160 likes | 311 Views
RIPPLE Authentication for Network Coding. Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University of Hong Kong Sidharth Jaggi, The Chinese University of Hong Kong Alon Rosen, Herzliya Interdisciplinary Center, Israel.
E N D
RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University of Hong Kong Sidharth Jaggi, The Chinese University of Hong Kong Alon Rosen, Herzliya Interdisciplinary Center, Israel
Network Coding • Network coding • Maximize network throuput • Distributed solutions with low complexity • Robust to packet loss and network failure • Practical benifits • What if some nodes are malicious?
Pollution Attacks S A B M D Snowball effect E F
Taxonomy of Existing Solutions End-to-end In-network Symmetric key based ([Yu09, Agrawal09]) Public key based • Only c-collusion resistant • Vulnerable to a new tag pollution attack
New Tag Pollution Attacks S ? ? ? ? A B ? ? ? ? M Goal: Immediate detection ? ? D Snowball effect ? ? ? ? E F
Threat Model • Attackers can • Observe, inject, modify, delay, drop packets • Launch tag pollution attacks • Collude arbitrarily • Attackers’ limitations • Polynomial time bounded • No access to randomness used by source
Design Goals • Authentication scheme • In-network • Low complexity • Arbitrary collusion resistant • Tag pollution resistant (immediate detection)
Homomorphic MAC • Message Authentication Code (MAC) • Keyed hash function (symmetric key) • Homomorphic MAC • Create a new tag from old ones without key M
RIPPLE, Illustrated Level: length of the longest path to the source • When to disclose a key? • How to authenticate a key? • How to prevent tag pollution attacks? S Level 1 A B Level 2 C D Level 3
Our Homomorphic MAC • Provably resistant to tag pollution and arbitrary collusion
Tag Pollution Attack Resistant S ? ? A B ? ? M Immediate detection Achieved! D E F
When to Disclose a Key? One way key Chains Time • Use time to create asymmetry (TESLA, [PERRIG02])
How to Authenticate a Key? • Source: Create a one way key chain per level • Difficult to compute from • Use in reverse order of generation • Sign , denote • Nodes: Authenticate given • is valid if is authentic and
Performance Analysis • Settings: • A network of 10k nodes, • Maximum 16 levels • Packet size 1024 bytes • Generation size 32 packets • Number of parents per node 6 • GNU/Linux with 2.33GHz Intel Core 2 Duo processors
Conclusion • RIPPLE: Authentcation scheme for NC • Has low complexity • Tolerates arbitrary collusion • Resists tag pollution attacks