Presentation is loading. Please wait.

Presentation is loading. Please wait.

RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University.

Similar presentations


Presentation on theme: "RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University."— Presentation transcript:

1 RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University of Hong Kong Sidharth Jaggi, The Chinese University of Hong Kong Alon Rosen, Herzliya Interdisciplinary Center, Israel 1

2 Network Coding Network coding Maximize network throuput Distributed solutions with low complexity Robust to packet loss and network failure Practical benifits What if some nodes are malicious? 2

3 Pollution Attacks 3 BA M F D E S Snowball effect

4 Taxonomy of Existing Solutions 4 End-to-endIn-network Public key based Symmetric key based ([Yu09, Agrawal09]) Only c-collusion resistant Vulnerable to a new tag pollution attack

5 New Tag Pollution Attacks 5 BA M F D E S ?? ?? ?? ???? Goal: Immediate detection Snowball effect ?? ??

6 Threat Model Attackers can Observe, inject, modify, delay, drop packets Launch tag pollution attacks Collude arbitrarily Attackers limitations Polynomial time bounded No access to randomness used by source 6

7 Design Goals Authentication scheme In-network Low complexity Arbitrary collusion resistant Tag pollution resistant (immediate detection) 7

8 Homomorphic MAC Message Authentication Code (MAC) Keyed hash function (symmetric key) Homomorphic MAC Create a new tag from old ones without key 8 M

9 RIPPLE, Illustrated When to disclose a key? How to authenticate a key? How to prevent tag pollution attacks? S BA C D 9 Level 1 Level 2 Level 3 Level: length of the longest path to the source

10 Our Homomorphic MAC Provably resistant to tag pollution and arbitrary collusion 10

11 Tag Pollution Attack Resistant 11 BA M F D E S ? ? Immediate detection Achieved! ? ?

12 When to Disclose a Key? Time One way key Chains 12 Use time to create asymmetry (TESLA, [PERRIG02])

13 How to Authenticate a Key? Source: Create a one way key chain per level Difficult to compute from Use in reverse order of generation Sign, denote Nodes: Authenticate given is valid if is authentic and 13

14 Performance Analysis Settings: A network of 10k nodes, Maximum 16 levels Packet size 1024 bytes Generation size 32 packets Number of parents per node 6 GNU/Linux with 2.33GHz Intel Core 2 Duo processors Number of Tags/level SecurityComputational Overhead (ns)Packet Overhead MACVerify and CombineTag size (bytes)

15 Conclusion RIPPLE: Authentcation scheme for NC Has low complexity Tolerates arbitrary collusion Resists tag pollution attacks 15

16 Thanks! 16


Download ppt "RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University."

Similar presentations


Ads by Google