Zhenfeng Song,Xiaoxiang Wang,Hongtao Zhang,Zhen Liu

DOI: https://doi.org/10.1109/vetecs.2010.5493693

2010-01-01

Abstract:In this paper, we propose a novel adaptive cooperative medium access control (MAC) protocol, called ACoopMAC, that adopts new frame control formats and is completely backward compatible with the legacy IEEE 802.11 distributed coordination function (DCF). To adapt to dynamic channel variation and network topology, the sender selects either direct transmission or cooperative transmission adaptively based on the instantaneous channel measurements. An extended analytical model based on elementary conditional probability is adopted to evaluate throughput and average delay performance of our proposed protocol. Analytical and simulation results show that ACoopMAC can improve the throughput performance and substantially reduce system delay, compared to CoopMAC protocol.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Wenyuan Xu,Timothy Wood,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1145/1023646.1023661

2004-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch denial of service (DoS) attacks. One form of denial of service is targeted at preventing sources from communicating. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this paper we present two strategies that may be employed by wireless devices to evade a MAC/PHY-layer jamming-style wireless denial of service attack. The first strategy, channel surfing, is a form of spectral evasion that involves legitimate wireless devices changing the channel that they are operating on. The second strategy, spatial retreats, is a form of spatial evasion whereby legitimate mobile devices move away from the locality of the DoS emitter. We study both of these strategies for three broad wireless communication scenarios: two-party radio communication, an infrastructured wireless network, and an ad hoc wireless network. We evaluate several of our proposed strategies and protocols through ns-2 simulations and experiments on the Berkeley mote platform.

Sang-Yoon Chang,Yih-Chun Hu,Zhuotao Liu

DOI: https://doi.org/10.1109/tmc.2017.2693990

IF: 6.075

2017-01-01

IEEE Transactions on Mobile Computing

Abstract:Wireless network dynamically allocates channel resources to improve spectral efficiency and, to avoid collisions, has its users cooperate with each other using a medium access control (MAC) protocol. However, MAC assumes user compliance and can be detrimental when a user misbehaves. An attacker who compromised the network can launch more devastating denial-of-service (DoS) attacks than a network outsider by sending excessive reservation requests to waste bandwidth, by listening to the control messages and conducting power-efficient jamming, by falsifying information to manipulate the network control, and so on. We build SecureMAC to defend against such insider threats while retaining the benefits of coordination between the cooperative users. SecureMAC is comprised of four components: channelization to prevent excessive reservations, randomization to thwart reactive targeted jamming, coordination to counter control-message aware jamming and resolve over-reserved and under-reserved spectrum, and power attribution to determine each node's contribution to the received power. Our theoretical analyses and implementation evaluations demonstrate superior performance over previous approaches, which either ignore security issues or give up the benefit of cooperation when under attack by disabling user coordination (such as the Nash equilibrium of continuous wideband transmission). In realistic scenarios, our SecureMAC implementation outperforms such schemes by 76-159 percent.

Peng Zhang,Chuang Lin

DOI: https://doi.org/10.1007/978-3-319-31083-1_3

2016-01-01

Abstract:As is introduced in Chap. 2, network coding is notoriously susceptible to pollution attacks: a single polluted packet can end up corrupting bunches of good ones. The mechanisms that we introduced previously either incur high computation/bandwidth overheads or cannot resist the tag pollution proposed recently. This chapter will present a novel idea termed padding for orthogonality for network coding authentication. Inspired by it, we design a public key-based signature scheme and a symmetric key-based MAC scheme, which can both effectively contain pollution attacks at forwarders. In particular, we combine them to propose a unified scheme termed MacSig, the first hybrid key cryptographic approach to network coding authentication. It can thwart both normal pollution and tag pollution attacks in an efficient way. Simulative results show that our MacSig scheme has a low bandwidth overhead and a verification process 2-4 times faster than typical signature-based solutions in some circumstances.

Xiaohu Wu,Yinlong Xu,Liping Xiang,Wei Xu

DOI: https://doi.org/10.1109/ISNETCOD.2011.5979070

2011-01-01

Abstract:Network coding allows intermediate nodes to encode data packets, which increases network throughput and enhances robustness. However, once a node injects corrupted data blocks into a network, the polluted data blocks will propagate quickly with network coding. Based on linear subspace and key pre-distribution, this paper proposes a HYBRID scheme against pollution attacks to network coding. Some typical properties of HYBRID are: (1) all nodes are able to detect polluted data blocks; (2) it prevents tag pollution attacks; (3) It does not need a very large field to implement and is computationally efficient; (4) It does not need a time synchronization of all nodes in a network and the correctness of each data packet can be verified immediately when it arrives at a node.

Wu Chi,Huang Cheng,Huang Xiaotao

DOI: https://doi.org/10.1109/ICIS.2012.5

2012-01-01

Computer and Information Science

Abstract:The network coding usually suffers from pollution attacks. Two schemes against pollution attacks are discussed in this paper, based on linear space signature and information theory, respectively. Pollution attacks detection algorithm of information theory based scheme is improved. The time consumptions of two schemes under different conditions of file size and data segmentation size are compared, and then a new scheme combining linear space signature and with information theory is provide to fight pollution attacks.

Peng Zhang,Yixin Jiang,Chuang Lin,Hongyi Yao,Albert Wasef,Xuemin Shen

DOI: https://doi.org/10.1109/INFCOM.2011.5934876

2011-01-01

Abstract:Network coding provides a promising alternative to traditional store-and-forward transmission paradigm. However, due to its information-mixing nature, network coding is notoriously susceptible to pollution attacks: a single polluted packet can end up corrupting bunches of good ones. Existing authentication mechanisms either incur high computation/bandwidth overheads, or cannot resist the tag pollution proposed recently. This paper presents a novel idea termed “padding for orthogonality” for network coding authentication. Inspired by it, we design a public-key based signature scheme and a symmetric-key based MAC scheme, which can both effectively contain pollution attacks at forwarders. In particular, we combine them to propose a unified scheme termed MacSig, the first hybrid-key cryptographic approach to network coding authentication. It can thwart both normal pollution and tag pollution attacks in an efficient way. Simulative results show that our MacSig scheme has a low bandwidth overhead, and a verification process 2-4 times faster than typical signature-based solutions in some circumstances.

Man Liang,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e96.a.1889

2013-01-01

Abstract:Wireless sensor network (WSN) using network coding is vulnerable to pollution attacks. Existing authentication schemes addressing this attack either burden the sensor node with a higher computation overhead, or fail to provide an efficient way to mitigate two recently reported attacks: tag pollution attacks and repetitive attacks, which makes them inapplicable to WSN. This paper proposes an efficient hybrid cryptographic scheme for WSN with securing network coding. Our scheme can resist not only normal pollution attacks, but the emerging tag pollution and repetitive attacks in an efficient way. In particular, our scheme is immediately suited for distributing multiple generations using a single public key. Experimental results show that our scheme can significantly improve the computation efficiency at a sensor node under the two above-mentioned attacks.

Lawrence Tandoh,Li Fagen,Ali Ikram,Haruna Charles R.,Kpiebaareh Michael Y.,Christopher Tandoh

DOI: https://doi.org/10.1007/s11235-021-00842-6

2021-01-01

Telecommunication Systems

Abstract:One of the major security threats that plague network coding are pollution attacks. Therefore, the ability to authenticate the contents of received packets is a vital requirement of all network coding authentication schemes. One of the most famous cryptographic approaches used to mitigate data and tag pollution in network coding are homomorphic message authentication codes (HMACS). In this approach, authentication is achieved by appending one or more HMAC tag vectors and in some cases a homomorphic cryptographic signature to the packet payload. Two major concerns arise when designing authentication schemes for network coding. These are the costs associated with the communication and computational overheads. These two factors determine the efficiency and practicality of the scheme. Unfortunately, in most cases, lowering one of the costs results in an increase in the other. In this paper we propose an efficient data and tag pollution immune authentication scheme based on HMACs and a homomorphic cryptographic signature. In our evaluation of the performance of the proposed scheme we compared it with three other similar state of the art schemes. The result of our evaluation showed that the proposed scheme incurs a computational overhead that is up to 64–97% lower at the source and non-source nodes. The proposed scheme also fairs well with respect to communication overhead where it is only outperformed by one of the three schemes. This difference however is minute (one symbol) and is greatly outweighed by the proposed schemes lower computational overhead.

Lawrence Tandoh,Fagen Li,Ikram Ali,Charles Roland Haruna,Michael Y. Kpiebaareh,Tandoh Christopher

DOI: https://doi.org/10.1007/978-981-19-0523-0_12

2022-01-01

Abstract:Network coding (NC) authentication schemes based on homomorphic message authentication codes (HMACs) are usually preferred due to the low computational complexity associated with their implementation. A basic requirement of these schemes is that they should be able to resist both message and tag pollution attacks. A common approach adopted in the design of these schemes uses key vectors to generate tags that are then used to detect these attacks. Conventionally, the only constraint placed on existing key selection models is that key elements must be chosen from a predefined finite cyclic field. In this work we prove that this condition alone is not sufficient to ensure total resistance to pollution attacks. We also provide a detailed description of this security loophole as well as a proposition that defines what a scheme needs in order to achieve total resistance to pollution attacks. Based on our findings we propose a modified authentication scheme for NC that is not exposed to the security loophole and therefore provides complete resistance to pollution attacks. Our evaluation of the proposed scheme against similar state of the art schemes shows that it achieves this at no extra overhead. As a matter of fact, the proposed scheme incurs a slightly lower computational overhead at non-source nodes coupled with a slightly lower key storage overhead.

Frederique Oggier,Hanane Fathi

DOI: https://doi.org/10.48550/arXiv.0909.3146

2009-09-17

Abstract:Systems exploiting network coding to increase their throughput suffer greatly from pollution attacks which consist of injecting malicious packets in the network. The pollution attacks are amplified by the network coding process, resulting in a greater damage than under traditional routing. In this paper, we address this issue by designing an unconditionally secure authentication code suitable for multicast network coding. The proposed scheme is robust against pollution attacks from outsiders, as well as coalitions of malicious insiders. Intermediate nodes can verify the integrity and origin of the packets received without having to decode, and thus detect and discard the malicious messages in-transit that fail the verification. This way, the pollution is canceled out before reaching the destinations. We analyze the performance of the scheme in terms of both multicast throughput and goodput, and show the goodput gains. We also discuss applications to file distribution.

Information Theory,Cryptography and Security

Tingting Yang,Hailong Feng,Chengming Yang,Zhonghua Sun,Ruilong Deng

DOI: https://doi.org/10.1155/2016/3906549

IF: 1.938

2016-01-01

International Journal of Distributed Sensor Networks

Abstract:An innovative paradigm named Cooperative Cognitive Maritime Cyber Physical Systems (CCMCPSs) is developed to achieve high-speed and low-cost communication services. The analysis of the available white space at sea, as well as the framework, is presented. Specifically, a bilevel game with two stages of PUs-to-SUs (primary users to secondary users) and SUs-to-SUs is proposed, to address the resource allocation issue of Decode-and-Forward (DF) relay mode with maximal-ratio combining (MRC) receiving mode in destination. Stackelberg game with priority is employed between PU and SUs, while a symmetrical system model is considered among SUs-to-SUs. The game theoretic procedure that converges to Nash equilibrium based on the utility and payoff function is illustrated. Simulation results demonstrate that our proposed strategy could effectively increase the throughput as well as the payoffs of the system.

Attilio Fiandrotti,Rossano Gaeta,Marco Grangetto

DOI: https://doi.org/10.1109/TMM.2015.2402516

2017-07-24

Abstract:Network coding based peer-to-peer streaming represents an effective solution to aggregate user capacities and to increase system throughput in live multimedia streaming. Nonetheless, such systems are vulnerable to pollution attacks where a handful of malicious peers can disrupt the communication by transmitting just a few bogus packets which are then recombined and relayed by unaware honest nodes, further spreading the pollution over the network. Whereas previous research focused on malicious nodes identification schemes and pollution-resilient coding, in this paper we show pollution countermeasures which make a standard network coding scheme resilient to pollution attacks. Thanks to a simple yet effective analytical model of a reference node collecting packets by malicious and honest neighbors, we demonstrate that i) packets received earlier are less likely to be polluted and ii) short generations increase the likelihood to recover a clean generation. Therefore, we propose a recombination scheme where nodes draw packets to be recombined according to their age in the input queue, paired with a decoding scheme able to detect the reception of polluted packets early in the decoding process and short generations. The effectiveness of our approach is experimentally evaluated in a real system we developed and deployed on hundreds to thousands peers. Experimental evidence shows that, thanks to our simple countermeasures, the effect of a pollution attack is almost canceled and the video quality experienced by the peers is comparable to pre-attack levels.

Networking and Internet Architecture,Multimedia

Wei Tong,Sheng Zhong

DOI: https://doi.org/10.1109/tifs.2016.2581313

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Pollution attacks can cause severe damages in network coding systems. Many approaches have been proposed to defend against pollution attacks. However, the current approaches implicitly assume that the defender has adequate resources to defend against pollution attacks. When the resources of the defender are limited, they provide no information for the defender to allocate the resources to get better defense performance. In this paper, we consider the case that the defender's resources are limited and study how the defender allocates resources to defend against pollution attacks. We first study this problem in one-session transmissions, and we propose a two-player strategic game to model the interactions between the defender and the attacker. Under this model, two algorithms are proposed to find the best response strategy for the defender. Then, we study the resource allocation problem in a multi-session setting. We propose an extensive game model and an enhancement algorithm to solve the resource allocation problem under this circumstance. Finally, we conducted extensive simulations to evaluate the proposed algorithms. The results demonstrate that our algorithms can significantly improve the utility of the defender, with reasonable computation time.

Lin Yao,Zhenyu Chen,Haipeng Dai,Guowei Wu

DOI: https://doi.org/10.1109/TDSC.2021.3109046

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Vehicular Content Centric Network (VCCN) has been proposed to address the issues of user mobility and sporadic connectivity in Vehicular Ad hoc Network (VANET). The in-network caching of VCCN can indeed improve the performance of content distribution in terms of cache hit and delivery latency by making each node store frequently accessed data. However, data caching unfortunately suffers from Cache Pollution Attack (CPA) that sends out fabricated requests to pollute the data cache. To prevent the degradation of network performance caused by such an attack, we propose a detection and defense scheme for CPA by adopting game theory. We model the attack scenario into a non-cooperative game model. First, we prove the non-existence of pure strategy Nash Equilibrium (NE) in the attacker and defender game, and propose a normal form game model with complete information and an extensive Bayesian form game model with incomplete information. Under the guidance of NE, we propose a punishment strategy to prevent the conspiracy attack and make the attackers behave normally. Moreover, we propose a cooperative detection scheme to give the Road Side Unit (RSU) the final decision on CPA based on the direct and indirect suspicious lists which are generated by each node according to the observed traffic pattern. Simulation evaluations demonstrate that our scheme outperforms state-of-the-art schemes in terms of cache hit, detecting ratio, and cache accuracy for detecting and defending CPA.

Donghai Zhu,Xinyu Yang,Wei Yu

DOI: https://doi.org/10.1016/j.comnet.2015.08.023

IF: 5.493

2015-01-01

Computer Networks

Abstract:Pollution attacks refer to ones where attackers modify and inject corrupted data packets into the wireless network with network coding to disrupt the decoding process. In the context of network coding, the epidemic effect of pollution attacks can degrade network throughput significantly because of the mixing nature of network coding. To address this issue, a number of schemes to identify malicious nodes have been developed in the past. Nonetheless, these schemes have their limitations and cannot effectively deal with pollution attacks. In this paper, we propose a novel light-weight Self-checking Pollution Attackers Identification Scheme (SPAIS), which can identify the pollution attackers effectively and efficiently. By making full use of the broadcast nature of wireless media and the insight that a well-behaved node can monitor its downstream neighboring nodes locally by cooperating with other nodes, SPAIS hierarchically organizes the network as levels such that the nodes in the same level can monitor their downstream level nodes cooperatively. Through the combination of theoretical analysis and extensive simulations, our experimental data demonstrates that SPAIS can more effectively identify pollution attackers with a lower cost in comparison with the existing candidate schemes. For example, even if the quality of network connections is not in good condition and the malicious nodes send only one corrupted packet, the pollution attackers can be identified with a high probability.

Donghai Zhu,Xinyu Yang,Wei Yu

DOI: https://doi.org/10.1109/CCNC.2014.6866593

2014-01-01

Abstract:Pollution attacks refer to ones where attackers modify and inject corrupted data packets into the wireless network with network coding to disrupt the decoding process. In the context of network coding, the epidemic effect of pollution attacks can degrade network throughput significantly because of the mixing nature of network coding. To address this issue, a number of malicious nodes identification schemes have been developed in the past. However, these schemes have their limitations and cannot effectively deal with pollution attacks. In this paper, we propose a novel light-weight Self-checking Pollution Attackers Identification Scheme (SPAIS), which can identify the pollution attackers effectively and efficiently. Through making full use of the broadcast nature of wireless media and insight that a well-behaved node can monitor its downstream neighboring nodes locally by cooperating with other nodes, SPAIS hierarchically organizes the network as levels such that the nodes in the same level can monitor their downstream level nodes cooperatively. Through the combination of theoretical analysis and extensive simulations, our experimental data demonstrates that SPAIS can more effectively identify pollution attackers with a lower cost in comparison with the existing representative schemes. For example, even if the quality of the network connection is not in good condition and the malicious nodes send only one corrupted packet, the pollution attackers can be identified with a high probability.

Zhenquan Qin,Yingxiao Sun,Liang Sun,Lei Wang,Wenzhe Zhang,Bingxian Lu,Lei Shu

DOI: https://doi.org/10.1109/ICCCN.2016.7568480

2016-01-01

Abstract:Currently, various Medium Access Control (MAC) protocols have been proposed for underwater wireless sensor networks. Unlike terrestrial networks, underwater networks utilize acoustic waves, which have comparatively lower loss and longer range in underwater environments. However, the use of acoustic waves incurs long propagation delays that typically lead to low throughput especially in protocols that require receiver feedback such as multimedia stream delivery and the energy cost of transmission is much higher than receptions. Thus, collision and retransmission should be reduced in practice in order to reduce energy cost and improve throughput. Based on these motivations, we propose a novel MAC protocol called NCDCMAC. NCDC-MAC leverages network coding and duty cycle, the combination of which is seldom explored, to solve these challenges. Heterogeneous wireless networks and node roles are considered while designing our algorithms. Meanwhile, fairness including schedule and service time assignment is supported in our approach. Extensive simulations show that our approach can achieve significantly better performance.

Xiaoyan Wang,Jie Li,Feilong Tang

DOI: https://doi.org/10.1109/tpds.2013.22

IF: 5.3

2013-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cooperative communication, which utilizes neighboring nodes to relay the overhearing information, has been employed as an effective technique to deal with the channel fading and to improve the network performances. Network coding, which combines several packets together for transmission, is very helpful to reduce the redundancy at the network and to increase the overall throughput. Introducing network coding into the cooperative retransmission process enables the relay node to assist other nodes while serving its own traffic simultaneously. To leverage the benefits brought by both of them, an efficient Medium Access Control (MAC) protocol is needed. In this paper, we propose a novel network coding aware cooperative MAC protocol, namely NCAC-MAC, for wireless ad hoc networks. The design objective of NCAC-MAC is to increase the throughput and reduce the delay. Simulation results reveal that NCAC-MAC can improve the network performance under general circumstances comparing with two benchmarks.