Jing Dong

1
Practical Defenses Against Pollution Attacks in
Intra-Flow Network Coding for Wireless Mesh
Networks

• Jing Dong
• Purdue University

Reza Curtmola New Jersey Institute of Technology

• Cristina Nita-Rotaru
• Purdue University

ACM WiSec 2009
2
Network Coding

• A new paradigm for designing network protocols
• Key principle packet mixing at intermediate
  nodes
• Numerous practical systems
• Wireless unicast, multicast, broadcast, P2P
• Higher throughput, reliability, robustness,
  energy efficiency

f( , , )
A
A
Traditional routing
Network coding
3
Network Coding for Wireless Networks

• Intra-flow Coding mix packets within the same
  flow

Plain packets p1, p2, pn Coded packet (c, e)
e c1p1 c2p2 cnpn

• Buffer overheard coded packets
• Broadcast new coded packets

Forwarder nodes

• Divide plain packets into generations
• Broadcast coded packets

A
D
G
Source node
S
E
R
B
Plain packets
H


Receiver node
F
C

• Buffer coded packets
• Decode packets
• Send ACK to source

Generation p1, p2, pn
4
Pollution Attacks

• Attackers inject corrupted packets

Forwarder nodes
A
D
G
Source node
S
B
R
E
H


Receiver node
C

F
Generation p1, p2, pn
Epidemic attack propagation!
5
Defense Challenges

• Only mixed packets are forwarded in the network
• Traditional digital signatures or hashes do not
  work!
• They can only verify plain packets
• Computing and disseminating signatures for all
  possible combinations is prohibitive in cost
• One needs a signature or hash scheme with the
  homomorphic property with respect to linear
  combinations

6
Related Work

• Cryptographic approaches
• Homomorphic digital signatures or hash functions
• Too expensive computationally
• Information theoretic approaches
• Coding redundant information
• Low achievable throughput
• Network error correction coding
• Using error correction coding techniques
• Limited error correction capability, unsuitable
  for adversarial environment

7
Our Approach

• Homomorphic checksum
• Based on lightweight random linear
  transformations
• Not pre-image or collision resistant!
• Time asymmetry in checksum verification for
  security
• A packet is only verified against a checksum that
  is created after the packet is received

CS1
p received by B
CS1 created
time
t2
t4
A
t1
t3
B
CS1 received by A
CS2 created
CS2
8
DART and EDART

• DART
• Packets are buffered for checksum verification
• Only verified packets are used to form new
  packets for forwarding
• Polluted packets are dropped at first hop,
  eliminating epidemic propagation
• EDART
• Improves performance with optimistic forwarding

9
Checksum Computation
G

• pi (pi1, pi2, , pim)T, pij?Fq
  
• G p1, p2,, pn
• Correct coded packet (c, e)
• Checksum computation
• Compute Hs a random b?n matrix from a seed s
• CHKs(G) HsG

pi
pij

e c1p1c2p2cnpn Gc
10
Checksum Verification

• Individual packet verification
• Given a coded packet (c, e), CHKs(G), s
• Check
• CHKs(G)c Hse
• Why?
• CHKs(G)c (HsG)c Hs(Gc) Hse
• Batch packet verification
• Given a set of coded packets (c1, e1), , (ck,
  ek)
• Compute (c, e) as a random linear combination of
  the packets in the set
• Verify (c, e) as in individual packet
  verification
• If fail, use a technique similar to binary search
  to find the polluted packets

?
11
DART

• Source node
• Periodically disseminate a signed random checksum
  (CHKs(G), s, t) for the current generation
• Forwarder nodes
• Buffer overheard coded packets, record receive
  time
• On receiving a checksum (CHKs(G), s, t), use it
  to verify packets whose receive time is before t
• Discard packets that fail the verification

12
Security of DART

• Checksums are signed ? attackers cannot inject
  corrupted checksum
• Attacker can only inject corrupted data packets
• Theorems
• The probability that a polluted packet can pass
  the checksum verification is 1/qb
• In batch verification, the probability that a
  polluted packet passes w independent batch
  verification is 1/qb 1/qw
• Example q 256, b 2
• 1 in 65536 polluted packets can pass first hop
  neighbor
• 1 in over 4 billion polluted packets can pass
  second hop neighbor

13
EDART

• DART delays packets for verification, increasing
  latency
• Ideally,
• Delay corrupted packets for verifying
• Forward correct packets without delay
• But,
• We do not know which packets are correct and
  which arent

14
EDART Overview

• Adaptive verification based on perceived distance
  to the attacker node
• Nodes closer to the attacker delay packets for
  verification
• Nodes farther away forward packets without delay
• Polluted packets are restricted to a region
  around the attacker
• Correct packets are forwarded without delay
• In case of no attack, all packets are forwarded
  without delay almost no impact on performance

15
EDART States

• A node has two modes
• Verify mode always verify before forwarding
• Forward mode always forward without verifying
• Each node maintains a timer
• Records the amount of time the node will stay in
  verify mode
• 0 ? the node is in forward mode
• Each packet contains a forward hop count h
• Records the number of hops the packet has been
  forwarded without verifying

16
EDART in Action
Time left in verify mode p.h of hops
travelled unverified

• On receiving packet p
• If gt 0 or p.h gt
• Delay packet for verifying
• Else
• Increment p.h and forward packets without
  verifying
• When detecting polluted packet p
• Increase by (1 p.h/)

Limits pollution scope to 1
Nodes closer to the attacker stays in verify mode
longer
17
EDART Security Analysis

• Maximum pollution scope
• Bounded by 1
• Average pollution scope
• Bounded by /
• Maximum pollution success frequency
• Bounded by /
• Unnecessary delay
• Nodes at i hops away from the attacker (2 i
  -h-1) (1 - (hi)/)
• Nodes more than -h-1 hops away 0

18
Experimental Evaluations

• Network coding system MORE
• Simulator Glomosim
• Trace driven physical layer
• MIT Roofnet trace
• 5.5Mbps raw bandwidth, 250m range
• Maximum clock drift 100ms
• Randomly selected source and destinations
• MORE setup
• GF(28), batch size 32, packet size 1500 bytes
• Defense setup
• RSA-1024 digital signature
• Checksum size parameter b 2
• EDART setup 8, 20

Courtesy of MIT Roofnet http//pdos.csail.mit.edu/
roofnet/doku.php
19
Impact of Pollution Attacks
Throughput CDF under a single pollution attacker
97
Pollution intensity (PI) number of polluted
packets injected per packet received
Even a single pollution attacker can be extremely
detrimental!
20
Limitations of Previous Solutions
Throughput CDF under cryptographic defense in
benign case
The high overhead of crypto-based schemes render
them impractical for wireless networks
21
Effectiveness Against Pollution Attacks
Ideal Defense defense scheme that drops polluted
packets with zero overhead
Defense under 5 attackers
Defense under 10 attackers
Both DART and EDART are very effective against
pollution attacks
22
Performance in Benign Network
Throughput CDF
Latency CDF
DART has 0.4 sec more latency EDART almost no
impact
DART has 9 degradation EDART almost no impact

• Both DART and EDART have good performance
• EDART outperforms DART

23
Overhead
Bandwidth overhead
Computation overhead
Only 2 of system throughput
Both DART and EDART incurs small bandwidth and
computation overhead
24
Conclusion

• Network coding presents a new paradigm for
  networking with many benefits
• Pollution attacks present a severe threat
• We propose efficient pollution defenses DART and
  EDART based on efficient homomorphic checksums
  and time asymmetry
• Through experiments, we demonstrate
• The severity of pollution attacks
• Impracticability of previous defense schemes
• The effectiveness of DART and EDART

25
Thank You!
Questions?
Contact dongj_at_cs.purdue.edu