236 research outputs found
An Algebraic Watchdog for Wireless Network Coding
In this paper, we propose a scheme, called the "algebraic watchdog" for
wireless network coding, in which nodes can detect malicious behaviors
probabilistically, police their downstream neighbors locally using overheard
messages, and, thus, provide a secure global "self-checking network". Unlike
traditional Byzantine detection protocols which are receiver-based, this
protocol gives the senders an active role in checking the node downstream. This
work is inspired by Marti et. al.'s watchdog-pathrater, which attempts to
detect and mitigate the effects of routing misbehavior.
As the first building block of a such system, we focus on a two-hop network.
We present a graphical model to understand the inference process nodes execute
to police their downstream neighbors; as well as to compute, analyze, and
approximate the probabilities of misdetection and false detection. In addition,
we present an algebraic analysis of the performance using an hypothesis testing
framework, that provides exact formulae for probabilities of false detection
and misdetection.Comment: 5 pages, 4 figures, submitted to IEEE International Symposium on
Information Theory (ISIT) 2009. This is the final version. The content has
been changed to incorporate reviewer comments and recent result
Algebraic Watchdog: Mitigating Misbehavior in Wireless Network Coding
We propose a secure scheme for wireless network coding, called the algebraic
watchdog. By enabling nodes to detect malicious behaviors probabilistically and
use overheard messages to police their downstream neighbors locally, the
algebraic watchdog delivers a secure global self-checking network. Unlike
traditional Byzantine detection protocols which are receiver-based, this
protocol gives the senders an active role in checking the node downstream. The
key idea is inspired by Marti et al.'s watchdog-pathrater, which attempts to
detect and mitigate the effects of routing misbehavior.
As an initial building block of a such system, we first focus on a two-hop
network. We present a graphical model to understand the inference process nodes
execute to police their downstream neighbors; as well as to compute, analyze,
and approximate the probabilities of misdetection and false detection. In
addition, we present an algebraic analysis of the performance using an
hypothesis testing framework that provides exact formulae for probabilities of
false detection and misdetection.
We then extend the algebraic watchdog to a more general network setting, and
propose a protocol in which we can establish trust in coded systems in a
distributed manner. We develop a graphical model to detect the presence of an
adversarial node downstream within a general multi-hop network. The structure
of the graphical model (a trellis) lends itself to well-known algorithms, such
as the Viterbi algorithm, which can compute the probabilities of misdetection
and false detection. We show analytically that as long as the min-cut is not
dominated by the Byzantine adversaries, upstream nodes can monitor downstream
neighbors and allow reliable communication with certain probability. Finally,
we present simulation results that support our analysis.Comment: 10 pages, 10 figures, Submitted to IEEE Journal on Selected Areas in
Communications (JSAC) "Advances in Military Networking and Communications
A Multi-hop Multi-source Algebraic Watchdog
In our previous work "An Algebraic Watchdog for Wireless Network Coding", we
proposed a new scheme in which nodes can detect malicious behaviors
probabilistically, police their downstream neighbors locally using overheard
messages; thus, provide a secure global "self-checking network". As the first
building block of such a system, we focused on a two-hop network, and presented
a graphical model to understand the inference process by which nodes police
their downstream neighbors and to compute the probabilities of misdetection and
false detection.
In this paper, we extend the Algebraic Watchdog to a more general network
setting, and propose a protocol in which we can establish "trust" in coded
systems in a distributed manner. We develop a graphical model to detect the
presence of an adversarial node downstream within a general two-hop network.
The structure of the graphical model (a trellis) lends itself to well-known
algorithms, such as Viterbi algorithm, that can compute the probabilities of
misdetection and false detection. Using this as a building block, we generalize
our scheme to multi-hop networks. We show analytically that as long as the
min-cut is not dominated by the Byzantine adversaries, upstream nodes can
monitor downstream neighbors and allow reliable communication with certain
probability. Finally, we present preliminary simulation results that support
our analysis.Comment: 5 pages, 2 figures, to appear in IEEE ITW Dublin 201
Network coding for robust wireless networks
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student submitted PDF version of thesis.Includes bibliographical references (p. 157-167).Wireless networks and communications promise to allow improved access to services and information, ubiquitous connectivity, and mobility. However, current wireless networks are not well-equipped to meet the high bandwidth and strict delay requirements of future applications. Wireless networks suffer from frequent losses and low throughput. We aim to provide designs for robust wireless networks. This dissertation presents protocols and algorithms that significantly improve wireless network performance and effectively overcome interference, erasures, and attacks. The key idea behind this dissertation is in understanding that wireless networks are fundamentally different from wired networks, and recognizing that directly applying techniques from wired networks to wireless networks limits performance. The key ingredient underlying our algorithms and protocols is network coding. By recognizing the algebraic nature of information, network coding breaks the convention of routing networks, and allows mixing of information in the intermediate nodes and routers. This mixing has been shown to have numerous performance benefits, e.g. increase in throughput and robustness against losses and failures. We present three protocols and algorithms, each using network coding to harness a different characteristic of the wireless medium. We address the problem of interference, erasures, and attacks in wireless networks with the following network coded designs. -- Algebraic NC exploits strategic interference to provide a distributed, randomized code construction for multi-user wireless networks. Network coding framework simplifies the multi-user wireless network model, and allows us to describe the multi-user wireless networks in an algebraic framework. This algebraic framework provides a randomized, distributed code construction, which we show achieves capacity for multicast connections as well as a certain set of non-multicast connections. -- TCP/NC efficiently and reliably delivers data over unreliable lossy wireless networks. TCP, which was designed for reliable transmission over wired networks, often experiences severe performance degradation in wireless networks. TCP/NC combines network coding's erasure correction capabilities with TCP's congestion control mechanism and reliability. We show that TCP/NC achieves significantly higher throughput than TCP in lossy networks; therefore, TCP/NC is well suited for reliable communication in lossy wireless networks. -- Algebraic Watchdog takes advantage of the broadcast nature of wireless networks to provide a secure global self-checking network. Algebraic Watchdog allows nodes to detect malicious behaviors probabilistically, and police their neighbors locally using overheard messages. Unlike traditional detection protocols which are receiver-based, this protocol gives the senders an active role in checking the nodes downstream. We provide a trellis-based inference algorithm and protocol for detection, and analyze its performance. The main contribution of this dissertation is in providing algorithms and designs for robust wireless networks using network coding. We present how network coding can be applied to overcome the challenges of operating in wireless networks. We present both analytical and simulation results to support that network coded designs, if designed with care, can bring forth significant gains, not only in terms of throughput but also in terms of reliability, security, and robustness.by MinJi Kim.Ph.D
Security and Prioritization in Multiple Access Relay Networks
In this work, we considered a multiple access relay network and investigated the following three problems: 1- Tradeoff between reliability and security under falsified data injection attacks; 2-Prioritized analog relaying; 3- mitigation of Forwarding Misbehaviors in Multiple access relay network.
In the first problem, we consider a multiple access relay network where multiple sources send independent data to a single destination through multiple relays which may inject a falsified data into the network. To detect the malicious relays and discard (erase) data from them, tracing bits are embedded in the information data at each source node. Parity bits may be also added to correct the errors caused by fading and noise. When the total amount of redundancy, tracing bits plus parity bits, is fixed, an increase in parity bits to increase the reliability requires a decrease in tracing bits which leads to a less accurate detection of malicious behavior of relays, and vice versa. We investigate the tradeoff between the tracing bits and the parity bits in minimizing the probability of decoding error and maximizing the throughput in multi-source, multi-relay networks under falsified data injection attacks. The energy and throughput gains provided by the optimal allocation of redundancy and the tradeoff between reliability and security are analyzed.
In the second problem, we consider a multiple access relay network where multiple sources send independent data simultaneously to a common destination through multiple relay nodes. We present three prioritized analog cooperative relaying schemes that provide different class of service (CoS) to different sources while being relayed at the same time in the same frequency band. The three schemes take the channel variations into account in determining the relay encoding (combining) rule, but differ in terms of whether or how relays cooperate. Simulation results on the symbol error probability and outage probability are provided to show the effectiveness of the proposed schemes.
In the third problem, we propose a physical layer approach to detect the relay node that injects false data or adds channel errors into the network encoder in multiple access relay networks. The misbehaving relay is detected by using the maximum a posteriori (MAP) detection rule which is optimal in the sense of minimizing the probability of incorrect decision (false alarm and miss detection). The proposed scheme does not require sending extra bits at the source, such as hash function or message authentication check bits, and hence there is no transmission overhead. The side information regarding the presence of forwarding misbehavior is exploited at the decoder to enhance the reliability of decoding. We derive the probability of false alarm and miss detection and the probability of bit error, taking into account the lossy nature of wireless links
Encaminhamento confiável e energeticamente eficiente para redes ad hoc
Doutoramento em InformáticaIn Mobile Ad hoc NETworks (MANETs), where cooperative behaviour is
mandatory, there is a high probability for some nodes to become overloaded
with packet forwarding operations in order to support neighbor data exchange.
This altruistic behaviour leads to an unbalanced load in the network in terms of
traffic and energy consumption. In such scenarios, mobile nodes can benefit
from the use of energy efficient and traffic fitting routing protocol that better
suits the limited battery capacity and throughput limitation of the network. This
PhD work focuses on proposing energy efficient and load balanced routing
protocols for ad hoc networks. Where most of the existing routing protocols
simply consider the path length metric when choosing the best route between a
source and a destination node, in our proposed mechanism, nodes are able to
find several routes for each pair of source and destination nodes and select the
best route according to energy and traffic parameters, effectively extending the
lifespan of the network. Our results show that by applying this novel
mechanism, current flat ad hoc routing protocols can achieve higher energy
efficiency and load balancing. Also, due to the broadcast nature of the wireless
channels in ad hoc networks, other technique such as Network Coding (NC)
looks promising for energy efficiency. NC can reduce the number of
transmissions, number of re-transmissions, and increase the data transfer rate
that directly translates to energy efficiency. However, due to the need to access
foreign nodes for coding and forwarding packets, NC needs a mitigation
technique against unauthorized accesses and packet corruption. Therefore, we
proposed different mechanisms for handling these security attacks by, in
particular by serially concatenating codes to support reliability in ad hoc
network. As a solution to this problem, we explored a new security framework
that proposes an additional degree of protection against eavesdropping
attackers based on using concatenated encoding. Therefore, malicious
intermediate nodes will find it computationally intractable to decode the
transitive packets. We also adopted another code that uses Luby Transform
(LT) as a pre-coding code for NC. Primarily being designed for security
applications, this code enables the sink nodes to recover corrupted packets
even in the presence of byzantine attacks.Nas redes móveis ad hoc (MANETs), onde o comportamento cooperativo é
obrigatório, existe uma elevada probabilidade de alguns nós ficarem
sobrecarregados nas operações de encaminhamento de pacotes no apoio Ã
troca de dados com nós vizinhos. Este comportamento altruÃsta leva a uma
sobrecarga desequilibrada em termos de tráfego e de consumo de energia.
Nestes cenários, os nós móveis poderão beneficiar do uso da eficiência
energética e de protocolo de encaminhamento de tráfego que melhor se
adapte à sua capacidade limitada da bateria e velocidade de processamento.
Este trabalho de doutoramento centra-se em propor um uso eficiente da
energia e protocolos de encaminhamento para balanceamento de carga nas
redes ad hoc. Actualmente a maioria dos protocolos de encaminhamento
existentes considera simplesmente a métrica da extensão do caminho, ou seja
o número de nós, para a escolha da melhor rota entre fonte (S) e um nó de
destino (D); no mecanismo aqui proposto os nós são capazes de encontrar
várias rotas por cada par de nós de origem e destino e seleccionar o melhor
caminho segundo a energia e parâmetros de tráfego, aumentando o tempo de
vida útil da rede. Os nossos resultados mostram que pela aplicação deste novo
mecanismo, os protocolos de encaminhamento ad hoc actuais podem alcançar
uma maior eficiência energética e balanceamento de carga.
Para além disso, devido à natureza de difusão dos canais sem fio em redes
ad-hoc, outras técnicas, tais como a Codificação de Rede (NC), parecem ser
também promissoras para a eficiência energética. NC pode reduzir o número
de transmissões, e número de retransmissões e aumentar a taxa de
transferência de dados traduzindo-se directamente na melhoria da eficiência
energética. No entanto, devido ao acesso dos nós intermediários aos pacotes
em trânsito e sua codificação, NC necessita de uma técnica que limite as
acessos não autorizados e a corrupção dos pacotes. Explorou-se o
mecanismo de forma a oferecer um novo método de segurança que propõe um
grau adicional de protecção contra ataques e invasões. Por conseguinte, os
nós intermediários mal-intencionados irão encontrar pacotes em trânsito
computacionalmente intratáveis em termos de descodificação. Adoptou-se
também outro código que usa Luby Transform (LT) como um código de précodificação
no NC. Projectado inicialmente para aplicações de segurança, este
código permite que os nós de destino recuperem pacotes corrompidos mesmo
em presença de ataques bizantinos
Recommended from our members
IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells
Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well
On detecting pollution attacks in inter-session network coding
Abstract—Dealing with pollution attacks in inter-session net-work coding is challenging due to the fact that sources, in addition to intermediate nodes, can be malicious. In this work, we precisely define corrupted packets in inter-session pollution based on the commitment of the source packets. We then propose three detection schemes: one hash-based and two MAC-based schemes: InterMacCPK and SpaceMacPM. InterMacCPK is the first multi-source homomorphic MAC scheme that supports multiple keys. Both MAC schemes can replace traditional MACs, e.g., HMAC, in networks that employ inter-session coding. All three schemes provide in-network detection, are collusion-resistant, and have very low online bandwidth and computation overhead. I
- …