1 / 16

RIPPLE Authentication for Network Coding

RIPPLE Authentication for Network Coding. Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University of Hong Kong Sidharth Jaggi, The Chinese University of Hong Kong Alon Rosen, Herzliya Interdisciplinary Center, Israel.

keziah
Download Presentation

RIPPLE Authentication for Network Coding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University of Hong Kong Sidharth Jaggi, The Chinese University of Hong Kong Alon Rosen, Herzliya Interdisciplinary Center, Israel

  2. Network Coding • Network coding • Maximize network throuput • Distributed solutions with low complexity • Robust to packet loss and network failure • Practical benifits • What if some nodes are malicious?

  3. Pollution Attacks S A B M D Snowball effect E F

  4. Taxonomy of Existing Solutions End-to-end In-network Symmetric key based ([Yu09, Agrawal09]) Public key based • Only c-collusion resistant • Vulnerable to a new tag pollution attack

  5. New Tag Pollution Attacks S ? ? ? ? A B ? ? ? ? M Goal: Immediate detection ? ? D Snowball effect ? ? ? ? E F

  6. Threat Model • Attackers can • Observe, inject, modify, delay, drop packets • Launch tag pollution attacks • Collude arbitrarily • Attackers’ limitations • Polynomial time bounded • No access to randomness used by source

  7. Design Goals • Authentication scheme • In-network • Low complexity • Arbitrary collusion resistant • Tag pollution resistant (immediate detection)

  8. Homomorphic MAC • Message Authentication Code (MAC) • Keyed hash function (symmetric key) • Homomorphic MAC • Create a new tag from old ones without key M

  9. RIPPLE, Illustrated Level: length of the longest path to the source • When to disclose a key? • How to authenticate a key? • How to prevent tag pollution attacks? S Level 1 A B Level 2 C D Level 3

  10. Our Homomorphic MAC • Provably resistant to tag pollution and arbitrary collusion

  11. Tag Pollution Attack Resistant S ? ? A B ? ? M Immediate detection Achieved! D E F

  12. When to Disclose a Key? One way key Chains Time • Use time to create asymmetry (TESLA, [PERRIG02])

  13. How to Authenticate a Key? • Source: Create a one way key chain per level • Difficult to compute from • Use in reverse order of generation • Sign , denote • Nodes: Authenticate given • is valid if is authentic and

  14. Performance Analysis • Settings: • A network of 10k nodes, • Maximum 16 levels • Packet size 1024 bytes • Generation size 32 packets • Number of parents per node 6 • GNU/Linux with 2.33GHz Intel Core 2 Duo processors

  15. Conclusion • RIPPLE: Authentcation scheme for NC • Has low complexity • Tolerates arbitrary collusion • Resists tag pollution attacks

  16. Thanks!

More Related