240 likes | 414 Views
Quantitative Evaluation of Secure Network Coding Dawn Meeting UCSC Nov 4, 2010. SeungHoon Lee, Mario Gerla In collaboration with IBM researchers. Network Coding (NC). Improves throughput and reliability in disruptive MANETs Packets mixed by intermediate nodes
E N D
Quantitative Evaluation of Secure Network CodingDawn MeetingUCSC Nov 4, 2010 SeungHoon Lee, Mario Gerla In collaboration with IBM researchers
Network Coding (NC) • Improves throughput and reliability in disruptive MANETs • Packets mixed by intermediate nodes • Receivers still can recover original data under partial packet drop pkt drop Decoding success 2
Vulnerability of NC • No pollution detection/prevention in conventional NC protocols • Internal/ external attacks possible • Even one invalid packet can disrupt the entire data • Homomorphic cryptography can protect NC • However, • Computation is cumbersome, discouraging implementations Decoding Failure Pollution Attack
Objective of this work • Investigate the scalability of secure network coding based on homomorphic functions • We address PUSH scenario only (PULL is an extension) • Perform practical evaluation of the theoretical work[1]GKKR by TA2 researchers on secure network coding • Over the INTEGERS (as opposed to Galois field) Implementation of Secure NC (Linux) Experimental Measurement Qualnet Network Simulator [1] R. Gennaro, J. Katz, H. Krawczyk, and T. Rabin. Secure network coding over the integers. In Public Key Cryptography, pages 142–160, 2010.
Implementation: NC + NSig Destination Source Intermediate node X1 X2 X3
Implementation: NC + NSig Destination Source Intermediate node X1 X2 X3 • NSig(): Computing signatures of each block • *Only once at the beginning σ2 σ3 σ1
Implementation: NC + NSig Destination Source Intermediate node X1 X2 X3 • NSig(): Computing signatures of each block • *Only once at the beginning σ2 σ3 σ1 (2) encode(): Generating a coded block NC: Random linear network coding e1 e2 e3 + [e1,e2,e3] e1X1+e2X2+e3X3
Implementation: NC + NSig Destination Source Intermediate node X1 X2 X3 • NSig(): Computing signatures of each block • *Only once at the beginning σ2 σ3 σ1 (2) encode(): Generating a coded block NC: Random linear network coding e1 e2 e3 (3) combine(): Combining signatures x [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node X1 X2 X3 • NSig(): Computing signatures of each block • *Only once at the beginning σ2 σ3 σ1 (2) encode(): Generating a coded block NC: Random linear network coding e1 e2 e3 (3) combine(): Combining signatures x [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node • vry_NC(): Checking linear independency • (By Gaussian Elimination) [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node • vry_NC(): Checking linear independency • (By Gaussian Elimination) • If independent, • (2) vry_Sig(): Validating signatures [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node • vry_NC(): Checking linear independency • (By Gaussian Elimination) • If independent, • (2) vry_Sig(): Validating signatures • If valid, store the coded block • *If either verification fails, immediately drop. [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node • vry_NC(): Checking linear independency • (By Gaussian Elimination) • If independent, • (2) vry_Sig(): Validating signatures • If valid, store the coded block • *If either verification fails, immediately drop. • Generate a new coded block • by encode(data), combine(signatures) [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node • vry_NC(), vry_Sig() • If valid, store the coded block. [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NSig Destination Source Intermediate node • vry_NC(), vry_Sig() • If valid, store the coded block. • Once collect m blocks (valid & independent), • (2) decode(): Recover the original data • *m: # of blocks of data in the generation [e1,e2,e3] e1X1+e2X2+e3X3 σ
Implementation: NC + NHash • Another way of Secure Network Coding • instead of NSig (computing/validating signatures) • Hash Verification: • verify multiple coded blocks with a single verification X1 X2 X3 e1 e2 e3 encode() + vry_Hash() If vry_Hash() passes, sends out the coded block [e1,e2,e3] e1X1+e2X2+e3X3 x
Experimental Setup (1) • Hardware • Intel Core 2 Duo T9600 processor (2.8GHz, 6MB cache) • RAM: 2GB • Software • Linux platform • C++ / GMP library[2] (for cryptography implementation) [2] The GNU Multiple Precision Arithmetic Library. http://gmplib.org/
Experimental Results (1) vry_NC() • Processing delays are proportional to # of blocks • As downloaded more blocks, vry_NC() requires more delay for processing Gaussian elimination
Experimental Results (2) • Processing delays of vry_Sig() and vry_Hash() do not depend on m • The operations done with only a coded block being verified • In general, Secure NC operations require more delay than NC • 0.015ms (vry_NC) vs 22.5ms (vry_Sig), m=8
Simulation Setup • Evaluate the performance in realistic network scenario (PUSH Model) • QualNet 3.9.5 • Bandwidth: 2Mbps (broadcasting) • Data rate at source: 256Kbps • Network Topology (static topology) • 1 Source/ 1 destination • Variable # of hops H • We compare four schemes • NC_Only: Plain NC • NC + Nsig • NC + Nhash • BFKW[3]: Previously proposed homomorphic signature schemes [3] D. Boneh, D. Freeman, J. Katz, and B. Waters. Signing a linear subspace: Signature schemes for network coding. In Public Key Cryptography (PKC), 2009.
Simulation Results • Delay increases with more hops between Src/ Dst • NSig/NHash take less delay than BFKW
Conclusion • Studied feasibility of secure network coding schemes • Implemented the theoretical works and measured processing overhead from experiments • Integrated the experimental results into a packet-level network simulator, and evaluated the schemes in a realistic network scenario • Secure NC increases delay by only 30% with respect to plain NC • GKKR secure NC outperforms previously proposed BFKW • Ongoing work • Extend to PULL model (large generation) • Comparison with end-to-end coding schemes (Fountain/ Raptor codes) • Protected from internal attacks by conventional signatures • More dynamic network scenarios: node mobility, pollution attacks • Heterogeneous nodes(some cannot do Homomorphic operations)
Question & Answer Thank You!