On Counteracting Byzantine Attacks in Network Coded Peer-to-Peer Networks

Random linear network coding can be used in peer-to-peer networks to increase the efficiency of content distribution and distributed storage. However, these systems are particularly susceptible to Byzantine attacks. We quantify the impact of Byzantine attacks on the coded system by evaluating the probability that a receiver node fails to correctly recover a file. We show that even for a small probability of attack, the system fails with overwhelming probability. We then propose a novel signature scheme that allows packet-level Byzantine detection. This scheme allows one-hop containment of the contamination, and saves bandwidth by allowing nodes to detect and drop the contaminated packets. We compare the net cost of our signature scheme with various other Byzantine schemes, and show that when the probability of Byzantine attacks is high, our scheme is the most bandwidth efficient.Comment: 26 pages, 9 figures, Submitted to IEEE Journal on Selected Areas in Communications (JSAC) "Mission Critical Networking

Detecting Byzantine Attacks Without Clean Reference

We consider an amplify-and-forward relay network composed of a source, two relays, and a destination. In this network, the two relays are untrusted in the sense that they may perform Byzantine attacks by forwarding altered symbols to the destination. Note that every symbol received by the destination may be altered, and hence no clean reference observation is available to the destination. For this network, we identify a large family of Byzantine attacks that can be detected in the physical layer. We further investigate how the channel conditions impact the detection against this family of attacks. In particular, we prove that all Byzantine attacks in this family can be detected with asymptotically small miss detection and false alarm probabilities by using a sufficiently large number of channel observations \emph{if and only if} the network satisfies a non-manipulability condition. No pre-shared secret or secret transmission is needed for the detection of these attacks, demonstrating the value of this physical-layer security technique for counteracting Byzantine attacks.Comment: 16 pages, 7 figures, accepted to appear on IEEE Transactions on Information Forensics and Security, July 201

IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells

Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well

An efficient null space-based Homomorphic MAC scheme against tag pollution attacks in RLNC

This letter proposes an efficient null space-based homomorphic message authentication code scheme providing resistance against tag pollution attacks in random linear network coding, where these attacks constitute a severe security threat. In contrast to data pollution attacks, where an adversary injects into the network corrupted packets, in tag pollution attacks the adversary corrupts (i.e. pollutes) tags appended to the end of the coded packets to prevent the destination nodes from decoding correctly. Our results show that the proposed scheme is more efficient compared to other competitive tag pollution immune schemes in terms of computational complexity

VOD STREAMING WITH A NETWORK CODING EQUIVALENT CONTENT DISTRIBUTION SCHEME

Although random access operations are desirable for on-demand video streaming in peer-to-peer systems, they are difficult to efficiently achieve due to the asynchronous interactive behaviors of users and the dynamic nature of peers. In this paper, we propose a network coding equivalent content distribution (NCECD) scheme to efficiently handle interactive videoon- demand (VoD) operations in peer-to-peer systems. In NCECD, videos are divided into segments that are then further divided into blocks. These blocks are encoded into independent blocks that are distributed to different peers for local storage. With NCECD, a new client only needs to connect to a sufficient number of parent peers to be able to view the whole video and rarely needs to find new parents when performing random access operations. In most existing methods, a new client must search for parent peers containing specific segments; however, NCECD uses the properties of network coding to cache equivalent content in peers, so that one can pick any parent without additional searches. Experimental results show that the proposed scheme achieves low startup and jump searching delays and requires fewer server resources. In addition, we present the analysis of system parameters to achieve reasonable block loss rates for the proposed scheme

Distributed control of coded networks

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 97-101).The introduction of network coding has the potential to revolutionize the way people operate networks. For the benefits of network coding to be realized, distributed solutions are needed for various network problems. In this work, we look at three aspects of distributed control of coded networks. The first one is distributed algorithms for establishing minimum-cost multicast connections in coded networks. The subgraph optimization problem can be viewed as an linear optimization problem, and we look at algorithms that solve this problem for both static and dynamic multicasts. For static multicast, we present decentralized dual subgradient algorithms to find the min-cost subgraph. Due to the special structure of the network coding problem, we can recover a feasible primal solution after each iteration, and also derive theoretical bounds on the convergence rate in both the dual and the primal spaces. In addition, we propose heuristics to further improve our algorithm, and demonstrate through simulations that the distributed algorithm converges to the optimal subgraph quickly and is robust against network topology changes. For dynamic multicast, we introduce two types of rearrangements, link rearrangement and code rearrangement, to characterize disturbances to users. We present algorithms to solve the online network coding problem, and demonstrate through simulations that the algorithms can adapt to changing demands of the multicast group while minimizing disturbances to existing users.(cont.) The second part of our work focuses on analysis of COPE, a distributed opportunistic network coding system for wireless mesh networks. Experiments have shown that COPE can improve network throughput significantly, but current theoretical analysis fails to fully explain this performance. We argue that the key factor that shapes COPE's performance curve is the interaction between COPE and the MAC protocol. We also propose a simple modification to COPE that can further increase the network throughput. Finally, we study network coding for content distribution in peer-to-peer networks. Such systems can improve the speed of downloads and the robustness of the systems. However, they are very vulnerable to Byzantine attacks, and we need to have a signature scheme that allows nodes to check the validity of a packet without decoding. In this work, we propose such a signature scheme for network coding. Our scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the integrity of the packets received easily. We show that the proposed scheme is secure, and its overhead is negligible for large files.by Fang Zhao.Ph.D

Network coding for robust wireless networks

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student submitted PDF version of thesis.Includes bibliographical references (p. 157-167).Wireless networks and communications promise to allow improved access to services and information, ubiquitous connectivity, and mobility. However, current wireless networks are not well-equipped to meet the high bandwidth and strict delay requirements of future applications. Wireless networks suffer from frequent losses and low throughput. We aim to provide designs for robust wireless networks. This dissertation presents protocols and algorithms that significantly improve wireless network performance and effectively overcome interference, erasures, and attacks. The key idea behind this dissertation is in understanding that wireless networks are fundamentally different from wired networks, and recognizing that directly applying techniques from wired networks to wireless networks limits performance. The key ingredient underlying our algorithms and protocols is network coding. By recognizing the algebraic nature of information, network coding breaks the convention of routing networks, and allows mixing of information in the intermediate nodes and routers. This mixing has been shown to have numerous performance benefits, e.g. increase in throughput and robustness against losses and failures. We present three protocols and algorithms, each using network coding to harness a different characteristic of the wireless medium. We address the problem of interference, erasures, and attacks in wireless networks with the following network coded designs. -- Algebraic NC exploits strategic interference to provide a distributed, randomized code construction for multi-user wireless networks. Network coding framework simplifies the multi-user wireless network model, and allows us to describe the multi-user wireless networks in an algebraic framework. This algebraic framework provides a randomized, distributed code construction, which we show achieves capacity for multicast connections as well as a certain set of non-multicast connections. -- TCP/NC efficiently and reliably delivers data over unreliable lossy wireless networks. TCP, which was designed for reliable transmission over wired networks, often experiences severe performance degradation in wireless networks. TCP/NC combines network coding's erasure correction capabilities with TCP's congestion control mechanism and reliability. We show that TCP/NC achieves significantly higher throughput than TCP in lossy networks; therefore, TCP/NC is well suited for reliable communication in lossy wireless networks. -- Algebraic Watchdog takes advantage of the broadcast nature of wireless networks to provide a secure global self-checking network. Algebraic Watchdog allows nodes to detect malicious behaviors probabilistically, and police their neighbors locally using overheard messages. Unlike traditional detection protocols which are receiver-based, this protocol gives the senders an active role in checking the nodes downstream. We provide a trellis-based inference algorithm and protocol for detection, and analyze its performance. The main contribution of this dissertation is in providing algorithms and designs for robust wireless networks using network coding. We present how network coding can be applied to overcome the challenges of operating in wireless networks. We present both analytical and simulation results to support that network coded designs, if designed with care, can bring forth significant gains, not only in terms of throughput but also in terms of reliability, security, and robustness.by MinJi Kim.Ph.D