The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - Sept.-Oct. (2012 vol.9)
pp: 741-755
Jing Dong , Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
R. Curtmola , Dept. of Comput. Sci., New Jersey Inst. of Technol., Newark, NJ, USA
C. Nita-Rotaru , Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
D. K. Y. Yau , Adv. Digital Sci. Center, Singapore, Singapore
ABSTRACT
We study data pollution attacks in wireless interflow network coding systems. Although several defenses for these attacks are known for intraflow network coding systems, none of them are applicable to interflow coding systems. We formulate a model for interflow network coding that encompasses all the existing systems, and use it to analyze the impact of pollution attacks. Our analysis shows that the effects of pollution attacks depend not only on the network topology, but also on the location and strategy of the attacker nodes. We propose CodeGuard, a reactive attestation-based defense mechanism that uses efficient bit-level traceback and a novel cross-examination technique to unequivocally identify attacker nodes. We analyze the security of CodeGuard and prove that it is always able to identify and isolate at least one attacker node on every occurrence of a pollution attack. We analyze the overhead of CodeGuard and show that the storage, computation, and communication overhead are practical. We experimentally demonstrate that CodeGuard is able to identify attacker nodes quickly (within 500 ms) and restore system throughput to a high level, even in the presence of many attackers, thus preserving the performance of the underlying network coding system.
INDEX TERMS
telecommunication security, network coding, radio networks, telecommunication network topology, system throughput, pollution defense, wireless interflow network coding system, data pollution attack, intraflow network coding system, network topology, attacker node, CodeGuard, reactive attestation-based defense mechanism, bit-level traceback, cross-examination technique, security, storage, communication overhead, Encoding, Pollution, Network coding, Decoding, Wireless networks, Throughput, Routing protocols, interflow network coding., Pollution attacks, wireless networks
CITATION
Jing Dong, R. Curtmola, C. Nita-Rotaru, D. K. Y. Yau, "Pollution Attacks and Defenses in Wireless Interflow Network Coding Systems", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 5, pp. 741-755, Sept.-Oct. 2012, doi:10.1109/TDSC.2012.39
REFERENCES
[1] S. Chachulski, M. Jennings, S. Katti, and D. Katabi, "Trading Structure for Randomness in Wireless Opportunistic Routing," Proc. SIGCOMM, 2007.
[2] X. Zhang and B. Li, "Optimized Multipath Network Coding in Lossy Wireless Networks," Proc. Int'l Conf. Distributed Computing Systems (ICDCS '08), 2008.
[3] X. Zhang and B. Li, "DICE: A Game Theoretic Framework for Wireless Multipath Network Coding," Proc. MobiHoc, 2008.
[4] S. Katti, D. Katabi, H. Balakrishnan, and M. Medard, "Symbol-Level Network Coding for Wireless Mesh Networks," SIGCOMM Computer Comm. Rev., vol. 38, no. 4, pp. 401-412, 2008.
[5] J.-S. Park, M. Gerla, D.S. Lun, Y. Yi, and M. Medard, "Codecast: A Network-Coding-Based Ad Hoc Multicast Protocol," IEEE Wireless Comm., vol. 13, no. 5, pp. 76-81, Oct. 2006.
[6] C. Gkantsidis et al., "Multipath Code Casting for Wireless Mesh Networks," Proc. ACM CoNEXT Conf. (CoNEXT '07), 2007.
[7] S. Katti, D. Katabi, W. Hu, H. Rahul, and M. Médard, "The Importance of being Opportunistic: Practical Network Coding for Wireless Environments," Proc. Allerton Conf., 2005.
[8] S. Katti, H. Rahul, W. Hu, D. Katabi, M. Médard, and J. Crowcroft, "Xors in the Air: Practical Wireless Network Coding," Proc. SIGCOMM, 2006.
[9] J. Le, J.C.S. Lui, and D.M. Chiu, "DCAR: Distributed Coding-Aware Routing in Wireless Networks," Proc. 28th Int'l Conf. Distributed Computing Systems (ICDCS '08), 2008.
[10] S. Das, Y. Wu, R. Chandra, and Y.C. Hu, "Context-Based Routing: Technique, Applications, and Experience," Proc. Fifth USENIX Symp. Networked Systems Design and Implementation (NSDI '08), 2008.
[11] Q. Dong, J. Wu, W. Hu, and J. Crowcroft, "Practical Network Coding in Wireless Networks," Proc. MobiCom, 2007.
[12] S. Omiwade, R. Zheng, and C. Hua, "Practical Localized Network Coding in Wireless Mesh Networks," Proc. Ann. IEEE Comm. Soc. Conf. Sensor Mesh and Ad Hoc Comm. and Networks (SECON), 2008.
[13] S. Omiwade, R. Zheng, and C. Hua, "Butteries in the Mesh: Lightweight Localized Wireless Network Coding," Proc. Fourth Workshop Network Coding, Theory and Applications (NetCod '08), pp. 1-6, Jan. 2008.
[14] B. Ni, N. Santhapuri, Z. Zhong, and S. Nelakuditi, "Routing with Opportunistically Coded Exchanges in Wireless Mesh Networks," Proc. Second IEEE Workshop Wireless Mesh Networks (WiMesh '06), 2006.
[15] S. Marti, T. Giuli, K. Lai, and M. Baker, "Mitigating Routing Misbehavior in Mobile Ad Hoc Networks," Proc. MobiCom, Aug. 2000.
[16] Y.-C. Hu, A. Perrig, and D.B. Johnson, "Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks," Wireless Networking, vol. 11, pp. 21-38, 2005.
[17] T. Ho, B. Leong, R. Koetter, M. Mdard, M. Effros, and D.R. Karger, "Byzantine Modification Detection in Multicast Networks with Random Network Coding," IEEE Trans. Information Theory, vol. 54, no. 6, pp. 2798-2803, June 2008.
[18] M. Krohn, M. Freedman, and D. Mazieres, "On-The-Fly Verification of Rateless Erasure Codes for Efficient Content Distribution," Proc. Symp. Security and Privacy, 2004.
[19] C. Gkantsidis and P.R. Rodriguez, "Cooperative Security for Network Coding File Distribution," Proc. IEEE INFOCOM '06, 2006.
[20] S. Agrawal and D. Boneh, "Homomorphic MACs: MAC-Based Integrity for Network Coding," Proc. Seventh Int'l Conf. Applied Cryptography and Network Security (ACNS '09), 2009.
[21] D. Charles, K. Jain, and K. Lauter, "Signatures for Network Coding," Proc. Ann. Conf. Information Sciences and Systems (CISS), 2006.
[22] Q. Li, D.-M. Chiu, and J.C.S. Lui, "On the Practical and Security Issues of Batch Content Distribution via Network Coding," Proc. IEEE Int'l Conf. Network Protocols (ICNP '06), 2006.
[23] F. Zhao, T. Kalker, M. Medard, and K. Han, "Signatures for Content Distribution with Network Coding," Proc. Int'l Symp. Information Theory (ISIT '07), 2007.
[24] Z. Yu et al., "An Efficient Signature-Based Scheme for Securing Network Coding against Pollution Attacks," Proc. IEEE INFOCOM, 2008.
[25] Z. Yu, Y. Wei, and Y. Guan, "An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks," Proc. IEEE INFOCOM, 2009.
[26] D. Boneh, D. Freeman, J. Katz, and B. Waters, "Signing a Linear Subspace: Signature Schemes for Network Coding," Proc. Int'l Conf. Practice and Theory in Public Key Cryptography (PKC '09), 2009.
[27] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, "Aggregate and Verifiably Encrypted Signatures from Bilinear Maps," Proc. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT '03), 2003.
[28] A. Le and A. Markopoulou, "Locating Byzantine Attackers in Intrasession Network Coding Using Spacemac," Proc. IEEE Int'l Symp. Network Coding (NetCod), 2010.
[29] Y.-C. Hu, D.B. Johnson, and A. Perrig, "SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks," Proc. IEEE Workshop Mobile Computing Systems and Applications (WMCSA), 2002.
[30] M.G. Zapata and N. Asokan, "Securing Ad Hoc Routing Protocols," Proc. ACM Workshop Wireless Security (WiSe), 2002.
[31] B. Awerbuch, R. Curtmola, D. Holmer, C. Nita-Rotaru, and H. Rubens, "ODSBR: An On-Demand Secure Byzantine Resilient Routing Protocol for Wireless Ad Hoc Networks," ACM Trans. Information Systems and Security, vol. 10, article 6, 2008.
[32] R. Curtmola and C. Nita-Rotaru, "BSMR: Byzantine-Resilient Secure Multicast Routing in Multi-Hop Wireless Networks," Proc. IEEE Comm. Soc. Conf. Sensor Mesh and Ad Hoc Comm. and Networks (SECON), 2007.
[33] J. Dong, R. Curtmola, and C. Nita-Rotaru, "On the Pitfalls of Using High-Throughput Multicast Metrics in Adversarial Wireless Mesh Networks," Proc. IEEE Comm. Soc. Conf. Sensor Mesh and Ad Hoc Comm. and Networks (SECON '08), June 2008.
[34] Y. Li, H. Yao, M. Chen, S. Jaggi, and A. Rosen, "RIPPLE Authentication for Network Coding," Proc. IEEE INFOCOM, 2010.
[35] E. Kehdi and B. Li, "Null Keys: Limiting Malicious Attacks via Null Space Properties of Network Coding," Proc. IEEE INFOCOM, 2009.
[36] J. Dong, R. Curtmola, and C. Nita-Rotaru, "Practical Defenses against Pollution Attacks in Wireless Network Coding," ACM Trans. Information Systems and Security, vol. 14, pp. 7:1-7:31, June 2011.
[37] J. Dong, R. Curtmola, and C. Nita-Rotaru, "Practical Defenses against Pollution Attacks in Intraflow Network Coding for Wireless Mesh Networks," Proc. Second ACM Conf. Wireless Network Security (WiSec '09), 2009.
[38] T. Ho, B. Leong, R. Koetter, M. Medard, M. Effros, and D. Karger, "Byzantine Modification Detection in Multicast Networks Using Randomized Network Coding," Proc. Int'l Symp. Information Theory (ISIT '04), 2004.
[39] S. Jaggi et al., "Resilient Network Coding in the Presence of Byzantine Adversaries," Proc. IEEE INFOCOM, 2007.
[40] S. Agrawal, D. Boneh, X. Boyen, and D. Freeman, "Preventing Pollution Attacks in Multi-Source Network Coding," Proc. Int'l Conf. Practice and Theory in Public Key Cryptography (PKC '10), 2010.
[41] Q. Wang, L. Vu, K. Nahrstedt, and H. Khurana, "MIS: Malicious Nodes Identification Scheme in Network-Coding-Based Peer-to-Peer Streaming," Proc. IEEE INFOCOM, 2010.
[42] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Network Support for IP Traceback," IEEE/ACM Trans. Networking, vol. 9, no. 3, pp. 226-237, June 2001.
[43] D.X. Song and A. Perrig, "Advanced and Authenticated Marking Schemes for IP Traceback," Proc. IEEE INFOCOM, 2001.
[44] P. Sattari, M. Gjoka, and A. Markopoulou, "A Network Coding Approach to IP Traceback," Proc. IEEE Int'l Symp. Network Coding (NetCod), 2010.
[45] D. Silva, F. Kschischang, and R. Koetter, "A Rank-Metric Approach to Error Control in Random Network Coding," Proc. IEEE Information Theory Workshop Information Theory for Wireless Networks, 2007.
[46] R. Koetter and F.R. Kschischang, "Coding for Errors and Erasures in Random Network Coding," IEEE Trans. Information Theory, vol. 54, no. 8, pp. 3579-3591, Aug. 2008.
[47] R.W. Yeung and N. Cai, "Network Error Correction, Part i: Basic Concepts and Upper Bounds," Comm. Information Systems, vol. 6, no. 1, pp. 19-36, 2006.
[48] N. Cai and R.W. Yeung, "Network Error Correction, Part ii: Lower Bounds," Comm. Information Systems, vol. 6, no. 1, pp. 37-54, 2006.
[49] J. Dong, R. Curtmola, R. Sethi, and C. Nita-Rotaru, "Toward Secure Network Coding in Wireless Networks: Threats and Challenges," Proc. Fourth Workshop Secure Network Protocols (NPSec), 2008.
[50] J. Dong, R. Curtmola, and C. Nita-Rotaru, "Secure Network Coding for Wireless Mesh Networks: Threats, Challenges, and Directions," Computer Comm., vol. 32, pp. 1790-1801, 2009.
[51] R. Curtmola and C. Nita-Rotaru, "BSMR: Byzantine-Resilient Secure Multicast Routing in Multi-Hop Wireless Networks," IEEE Trans. Mobile Computing, vol. 8, no. 4, pp. 445-459, Apr. 2009.
[52] H. Eberle, N. Gura, S.C. Shantz, V. Gupta, L. Rarick, and S. Sundaram, "A Public-Key Cryptographic Processor for RSA and ECC," Proc. IEEE Int'l Conf. Application-Specific Systems, Architectures and Processors (ASAP '04), 2004.
[53] H. Eberle, S. Shantz, V. Gupta, N. Gura, L. Rarick, and L. Spracklen, "Accelerating Next-Generation Public-Key Cryptosystems on General-Purpose Cpus," IEEE Micro, vol. 25, no. 2, pp. 52-59, Mar./Apr. 2005.
[54] Global Mobile Information Systems Simulation Library— Glomosim, http://pcl.cs.ucla.edu/projectsglomosim/, 2005.
[55] J. Camp, J. Robinson, C. Steger, and E. Knightly, "Measurement Driven Deployment of a Two-Tier Urban Mesh Access Network," Proc. Fourth Int'l Conf. Mobile Systems, Applications and Services (MobiSys '06), 2006.
[56] D. Couto, D. Aguayo, J. Bicket, and R. Morris, "A High-Throughput Path Metric for Multi-Hop Wireless Routing," Proc. MobiCom, 2003.
[57] T.H. Cormen, C. Stein, R.L. Rivest, and C.E. Leiserson, Introduction to Algorithms. McGraw-Hill Higher Education, 2001.
[58] J. Dong, R. Curtmola, C. Nita-Rotaru, and D. Yau, "Pollution Attacks and Defenses in Wireless Inter-Flow Network Coding Systems," Proc. IEEE Int'l Workshop Wireless Network Coding (WiNC), 2010.
57 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool