skip to main content
10.1145/1514274.1514292acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks

Published: 16 March 2009 Publication History

Abstract

Recent studies show that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a \emph{pollution attack}, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability.
In this paper, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions to the problem are impractical in wireless networks, incurring an unacceptably high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low. Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared to previous solutions.

References

[1]
R. Ahlswede, N. Cai, S.-Y. Li, and R. Yeung, "Network information flow," Information Theory, IEEE Transactions on, vol. 46, no. 4, pp. 1204--1216, 2000.
[2]
S. Katti, D. Kabati, W. Hu, H. Rahul, and M. Medard, "The importance of being opportunistic: Practical network coding for wireless environments," in In Proc. of Allerton Conf. on Commun. Control and Computing, Oct. 2005.
[3]
S. Chachulski, M. Jennings, S. Katti, and D. Katabi, "Trading structure for randomness in wireless opportunistic routing," SIGCOMM Comput. Commun. Rev., vol. 37, no. 4, pp. 169--180, 2007.
[4]
C. Gkantsidis and P. Rodriguez, "Network coding for large scale content distribution," in In Proc. IEEE Infocom, Mar. 2005.
[5]
A. G. Dimakis, P. B. Godfrey, M. J. Wainwright, and K. Ramchandran, "The benefits of network coding for peer-to-peer storage systems," in Third Workshop on Network Coding, Theory, and Applications, 2007.
[6]
C.Fragouli and A.Markopoulou, "A network coding approach to overlay network monitoring," in Allerton 2005.
[7]
C. Fragouli and A. Markopoulou, "Network coding techniques for network monitoring: a brief introduction," in Intl Zurich Seminar on Commun., 2006.
[8]
T. Ho, B. Leong, Y.-H. Chang, Y. Wen, and R. Koetter, "Network monitoring in multicast networks using network coding," in ISIT, 2005.
[9]
M. Effros, T. Ho, and S. Kim, "A tiling approach to network code design for wireless networks," in IEEE Information Theory Workshop, 2006.
[10]
J. Jin, T. Ho, and H. Viswanathan, "Comparison of network coding and non-network coding schemes for multi-hop wireless networks," in ISIT 2006.
[11]
A. F. Dana, R. Gowaikar, R. Palanki, B. Hassibi, and M. Effros, "Capacity of wireless erasure networks," IEEE Trans. on Information Theory, vol. 52, 2006.
[12]
S. Deb and M. Medard, "Algebraic gossip: A network coding approach to optimal multiple rumor mongering," IEEE Trans. on Info. Theory, 2006.
[13]
J. Widmer and J.-Y. L. Boudec, "Network coding for efficient communication in extreme networks," in WDTN 2005.
[14]
D. S. Lun, M. Médard, R. Koetter, and M. Effros, "Further results on coding for reliable communication over packet networks," in ISIT, 2005.
[15]
Y. W. P. A. Chou and S.-Y. Kung, "Minimum-energy multicast in mobile ad hoc networks using network coding," IEEE Transactions on Communications, 2005.
[16]
D. S. Lun, N. Ratnakar, R. Koetter, M. M. edard, E. Ahmed, and H. Lee, "Achieving minimum cost multicast: A decentralized approach based on network coding," in Proceeding of IEEE Infocom, 2005.
[17]
J. Widmer, C. Fragouli, and J.-Y. L. Boudec, "Energy-efficient broadcasting in wireless ad-hoc networks," in Netcod 2005, Italy, April 2005.
[18]
K. Jain, "On the power (saving) of network coding," in Allerton, 2005.
[19]
T. Ho, "On constructive network coding for multiple unicasts," in 44th annual Allerton Conference on Communication, Control and Computing, 2006.
[20]
D. Traskov, N. Ratnakar, D. S. Lun, R. Koetter, and M. Médard, "Network coding for multiple unicasts: An approach based on linear optimization," in Proceedings of the International Symposium on Information Theory, 2006.
[21]
S. Katti, H. Rahul, W. Hu, D. Katabi, M. Médard, and J. Crowcroft, "Xors in the air: practical wireless network coding," SIGCOMM Comput. Commun. Rev., vol. 36, no. 4, pp. 243--254, 2006.
[22]
B. Radunovic, C. Gkantsidis, S. G. P. Key, W. Hu, and P. Rodriguez, "Multipath code casting for wireless mesh networks," Microsoft Research, Technical Report MSR-TR-2007-68, March 2007.
[23]
J.-S. Park, M. Gerla, D. S. Lun, Y. Yi, and M. Medard, "Codecast: a network-coding-based ad hoc multicast protocol," IEEE Wireless Comm., 2006.
[24]
M. Médard, M. Effros, T. Ho, and D. R. Karger, "On coding for non-multicast networks," in Allerton, 2003.
[25]
I.-H. Hou, Y.-E. Tsai, T. Abdelzaher, and I. Gupta, "Adapcode: Adaptive network coding for code updates in wireless sensor networks," in INFOCOM, 2008.
[26]
L. Li, R. Ramjee, M. Buddhikot, and S. Miller, "Network coding-based broadcast in mobile ad-hoc networks," Proc. of INFOCOM 2007.
[27]
C. Fragouli, J. Widmer, and J.-Y. Le Boudec, "A network coding approach to energy efficient broadcasting: From theory to practice," INFOCOM 2006.
[28]
J. Dong, R. Curtmola, R. Sethi, and C. Nita-Rotaru, "Toward secure network coding in wireless networks: Threats and challenges," in NPSec, 2008.
[29]
D. Charles, K. Jain, and K. Lauter, "Signatures for network coding," 40th Annual Conference on Information Sciences and Systems, 2006.
[30]
Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, "An efficient signature-based scheme for securing network coding against pollution attacks," in Proceedings of INFOCOM 08, Phoenix, AZ, April 2008.
[31]
F. Zhao, T. Kalker, M. Medard, and K. Han, "Signatures for content distribution with network coding," ISIT 2007.
[32]
Q. Li, D.-M. Chiu, and J. Lui, "On the practical and security issues of batch content distribution via network coding," Proc. of ICNP '06, Nov. 2006.
[33]
M. Krohn, M. Freedman, and D. Mazieres, "On-the-fly verification of rateless erasure codes for efficient content distribution," Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, pp. 226--240, 9-12 May 2004.
[34]
C. Gkantsidis and P. Rodriguez Rodriguez, "Cooperative security for network coding file distribution," Proc. of INFOCOM 2006.
[35]
T. Ho, B. Leong, R. Koetter, M. Medard, M. Effros, and D. Karger, "Byzantine modification detection in multicast networks using randomized network coding," ISIT 2004.
[36]
S. Jaggi, M. Langberg, S. Katti, T. Ho, D. Katabi, and M. Medard, "Resilient network coding in the presence of byzantine adversaries," INFOCOM 2007.
[37]
D. Wang, D. Silva, and F. R. Kschischang, "Constricting the adversary: A broadcast transformation for network coding," Allerton 2007, 2007.
[38]
"MIT roofnet." http://pdos.csail.mit.edu/roofnet/doku.php.
[39]
D. Boneh, D. Freeman, J. Katz, and B. Waters, "Signing a linear subspace: Signature schemes for network coding," in Proc. of PKC '09, 2009.
[40]
D. Silva, F. Kschischang, and R. Koetter, "A rank-metric approach to error control in random network coding," IEEE Inf. Theory for Wireless Ntwks, 2007.
[41]
R. Koetter and F. R. Kschischang, "Coding for errors and erasures in random network coding," Information Theory, IEEE Transactions on, 2008.
[42]
R. W. Yeung and N. Cai, "Network error correction, part i: basic concepts and upper bounds," Commun. Inf. Syst., vol. 6, no. 1, pp. 19--36, 2006.
[43]
N. Cai and R. W. Yeung, "Network error correction, part ii: lower bounds," Commun. Inf. Syst., vol. 6, no. 1, pp. 37--54, 2006.
[44]
P. Chou and Y. Wu, "Network coding for the internet and wireless networks," Signal Processing Magazine, IEEE, vol. 24, no. 5, pp. 77--85, Sept. 2007.
[45]
Y. Lin, B. Li, and B. Liang, "Efficient network coded data transmissions in disruption tolerant networks," in Proc. of INFOCOM 2008.
[46]
T. Cui, L. Chen, and T. Ho, "Energy efficient opportunistic network coding for wireless networks," in Proceedings of INFOCOM 08, Phoenix, AZ, April 2008.
[47]
A. Perrig, R. Canetti, J. D. Tygar, and D. Song, "The TESLA broadcast authentication protocol," RSA CryptoBytes, vol. 5, no. Summer, 2002.
[48]
A. Perrig, R. Canetti, D. Song, and D. Tygar, "Efficient and secure source authentication for multicast," in Proc. of NDSS '01, 2001.
[49]
A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler, "Spins: security protocols for sensor networks," Wireless Networks, vol. 8, no. 5, 2002.
[50]
K. Sun, P. Ning, and C. Wang, "Secure and resilient clock synchronization in wireless sensor networks," JSAC, vol. 24, no. 2, Feb. 2006.
[51]
J. Dong, R. Curtmola, and C. Nita-Rotaru, "Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks," Purdue University, Technical Report, 2009.
[52]
D. S. J. D. Couto, D. Aguayo, J. Bicket, and R. Morris, "A high-throughput path metric for multi-hop wireless routing," in Proc. of ACM MobiCom 2003.
[53]
D. Aguayo, J. Bicket, S. Biswas, G. Judd, and R. Morris, "Link-level measurements from an 802.11b mesh network," SIGCOMM Comput. Commun. Rev., vol. 34, no. 4, pp. 121--132, 2004.
[54]
J. Bicket, D. Aguayo, S. Biswas, and R. Morris, "Architecture and evaluation of an unplanned 802.11b mesh network," in Proc. of ACM MobiCom 2005.
[55]
S. Biswas and R. Morris, "Opportunistic routing in multi-hop wireless networks," SIGCOMM Comput. Commun. Rev., vol. 34, no. 1, pp. 69--74, 2004.
[56]
"Glomosim," http://pcl.cs.ucla.edu/projects/glomosim/.
[57]
K. Sun, P. Ning, and C. Wang, "Tinysersync: secure and resilient time synchronization in wireless sensor networks," in Proc. of ACM CCS 2006.
[58]
Digital Signature Standard (DSS). National Institute for Standards and Technology (NIST), 2006, no. FIPS 186-3.

Cited By

View all
  • (2025)Secure Network Coding for Wireless Mesh NetworksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_58(2246-2251)Online publication date: 8-Jan-2025
  • (2025)Security of Wireless Mesh Networks (General Overview)Encyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_56(2326-2331)Online publication date: 8-Jan-2025
  • (2023)JaX: Detecting and Cancelling High-power Jammers Using Convolutional Neural NetworkProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3590178(293-304)Online publication date: 29-May-2023
  • Show More Cited By

Index Terms

  1. Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        WiSec '09: Proceedings of the second ACM conference on Wireless network security
        March 2009
        280 pages
        ISBN:9781605584607
        DOI:10.1145/1514274
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 16 March 2009

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. network coding
        2. network coding security
        3. pollution attacks
        4. security
        5. wireless network security

        Qualifiers

        • Research-article

        Conference

        WISEC '09
        Sponsor:

        Acceptance Rates

        Overall Acceptance Rate 98 of 338 submissions, 29%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)3
        • Downloads (Last 6 weeks)0
        Reflects downloads up to 20 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2025)Secure Network Coding for Wireless Mesh NetworksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_58(2246-2251)Online publication date: 8-Jan-2025
        • (2025)Security of Wireless Mesh Networks (General Overview)Encyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_56(2326-2331)Online publication date: 8-Jan-2025
        • (2023)JaX: Detecting and Cancelling High-power Jammers Using Convolutional Neural NetworkProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3590178(293-304)Online publication date: 29-May-2023
        • (2021)Secure Network Coding for Wireless Mesh NetworksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_58-2(1-6)Online publication date: 26-Jan-2021
        • (2021)Security of Wireless Mesh Networks (General Overview)Encyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_56-2(1-6)Online publication date: 9-Jan-2021
        • (2018)On the Performance of the Cache Coding ProtocolInformation10.3390/info90300629:3(62)Online publication date: 10-Mar-2018
        • (2018)Authenticated Network Coding for Software-Defined Named Data Networking2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)10.1109/AINA.2018.00160(1115-1122)Online publication date: May-2018
        • (2017)Towards authenticated network coding for named data networking2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)10.23919/SOFTCOM.2017.8115565(1-6)Online publication date: Sep-2017
        • (2017)Information-centric networking with built-in network coding to achieve multisource transmission at network-layerComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2015.05.009115:C(110-128)Online publication date: 14-Mar-2017
        • (2016)Secure DSR Routing Protocol Based on Homomorphic Digital SignatureProceedings of the International Conference on Advances in Information Communication Technology & Computing10.1145/2979779.2979863(1-5)Online publication date: 12-Aug-2016
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media