2 ) commit Enc(x 2 · ḵ 1 ) k 1, p 1 k 2, p 2 (x 1 · ḵ 2 ) + p 1 k’ 2 = 0 Enc( ḵ 2 ) Enc( ḵ 1 ) C S1S1 S2S2 (x 2 · ḵ 1 ) + p 2 k’ 1 = 0 Bandwidth Efficiency: Sending Enc. of a single symbol instead of a full vector Anh Le, UC Irvine, Inter-Session Pollution Detection

19 x2x2 x2x2 k 1, k 2 19 S1S1 S2S2 R2R2 R1R1 A B InterMac Detection Illustration C Gen k 1, p 1 k 2, p 2 p 1, t 1 p 1 +p’ 2, t 1 +t’ 2 p' 2, t’ 2 (p 1 +p’ 2 ) dropped because p’ 2 not orthogonal to k 1 ! (p 1 k 1 +p’ 2 k 2 +p’ 2 k 1 ) ≠ t 1 +t’ 2 (p 1 +p’ 2 ) dropped because p’ 2 not orthogonal to k 1 ! (p 1 k 1 +p’ 2 k 2 +p’ 2 k 1 ) ≠ t 1 +t’ 2 p2, t2p2, t2 p2, t2p2, t2 now what S 2 sends must be orthogonal to k 1 Anh Le, UC Irvine, Inter-Session Pollution Detection x1x1 x1x1 k 1, k 2

20 1.Background and Motivation oInter-Session Pollution Attacks oMain Challenges 2.Prior Work 3.InterMac Detection 4.Evaluation 5.Conclusion Outline 20 Anh Le, UC Irvine, Inter-Session Pollution Detection

21 21 InterMac Performance Evaluation Bandwidth Overhead [27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11] Anh Le, UC Irvine, Inter-Session Pollution Detection

22 22 InterMac Performance Evaluation Computation Overhead [27] Agrawal et al. [PKC ‘10] [20] Zhang et al. [INFOCOM ‘11] Anh Le, UC Irvine, Inter-Session Pollution Detection

23 o Inter-session: Malicious sources o InterMac: First multi-key MAC scheme for inter-session Each source signs using its own key Still homomorphic o In-network detection based on InterMac 100 times faster than [PKC ‘10] 5 times less bandwidth than [PKC ’10] Require a trusted controller ( [PKC ’10] does not ) o More in the paper: Hash and SpaceMac-based detection Conclusion 23 Anh Le, UC Irvine, Inter-Session Pollution Detection

24 24 Links: Network Coding Security: http://www.ics.uci.edu/~anhml/projects.html#nc-security http://www.ics.uci.edu/~anhml/projects.html#nc-security UC Irvine Networking Group – Network Coding Project: http://odysseas.calit2.uci.edu/doku.php/public:network-coding http://odysseas.calit2.uci.edu/doku.php/public:network-coding Anh Le, UC Irvine, Inter-Session Pollution Detection

Download ppt "On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine."

Similar presentations

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.
Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University.

RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University.
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Beyond the MDS Bound in Distributed Cloud Storage

Beyond the MDS Bound in Distributed Cloud Storage
Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.

Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
Efficient aggregation of encrypted data in Wireless Sensor Network Author: Einar Mykletun, Gene Tsudik Presented by Yi Cheng Lin Date: March 13, 2007.

Efficient aggregation of encrypted data in Wireless Sensor Network Author: Einar Mykletun, Gene Tsudik Presented by Yi Cheng Lin Date: March 13, 2007.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
On-The-Fly Verification of Rateless Erasure Codes Max Krohn (MIT CSAIL) Michael Freedman and David Mazières (NYU)

On-The-Fly Verification of Rateless Erasure Codes Max Krohn (MIT CSAIL) Michael Freedman and David Mazières (NYU)
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Similar presentations

Ads by Google