skip to main content
research-article

Practical defenses against pollution attacks in wireless network coding

Published: 06 June 2011 Publication History

Abstract

Recent studies have shown that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability.
In this article, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions are impractical in wireless networks, incurring an unacceptable high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. We also propose efficient attacker identification schemes for both DART and EDART that enable quick attacker isolation and the selection of attacker-free paths, achieving additional performance improvement. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low (less than 0.002% in typical settings). Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared with previous solutions.

References

[1]
Agrawal, S. and Boneh, D. 2009. Homomorphic Macs: Mac-based integrity for network coding. In Proceedings of the International Conference on Applied Cryptography and Network Security.
[2]
Aguayo, D., Bicket, J., Biswas, S., Judd, G., and Morris, R. 2004. Link-level measurements from an 802.11b mesh network. SIGCOMM Comp. Comm. Rev. 34, 4, 121--132.
[3]
Ahlswede, R., Cai, N., Li, S.-Y., and Yeung, R. 2000. Network information flow. IEEE Trans. Inform. Theor. 46, 4, 1204--1216.
[4]
Awerbuch, B., Curtmola, R., Holmer, D., Nita-Rotaru, C., and Rubens, H. 2008. ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks. In ACM Trans. Info. Syst. Sec. 10, 4, Article 6.
[5]
Bicket, J., Aguayo, D., Biswas, S., and Morris, R. 2005. Architecture and evaluation of an unplanned 802.11b mesh network. In Proceedings of the ACM International Conference on Mobile Computing Networking.
[6]
Biswas, S. and Morris, R. 2004. Opportunistic routing in multi-hop wireless networks. SIGCOMM Comp. Comm. Rev. 34, 1, 69--74.
[7]
Boneh, D., Freeman, D., Katz, J., and Waters, B. 2009. Signing a linear subspace: Signature schemes for network coding. In Proceedings of the International Conference on Public Key Cryptography.
[8]
Chachulski, S., Jennings, M., Katti, S., and Katabi, D. 2007. Trading structure for randomness in wireless opportunistic routing. In Proceedings of the ACM SIGCOMM Data Communications Festival.
[9]
Charles, D., Jain, K., and Lauter, K. 2006. Signatures for network coding. In Proceedings of the Annual Conference on Information Sciences and Systems.
[10]
Chou, P. and Wu, Y. 2007. Network coding for the Internet and wireless networks. IEEE Signal Process Mag. 24, 77--85.
[11]
Chou, Y. W. P. A. and Kung, S.-Y. 2005. Minimum-energy multicast in mobile ad hoc networks using network coding. IEEE Trans. Comm. 53, 11, 1906--1918.
[12]
Couto, D. S. J. D., Aguayo, D., Bicket, J., and Morris, R. 2003. A high-throughput path metric for multi-hop wireless routing. In Proceedings of the ACM Annual Conference on Mobile Computing and Networking.
[13]
Cui, T., Chen, L., and Ho, T. 2008. Energy efficient opportunistic network coding for wireless networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[14]
Dana, A. F., Gowaikar, R., Palanki, R., Hassibi, B., and Effros, M. 2006. Capacity of wireless erasure networks. IEEE Trans. Inform. Theor. 52, 3, 789--804.
[15]
Deb, S. and Medard, M. 2006. Algebraic gossip: A network coding approach to optimal multiple rumor mongering. IEEE Trans. Inform. Theor. 52, 6, 2486--2507.
[16]
Dimakis, A. G., Godfrey, P. B., Wainwright, M. J., and Ramchandran, K. 2007. The benefits of network coding for peer-to-peer storage systems. In Proceedings of the Workshop on Network Coding, Theory, and Applications.
[17]
Dong, J., Curtmola, R., and Nita-Rotaru, C. 2009. Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks. In Proceedings of the 2nd ACM Conference on Wireless Network Security.
[18]
Dong, J., Curtmola, R., Sethi, R., and Nita-Rotaru, C. 2008. Toward secure network coding in wireless networks: Threats and challenges. In Proceedings of the Fourth Workshop on Secure Network Protocols.
[19]
Effros, M., Ho, T., and Kim, S. 2006. A tiling approach to network code design for wireless networks. In Proceedings of the IEEE Information Theory Workshop.
[20]
Fragouli, C. and Markopoulou, A. 2005. A network coding approach to overlay network monitoring. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.
[21]
Fragouli, C. and Markopoulou, A. 2006. Network coding techniques for network monitoring: A brief introduction. In Proceedings of the International Zurich Seminar on Communications.
[22]
Fragouli, C., Widmer, J., and Le Boudec, J.-Y. 2006. A network coding approach to energy efficient broadcasting: From theory to practice. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[23]
Gkantsidis, C. and Rodriguez, P. 2005. Network coding for large scale content distribution. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[24]
Gkantsidis, C. and Rodriguez, P. 2006. Cooperative security for network coding file distribution. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[25]
Guerrero Zapata, M. and Asokan, N. 2002. Securing Ad hoc Routing Protocols. In Proceedings of the ACM Workshop on Wireless Security (WiSe02). 1--10.
[26]
Ho, T. 2006. On constructive network coding for multiple unicasts. In Proceedings of the Annual Allrton Conference on Communication Control and Computing.
[27]
Ho, T., Leong, B., Chang, Y.-H., Wen, Y., and Koetter, R. 2005. Network monitoring in multicast networks using network coding. In Proceedings of the IEEE International Symposium on Information Theory.
[28]
Ho, T., Leong, B., Koetter, R., Medard, M., Effros, M., and Karger, D. 2004. Byzantine modification detection in multicast networks using randomized network coding. In Proceedings of the IEEE International Symposium on Information Theory.
[29]
Hou, I.-H., Tsai, Y.-E., Abdelzaher, T., and Gupta, I. 2008. Adapcode: Adaptive network coding for code updates in wireless sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[30]
Hu, Y.-C., Perrig, A., and Johnson, D. B. 2002. Ariadne: A secure on-demand routing protocol for ad hoc networks. In Proceedings of the ACM Annual International Conference on Mobile Computing Networking.
[31]
Jaggi, S., Langberg, M., Katti, S., Ho, T., Katabi, D., and Medard, M. 2007. Resilient network coding in the presence of byzantine adversaries. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[32]
Jain, K. 2005. On the power (saving) of network coding. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.
[33]
Jin, J., Ho, T., and Viswanathan, H. 2006. Comparison of network coding and non-network coding schemes for multi-hop wireless networks. In Proceedings of the IEEE International Symposium on Information Theory.
[34]
Katti, S., Kabati, D., Hu, W., Rahul, H., and Medard, M. 2005. The importance of being opportunistic: Practical network coding for wireless environments. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.
[35]
Katti, S., Rahul, H., Hu, W., Katabi, D., Médard, M., and Crowcroft, J. 2006. Xors in the air: practical wireless network coding. SIGCOMM Comp. Comm. Rev. 36, 4, 243--254.
[36]
Kehdi, E. and Li, B. 2009. Null keys: Limiting malicious attacks via null space properties of network coding. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[37]
Krohn, M., Freedman, M., and Mazieres, D. 2004. On-the-fly verification of rateless erasure codes for efficient content distribution. In Proceedings of the IEEE Symposium on Security and Privacy.
[38]
Li, L., Ramjee, R., Buddhikot, M., and Miller, S. 2007. Network coding-based broadcast in mobile ad-hoc networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[39]
Li, Q., Chiu, D.-M., and Lui, J. Nov. 2006. On the practical and security issues of batch content distribution via network coding. In Proceedings of the IEEE International Conference on Network Protocols.
[40]
Lin, Y., Li, B., and Liang, B. 2008. Efficient network coded data transmissions in disruption tolerant networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[41]
Lun, D. S., Médard, M., Koetter, R., and Effros, M. 2005a. Further results on coding for reliable communication over packet networks. In Proceedings of the IEEE International Symposium on Information Theory.
[42]
Lun, D. S., Ratnakar, N., Koetter, R., edard, M. M., Ahmed, E., and Lee, H. 2005b. Achieving minimum cost multicast: A decentralized approach based on network coding. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[43]
Médard, M., Effros, M., Ho, T., and Karger, D. R. 2003. On coding for non-multicast networks. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.
[44]
Park, J.-S., Gerla, M., Lun, D. S., Yi, Y., and Medard, M. 2006. Codecast: A network-coding-based ad hoc multicast protocol. IEEE Wireless Comm. 13, 5, 76--81.
[45]
Perrig, A., Canetti, R., Tygar, J. D., and Song, D. 2002a. The TESLA broadcast authentication protocol. RSA CryptoBytes 5, 2, 2--13.
[46]
Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., and Culler, D. E. 2002b. Spins: security protocols for sensor networks. Wireless Netw. 8, 5.
[47]
Radunovic, B., Gkantsidis, C., P. Key, S. G., Hu, W., and Rodriguez, P. March 2007. Multipath code casting for wireless mesh networks. Tech. rep. MSR-TR-2007-68. Microsoft Research, Redmond, WA.
[48]
Sun, K., Ning, P., and Wang, C. 2006a. Secure and resilient clock synchronization in wireless sensor networks. IEEE J. Select. Areas. Comm. 24, 2.
[49]
Sun, K., Ning, P., and Wang, C. 2006b. Tinysersync: secure and resilient time synchronization in wireless sensor networks. In Proceedings of the ACM Conference on Computer and Communcations Security.
[50]
Traskov, D., Ratnakar, N., Lun, D. S., Koetter, R., and Médard, M. 2006. Network coding for multiple unicasts: An approach based on linear optimization. In Proceedings of the IEEE International Symposium on Information Theory.
[51]
Wang, D., Silva, D., and Kschischang, F. R. 2007. Constricting the adversary: A broadcast transformation for network coding. In Proceedings of the Annual Allerton Conference on Communication Control and Computing.
[52]
Widmer, J. and Boudec, J.-Y. L. 2005. Network coding for efficient communication in extreme networks. In Proceedings of the ACM SIGCOMM Workshops on Delay-Tolerent Networking.
[53]
Widmer, J., Fragouli, C., and Boudec, J.-Y. L. 2005. Energy-efficient broadcasting in wireless ad-hoc networks. In Proceedings of the IEEE International Sympossium on Network Coding.
[54]
Yu, Z., Wei, Y., Ramkumar, B., and Guan, Y. 2008. An efficient signature-based scheme for securing network coding against pollution attacks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies.
[55]
Zhao, F., Kalker, T., Medard, M., and Han, K. 2007. Signatures for content distribution with network coding. In Proceedings of the IEEE Internation Symposium on International Theory.

Cited By

View all
  • (2025)Secure Network Coding for Wireless Mesh NetworksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_58(2246-2251)Online publication date: 8-Jan-2025
  • (2021)Secure Network Coding for Wireless Mesh NetworksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_58-2(1-6)Online publication date: 26-Jan-2021
  • (2021)Security for UDNs: A Step Toward 6GEnabling 6G Mobile Networks10.1007/978-3-030-74648-3_5(167-201)Online publication date: 6-Nov-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security
ACM Transactions on Information and System Security  Volume 14, Issue 1
May 2011
366 pages
ISSN:1094-9224
EISSN:1557-7406
DOI:10.1145/1952982
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2011
Accepted: 01 September 2010
Revised: 01 June 2010
Received: 01 September 2009
Published in TISSEC Volume 14, Issue 1

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Network coding
  2. network coding security
  3. pollution attacks
  4. security
  5. wireless network security

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)5
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Secure Network Coding for Wireless Mesh NetworksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_58(2246-2251)Online publication date: 8-Jan-2025
  • (2021)Secure Network Coding for Wireless Mesh NetworksEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_58-2(1-6)Online publication date: 26-Jan-2021
  • (2021)Security for UDNs: A Step Toward 6GEnabling 6G Mobile Networks10.1007/978-3-030-74648-3_5(167-201)Online publication date: 6-Nov-2021
  • (2020) Defending pollution attacks in network coding enabled wireless ad hoc networks: a game‐theoretic framework IET Communications10.1049/iet-com.2019.137214:19(3324-3333)Online publication date: 6-Nov-2020
  • (2020)Universal Resource Allocation Framework for Preventing Pollution Attacks in Network-Coded Wireless Mesh NetworksAd Hoc Networks10.1016/j.adhoc.2020.102073(102073)Online publication date: Jan-2020
  • (2018)On the RKA Security of the Standard-Model-Based BFKW Network Coding Signature SchemeIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.E101.A.2477E101.A:12(2477-2480)Online publication date: 1-Dec-2018
  • (2018)Smartphone-Assisted Over-Air Reprogramming Based on Visible Light Communication2018 14th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN)10.1109/MSN.2018.00025(109-114)Online publication date: Dec-2018
  • (2018)Study on Security Technology of Internet of Things Based on Network Coding2018 IEEE Third International Conference on Data Science in Cyberspace (DSC)10.1109/DSC.2018.00057(353-357)Online publication date: Jun-2018
  • (2018)An Efficient Scheme to Detect Evil Twin Rogue Access Point Attack in 802.11 Wi-Fi NetworksInternational Journal of Wireless Information Networks10.1007/s10776-018-0396-125:2(130-145)Online publication date: 29-Mar-2018
  • (2018)Secure Network Coding for SDN-Based Mobile Small CellsBroadband Communications, Networks, and Systems10.1007/978-3-030-05195-2_34(347-356)Online publication date: 30-Dec-2018
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media