Practical defenses against pollution attacks in wireless network coding

Q Engineering

ACM Transactions on Information and System Security Pub Date : 2011-05-01 DOI:10.1145/1952982.1952989

Jing Dong, Reza Curtmola, C. Nita-Rotaru

{"title":"Practical defenses against pollution attacks in wireless network coding","authors":"Jing Dong, Reza Curtmola, C. Nita-Rotaru","doi":"10.1145/1952982.1952989","DOIUrl":null,"url":null,"abstract":"Recent studies have shown that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability.\n In this article, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions are impractical in wireless networks, incurring an unacceptable high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. We also propose efficient attacker identification schemes for both DART and EDART that enable quick attacker isolation and the selection of attacker-free paths, achieving additional performance improvement. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low (less than 0.002% in typical settings). Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared with previous solutions.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1952982.1952989","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 42

Abstract

Recent studies have shown that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability. In this article, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions are impractical in wireless networks, incurring an unacceptable high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. We also propose efficient attacker identification schemes for both DART and EDART that enable quick attacker isolation and the selection of attacker-free paths, achieving additional performance improvement. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low (less than 0.002% in typical settings). Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared with previous solutions.

查看原文本刊更多论文

无线网络编码中对污染攻击的实用防御

最近的研究表明，网络编码可以为网络协议提供显著的好处，例如增加吞吐量、减少网络拥塞、提高可靠性和降低功耗。网络编码的核心原理是中间节点主动混合输入报文产生输出报文。这种混合使网络编码系统面临严重的安全威胁，称为污染攻击，攻击者节点将损坏的数据包注入网络。损坏的数据包以流行病的方式传播，耗尽网络资源并显着降低吞吐量。污染攻击在无线网络中尤其危险，由于网络脆弱性的增加，攻击者可以很容易地注入数据包或破坏设备。在本文中，我们讨论了无线网状网络中针对网络编码系统的污染攻击。我们证明了以前的解决方案在无线网络中是不切实际的，会导致吞吐量的不可接受的高退化。我们提出了一种轻量级方案，DART，它使用基于时间的身份验证与随机线性转换相结合来防御污染攻击。我们进一步提高了系统性能，并提出了EDART，它通过乐观转发方案增强了DART。我们还为DART和EDART提出了有效的攻击者识别方案，可以快速隔离攻击者并选择无攻击者的路径，从而实现额外的性能改进。详细的安全性分析表明，受污染的数据包通过我们的验证程序的概率非常低(在典型设置中小于0.002%)。使用知名的MORE协议和来自Roofnet实验测试平台的实际链路质量测量的性能结果表明，我们的方案与以前的解决方案相比，系统性能提高了20倍以上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Information and System Security 工程技术-计算机：信息系统

CiteScore

4.50

自引率

0.00%

发文量

审稿时长

3.3 months

期刊介绍： ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.