Counteracting Byzantine Adversaries with Network Coding: An Overhead Analysis

1. Counteracting Byzantine Adversaries with Network Coding: An Overhead Analysis • MinJi Kim, Muriel Médard, João Barros IAMANET DARPA

2. Background and Motivation • Network coding offers throughput gains [Ho et al. '03], robustness against failures and erasures [Lun et al. '04] • Problem 1:Impact of Byzantine adversaries • End-to-end network error correction [Yeung et al. '06] [Jaggi et al. '07] • Packet-based Byzantine detection scheme [Zhao et al. '07] • Generation-based Byzantine detection scheme [Ho et al. '06] • Problem 2:Overhead for detection of attacks We ask: • Can we do better than just using error correction codes? • What kind of detection scheme? • Coding + Byzantine detection vs. non-coding approach?

3. Network model • Network: directed graphG = (V,E). • Node v:non-malicious, has public key K, receives m packets (nbits each) per unit time. • Probability p of corrupted packets (from Byzantine adversary). • If node vdetects an attack, then it discards data; otherwise, forwards data. • Destinations perform erasure correction.

4. End-to-end network error correction • [Jaggi et al. '07] offers distributed, polynomial-time, rate-optimal network codes that are information-theoretically secure against Byzantine attacks. • Idea: • Byzantine adversaries = secondary sources. Adds redundancy to distinguish the packets. • Analysis: • Node v does not check for attacks, and naively performs network coding. • Transmits at the remaining network capacity. • Error correction at destinations (more expensive than erasure correction). • Expected ratio of corrupted bits transmitted and total bits received is: p.

5. Packet-based detection scheme • [Zhao et al. '07] Signature scheme for linear network coding. • Idea: • Valid packets span a subspace; • Add signature (discrete log) to check the membership in the given subspace. • Requires public key infrastructure. • Analysis: • Node v checks the validity of every packet using K. • Size of the public key K and signature: 6% and 0.1% of the packet, respectively. • Approximate overhead: hp≈ 0.06n. • Maximum throughput: • Expected ratio of overhead bits and total bits received is: • When , then “bandwidth saved” > “cost of detection”.

6. Generation-based detection scheme • [Ho et al. '04] Information-theoretic approach to detect Byzantine adversaries (assumption: secrets from adversaries). • Idea: • Data and hash symbols must be consistent with its coefficient vector. • Analysis: • Node v checks for error on a generation. • If error, then discards the entire generation of Gpackets; otherwise, it forwards the data. • Can extend to a localByzantine detection scheme. • Ex. 2% overhead, the detection probability is at least 98.9%. • Approximate overhead: hg≈ 0.02nG. • Maximum throughput: • Expected ratio of overhead bits and total bits received is: where is the probability of dropping a generation.

7. Comparison of three schemes • Cost of error correction scheme = O(p). • p<0.03: the cost of detection >> cost introduced by the attacker. • Cost of generation-based scheme: • p≈ 0.2: few corrupted packets, but many invalid generations. • p<< 0.2: cost effective: hash across G packets. • p>> 0.2: many invalid generations. • Cost of packet-based scheme high for small p. • Largep: the hashes become “cheaper”. • Infrastructure needed (authentication and public key distribution). Ratio between the expected overhead and the total bits received by a node v with hp≈ 0.06n and hg≈ 0.02nG

8. Comparison of coded and non-coded systems Secure routing protocols for uncoded systems (especially for wireless ad hoc networks) has on average 24% overhead [Marti et al. '00]. • Coded systems need to authentication as well; but also benefit from the throughput gain. Coded systems always dobetter than the non-codedsystem. • Before this point, packet-based and end-to-end error correction achieve lower overhead. • After this point, generation-based schemes (with G ≤ 4) perform better. Cost of authentication, and size of signature grows linearly with number of hops for uncoded systems. • Packet-based scheme's signatures remain constant in size. • Public key infrastructure. • Authentication for all nodes. At the very best, the uncoded system will achieve this(assuming no losses in the channel). • In a non-coded system, overhead is equal to probability of attack. • Coding gives throughput gains as well as robustness against erasures. Ratio between the expected overhead and the total bits received by a node v with hp≈ 0.06n and hg≈ 0.02nG

9. Conclusions • Network coding: throughput gains, robustness against failures and erasures. • When under attack, Byzantine detections can be beneficial: • Data in network is clean; thus, increases throughput. • Erasure correction (not error correction); thus, computationally cheaper. • Choice of scheme: varies with p. • Very small p: detection too costly; use end-to-end error correction. • Small p:generation-based scheme is effective. • Distribute the cost of hash across G packets. • Right balance between G and p needed. • Large p:packet-based scheme is effective. • Future work: • Watchdog scheme for network coding.

10. Generation size G in the generation-based scheme • As generation size G increases, the cost increases dramatically. • The probability that at least one packet is corrupted in a generation grows exponentially, for any p. • Asymptotically, the cost approaches: where • However, this should not be too much of a problem in MANET, since Gis usually kept small. Ratio between the expected overhead and the total bits received by a node vfor generation-based detection generation size G, packet size n=1000, andhg≈ 0.02nG.