An Algebraic Watchdog for Wireless Network Coding

1. An Algebraic Watchdog for Wireless Network Coding MinJi Kim† Joint work with Muriel Médard†, João Barros‡, Ralf Kötter* †Massachusetts Institute of Technology ‡University of Porto *Technischen Universität München

2. Background • Secure network coding • Network error correction [Yeung et al. 2006] • Resilient coding in presence of Byzantine adversaries [Jaggi et al. 2007] • Signature scheme [Charles et al. 2006][Zhao et al. 2007] • Locating attackers [Siavoshani et al. 2008] • NOTE: downstream nodes check for adversaries, the upstream nodes unaware. • Watchdog and pathrater [Marti et al. 2000] • Extensions of Dynamic Source Routing • Detect/mitigate misbehavior of the next node • Use wireless medium: promiscuous monitoring • Combine the benefits of network coding and watchdog • Focus on two-hop network

3. Problem Statement • Wireless network G = (V, E1,E2). • V : Set of nodes in the network • E1: Set of hyperedges for connectivity/wireless links • E2: Set of hyperedges for interference • Transition probability known (Binary symmetric channel) • Is v3 consistent with… • Overheard packets from v2 and v3? • Channel statistics? Intended transmission in E1 Overhearing with noise in E2

4. Problem Statement • How can upstream nodes (v1 and v2) detect misbehaving node (v3) with high probability? Intended transmission in E1 Overhearing with noise in E2 Routing: Packets individually recognizable Network Coding: Packets are mixed Errors from BSC channel : Probabilistic detection Few bit errors can make dramatic change in the algebraic interpretation

5. Packet Structure • A node vi that receives messagesxj ’s and transmits pi • Note: hash is contained in one hop, dependent on in-degree • Goal: If vitransmits xi = e + Σ αj xjwheree≠0, detect it with high probability. • Even if |e| small, the algebraic interpretation may change dramatically. pi = aj’s aj’s h(xj) h(xj) h(xi) h(xi) xi coding coefficients aj’s coded data xi = Σ αj xj hash of received messages h(xj) hash of message h(xi) header: protected with error correction codes

6. Algebraic Analysis • v1 knows: x1 h(x1) Estimate of x2: 2 h(x2) Estimate of x3: 3 h(x3) a1and a2 • Note: • h(x3) and x3consistent • Errors in a1and a2 translates to errors in x3

7. Algebraic Analysis • v1 knows: x1 h(x1) Estimate of x2: 2 h(x2) Estimate of x3: 3 h(x3) a1and a2 • v1 computed all “plausible” x3 • Intersect this with all typical x3 • v1claims that v3 is misbehaving if this intersection is empty.

8. Prob that v3passes v2’s check Prob that v3passes v1’s check Number of potential msgs v3 can send Algebraic Analysis • Lemma 1: For n large enough, probability of false detection ≤ ε for any constant ε. • If a neighbor sends valid packets, then the node overhears valid information with noise introduced by the channel only. • Lemma 2: P(A malicious v3is undetected by v1) iswhere ri→j is the radius such that the probability that the interference channel/noise from vi to vj is within a ball of radius ri→j is at least 1- ε. • Using Lemma 2 (and equivalent result for v2), probability of misdetection is:

9. Graphical Model • v1 knows: x1 h(x1) Estimate of x2: 2 h(x2) Estimate of x3: 3 h(x3) a1and a2 Layer 1: ( 2, h(x2)) Layer 2: x2 Layer 3: x3 Layer 4: ( 3, h(x3)) hash value: h(x2) a1 x1 + a2 x2 hash value: h(x3) Channel Errors Permutation Channel Errors

10. Graphical Model • 4 Layers: • Layer 1 & 4: 2n+hvertices, representing [codeword, hash] pairs • Layer 2 & 3: 2n vertices, representing codewords P(x2|Channel ∆( 2 , x2) & h(x2)) P(x3|Channel ∆( 2 , x3) & h(x3)) Layer 1: ( 2, h(x2)) Layer 2: x2 Layer 3: x3 Layer 4: ( 3, h(x3)) Compute x3 given x2

11. Graphical Model • Start & destination point in Layer 1 and 4: what v1 overhears. • Computes the sum of the product of the weights of all possible paths from start to destination (= the probability that v3 is consistent) • This model illustrates sequentially/visually the inference process. Layer 1: ( 2, h(x2)) Layer 2: x2 Layer 3: x3 Layer 4: ( 3, h(x3))

12. Summary • Probabilistically police downstream neighbors • Algebraic analysis: • Exact formulae for probabilities of misdetection and false-detection • Graphical model: • Capture inference process • Compute/approximate probabilities of consistency within the network Future Work: • Generalize to multiple sources, multi-hop network • Combine with reputation based protocol and some practical considerations

13. Extra Slides

14. Problem Statement • How to fool v2? • Insert errors without being noticed? • Lie about message from v1? • Is v3 behaving? • Is v3 consistent with… • Overheard packets from v1 and v3? • Channel statistics?

15. Two-hop Network • Graphical model • Explains the decision process • Algebraic analysis • Understand the performance of the protocol

16. Graphical Model • 4 Layers: • Layer 1 & 4: 2n+hvertices, representing [codeword, hash] pairs • Layer 2 & 3: 2n vertices, representing codewords

17. Graphical Model • Edges: • [v,u] in Layer 1 to w in Layer 2 iff h(w) = u . Normalized, but edge weight proportional to: • v in Layer 2 to w in Layer 3 iff All edge weights = 1. • v in Layer 3 to [w,u] in Layer 4 iff h(v) = u . Normalized, but edge weight proportional to:

18. Extensions • More than 2 sources: • Generalized graphical model • Use Viterbi-like Algorithm to compute: • Most likely path (i.e. set of codewords) • Total probability of reaching a linear combination • Multi-hop: • As long as not dominated by the adversaries • Hidden terminal problem: the probability of detecting decreases, but still possible.

19. Future Work • Generalize to multiple sources, multi-hop network • Develop models/framework (cascading graphical model?) • Develop inference methods/approximation algorithms to efficiently make decision regarding malicious neighbors • Combine with reputation based protocol and some practical considerations • Eventually, develop/analyze a protocol which allows nodes to probabilistically verify and locally police their neighbors (especially downstream) • Self-checking network