Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Hao Wu,Hui Li,Mengjing Song

DOI: https://doi.org/10.1007/978-981-10-1536-6_4

2016-01-01

Abstract:It has been shown that network coding can effectively improve the throughput of multicast communication sessions in directed acyclic graphs, achieving their cut-set capacity bounds. However, network coding is highly susceptible to eavesdropping and pollution attacks in which malicious nodes attacks cannot be prevented. In this paper, we propose several ways to enhance the security and reliability of random networking coding transmission. Schemes which encrypt the random coefficients and the coding payload could ensure the information has a relatively low probability to be cracked. We also implement the reliable transmission by forward error-correction. It has been shown that random network coding with encryption and forward error-correction can help achieve provably good overall security and reliability performance.

Yanfei Fan,Jiming Chen,Xiaodong Lin,Xuemin Shen

DOI: https://doi.org/10.1109/GLOCOM.2010.5683317

2010-01-01

Abstract:Privacy threat is a very serious issue in multi-hop wireless networks (MWNs) since open wireless channels are vulnerable to malicious attacks. Source unobservability is an attractive and desirable security property for many privacy-sensitive applications, and dummy messages are most commonly used to achieve this property. However, dummy messages may incur severe performance degradation or even service denial due to the explosion of network traffic. In this paper, we propose a novel scheme, called SUNC (Source Unobservability by Network Coding), to prevent traffic explosion while achieving source unobservability. With SUNC, specially designed dummy messages can be absorbed at intermediate nodes, and, thus, traffic explosion can be naturally prevented. In addition, SUNC can offer forwarder blindness, which is an important privacy property for thwarting internal attackers. Security analysis and performance evaluation demonstrate the efficacy and efficiency of the proposed SUNC.

Peng Zhang,Yixin Jiang,Chuang Lin,Yanfei Fan,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/infcom.2010.5462050

2010-01-01

Abstract:Though providing an intrinsic secrecy, network coding is still vulnerable to eavesdropping attacks, by which an adversary may compromise the confidentiality of message content. Existing studies mainly deal with eavesdroppers that can intercept a lim-ited number of packets. However, real scenarios often consist of more capable adversaries, e.g., global eavesdroppers, which can defeat these techniques. In this paper, we propose P-Coding, a novel security scheme against eavesdropping attacks in network coding. With the lightweight permutation encryption performed on each message and its coding vector, P-Coding can efficiently thwart global eavesdroppers in a transparent way. Moreover, P-Coding is also featured in scalability and robustness, which enable it to be integrated into practical network coded systems. Security analysis and simulation results demonstrate the efficacy and efficiency of the P-Coding scheme.

Majid Adeli,Huaping Liu

2013-01-01

Abstract:A new scheme providing security against passive attackers in linear network coding is proposed. Throughput efficiency, low algorithm complexity, and high adaptability/applicability are the major design factors that are considered in this security protocol. A bijective permutation map defined over the code field is utilized to generate the randomness that is required for masking the plain information symbols. The input arguments of the permutation map are some of the plain data symbols and one random symbol that is chosen by the source node. It is shown that as long as the attacker does not have access to all the independent channels, he can not obtain any linear combination of the plain information symbols. Reducing data throughput by only one unit compared to the non-secure network code, and avoiding the use of complex transformations such as cryptographic algorithms or hash functions are the main advantages of the proposed security protocol.

Baoxing Pu,Hongben Huang,GuangYao Pang

DOI: https://doi.org/10.1038/s41598-024-77510-7

IF: 4.6

2024-11-08

Scientific Reports

Abstract:For secure network coding to prevent eavesdropping attacks, a general design is used that puts restrictions on the eavesdropping channel set or encryption technology is embedded, which can cause problems in practical applications. Based on random linear network coding technology, in this paper, a transmission strategy to prevent eavesdropping attacks is proposed for single - source multicast networks, without either precondition of restricting the eavesdropping channel set or embedding encryption technology. The data transmission process is divided into three phases , and the global encoding vectors are separated from the encoded data on the channel. The proposed strategy can enable the sink to decode successfully, making it very difficult for eavesdroppers to meet the conditions for successful decoding by randomly selecting the eavesdropping channel set without obtaining network topology knowledge. The feasibility of the proposed method is strictly demonstrated using layered network technology, and its security is analyzed. The simulation results confirm the validity of the theoretical analysis.

multidisciplinary sciences

Peng Zhang,Chuang Lin

DOI: https://doi.org/10.1007/978-3-319-31083-1_2

2016-01-01

Abstract:While network coding can help improve network performance, it also introduces new security and privacy issues. For example, network coding can make data transmission more vulnerable to "pollution attacks": A single illegal packet can end up polluting a bunch of good ones through the process of intermediate coding, causing receivers unable to decode properly. Besides data integrity, data confidentiality and user privacy also become quite different in the new environment of network coding. This makes existing schemes like digital signatures, encryption algorithms, and anonymity schemes either infeasible or inefficient. This chapter will introduce several attacks on network coding and the corresponding countermeasures.

Peng Zhang,Chuang Lin

DOI: https://doi.org/10.1007/978-3-319-31083-1_1

2016-01-01

Abstract:Network coding [2] has been recognized as a significant improvement over the Shannon information transmission model. Many researchers in both information theory and computer communication areas have devoted a lot of effort to study network coding. In the following, we will give a brief review of network coding, followed by its benefits and applications. Then, we point out the security vulnerability of network coding, which is the focus of this book.

Man Liang,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e96.a.1889

2013-01-01

Abstract:Wireless sensor network (WSN) using network coding is vulnerable to pollution attacks. Existing authentication schemes addressing this attack either burden the sensor node with a higher computation overhead, or fail to provide an efficient way to mitigate two recently reported attacks: tag pollution attacks and repetitive attacks, which makes them inapplicable to WSN. This paper proposes an efficient hybrid cryptographic scheme for WSN with securing network coding. Our scheme can resist not only normal pollution attacks, but the emerging tag pollution and repetitive attacks in an efficient way. In particular, our scheme is immediately suited for distributing multiple generations using a single public key. Experimental results show that our scheme can significantly improve the computation efficiency at a sensor node under the two above-mentioned attacks.

Salim El Rouayheb,Emina Soljanin,Alex Sprintson

DOI: https://doi.org/10.48550/arXiv.0907.3493

2009-07-21

Abstract:We consider the problem of securing a multicast network against a wiretapper that can intercept the packets on a limited number of arbitrary network edges of its choice. We assume that the network employs the network coding technique to simultaneously deliver the packets available at the source to all the receivers. We show that this problem can be looked at as a network generalization of the wiretap channel of type II introduced in a seminal paper by Ozarow and Wyner. In particular, we show that the transmitted information can be secured by using the Ozarow-Wyner approach of coset coding at the source on top of the existing network code. This way, we quickly and transparently recover some of the results available in the literature on secure network coding for wiretap networks. Moreover, we derive new bounds on the required alphabet size that are independent of the network size and devise an algorithm for the construction of secure network codes. We also look at the dual problem and analyze the amount of information that can be gained by the wiretapper as a function of the number of wiretapped edges.

Information Theory

Salim El Rouayheb,Emina Soljanin

DOI: https://doi.org/10.48550/arXiv.0807.0821

2008-07-05

Abstract:We consider the problem of securing a multicast network against a wiretapper that can intercept the packets on a limited number of arbitrary network links of his choice. We assume that the network implements network coding techniques to simultaneously deliver all the packets available at the source to all the destinations. We show how this problem can be looked at as a network generalization of the Ozarow-Wyner Wiretap Channel of type II. In particular, we show that network security can be achieved by using the Ozarow-Wyner approach of coset coding at the source on top of the implemented network code. This way, we quickly and transparently recover some of the results available in the literature on secure network coding for wiretapped networks. We also derive new bounds on the required secure code alphabet size and an algorithm for code construction.

Information Theory

Xuan Guang

DOI: https://doi.org/10.48550/arXiv.1601.04503

2016-11-24

Abstract:In the paradigm of network coding, the information-theoretic security problem is encountered in the presence of a wiretapper, who has capability of accessing an unknown channel-subset in communication networks. In order to combat this eavesdropping attack, secure network coding is introduced to prevent information from being leaked to adversaries. For any construction of secure linear network codes (SLNCs) over a wiretap network, the based field size is a very important index, because it largely determines the computational and space complexities, and further the efficiency of network transmission. Further, it is also very important for the process of secure network coding from theoretical research to practical applications. In the present paper, we proposed new lower bounds on the field size for constructing SLNCs, which shows that the field size can be reduced considerably without giving up any security and capacity. In addition, since the obtained lower bounds depend on network topology, how to efficiently determine them is another very important and attractive problem for explicit constructions of SLNCs. Motivated by a desire to develop methods with low complexity and empirical behavior to solve this problem, we propose efficient approaches and present a series of algorithms for implementation. Subsequently, the complexity of our algorithms is analyzed, which shows that they are polynomial-time.

Information Theory

Yanfei Fan,Yixin Jiang,Haojin Zhu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/infcom.2009.5062146

2009-01-01

Abstract:Privacy threat is one of the critical issues in network coding, where attacks such as traffic analysis can be easily launched by a malicious adversary once enough encoded packets are collected. Furthermore, the encoding/mixing nature of network coding precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing, in network coding enabled networks. In this paper, we propose a novel privacy-preserving scheme against traffic analysis in network coding. With homomorphic encryption operation on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Dehuai Li,Shiwei Yan,Xiguang Zhang,Yong Shang

DOI: https://doi.org/10.1109/vtcfall.2016.7880934

2016-01-01

Abstract:This paper exploits physical layer network coding (PNC) and friendly jamming to improve their physical layer security in wireless two-hop cooperative communications, consisting of one source-destination pair with the help of multiple intermediate nodes in the presence of one eavesdropper. By sending a jamming signal carrying a random binary message from the selected jammer and utilizing the PNC at the selected relay node, the system can avoid the disadvantage of the friendly jamming to the source-relay channel and do good to the relay-destination channel, thereby achieving better secrecy rate. Assuming global channel state information available and memoryless adversaries, we seek to minimize the secrecy outage probability with the optimal relay and jammer selection. Numerical simulation results show that our schemes outperform the conventional approaches in wireless cooperative communications.

Jian Li,Tongtong Li,Jian Ren

DOI: https://doi.org/10.1109/glocom.2013.6831178

2013-01-01

Abstract:Linear network coding provides a new communication diagram to significantly increase the network capacity by allowing the relay nodes to encode the incoming messages. However, this communication diagram is fragile to communication errors and node compromising attacks. How to combat errors while maintaining the network efficiency is a challenging research problem. In this paper, we characterize a linear network coding through a series of cascaded linear error-control codes. This representation enables us to determine the independent source of errors in the cascaded network level. It could lead to a successful decoding of the original message and locating of the malicious network nodes. We provide comprehensive theoretical analysis on network coding in both unicast and multicast scenarios. Our research provides a new approach to understand network coding schemes and also a novel methodology to develop network coding schemes that can combat node compromising attacks and locate the malicious nodes.

Kaikai Chi,Xiaohong Jiang,Baoliu Ye,Yanjun Li

DOI: https://doi.org/10.1016/j.comnet.2011.04.006

IF: 5.493

2011-01-01

Computer Networks

Abstract:Recently, a network coding-based packet forwarding architecture COPE was proposed for multihop wireless networks to improve the throughput. Both simulation and testbed results verified COPE’s capability of enhancing throughput. However, COPE simply classifies all packets destined to the same nexthop into small-size or large-size virtual queues and then, to limit packet reordering, examines only the head packet of each queue to find coding solutions. Theoretically all the packets of distinct flows have the potential to be encoded together for throughput improvement, but the above packet size-oriented queue structure significantly limits this potential coding opportunity, since only one packet of a given size will be examined in the coding process. In this paper, we apply the standard flow-oriented queueing to network-coding-capable multihop wireless networks, which maintains a dedicated virtual queue for each flow and regards the head packets as coding candidates. Such flow-based architecture completely eliminates packet mis-order problem, and our theoretical analysis shows that in comparison with the simple size-based queuing, the new architecture is able to dramatically increase the potential coding opportunities. We further study the optimal network coding problem of the flow-oriented architecture. The COPE’s simple coding algorithm is not effective enough since it does not consider several other key issues like the packet size gaps among the packets to be encoded, packet loss rates and decoding probabilities. Therefore, we develop a corresponding efficient algorithm for searching good coding solutions. Our extensive simulation results demonstrated that COPE can improve the node transmission efficiency, but the flow-oriented architecture with proposed coding algorithm can make this improvement much more significant.

Jen-Yeu Chen,Yi-ying Tseng

DOI: https://doi.org/10.48550/arXiv.1303.2553

2013-03-11

Abstract:Network coding is an elegant technique where, instead of simply relaying the packets of information they receive, the nodes of a network are allowed to combine \emph{several} packets together for transmission and this technique can be used to achieve the maximum possible information flow in a network and save the needed number of packet transmissions. Moreover, in an energy-constraint wireless network such as Wireless Sensor Network (a typical type of wireless ad hoc network), applying network coding to reduce the number of wireless transmissions can also prolong the life time of sensor nodes. Although applying network coding in a wireless sensor network is obviously beneficial, due to the operation that one transmitting information is actually combination of multiple other information, it is possible that an error propagation may occur in the network. This special characteristic also exposes network coding system to a wide range of error attacks, especially Byzantine attacks. When some adversary nodes generate error data in the network with network coding, those erroneous information will be mixed at intermeidate nodes and thus corrupt all the information reaching a destination. Recent research efforts have shown that network coding can be combined with classical error control codes and cryptography for secure communication or misbehavior detection. Nevertheless, when it comes to Byzantine attacks, these results have limited effect. In fact, unless we find out those adversary nodes and isolate them, network coding may perform much worse than pure routing in the presence of malicious nodes. In this paper, a distributed hierarchical algorithm based on random linear network coding is developed to detect, locate and isolate malicious nodes.

Networking and Internet Architecture

Peng Xu,Zhiguo Ding,and Xuchu Dai,Kin Leung

DOI: https://doi.org/10.48550/arXiv.1203.5602

2012-03-26

Abstract:In this paper, we consider the design of a new secrecy transmission scheme for a four-node relay-eavesdropper channel. The key idea of the proposed scheme is to combine noisy network coding with the interference assisted strategy for wiretap channel with a helping interferer. A new achievable secrecy rate is characterized for both discrete memoryless and Gaussian channels. Such a new rate can be viewed as a general framework, where the existing interference assisted schemes such as noisy-forwarding and cooperative jamming approaches can be shown as special cases of the proposed scheme. In addition, under some channel condition where the existing schemes can only achieve zero secrecy rate, the proposed secrecy scheme can still offer significant performance gains.

Information Theory

Kaikai Chi,Xiaohong Jiang,Susumu Horiguchi

DOI: https://doi.org/10.1109/GLOCOM.2007.257

2007-01-01

Abstract:Current implementations of multi-hop wireless networks suffer from a severe throughput limitation and do not scale well with an increasing number of nodes. A promising architecture COPE [12], which exploits the physical-layer broadcast property and network coding technique, was recently proposed to significantly improve the throughput of multi-hop wireless networks. In this paper, we will improve the packet coding scheme in COPE to further reduce the number of bytes transmitted by a network node for forwarding its incoming packets to the respective neighbors. We first propose a more general packet coding framework, which covers the one in COPE as a special case and can offer us more coding opportunities. We then formulate the optimal packet coding problem under this general coding framework as an integer programming problem, and prove that it is NP-complete. Finally, we present an efficient algorithm to find the optimal coding solution for the proposed general packet coding framework.

Peng Zhang,Chuang Lin

DOI: https://doi.org/10.1007/978-3-319-31083-1

2016-01-01

Abstract:This book covers a series of security and privacy issues in network coding, and introduces three concrete mechanisms to address them. These mechanisms leverage traditional cryptographic primitives and anonymous protocols, and are redesigned to fit into the new framework of network coding. These three mechanisms are MacSig, a new message authentication method for network-coded systems; P-Coding, a new encryption scheme to secure network-coding-based transmissions; and ANOC, a new anonymous routing protocol that seamlessly integrates anonymous routing with network coding. Along with these three mechanisms, the authors provide a review of network coding's benefits, applications, and security problems. Also included is a detailed overview of security issues in the field, with an explanation of how the security issues differ from those in traditional settings. While network coding can help improve network performance, the adoption of network coding can be greatly limited unless security and privacy threats are addressed. Designed for researchers and professionals, Security in Network Coding explores major challenges in network coding and offers practical solutions. Advanced-level students studying networking or system security will also find the content valuable.