Key Distribution in DTNs

Slides:



Advertisements
Similar presentations
Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
Advertisements

Introduction to Information Technologies
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
Using Redundancy to Cope with Failures in a Delay Tolerant Network Sushant Jain, Michael Demmer, Rabin Patra, Kevin Fall Source:
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Data Exchange Packet switching  Packet switching breaks data in to packets before sending it through a network, then reassembles it at the other end –
Rutvi Shah1 ERROR CORRECTION & ERROR DETECTION Rutvi Shah2 Data can be corrupted during transmission. For reliable communication, errors must be detected.
Network Coding vs. Erasure Coding: Reliable Multicast in MANETs Atsushi Fujimura*, Soon Y. Oh, and Mario Gerla *NEC Corporation University of California,
Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.
Switching breaks up large collision domains into smaller ones Collision domain is a network segment with two or more devices sharing the same Introduction.
COP 5611 Operating Systems Spring 2010 Dan C. Marinescu Office: HEC 439 B Office hours: M-Wd 2:00-3:00 PM.
PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.
Protocol Layering Chapter 11.
A Framework for Reliable Routing in Mobile Ad Hoc Networks Zhenqiang Ye Srikanth V. Krishnamurthy Satish K. Tripathi.
OSI ARCHITECTURE IN OSI, ACTUAL INFORMATION IS OVERHEADED BY PROTOCOL LAYERS IF ALL SEVEN LAYERS ARE OVERHEADED, THEN AS LITTLE AS 15% OF THE TRANSMITTED.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
RS – Reed Solomon Error correcting code. Error-correcting codes are clever ways of representing data so that one can recover the original information.
Network Models. 2.1 what is the Protocol? A protocol defines the rules that both the sender and receiver and all intermediate devices need to follow,
Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 10 – Circuit Switching and Packet Switching.
DTN Network Management CCSDS Green Book Approach Ed Birrane
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
IERG6120 Lecture 22 Kenneth Shum Dec 2016.
Computer Architecture and Assembly Language
Great Theoretical Ideas in Computer Science
Introduction to Information Technologies
Data Link Layer.
Feng Li, Jie Wu, Avinash Srinivasan
Updated SBSP draft-birrane-dtn-sbsp-01.txt Edward Birrane
15-853:Algorithms in the Real World
Transport layer.
Cryptographic Hash Function
DATA COMMUNICATION AND NETWORKINGS
Advanced Computer Networks
CIS 321 Data Communications & Networking
Layered Architectures
MinJi Kim, Muriel Médard, João Barros
CHAPTER 3 Architectures for Distributed Systems
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
CS 457 – Lecture 8 Switching and Forwarding
ECE 544 Protocol Design Project 2016
Packetizing Error Detection
Packetizing Error Detection
Basic concepts Networks must be able to transfer data from one device to another with complete accuracy. Data can be corrupted during transmission. For.
Chapter 7 Error Detection and Correction
Computer Networks Bhushan Trivedi, Director, MCA Programme, at the GLS Institute of Computer Technology, Ahmadabad.
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
Introduction to Information Technologies
Data Integrity: Applications of Cryptographic Hash Functions
Switching Techniques.
CRBcast: A Collaborative Rateless Scheme for Reliable and Energy-Efficient Broadcasting in Wireless Sensor/Actuator Networks Nazanin Rahnavard, Badri N.
Packetizing Error Detection
OSI Model. Overview:  Review  OSI Model  Layer 1 - The Physical Layer  Layer 2 - The Data Link Layer  Layer 3 - The Network Layer  Layer 4 - The.
ONLINE SECURE DATA SERVICE
Erasure Correcting Codes for Highly Available Storage
Error Detection and Correction
Computer Networks Topic :User datagram protocol Transmission Control Protocol -Hemashree S( )
Computer Architecture and Assembly Language
Error Detection and Correction
Ch 17 - Binding Protocol Addresses
Hongchao Zhou, Xiaohong Guan, Chengjie Wu
Changing the paradigm in forwarding : How transform daemons to angels?
Error detection: Outline
Error Detection and Correction
draft-ietf-dtn-bpsec-06
Error Checking continued
BPSec: AD Review Comments and Responses
Data Link Layer. Position of the data-link layer.
Presentation transcript:

Key Distribution in DTNs Using Erasure Codes Ed Birrane Edward.Birrane@jhuapl.edu 443-778-7423

Forward error correction code over an erasure channel. Erasure Coding Forward error correction code over an erasure channel. Forward Error Correction Code Store redundant information in a transmission Reed-Solomon Code Erasure Channel Lossy Communication channel Lost data is considered “erased” data Concept Message M captured in N chunks. Require R < N chunks to re-create message. Computationally infeasible to re-create message with C < R chunks. 2

Creating/Using Redundant Chunks Produce initial set of K chunks in finite field For binary files, choose power of 2 for field size (say, 2^1024) Number of chunks = file size / chunk size Name chunks 0 – (k-1) Generate Lagrange Interpolation Polynomial p(x) Calculate efficient polynomial through K points p(0) = chunk 0, p(i) = chunk i… Use polynomial to generate redundant points Generate p(k) through p(n). Receiver constructs polynomial from any k points With polynomial, can extract p(0) through p(k-1). 3

Wikipedia Example Sender encodes two messages: a = 555 and b = 629 Polynomial: f(i) = a + (b - a)(i - 1) f(1) = 555, f(2) = 629, f(3) = 703, f(4) = 777, f(5) = 851 Receiver only receives f(4) and f(5) Can reconstruct polynomial and then extract f(1) and f(2) 4

Considerations Efficient Implementation as Reed-Solomon Coding Use generator polynomial and send coefficients, not values More efficient decoding of values Need large enough chunk size and large # chunks Larger the size, harder to brute-force guess a value when too few chunks received. Need k to be large enough to span paths in the network Chunk values should not repeat Assume original data is compressed or otherwise entropy-encoded to reduce the chance of constructing chunks with the same value. 5

Erasure Codes as Key Distribution Key is binary data May include meta-data as part of key message. To a point, bigger message is better. Construct Key Chunks No apparent need to generate redundant chunks May produce small set of redundancy for reliability, but this is likely handled by other transmission mechanisms Build discrete paths through network Chunks sent from source to destination via discrete paths No intermediate node may hold more than x% of chunks for a key message 6

Network Example Eight Chunks Separate Paths Require all for re-assembly Send through different paths Separate Paths Compromise of any one node or one link does not compromise key. Relies on Nodes to reject messages based on what they have seen so far. Restricted routing settings (limits on storage and forwarding) F(1), F(2), F(3), F(4), F(5), F(6), F(7), F(8) F(7), F(8) F(1), F(2), F(3) F(4), F(5), F(6) F(1), F(2), F(3), F(4), F(5), F(6), F(7), F(8) 7

Issues/Mitigations Cut Vertices Cut Vertices Link Node Intelligence Compromise of a cut vertex, or its links subverts the system Separate transmission over time. Node does not hold all chunks at one time. Cut Vertices Link The vertex collects all data through the segmented network Hop-by-hop confidentiality protects link transmission. Node Intelligence Nodes must actively refuse to collect too many chunks Nodes must maintain some repository of chunks seen Key Distribution protocol counts chunks received by hashing on destination node. Allowed collision count embedded in chunk message. 8

Issues/Mitigations Chunk Poisoning Current system vulnerable to bogus data injection by a compromised node. Exploit redundancy in the erasure coding approach. Calculate key using redundant messages from multiple paths and agree on quorum. Rely on Authentication to avoid injection attacks. Relies on authentication between nodes Key distribution relying on key distribution… Multiple keys exist in the system. Do not rely on key being updated, but other keys can be relied upon. Use for distribution of partial key in combination with identity-based scheme. 9

Next Steps Draft key distribution protocol Detailed analysis Chunk construction, addressing, meta-data Intermediate Node actions Endpoint node actions Detailed analysis Field space, chunk size, redundancy, entropy coding Sample implementation Performance measurement Simulate link and node compromise and effects 10

Thank you! Questions? 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.