Security Analysis on "An Authentication Code Against Pollution Attacks in Network Coding"

We analyze the security of the authentication code against pollution attacks in network coding given by Oggier and Fathi and show one way to remove one very strong condition they required. Actually, we find a way to attack their authentication scheme. In their scheme, they considered that if some malicious nodes in the network collude to make pollution in the network flow or make substitution attacks to other nodes, they thought these malicious nodes must solve a system of linear equations to recover the secret parameters. Then they concluded that their scheme is an unconditional secure scheme. Actually, note that the authentication tag in the scheme of Oggier and Fathi is nearly linear on the messages, so it is very easy for any malicious node to make pollution attack in the network flow, replacing the vector of any incoming edge by linear combination of his incoming vectors whose coefficients have sum 1. And if the coalition of malicious nodes can carry out decoding of the network coding, they can easily make substitution attack to any other node even if they do not know any information of the private key of the node. Moreover, even if their scheme can work fruitfully, the condition in their scheme $H\leqslant M$ in a network can be removed, where $H$ is the sum of numbers of the incoming edges at adversaries. Under the condition $H\leqslant M$, $H$ may be large, so we need large parameter $M$ which increases the cost of computation a lot. On the other hand, the parameter $M$ can not be very large as it can not exceed the length of original messages.Comment: 9 pages. arXiv admin note: text overlap with arXiv:0909.3146 by other author

An Authentication Scheme for Subspace Codes over Network Based on Linear Codes

Network coding provides the advantage of maximizing the usage of network resources, and has great application prospects in future network communications. However, the properties of network coding also make the pollution attack more serious. In this paper, we give an unconditional secure authentication scheme for network coding based on a linear code $C$. Safavi-Naini and Wang gave an authentication code for multi-receivers and multiple messages. We notice that the scheme of Safavi-Naini and Wang is essentially constructed with Reed-Solomon codes. And we modify their construction slightly to make it serve for authenticating subspace codes over linear network. Also, we generalize the construction with linear codes. The generalization to linear codes has the similar advantages as generalizing Shamir's secret sharing scheme to linear secret sharing sceme based on linear codes. One advantage of this generalization is that for a fixed message space, our scheme allows arbitrarily many receivers to check the integrity of their own messages, while the scheme with Reed-Solomon codes has a constraint on the number of verifying receivers. Another advantage is that we introduce access structure in the generalized scheme. Massey characterized the access structure of linear secret sharing scheme by minimal codewords in the dual code whose first component is 1. We slightly modify the definition of minimal codewords. Let $C$ be a $[V,k]$ linear code. For any coordinate $i\in \{1,2,\cdots,V\}$, a codeword $\vec{c}$ in $C$ is called minimal respect to $i$ if the codeword $\vec{c}$ has component 1 at the $i$-th coordinate and there is no other codeword whose $i$-th component is 1 with support strictly contained in that of $\vec{c}$. Then the security of receiver $R_i$ in our authentication scheme is characterized by the minimal codewords respect to $i$ in the dual code $C^\bot$.Comment: 18 page