A bandwidth efficient HMAC-based authentication scheme for network coding
Introduction
Almost two decades ago Alshwede et al. introduced the term and concept of network coding in [1]. Contrary to the orthodox routing technique of store-and-forward. Network coding allowed intermediate nodes to combine received packets allowing the network to achieve its maximum multicast rate as per the max-flow min-cut theorem [2]. Several variations of network coding approaches exist. These are classified based on the manner in which packets are re-coded as they traverse the network. In simple network coding, packets are combined using the XoR operation. In a slightly more advanced approach to linear network coding, packets leaving a node are formed via a linear combination of the packets received by the node and carefully chosen local encoding coefficients. The most famous of them all is the method introduced by Ho et al. [3] dubbed random linear network coding. Unlike linear network coding, this approach allows network nodes to choose their local encoding coefficients uniformly at random from a finite field. Thus, making this a fully distributed approach. Network coding presents many advantages some of which include: robustness to packet loss, increase in throughput, and reduction in power consumption and transmission delays [4], [5], [6]. It is no secret that the actual implementation of network coding in real life scenarios still presents some challenges. However, it has been found to be a viable substitute for traditional network routing techniques in areas such as: data gathering in sensor networks [7], P2P networks [6], [7], [8], wireless networks [9], [10], [11], [12], [13], [14], and any other networking environment which supports internode processing.
Unfortunately, the fact that network coding allows packets to be re-coded at the intermediate nodes exposes it to a severe security threat known as the pollution attack. In this form of attack, the network suffers severely with respect to bandwidth waste and the amount of excess computational power required to rectify the damage sustained. In general, pollution attacks in network coding enabled environments are grouped into two categories.
The first form of pollution attack is the message/data pollution attack. In this form of attack, the adversary aims to alter the contents of a packet’s payload. An example of this will be the case presented in [15]. As these polluted packets travel downstream, they are combined with and pollute large numbers of legitimate packets. This form of pollution spreads quickly and prevents affected sink nodes from recovering the original message from the packets they receive. In order to mitigate this form of attack, numerous authentication schemes have been proposed over the years.
Authentication schemes in network coding are either information-theoretic [16], [17] or cryptographic [18], [19], [20], [21], [22], [23], [24], [25], [26]. As the name suggests information-theoretic schemes are based on concepts derived from information theory. Although these schemes are comparatively less demanding when it comes to the computational cost of implementing them. They are only able to detect pollution attacks at the sink nodes. The computational cost associated with implementing the cryptographic-based schemes is relatively higher. However, they support in-network authentication. This allows intermediate nodes to promptly detect and reject corrupted packets. This property has made them the obvious choice when authentication schemes for network coding environments are being considered. Three main cryptographic paradigms are employed in the creation of these schemes, namely: cryptographic signatures [23], [24], HMACs [25], [26], and homomorphic hash functions [20], [21]. The most favored out of these are the schemes based on HMACs due to the relatively lower computational complexity associated with their implementation. These schemes are mainly implemented by appending authentication tags to packet payloads [25], [26]. The afore mentioned schemes drastically reduced the probability with which an adversary can launch a successful message/data pollution attack. However, they exposed network coding enabled networks to a new form of threat dubbed as the tag pollution attack [27]. In this form of attack, the main goal of the adversary is to modify the tags appended to packets with the aim of making them fail authentication. Such packets may travel a few hops and, in some cases, may even reach the destination nodes before being detected and rejected.
In response to the new threat, improved versions of these HMAC schemes were introduced to detect packets whose tags may have been polluted. Most of the current state of the art HMAC-based schemes [12], [13], [14] achieved this by increasing the number of appended authentication tags and/or adding a single, homomorphic, cryptographic signature.
The above mentioned HMAC and homomorphic signature-based authentication schemes achieved their goal of mitigating message/data and/or tag pollution attacks. However, as stated in [28], the size of a network packet is upper bound. For that matter, increasing the number of authentication symbols required to achieve this level of security can have two negative effects on the efficiency of a network. Firstly, consider a case where the combined number of symbols needed to represent the packet payload and its authentication vector(s) is smaller than the maximum allowed network packet size. The extra appended authentication tags increase the size of the packet which results in extra communication overhead. Alternatively, the combined number of symbols needed to represent the packet payload and its authentication vector(s) could be larger than the maximum allowed packet size. In this case, messages will have to be truncated and sent via several packets. This results in a reduction in the throughput of the network. Overall, this forms a major constraint with respect to the practicality of implementing HMAC-based message/data and tag pollution immune schemes. A crucial requirement that has so far been neglected by the research community.
In this paper we propose a c-collusion resistant, network coding authentication scheme that is both message/data and tag pollution resistant. The concepts applied in our work are closely related to those presented in [13] and [27]. Hence, we shall be using two sets of homomorphic sub space tags as well as a homomorphic signature. We also introduce the concept of the Admissible Payload Rate (APR). A value that helps to determine how efficient an authentication scheme is with respect to its throughput and communication overhead. Also, the APR helps determine the maximum allowed packet payload size of an authentication scheme based on some underlying parameters. The main goal of this paper and hence the motivation for our work is to reduce the communication overhead and increase the APR of the proposed scheme. We achieve this by reducing the actual number of symbols required to represent the packet payload and its authentication parameters. We evaluate the performance of the proposed scheme with respect to its computational complexity, key storage overhead, communication overhead, and the APR. Finally, we compare our findings to three current state of the art schemes [12], [13], [14] and discuss our results. To the best of our knowledge, our work is the first to consider APR and its effect on the practicality of HMAC and homomorphic signature-based message/data and tag pollution resistant schemes for network coding.
The rest of this paper is organized as follows. In Section 2 we briefly introduce the concept of random linear network coding, discuss pollution attacks and introduce the APR. Section 3 contains the related works and Section 4 describes in detail the proposed authentication scheme and its concrete construction. In Section 5 we evaluate and compare the performance of our scheme to the HMAC-based authentication schemes introduced in [12], [13], [14]. We also present a summary of our findings in the same section. Section 6 concludes this paper.
Section snippets
Preliminaries
In this section we briefly explain the concept of random linear network coding. This is the network model of choice for implementing the scheme proposed. We then describe the threat model in which we explain the possible authentication security threats that can be faced by the proposed scheme. Finally, we present a formal definition for the APR and explain with an example its importance in determining the efficiency and practicality of an HMAC-based authentication scheme.
We begin by defining
Related works
In this section we present an introduction to the work done so far in the field of security and authentication in network coding. We begin with a brief description of general security threats and then proceed to pollution attacks.
Bandwidth efficient HMAC-based authentication scheme for network coding
In this section we present the proposed bandwidth efficient HMAC-based authentication scheme for network coding. This scheme uses two kinds of homomorphic message authentication tags namely the MACs and D-MACs as described in the previous section. The MAC tags authenticate the packet payload content whilst the D-MAC tags authenticate the MAC tags. In order to achieve a hundred percent Tag pollution resistance without compromising the extra security introduced by the key distribution protocol.
Discussion and results
In this section we first of all discuss the security of the proposed scheme. We discuss the probability of an adversary successfully launching chosen plaintext attacks in the form of data and tag pollution. First without and then whilst colluding with other nodes, respectively. We then evaluate and compare the performance of the proposed scheme with the performance of the Dual HMAC scheme proposed in [12], the Enhanced HMAC scheme proposed in [13], and the Enhanced block chain scheme for 5G
Conclusion and future work
In this paper we presented a bandwidth efficient HMAC-based authentication scheme for network coding that is both tag and data pollution resistant. Our scheme uses two sets of homomorphic tags and a homomorphic signature appended to the packet payload to prevent data and tag pollution. It incurs a much lower communication cost as compared to similar state of the art schemes without sacrificing security. By reducing the total number of symbols required to represent the message packet, we were
CRediT authorship contribution statement
Tandoh Lawrence: Conceptualization, Methodology, Formal analysis, Project administration, Investigation, Writing - original draft, Visualization, Writing - review & editing. Ikram Ali: Validation, Writing - review & editing. Tandoh Christopher: Validation, Writing - review & editing. Fagen Li: Resources, Writing - review & editing, Supervision, Funding acquisition, Project administration.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgment
This works is supported by the National Natural Science Foundation of China under Grant No. 61872058, Industry University Research of Jiansu Province under Grant No. BY2019161, and the Natural Science Research in Colleges and Universities of Jiansu Province under Grant No. 19KJB510020.
References (39)
- et al.
Survey of network coding-aware routing protocols in wireless networks
J Netw Comput Appl
(2011) - et al.
Network information flow
IEEE Trans Inf Theory
(2000) RandOm graphs
(1998)- et al.
A random linear network coding approach to multicast
IEEE Trans Inform Theory
(2006) - et al.
Network coding for large scale content distribution
- et al.
Trading structure for randomness in wireless opportunistic routing
SIGCOMM Comput Commun Rev
(2007) - et al.
Ubiquitous access to distributed data in large-scale sensor networks through decentralized erasure codes
- et al.
Avalanche: File swarming with network coding
Microsoft Res
(2005) - et al.
The importance of being opportunistic: practical network coding for wireless environments
- et al.
Information exchange in wireless networks with network coding and physical-layer broadcastReport, MSR-TR-2004
(2005)
Dual-homomorphic message authentication code scheme for network coding-enabled wireless sensor networks
Int J Distrib Sens Netw
An efficient homomorphic MAC-based scheme against data and tag pollution attacks in network coding-enabled wireless networks
Int J Inf Secur
On blockchain enhanced secure network coding for 5g deployments
On counteracting byzantine attacks in network coded peer-to-peer networks
IEEE J Sel Areas Commun
Resilient network coding in the presence of byzantine adversaries
Byzantine modification detection in multicast networks with random network coding
IEEE Trans Inform Theory
Null keys: Limiting malicious attacks via null space properties of network coding
Orthogonal vector based network coding against pollution attacks in n-layer combination networks
Cited by (3)
An HMAC-based authentication scheme for network coding with support for error correction and rogue node identification
2021, Journal of Systems ArchitectureCitation Excerpt :However, both of the schemes proposed in [22,23] incurred a rather large communication overhead which resulted from the need to use two sets of HMAC tags. To address this issue, a bandwidth efficient version of the schemes proposed by Esfahani et al. was proposed in [31] by Tandoh et al. This scheme achieved a significant reduction in communication overhead by reducing the size of the network packet to a single HMAC tag vector and an HCS.
Investigation into the Reliability and Encryption Performance of Wireless Signal Transmission by Network Coding Combined with Blockchain in Natural Disaster Scenarios
2022, Wireless Communications and Mobile ComputingStudy of Secure Network Coding Enabled Mobile Small Cells
2021, IEEE International Conference on Communications