Routing for Security in Networks with Adversarial Nodes

We consider the problem of secure unicast transmission between two nodes in a directed graph, where an adversary eavesdrops/jams a subset of nodes. This adversarial setting is in contrast to traditional ones where the adversary controls a subset of links. In particular, we study, in the main, the class of routing-only schemes (as opposed to those allowing coding inside the network). Routing-only schemes usually have low implementation complexity, yet a characterization of the rates achievable by such schemes was open prior to this work. We first propose an LP based solution for secure communication against eavesdropping, and show that it is information-theoretically rate-optimal among all routing-only schemes. The idea behind our design is to balance information flow in the network so that no subset of nodes observe "too much" information. Interestingly, we show that the rates achieved by our routing-only scheme are always at least as good as, and sometimes better, than those achieved by "na\"ive" network coding schemes (i.e. the rate-optimal scheme designed for the traditional scenario where the adversary controls links in a network rather than nodes.) We also demonstrate non-trivial network coding schemes that achieve rates at least as high as (and again sometimes better than) those achieved by our routing schemes, but leave open the question of characterizing the optimal rate-region of the problem under all possible coding schemes. We then extend these routing-only schemes to the adversarial node-jamming scenarios and show similar results. During the journey of our investigation, we also develop a new technique that has the potential to derive non-trivial bounds for general secure-communication schemes

Connecting Multiple-unicast and Network Error Correction: Reduction and Unachievability

We show that solving a multiple-unicast network coding problem can be reduced to solving a single-unicast network error correction problem, where an adversary may jam at most a single edge in the network. Specifically, we present an efficient reduction that maps a multiple-unicast network coding instance to a network error correction instance while preserving feasibility. The reduction holds for both the zero probability of error model and the vanishing probability of error model. Previous reductions are restricted to the zero-error case. As an application of the reduction, we present a constructive example showing that the single-unicast network error correction capacity may not be achievable, a result of separate interest.Comment: ISIT 2015. arXiv admin note: text overlap with arXiv:1410.190

Node repair on connected graphs, Part II

We continue our study of regenerating codes in distributed storage systems where connections between the nodes are constrained by a graph. In this problem, the failed node downloads the information stored at a subset of vertices of the graph for the purpose of recovering the lost data. This information is moved across the network, and the cost of node repair is determined by the graphical distance from the helper nodes to the failed node. This problem was formulated in our recent work (IEEE IT Transactions, May 2022) where we showed that processing of the information at the intermediate nodes can yield savings in repair bandwidth over the direct forwarding of the data. While the previous paper was limited to the MSR case, here we extend our study to the case of general regenerating codes. We derive a lower bound on the repair bandwidth and formulate repair procedures with intermediate processing for several families of regenerating codes, with an emphasis on the recent constructions from multilinear algebra. We also consider the task of data retrieval for codes on graphs, deriving a lower bound on the communication bandwidth and showing that it can be attained at the MBR point of the storage-bandwidth tradeoff curve

An Efficient Pairwise Key Establishment Scheme for Ad-hoc Mobile Clouds

An Ad-hoc Mobile Cloud (AMC) is a new computing model that allows sharing computing power of multiple mobile devices. For a diverse group of individuals that employ such computing model, in an ad-hoc manner, secure peer-to-peer communication becomes very important. Using private or pairwise keys to secure such communication is preferable to public-keys because of computation and energy requirements. With the advent of sensor enabled mobile devices, a protocol (SekGens) that uses sensor data to generate pairwise keys on demand has been proposed. To work successfully SekGens requires devices to be closely located and becomes infeasible for devices situated multiple hops away. SekGens is also expensive in computation and slow in key generation. In this thesis, we investigate how to enable devices in an AMC to establish pairwise keys. We propose an efficient solution which tries to reduce the number of executions of SekGens in the AMC, and establishes pairwise keys between mobile phones multiple hops away by distributing parts of the key on multiple routing paths. Our results show a reduction of up to 75% in the number of SekGens required to establish keys in an AMC, when compared to a naive approach. Also the execution time to come up with the optimal pairs is within 10s of seconds for reasonably large networks