Post on 14-Jan-2016
description
1
Quantitative Evaluation of Secure Network Coding
Dawn MeetingUCSC Nov 4, 2010
Quantitative Evaluation of Secure Network Coding
Dawn MeetingUCSC Nov 4, 2010
SeungHoon Lee, Mario GerlaIn collaboration with IBM researchers
2
Improves throughput and reliability in disruptive MANETs
Packets mixed by intermediate nodes
Receivers still can recover original data under partial packet drop
2
Network Coding (NC)
Decoding success
pkt drop
No pollution detection/prevention in conventional NC protocols
Internal/ external attacks possible
Even one invalid packet can disrupt the entire data
Homomorphic cryptography can protect NC
However,
Computation is cumbersome, discouraging implementations
6
Vulnerability of NC
Decoding Failure
Pollution Attack
Investigate the scalability of secure network coding based on homomorphic functions
We address PUSH scenario only (PULL is an extension)
Perform practical evaluation of the theoretical work[1] GKKR by TA2 researchers on secure network coding
Over the INTEGERS (as opposed to Galois field)
7
Objective of this work
[1] R. Gennaro, J. Katz, H. Krawczyk, and T. Rabin. Secure network coding over the integers. In Public Key Cryptography, pages 142–160, 2010.
Implementationof Secure NC
(Linux)
Experimental Measurement
Qualnet Network Simulator
8
Implementation: NC + NSig
Source Intermediate node Destination
X 1 X 2 X 3
9
Implementation: NC + NSig
(1) NSig(): Computing signatures of each block*Only once at the beginning
Source Intermediate node Destination
X 1 X 2 X 3
σ 1 σ 2 σ 3
10
Implementation: NC + NSig
(1) NSig(): Computing signatures of each block*Only once at the beginning
Source Intermediate node Destination
+
X 1 X 2 X 3
e1 e2 e3
e1X1+e2X2+e3X3[e1,e2,e3]
σ 1 σ 2 σ 3
(2) encode(): Generating a coded blockNC: Random linear network coding
11
Implementation: NC + NSig
(1) NSig(): Computing signatures of each block*Only once at the beginning
Source Intermediate node Destination
x
X 1 X 2 X 3
e1X1+e2X2+e3X3[e1,e2,e3]
σ 1 σ 2 σ 3
(2) encode(): Generating a coded blockNC: Random linear network coding
(3) combine(): Combining signatures
σ
e1 e2 e3
12
Implementation: NC + NSig
(1) NSig(): Computing signatures of each block*Only once at the beginning
Source Intermediate node Destination
x
X 1 X 2 X 3
e1X1+e2X2+e3X3[e1,e2,e3]
σ 1 σ 2 σ 3
(2) encode(): Generating a coded blockNC: Random linear network coding
(3) combine(): Combining signatures
σ
e1 e2 e3
13
Implementation: NC + NSig
Source Intermediate node Destination
e1X1+e2X2+e3X3[e1,e2,e3] σ
14
Implementation: NC + NSig
Source Intermediate node Destination
e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(): Checking linear independency(By Gaussian Elimination)
15
Implementation: NC + NSig
Source Intermediate node Destination
e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(): Checking linear independency(By Gaussian Elimination)
If independent,(2) vry_Sig(): Validating signatures
16
Implementation: NC + NSig
Source Intermediate node Destination
e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(): Checking linear independency(By Gaussian Elimination)
If independent,(2) vry_Sig(): Validating signatures
If valid, store the coded block*If either verification fails, immediately drop.
17
Implementation: NC + NSig
Source Intermediate node Destination
e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(): Checking linear independency(By Gaussian Elimination)
If independent,(2) vry_Sig(): Validating signatures
If valid, store the coded block*If either verification fails, immediately drop.
Generate a new coded blockby encode(data), combine(signatures)
18
Implementation: NC + NSig
Source Intermediate node Destination
e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(), vry_Sig()If valid, store the coded block.
19
Implementation: NC + NSig
Source Intermediate node Destination
e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(), vry_Sig()If valid, store the coded block.
Once collect m blocks (valid & independent),(2) decode(): Recover the original data
*m: # of blocks of data in the generation
Another way of Secure Network Coding
instead of NSig (computing/validating signatures)
Hash Verification:
verify multiple coded blocks with a single verification
20
Implementation: NC + NHash
+
X 1 X 2 X 3
e1 e2 e3
e1X1+e2X2+e3X3[e1,e2,e3] x
encode()vry_Hash() If vry_Hash() passes,
sends out the coded block
Hardware Intel Core 2 Duo T9600 processor (2.8GHz, 6MB cache)
RAM: 2GB
Software Linux platform
C++ / GMP library[2] (for cryptography implementation)
21
Experimental Setup (1)
[2] The GNU Multiple Precision Arithmetic Library. http://gmplib.org/
23
Experimental Results (1)
vry_NC()
Processing delays are proportional to # of blocksAs downloaded more blocks, vry_NC() requires more delay for processing Gaussian elimination
24
Experimental Results (2)
Processing delays of vry_Sig() and vry_Hash() do not depend on mThe operations done with only a coded block being verified
In general, Secure NC operations require more delay than NC0.015ms (vry_NC) vs 22.5ms (vry_Sig), m=8
Evaluate the performance in realistic network scenario (PUSH Model)
QualNet 3.9.5Bandwidth: 2Mbps (broadcasting)
Data rate at source: 256Kbps
Network Topology (static topology)1 Source/ 1 destination
Variable # of hops H
We compare four schemesNC_Only: Plain NC
NC + Nsig
NC + Nhash
BFKW[3]: Previously proposed homomorphic signature schemes
25
Simulation Setup
[3] D. Boneh, D. Freeman, J. Katz, and B. Waters. Signing a linear subspace: Signature schemesfor network coding. In Public Key Cryptography (PKC), 2009.
27
Simulation Results
Delay increases with more hops between Src/ Dst NSig/NHash take less delay than BFKW
Conclusion
28
Studied feasibility of secure network coding schemes Implemented the theoretical works and measured processing overhead from
experiments Integrated the experimental results into a packet-level network simulator,
and evaluated the schemes in a realistic network scenario Secure NC increases delay by only 30% with respect to plain NC GKKR secure NC outperforms previously proposed BFKW
Ongoing work Extend to PULL model (large generation) Comparison with end-to-end coding schemes (Fountain/ Raptor codes)
Protected from internal attacks by conventional signatures
More dynamic network scenarios: node mobility, pollution attacks Heterogeneous nodes(some cannot do Homomorphic operations)
Question & Answer
29
Thank You!