Lawrence Tandoh,Li Fagen,Ali Ikram,Haruna Charles R.,Kpiebaareh Michael Y.,Christopher Tandoh

DOI: https://doi.org/10.1007/s11235-021-00842-6

2021-01-01

Telecommunication Systems

Abstract:One of the major security threats that plague network coding are pollution attacks. Therefore, the ability to authenticate the contents of received packets is a vital requirement of all network coding authentication schemes. One of the most famous cryptographic approaches used to mitigate data and tag pollution in network coding are homomorphic message authentication codes (HMACS). In this approach, authentication is achieved by appending one or more HMAC tag vectors and in some cases a homomorphic cryptographic signature to the packet payload. Two major concerns arise when designing authentication schemes for network coding. These are the costs associated with the communication and computational overheads. These two factors determine the efficiency and practicality of the scheme. Unfortunately, in most cases, lowering one of the costs results in an increase in the other. In this paper we propose an efficient data and tag pollution immune authentication scheme based on HMACs and a homomorphic cryptographic signature. In our evaluation of the performance of the proposed scheme we compared it with three other similar state of the art schemes. The result of our evaluation showed that the proposed scheme incurs a computational overhead that is up to 64–97% lower at the source and non-source nodes. The proposed scheme also fairs well with respect to communication overhead where it is only outperformed by one of the three schemes. This difference however is minute (one symbol) and is greatly outweighed by the proposed schemes lower computational overhead.

Tandoh Lawrence,Fagen Li,Ikram Ali,Michael Y. Kpiebaareh,Charles R. Haruna,Tandoh Christopher

DOI: https://doi.org/10.1016/j.sysarc.2021.102051

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Authentication schemes based on homomorphic message authentication codes (HMACs) with or without a homomorphic cryptographic signature (HCS) have always played a vital role in network coding (NC). A newly developing trend with respect to research in this area takes authentication in NC-compatible networks beyond error detection. Current HMAC-based authentication schemes for networks that support NC not only detect and drop corrupted packets but also identify the rogue nodes that begun the attack. However, in order to completely optimize the performance of an NC-enabled network, nodes that identify corrupted packets should also be able to correct the errors. Doing this eliminates the communication cost associated with the need for re-transmission and improves throughput. In this paper we propose what to the best of our knowledge is the first of such HMAC-based authentication schemes. Like all current state of the art HMAC-based authentication schemes, the proposed scheme is able to identify pollution attacks and the nodes that launched them. Furthermore, the proposed scheme is also able to correct the corruption. This according to our evaluation improves the throughput of the network when compared to other similar state of the art schemes that do not possess this feature.

Lawrence Tandoh,Fagen Li,Ikram Ali,Charles Roland Haruna,Michael Y. Kpiebaareh,Tandoh Christopher

DOI: https://doi.org/10.1007/978-981-19-0523-0_12

2022-01-01

Abstract:Network coding (NC) authentication schemes based on homomorphic message authentication codes (HMACs) are usually preferred due to the low computational complexity associated with their implementation. A basic requirement of these schemes is that they should be able to resist both message and tag pollution attacks. A common approach adopted in the design of these schemes uses key vectors to generate tags that are then used to detect these attacks. Conventionally, the only constraint placed on existing key selection models is that key elements must be chosen from a predefined finite cyclic field. In this work we prove that this condition alone is not sufficient to ensure total resistance to pollution attacks. We also provide a detailed description of this security loophole as well as a proposition that defines what a scheme needs in order to achieve total resistance to pollution attacks. Based on our findings we propose a modified authentication scheme for NC that is not exposed to the security loophole and therefore provides complete resistance to pollution attacks. Our evaluation of the proposed scheme against similar state of the art schemes shows that it achieves this at no extra overhead. As a matter of fact, the proposed scheme incurs a slightly lower computational overhead at non-source nodes coupled with a slightly lower key storage overhead.

Peng Zhang,Yixin Jiang,Chuang Lin,Hongyi Yao,Albert Wasef,Xuemin Shen

DOI: https://doi.org/10.1109/INFCOM.2011.5934876

2011-01-01

Abstract:Network coding provides a promising alternative to traditional store-and-forward transmission paradigm. However, due to its information-mixing nature, network coding is notoriously susceptible to pollution attacks: a single polluted packet can end up corrupting bunches of good ones. Existing authentication mechanisms either incur high computation/bandwidth overheads, or cannot resist the tag pollution proposed recently. This paper presents a novel idea termed “padding for orthogonality” for network coding authentication. Inspired by it, we design a public-key based signature scheme and a symmetric-key based MAC scheme, which can both effectively contain pollution attacks at forwarders. In particular, we combine them to propose a unified scheme termed MacSig, the first hybrid-key cryptographic approach to network coding authentication. It can thwart both normal pollution and tag pollution attacks in an efficient way. Simulative results show that our MacSig scheme has a low bandwidth overhead, and a verification process 2-4 times faster than typical signature-based solutions in some circumstances.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Yixin Jiang,Haojin Zhu,Minghui Shi,Xuemin (Sherman) Shen,Chuang Lin

DOI: https://doi.org/10.1016/j.comnet.2009.08.006

IF: 5.493

2010-01-01

Computer Networks

Abstract:The network coding based applications are vulnerable to possible malicious pollution attacks. Signature schemes have been well-recognized as the most effective approach to address this security issue. However, existing homomorphic signature schemes for network coding either incur high transmission/computation overhead, or are vulnerable to random forgery attacks. In this paper, we propose a novel dynamic-identity based signature scheme for network coding by signing linear vector subspaces. The scheme can rapidly detect/drop the packets that are generated from pollution attacks, and efficiently thwart random forgery attack. By employing fast packet-based and generation-based batch verification approaches, a forwarding node can verify multiple received packets synchronously with dramatically reduced total verification cost. In addition, the proposed scheme provides one-way identity authentication without requiring any extra secure channels or separate certificates, so that the transmission cost can be significantly reduced. Simulation results demonstrate the practicality and efficiency of the proposed schemes.

Peng Zhang,Chuang Lin

DOI: https://doi.org/10.1007/978-3-319-31083-1_3

2016-01-01

Abstract:As is introduced in Chap. 2, network coding is notoriously susceptible to pollution attacks: a single polluted packet can end up corrupting bunches of good ones. The mechanisms that we introduced previously either incur high computation/bandwidth overheads or cannot resist the tag pollution proposed recently. This chapter will present a novel idea termed padding for orthogonality for network coding authentication. Inspired by it, we design a public key-based signature scheme and a symmetric key-based MAC scheme, which can both effectively contain pollution attacks at forwarders. In particular, we combine them to propose a unified scheme termed MacSig, the first hybrid key cryptographic approach to network coding authentication. It can thwart both normal pollution and tag pollution attacks in an efficient way. Simulative results show that our MacSig scheme has a low bandwidth overhead and a verification process 2-4 times faster than typical signature-based solutions in some circumstances.

Frederique Oggier,Hanane Fathi

DOI: https://doi.org/10.48550/arXiv.0909.3146

2009-09-17

Abstract:Systems exploiting network coding to increase their throughput suffer greatly from pollution attacks which consist of injecting malicious packets in the network. The pollution attacks are amplified by the network coding process, resulting in a greater damage than under traditional routing. In this paper, we address this issue by designing an unconditionally secure authentication code suitable for multicast network coding. The proposed scheme is robust against pollution attacks from outsiders, as well as coalitions of malicious insiders. Intermediate nodes can verify the integrity and origin of the packets received without having to decode, and thus detect and discard the malicious messages in-transit that fail the verification. This way, the pollution is canceled out before reaching the destinations. We analyze the performance of the scheme in terms of both multicast throughput and goodput, and show the goodput gains. We also discuss applications to file distribution.

Information Theory,Cryptography and Security

Bin Wu,Caifen Wang,Hailong Yao

DOI: https://doi.org/10.1007/s12083-020-01028-8

2021-01-07

Abstract:Network coding is an effective method to optimize network throughput and improve routing reliability, and has been widely used in a decentralized Internet of Things system. However, the packet-mixing property of network coding renders transmission susceptible to pollution attacks, which may prevent the reconstruction of the original file. A homomorphic signature scheme is a powerful tool that enables network coding to combat pollution attacks. Although a series of homomorphic signature schemes already exists, no construction has been proposed to support both homomorphic network coding signatures and the certificateless characteristic. In this paper, we construct a certificateless linearly homomorphic signature scheme for network coding, thus avoiding the disadvantages of certificate management and key escrow problems. We then prove the security of the scheme in a random oracle model against an adaptively chosen dataset attack under two types of adversaries. Moreover, performance analysis results show that our scheme has a lower communication overhead and enjoys a comparable computation cost with related schemes.

computer science, information systems,telecommunications

Man Liang,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e96.a.1889

2013-01-01

Abstract:Wireless sensor network (WSN) using network coding is vulnerable to pollution attacks. Existing authentication schemes addressing this attack either burden the sensor node with a higher computation overhead, or fail to provide an efficient way to mitigate two recently reported attacks: tag pollution attacks and repetitive attacks, which makes them inapplicable to WSN. This paper proposes an efficient hybrid cryptographic scheme for WSN with securing network coding. Our scheme can resist not only normal pollution attacks, but the emerging tag pollution and repetitive attacks in an efficient way. In particular, our scheme is immediately suited for distributing multiple generations using a single public key. Experimental results show that our scheme can significantly improve the computation efficiency at a sensor node under the two above-mentioned attacks.

Kuan Wang,Mingxuan Song,Genqing Bian,Bilin Shao,Kaiqi Huang

DOI: https://doi.org/10.3390/electronics13071316

IF: 2.9

2024-04-01

Electronics

Abstract:Network coding is a potent technique extensively utilized in decentralized Internet of Things (IoT) systems, including the Internet of Medical Things (IoMT). Nevertheless, the inherent packet-mixing characteristics of network coding expose data transmission to pollution attacks, potentially compromising the integrity of original files. The homomorphic signature scheme serves as a robust cryptographic tool that can bolster network coding's resilience against such attacks. However, current schemes are computationally intensive for signature verification, making them impractical for IoMT environments. In this study, we propose a lightweight identity-based network coding scheme (IBNS) that minimizes computational overhead during the signing and verification processes. This scheme has been demonstrated to be secure against adaptive chosen-message attacks and is well-suited for IoMT applications. Furthermore, we assess the performance of our IBNS through both theoretical and experimental analyses. Simulation outcomes confirm that our scheme outperforms previous ones in terms of practicality and efficiency.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yumei Li,Futai Zhang,Xin Liu

DOI: https://doi.org/10.1109/tsc.2020.3039976

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:With the appearance and flourishing development of the Internet of Things (IoT), wireless sensor networks technology has been attracting increasing attention. Network coding is an indispensable technology in the wireless sensor networks, which can improve network transmission throughput. However, pollution attacks is a serious security problem that must be faced in the process of data coding. Although the homomorphic network coding signature schemes can solve this troublesome, the high signature generation and verification cost of these schemes will reduce the transmission efficiency. In this article, we propose an efficient identity-based linearly homomorphic network coding signature scheme for wireless sensor networks to guarantee data integrity and authenticity. In our scheme, the computation cost of signature generation and verification are both independent of the size of the data packet. The scheme is proved secure against existential forgery under adaptive chosen identity and adaptive chosen subspace attacks in random oracle model. Using Java pairing-based Cryptography Library (JPBC), the simulation results illustrate that our scheme is more efficient in practical application.

computer science, information systems, software engineering

Jinyong Chang,Yanyan Ji,Bilin Shao,Maozhi Xu,Rui Xue

DOI: https://doi.org/10.1109/TNET.2020.3013902

2020-12-15

IEEE/ACM Transactions on Networking

Abstract:Homomorphic signature is an extremely important public key authentication technique for network coding to defend against pollution attacks. As a public key cryptographic primitive, it also encounters the same problem of how to confirm the relationship between some public key $pk$ and the identity $ID$ of its owner. In the setting of distributed network coding, the intermediate and destination nodes need to use the public key of source node S to check the validity of vector-signature pairs. Therefore, the binding of S and its corresponding public key becomes crucial. The popular and traditional solution is based on certificates which are issued by a trusted certification authority (CA) center. However, the generation and management of certificates is extremely cumbersome. Hence, in recent work, Lin et al. proposed a new notion of identity-based homomorphic signature, which intends to avoid using certificates. But the key escrow problem is inevitable for identity-based primitives. In this article, we propose another new notion (for network coding): certificateless homomorphic signature (CLHS), which is a compromise for the above two techniques. In particular, we first describe the definition and security model of certificateless homomorphic signature. Then based on bilinear map and the computational Diffie-Hellman (CDH) assumption, give a concrete implementation and detailedly analyze its security. Finally, performance analysis illustrates that our construction is practical.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Bashayer Othman Aloufi,Wajdi Alhakami

DOI: https://doi.org/10.3390/s23042015

2023-02-10

Abstract:Cognitive radio (CR) has emerged as one of the most investigated techniques in wireless networks. Research is ongoing in terms of this technology and its potential use. This technology relies on making full use of the unused spectrum to solve the problem of the spectrum shortage in wireless networks based on the excessive demand for spectrum use. While the wireless network technology node's range of applications in various sectors may have security drawbacks and issues leading to deteriorating the network, combining it with CR technology might enhance the network performance and improve its security. In order to enhance the performance of the wireless sensor networks (WSNs), a lightweight authentication medium access control (MAC) protocol for CR-WSNs that is highly compatible with current WSNs is proposed. Burrows-Abadi-Needham (BAN) logic is used to prove that the proposed protocol achieves secure and mutual authentication. The automated verification of internet security protocols and applications (AVISPA) simulation is used to simulate the system security of the proposed protocol and to provide formal verification. The result clearly shows that the proposed protocol is SAFE under the on-the-fly model-checker (OFMC) backend, which means the proposed protocol is immune to passive and active attacks such as man-in-the-middle (MITM) attacks and replay attacks. The performance of the proposed protocol is evaluated and compared with related protocols in terms of the computational cost, which is 0.01184 s. The proposed protocol provides higher security, which makes it more suitable for the CR-WSN environment and ensures its resistance against different types of attacks.

Haijiang Xie,Jizhong Zhao

DOI: https://doi.org/10.1007/s12083-014-0287-x

IF: 3.488

2014-01-01

Peer-to-Peer Networking and Applications

Abstract:The state of art authentication schemes are tightly linked with encryption or crypto systems, which provides concrete foundations to move towards the concept of access control by confirming the user identity. However the openness of the computer network makes the identity credentials vulnerable even transmitted as cipher text especially in lots of peer-to-peer (P2P) networks. The malicious attackers can possibly steal and fake the user identity by eavesdropping, hijacking, cryptanalysis and forging. In this paper, a novel identity authentication mechanism is proposed based on the reverse usage of the Network Covert Channel (NCC) which is originally designed by attackers to create stealth communication. Different from NCC, where the packet intervals can be exploited as the data carrier to transmit the unauthorized information, we exploit such capability in Network-Covert-Channel-based Identity Authentication (NCCIA) to transmit the identity tag. By validating user identity in a covert manner, we provide a more secure authentication method compared with many existing approaches. A NCCIA demo system is designed on a FTP Platform to verify our method. The experiments demonstrate the NCCIA can prevent the attackers from eavesdropping while maintaining transmission efficiency.

Kaikai Chi,Xiaohong Jiang,Susumu Horiguchi

DOI: https://doi.org/10.1109/GLOCOM.2007.257

2007-01-01

Abstract:Current implementations of multi-hop wireless networks suffer from a severe throughput limitation and do not scale well with an increasing number of nodes. A promising architecture COPE [12], which exploits the physical-layer broadcast property and network coding technique, was recently proposed to significantly improve the throughput of multi-hop wireless networks. In this paper, we will improve the packet coding scheme in COPE to further reduce the number of bytes transmitted by a network node for forwarding its incoming packets to the respective neighbors. We first propose a more general packet coding framework, which covers the one in COPE as a special case and can offer us more coding opportunities. We then formulate the optimal packet coding problem under this general coding framework as an integer programming problem, and prove that it is NP-complete. Finally, we present an efficient algorithm to find the optimal coding solution for the proposed general packet coding framework.

Hung-Min Sun,Shih-Ying Chang,Tello, A.B.,Yen-Hsuen Chen

DOI: https://doi.org/10.1109/compsym.2010.5685515

2010-01-01

Abstract:In recent years, wireless sensor networks (WSN) have received a lot of attention and several cryptographic protocols have been proposed to protect WSN. However, it still opens that how to balance authenticity and transmission. For authenticating the message from a sensor, the message is appended a Message Authentication Code (MAC) authenticating it. These MACs may result in large amount of transmission, which is the most energy-expensive resource. For reducing the amount of the transmission for the MACs, the exclusive-or (XOR) of the MACs is sent instead. In this way, the transmission can be largely reduced but any error occurred in these MACs would make the authentication failed. All the messages and MACs should be retransmitted. In summary, transmitting all MACs supports better authenticity but worse transmission-efficiency, and transmitting an XOR of all MACs supports better transmission-efficiency but worse authenticity. In this paper, we propose a new scheme based on Reed Solomon Codes for balancing authenticity and transmission effectively.

Majid Adeli,Huaping Liu

2013-01-01

Abstract:A new scheme providing security against passive attackers in linear network coding is proposed. Throughput efficiency, low algorithm complexity, and high adaptability/applicability are the major design factors that are considered in this security protocol. A bijective permutation map defined over the code field is utilized to generate the randomness that is required for masking the plain information symbols. The input arguments of the permutation map are some of the plain data symbols and one random symbol that is chosen by the source node. It is shown that as long as the attacker does not have access to all the independent channels, he can not obtain any linear combination of the plain information symbols. Reducing data throughput by only one unit compared to the non-secure network code, and avoiding the use of complex transformations such as cryptographic algorithms or hash functions are the main advantages of the proposed security protocol.

Zhishou Zhang,Qibin Sun,Wai-Choong Wong,John Apostolopoulos,Susie Wee

DOI: https://doi.org/10.1109/icme.2006.262445

2006-01-01

Abstract:This paper proposes a content-aware authentication scheme optimized to account for distortion and overhead for media streaming. When authenticated media is streamed over a lossy network, a received packet is consumed only when it is both decodable and authenticated. In most media formats, some packets are more important than others. This naturally motivates allocating more redundant authentication information for the more important packets in order to maximize their probability of authentication and thereby minimize distortion at the receiver. Toward this goal, with awareness of the media content, we formulate an optimization framework to compute an authentication graph to maximize the expected media quality at the receiver, given specific authentication overhead and knowledge of network loss rates. Experimental results with JPEG-2000 coded images demonstrate that the proposed method achieves our design goal in that the R-D curve of the authenticated image is very close to the R-D curve when no authentication is required.

Xinglei Zhu,Chang Wen Chen

DOI: https://doi.org/10.1109/TIFS.2015.2481366

2016-01-01

Abstract:Authentication has become an emerging issue for video streaming over lossy networks. Although the advanced video coding standards, such as H.264/AVC, efficiently reduce the amount of data to be transmitted, the coding dependency brings new challenges in designing efficient stream authentication scheme. In this paper, we propose a novel joint-designed-layered source–channel adaptive scheme that integrates authentication into source and channel coding components to sufficiently use the related information to efficiently address the coding dependency and to design the optimal rate allocation scheme for the sake of end-to-end video quality. The proposed layered framework is able to minimize end-to-end quality degradation incurred by both the wireless channel noise and the authentication failure. In particular, the competing requirements of high verification probability and low authentication overhead are concurrently satisfied by the elegant design of layered hash appending with efficient adaptation to the H.264 source coding and channel conditions. A joint source–channel-authentication rate allocation scheme is then developed to achieve optimal end-to-end video quality. The experimental results on H.264 video sequences confirm the efficacy of this joint adaptive scheme and demonstrate that it indeed outperforms the state-of-the-art graph-based authentication algorithms.