Abstract
Recent studies have shown that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability.
In this article, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions are impractical in wireless networks, incurring an unacceptable high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. We also propose efficient attacker identification schemes for both DART and EDART that enable quick attacker isolation and the selection of attacker-free paths, achieving additional performance improvement. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low (less than 0.002% in typical settings). Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared with previous solutions.
- Agrawal, S. and Boneh, D. 2009. Homomorphic Macs: Mac-based integrity for network coding. In Proceedings of the International Conference on Applied Cryptography and Network Security. Google Scholar
Digital Library
- Aguayo, D., Bicket, J., Biswas, S., Judd, G., and Morris, R. 2004. Link-level measurements from an 802.11b mesh network. SIGCOMM Comp. Comm. Rev. 34, 4, 121--132. Google Scholar
Digital Library
- Ahlswede, R., Cai, N., Li, S.-Y., and Yeung, R. 2000. Network information flow. IEEE Trans. Inform. Theor. 46, 4, 1204--1216. Google Scholar
Digital Library
- Awerbuch, B., Curtmola, R., Holmer, D., Nita-Rotaru, C., and Rubens, H. 2008. ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks. In ACM Trans. Info. Syst. Sec. 10, 4, Article 6. Google Scholar
Digital Library
- Bicket, J., Aguayo, D., Biswas, S., and Morris, R. 2005. Architecture and evaluation of an unplanned 802.11b mesh network. In Proceedings of the ACM International Conference on Mobile Computing Networking. Google Scholar
Digital Library
- Biswas, S. and Morris, R. 2004. Opportunistic routing in multi-hop wireless networks. SIGCOMM Comp. Comm. Rev. 34, 1, 69--74. Google Scholar
Digital Library
- Boneh, D., Freeman, D., Katz, J., and Waters, B. 2009. Signing a linear subspace: Signature schemes for network coding. In Proceedings of the International Conference on Public Key Cryptography. Google Scholar
Digital Library
- Chachulski, S., Jennings, M., Katti, S., and Katabi, D. 2007. Trading structure for randomness in wireless opportunistic routing. In Proceedings of the ACM SIGCOMM Data Communications Festival. Google Scholar
Digital Library
- Charles, D., Jain, K., and Lauter, K. 2006. Signatures for network coding. In Proceedings of the Annual Conference on Information Sciences and Systems.Google Scholar
- Chou, P. and Wu, Y. 2007. Network coding for the Internet and wireless networks. IEEE Signal Process Mag. 24, 77--85.Google Scholar
Cross Ref
- Chou, Y. W. P. A. and Kung, S.-Y. 2005. Minimum-energy multicast in mobile ad hoc networks using network coding. IEEE Trans. Comm. 53, 11, 1906--1918.Google Scholar
Cross Ref
- Couto, D. S. J. D., Aguayo, D., Bicket, J., and Morris, R. 2003. A high-throughput path metric for multi-hop wireless routing. In Proceedings of the ACM Annual Conference on Mobile Computing and Networking. Google Scholar
Digital Library
- Cui, T., Chen, L., and Ho, T. 2008. Energy efficient opportunistic network coding for wireless networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Dana, A. F., Gowaikar, R., Palanki, R., Hassibi, B., and Effros, M. 2006. Capacity of wireless erasure networks. IEEE Trans. Inform. Theor. 52, 3, 789--804. Google Scholar
Digital Library
- Deb, S. and Medard, M. 2006. Algebraic gossip: A network coding approach to optimal multiple rumor mongering. IEEE Trans. Inform. Theor. 52, 6, 2486--2507. Google Scholar
Digital Library
- Dimakis, A. G., Godfrey, P. B., Wainwright, M. J., and Ramchandran, K. 2007. The benefits of network coding for peer-to-peer storage systems. In Proceedings of the Workshop on Network Coding, Theory, and Applications.Google Scholar
- Dong, J., Curtmola, R., and Nita-Rotaru, C. 2009. Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks. In Proceedings of the 2nd ACM Conference on Wireless Network Security. Google Scholar
Digital Library
- Dong, J., Curtmola, R., Sethi, R., and Nita-Rotaru, C. 2008. Toward secure network coding in wireless networks: Threats and challenges. In Proceedings of the Fourth Workshop on Secure Network Protocols.Google Scholar
- Effros, M., Ho, T., and Kim, S. 2006. A tiling approach to network code design for wireless networks. In Proceedings of the IEEE Information Theory Workshop.Google Scholar
- Fragouli, C. and Markopoulou, A. 2005. A network coding approach to overlay network monitoring. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.Google Scholar
- Fragouli, C. and Markopoulou, A. 2006. Network coding techniques for network monitoring: A brief introduction. In Proceedings of the International Zurich Seminar on Communications. Google Scholar
Digital Library
- Fragouli, C., Widmer, J., and Le Boudec, J.-Y. 2006. A network coding approach to energy efficient broadcasting: From theory to practice. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
Cross Ref
- Gkantsidis, C. and Rodriguez, P. 2005. Network coding for large scale content distribution. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Gkantsidis, C. and Rodriguez, P. 2006. Cooperative security for network coding file distribution. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Guerrero Zapata, M. and Asokan, N. 2002. Securing Ad hoc Routing Protocols. In Proceedings of the ACM Workshop on Wireless Security (WiSe02). 1--10. Google Scholar
Digital Library
- Ho, T. 2006. On constructive network coding for multiple unicasts. In Proceedings of the Annual Allrton Conference on Communication Control and Computing.Google Scholar
- Ho, T., Leong, B., Chang, Y.-H., Wen, Y., and Koetter, R. 2005. Network monitoring in multicast networks using network coding. In Proceedings of the IEEE International Symposium on Information Theory.Google Scholar
- Ho, T., Leong, B., Koetter, R., Medard, M., Effros, M., and Karger, D. 2004. Byzantine modification detection in multicast networks using randomized network coding. In Proceedings of the IEEE International Symposium on Information Theory.Google Scholar
- Hou, I.-H., Tsai, Y.-E., Abdelzaher, T., and Gupta, I. 2008. Adapcode: Adaptive network coding for code updates in wireless sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Hu, Y.-C., Perrig, A., and Johnson, D. B. 2002. Ariadne: A secure on-demand routing protocol for ad hoc networks. In Proceedings of the ACM Annual International Conference on Mobile Computing Networking. Google Scholar
Digital Library
- Jaggi, S., Langberg, M., Katti, S., Ho, T., Katabi, D., and Medard, M. 2007. Resilient network coding in the presence of byzantine adversaries. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Jain, K. 2005. On the power (saving) of network coding. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.Google Scholar
- Jin, J., Ho, T., and Viswanathan, H. 2006. Comparison of network coding and non-network coding schemes for multi-hop wireless networks. In Proceedings of the IEEE International Symposium on Information Theory.Google Scholar
- Katti, S., Kabati, D., Hu, W., Rahul, H., and Medard, M. 2005. The importance of being opportunistic: Practical network coding for wireless environments. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.Google Scholar
- Katti, S., Rahul, H., Hu, W., Katabi, D., Médard, M., and Crowcroft, J. 2006. Xors in the air: practical wireless network coding. SIGCOMM Comp. Comm. Rev. 36, 4, 243--254. Google Scholar
Digital Library
- Kehdi, E. and Li, B. 2009. Null keys: Limiting malicious attacks via null space properties of network coding. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Krohn, M., Freedman, M., and Mazieres, D. 2004. On-the-fly verification of rateless erasure codes for efficient content distribution. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- Li, L., Ramjee, R., Buddhikot, M., and Miller, S. 2007. Network coding-based broadcast in mobile ad-hoc networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Li, Q., Chiu, D.-M., and Lui, J. Nov. 2006. On the practical and security issues of batch content distribution via network coding. In Proceedings of the IEEE International Conference on Network Protocols. Google Scholar
Digital Library
- Lin, Y., Li, B., and Liang, B. 2008. Efficient network coded data transmissions in disruption tolerant networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Lun, D. S., Médard, M., Koetter, R., and Effros, M. 2005a. Further results on coding for reliable communication over packet networks. In Proceedings of the IEEE International Symposium on Information Theory.Google Scholar
- Lun, D. S., Ratnakar, N., Koetter, R., edard, M. M., Ahmed, E., and Lee, H. 2005b. Achieving minimum cost multicast: A decentralized approach based on network coding. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Médard, M., Effros, M., Ho, T., and Karger, D. R. 2003. On coding for non-multicast networks. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.Google Scholar
- Park, J.-S., Gerla, M., Lun, D. S., Yi, Y., and Medard, M. 2006. Codecast: A network-coding-based ad hoc multicast protocol. IEEE Wireless Comm. 13, 5, 76--81. Google Scholar
Digital Library
- Perrig, A., Canetti, R., Tygar, J. D., and Song, D. 2002a. The TESLA broadcast authentication protocol. RSA CryptoBytes 5, 2, 2--13.Google Scholar
- Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., and Culler, D. E. 2002b. Spins: security protocols for sensor networks. Wireless Netw. 8, 5. Google Scholar
Digital Library
- Radunovic, B., Gkantsidis, C., P. Key, S. G., Hu, W., and Rodriguez, P. March 2007. Multipath code casting for wireless mesh networks. Tech. rep. MSR-TR-2007-68. Microsoft Research, Redmond, WA.Google Scholar
- Sun, K., Ning, P., and Wang, C. 2006a. Secure and resilient clock synchronization in wireless sensor networks. IEEE J. Select. Areas. Comm. 24, 2. Google Scholar
Digital Library
- Sun, K., Ning, P., and Wang, C. 2006b. Tinysersync: secure and resilient time synchronization in wireless sensor networks. In Proceedings of the ACM Conference on Computer and Communcations Security. Google Scholar
Digital Library
- Traskov, D., Ratnakar, N., Lun, D. S., Koetter, R., and Médard, M. 2006. Network coding for multiple unicasts: An approach based on linear optimization. In Proceedings of the IEEE International Symposium on Information Theory.Google Scholar
- Wang, D., Silva, D., and Kschischang, F. R. 2007. Constricting the adversary: A broadcast transformation for network coding. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.Google Scholar
- Widmer, J. and Boudec, J.-Y. L. 2005. Network coding for efficient communication in extreme networks. In Proceedings of the ACM SIGCOMM Workshops on Delay-Tolerent Networking. Google Scholar
Digital Library
- Widmer, J., Fragouli, C., and Boudec, J.-Y. L. 2005. Energy-efficient broadcasting in wireless ad-hoc networks. In Proceedings of the IEEE International Sympossium on Network Coding.Google Scholar
- Yu, Z., Wei, Y., Ramkumar, B., and Guan, Y. 2008. An efficient signature-based scheme for securing network coding against pollution attacks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Zhao, F., Kalker, T., Medard, M., and Han, K. 2007. Signatures for content distribution with network coding. In Proceedings of the IEEE Internation Symposium on International Theory.Google Scholar
Index Terms
Practical defenses against pollution attacks in wireless network coding
Recommendations
Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks
WiSec '09: Proceedings of the second ACM conference on Wireless network securityRecent studies show that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that ...
Pollution Attacks and Defenses in Wireless Interflow Network Coding Systems
We study data pollution attacks in wireless interflow network coding systems. Although several defenses for these attacks are known for intraflow network coding systems, none of them are applicable to interflow coding systems. We formulate a model for ...
On the practicality of cryptographic defences against pollution attacks in wireless network coding
Numerous practical systems based on network coding have been proposed in recent years demonstrating the wide range of benefits of network coding, such as increased throughput, reliability, and energy efficiency. However, network coding systems are ...






Comments