SECURING MULTIHOP NETWORK BY DETECTING AND LOCATING POLLUTION ATTACKS USING SPACEMAC.

It has been widely observed that providing security is one of the challenging task in Wireless sensor network(WSN). Program images need to be updated continuously as network programming happens in WSN. Many Networking protocols provide an efficient way to update these program images running on sensor nodes. One of the cryptographically strong protocol called DELUGE exists to address this challenge, but it involves high computational cost such as power consumption and communication costs. So Multiple one way key chain is proposed to secure a multihop network programming protocol which is lower in power consumption and communication costs. Even though one way key chain is used to provide security, network with static topology is considered. Network is made dynamic by adding mobility nodes to it. But the extra node added may not always be the genuine node. If it is an attacker node, there can be several pollution attacks. Attacker node travels through the network, and pollute the entire network. Wirelesss sensor network may not be able to detect these pollution attacks. In this paper, we are proposing a MAC scheme called Spacemac. It expands the network by adding nodes to it. Using SpaceMac, i) it detects the polluted packets early at the intermediate nodes. ii) it identifies the exact location of an attacker and eliminates them

On the performance analysis of IDLP and SpaceMac for network coding-enabled mobile small cells

Network coding (NC)-enabled mobile small cells are observed as a promising technology for 5G networks in a cost-effective and energy-efficient manner. The NC-enabled environment suffers from pollution attacks where malicious intermediate nodes manipulate packets in transition. Detecting the polluted packets as well as identifying the exact location of malicious users are equally important tasks for these networks. SpaceMac [1] is one of the most competitive mechanisms in the literature for detecting pollution attacks and identifying the exact location of attackers in RLNC. In this paper, we compare SpaceMac with the IDLP mechanism presented in [2]. Both mechanisms have been implemented in KODO and they are compared in terms of computational complexity, computational overhead, communication overhead and decoding probability. The performance evaluation results demonstrated that IDLP is more efficient than SpaceMac while at the same time is more secure as shown through the security analysis part in this paper

IDLP mechanism for NC-enabled mobile small cells based on broadcast nature of wireless communication

Network Coding (NC) technology can be foreseen as a promising solution for mobile small cell technology problems existing in the 5th generation of mobile networks. NC-enabled mobile small cells increase network throughput and improve their performance in a cost-effective and energy-efficient manner. However, NC-enabled mobile small cells are vulnerable to pollution attacks. Although there have been some works done on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets from the source to the destinations. Therefore, in this paper, we present an intrusion detection and location-aware prevention mechanism to not only detect the pollution attacks and drop them but also detect the attacker’s exact location in order to block them from making pollution in the next transmissions. In the proposed mechanism, the detection scheme is based on a homomorphic MAC scheme, and we make use of the advantages within broadcast nature in the wireless communication medium to find the source of the pollution attacks. The proposed mechanism, SpaceMac proposed in [1] and the IDLP mechanism proposed in [2] have been implemented in Kodo and their performance has been evaluated in terms of decoding probability

Analysis of a Homomorphic MAC-based scheme against tag pollution in RLNC-enabled wireless networks

Network Coding-enabled wireless networks are vulnerable to data pollution attacks where adversary nodes inject into the network polluted (i.e. corrupted) packets that prevent the destination nodes from decoding correctly. Even a small proportion of pollution can quickly propagate into other packets via re-coding, occurred at the intermediate nodes, and lead to resource waste. Therefore, during the past few years, several solutions have been proposed to provide resistance against data pollution attacks. One of the most well-known solutions is Homomorphic Message Authentication Code (HMAC). However, HMAC is susceptible to a new type of pollution attacks, called tag pollution attacks, in which a malicious node randomly modifies MAC tags appended at the end of the transmitted packets. To address this issue, we have recently proposed an HMAC-based scheme making use of two types of MAC tags to provide resistance against both data pollution attacks and tag pollution attacks. In this paper, we steer our focus on improving the resistance of our proposed scheme against tag pollution attacks by decreasing the number of MACs. Finally, we analyze the impact of the total number of MACs on the bandwidth overhead of the proposed scheme

On detecting pollution attacks in inter-session network coding

Abstract—Dealing with pollution attacks in inter-session net-work coding is challenging due to the fact that sources, in addition to intermediate nodes, can be malicious. In this work, we precisely define corrupted packets in inter-session pollution based on the commitment of the source packets. We then propose three detection schemes: one hash-based and two MAC-based schemes: InterMacCPK and SpaceMacPM. InterMacCPK is the first multi-source homomorphic MAC scheme that supports multiple keys. Both MAC schemes can replace traditional MACs, e.g., HMAC, in networks that employ inter-session coding. All three schemes provide in-network detection, are collusion-resistant, and have very low online bandwidth and computation overhead. I

IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells

Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well

Esquemas de segurança contra ataques de poluição em codificação de rede sobre redes sem fios

Doutoramento em TelecomunicaçõesResumo em português não disponivelThe topic of this thesis is how to achieve e cient security against pollution attacks by exploiting the structure of network coding. There has recently been growing interest in using network coding techniques to increase the robustness and throughput of data networks, and reduce the delay in wireless networks, where a network coding-based scheme takes advantage of the additive nature of wireless signals by allowing two nodes to transmit simultaneously to the relay node. However, Network Coding (NC)-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted (i.e., corrupted) packets that prevent the destination nodes from decoding correctly. Due to recoding at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research e ort has been devoted to schemes against data pollution attacks. Homomorphic Message Authentication Code (MAC)-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modi es tags appended to the end of the transmitted packets. Therefore, in this thesis, we rst propose a homomorphic message authentication code-based scheme, providing resistance against data pollution attacks and tag pollution attacks in XOR NC-enabled wireless networks. Moreover, we propose four homomorphic message authentication code-based schemes which provide resistance against data and tag pollution attacks in Random Linear Network Coding (RLNC). Our results show that our proposed schemes are more e cient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead