Analysis of a Homomorphic MAC-based scheme against tag pollution in RLNC-enabled wireless networks

Network Coding-enabled wireless networks are vulnerable to data pollution attacks where adversary nodes inject into the network polluted (i.e. corrupted) packets that prevent the destination nodes from decoding correctly. Even a small proportion of pollution can quickly propagate into other packets via re-coding, occurred at the intermediate nodes, and lead to resource waste. Therefore, during the past few years, several solutions have been proposed to provide resistance against data pollution attacks. One of the most well-known solutions is Homomorphic Message Authentication Code (HMAC). However, HMAC is susceptible to a new type of pollution attacks, called tag pollution attacks, in which a malicious node randomly modifies MAC tags appended at the end of the transmitted packets. To address this issue, we have recently proposed an HMAC-based scheme making use of two types of MAC tags to provide resistance against both data pollution attacks and tag pollution attacks. In this paper, we steer our focus on improving the resistance of our proposed scheme against tag pollution attacks by decreasing the number of MACs. Finally, we analyze the impact of the total number of MACs on the bandwidth overhead of the proposed scheme

Esquemas de segurança contra ataques de poluição em codificação de rede sobre redes sem fios

Doutoramento em TelecomunicaçõesResumo em português não disponivelThe topic of this thesis is how to achieve e cient security against pollution attacks by exploiting the structure of network coding. There has recently been growing interest in using network coding techniques to increase the robustness and throughput of data networks, and reduce the delay in wireless networks, where a network coding-based scheme takes advantage of the additive nature of wireless signals by allowing two nodes to transmit simultaneously to the relay node. However, Network Coding (NC)-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted (i.e., corrupted) packets that prevent the destination nodes from decoding correctly. Due to recoding at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research e ort has been devoted to schemes against data pollution attacks. Homomorphic Message Authentication Code (MAC)-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modi es tags appended to the end of the transmitted packets. Therefore, in this thesis, we rst propose a homomorphic message authentication code-based scheme, providing resistance against data pollution attacks and tag pollution attacks in XOR NC-enabled wireless networks. Moreover, we propose four homomorphic message authentication code-based schemes which provide resistance against data and tag pollution attacks in Random Linear Network Coding (RLNC). Our results show that our proposed schemes are more e cient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead

Security threats in network coding-enabled mobile small cells

The recent explosive growth of mobile data traffic, the continuously growing demand for higher data rates, and the steadily increasing pressure for higher mobility have led to the fifth-generation mobile networks. To this end, network-coding (NC)-enabled mobile small cells are considered as a promising 5G technology to cover the urban landscape by being set up on-demand at any place, and at any time on any device. In particular, this emerging paradigm has the potential to provide significant benefits to mobile networks as it can decrease packet transmission in wireless multicast, provide network capacity improvement, and achieve robustness to packet losses with low energy consumption. However, despite these significant advantages, NC-enabled mobile small cells are vulnerable to various types of attacks due to the inherent vulnerabilities of NC. Therefore, in this paper, we provide a categorization of potential security attacks in NC-enabled mobile small cells. Particularly, our focus is on the identification and categorization of the main potential security attacks on a scenario architecture of the ongoing EU funded H2020-MSCA project “SECRET” being focused on secure network coding-enabled mobile small cells

IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells

Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well

An efficient null space-based Homomorphic MAC scheme against tag pollution attacks in RLNC

This letter proposes an efficient null space-based homomorphic message authentication code scheme providing resistance against tag pollution attacks in random linear network coding, where these attacks constitute a severe security threat. In contrast to data pollution attacks, where an adversary injects into the network corrupted packets, in tag pollution attacks the adversary corrupts (i.e. pollutes) tags appended to the end of the coded packets to prevent the destination nodes from decoding correctly. Our results show that the proposed scheme is more efficient compared to other competitive tag pollution immune schemes in terms of computational complexity

A novel intrusion detection and prevention scheme for network coding-enabled mobile small cells

Network coding (NC)-enabled mobile small cells are observed as a promising technology for fifth-generation (5G) networks that can cover the urban landscape by being set up on demand at any place and at any time on any device. Nevertheless, despite the significant benefits that this technology brings to the 5G of mobile networks, major security issues arise due to the fact that NC-enabled mobile small cells are susceptible to pollution attacks; a severe security threat exploiting the inherent vulnerabilities of NC. Therefore, intrusion detection and prevention mechanisms to detect and mitigate pollution attacks are of utmost importance so that NC-enabled mobile small cells can reach their full potential. Thus, in this article, we propose for the first time, to the best of our knowledge, a novel intrusion detection and prevention scheme (IDPS) for NC-enabled mobile small cells. The proposed scheme is based on a null space-based homomorphic message authentication code (MAC) scheme that allows detection of pollution attacks and takes proper risk mitigation actions when an intrusive incident is detected. The proposed scheme has been implemented in Kodo and its performance has been evaluated in terms of computational overhead

Dual-homomorphic message authentication code scheme for network coding-enabled wireless sensor networks

Network coding has shown a considerable improvement in terms of capacity and robustness compared to traditional store-and-forward transmission paradigm. However, since the intermediate nodes in network coding-enabled networks have the ability to change the packets en route, network coding-enabled networks are vulnerable to pollution attacks where a small number of polluted messages can corrupt bunches of legitimate messages. Recently, research effort has been put on schemes for protecting the transmitted messages against data pollution attacks. However, most of them cannot resist tag pollution attacks. This paper presents a new homomorphic MAC-based scheme, called Dual-Homomorphic MAC (Dual-HMAC), for network coding-enabled wireless sensor networks. The proposed scheme makes use of two types of tags (i.e., MACs and D-MACs) to provide resistance against data pollution attacks and partially tag pollution attacks. Furthermore, our proposed scheme presents low communication overhead and low computational complexity compared to other existing schemes

Key management for secure network coding-enabled mobile small cells

The continuous growth in wireless devices connected to the Internet and the increasing demand for higher data rates put ever increasing pressure on the 4G cellular network. The EU funded H2020-MSCA project “SECRET” investigates a scenario architecture to cover the urban landscape for the upcoming 5G cellular network. The studied scenario architecture combines multi-hop device-to-device (D2D) communication with network coding-enabled mobile small cells. In this scenario architecture, mobile nodes benefit from high transmission speeds, low latency and increased energy efficiency, while the cellular network benefits from a reduced workload of its base stations. However, this scenario architecture faces various security and privacy challenges. These challenges can be addressed using cryptographic techniques and protocols, assuming that a key management scheme is able to provide mobile nodes with secret keys in a secure manner. Unfortunately, existing key management schemes are unable to cover all security and privacy challenges of the studied scenario architecture. Certificateless key management schemes seem promising, although many proposed schemes of this category of key management schemes require a secure channel or lack key update and key revocation procedures. We therefore suggest further research in key management schemes which include secret key sharing among mobile nodes, key revocation, key update and mobile node authentication to fit with our scenario architecture

IDLP mechanism for NC-enabled mobile small cells based on broadcast nature of wireless communication

Network Coding (NC) technology can be foreseen as a promising solution for mobile small cell technology problems existing in the 5th generation of mobile networks. NC-enabled mobile small cells increase network throughput and improve their performance in a cost-effective and energy-efficient manner. However, NC-enabled mobile small cells are vulnerable to pollution attacks. Although there have been some works done on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets from the source to the destinations. Therefore, in this paper, we present an intrusion detection and location-aware prevention mechanism to not only detect the pollution attacks and drop them but also detect the attacker’s exact location in order to block them from making pollution in the next transmissions. In the proposed mechanism, the detection scheme is based on a homomorphic MAC scheme, and we make use of the advantages within broadcast nature in the wireless communication medium to find the source of the pollution attacks. The proposed mechanism, SpaceMac proposed in [1] and the IDLP mechanism proposed in [2] have been implemented in Kodo and their performance has been evaluated in terms of decoding probability

On the performance analysis of IDLP and SpaceMac for network coding-enabled mobile small cells

Network coding (NC)-enabled mobile small cells are observed as a promising technology for 5G networks in a cost-effective and energy-efficient manner. The NC-enabled environment suffers from pollution attacks where malicious intermediate nodes manipulate packets in transition. Detecting the polluted packets as well as identifying the exact location of malicious users are equally important tasks for these networks. SpaceMac [1] is one of the most competitive mechanisms in the literature for detecting pollution attacks and identifying the exact location of attackers in RLNC. In this paper, we compare SpaceMac with the IDLP mechanism presented in [2]. Both mechanisms have been implemented in KODO and they are compared in terms of computational complexity, computational overhead, communication overhead and decoding probability. The performance evaluation results demonstrated that IDLP is more efficient than SpaceMac while at the same time is more secure as shown through the security analysis part in this paper