MinJi Kim, Muriel Médard, João Barros

Slides:

Advertisements

Similar presentations

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Advertisements

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Impact of Interference on Multi-hop Wireless Network Performance Kamal Jain, Jitu Padhye, Venkat Padmanabhan and Lili Qiu Microsoft Research Redmond.

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.

Distributed Assignment of Encoded MAC Addresses in Sensor Networks By Curt Schcurgers Gautam Kulkarni Mani Srivastava Presented By Charuka Silva.

On error and erasure correction coding for networks and deadlines Tracey Ho Caltech NTU, November 2011.

Queuing Network Models for Delay Analysis of Multihop Wireless Ad Hoc Networks Nabhendra Bisnik and Alhussein Abouzeid Rensselaer Polytechnic Institute.

D.J.C MacKay IEE Proceedings Communications, Vol. 152, No. 6, December 2005.

David Ripplinger, Aradhana Narula-Tam, Katherine Szeto AIAA 2013 August 21, 2013 Scheduling vs Random Access in Frequency Hopped Airborne.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Resilient Network Coding in the presence of Byzantine Adversaries Michelle Effros Michael Langberg Tracey Ho Sachin Katti Muriel Médard Dina Katabi Sidharth.

Network Coding and Reliable Communications Group A Multi-hop Multi-source Algebraic Watchdog Muriel Médard † Joint work with MinJi Kim †, João Barros ‡

Network Coding and Reliable Communications Group Network Coding for Multi-Resolution Multicast March 17, 2010 MinJi Kim, Daniel Lucani, Xiaomeng (Shirley)

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

An Algebraic Watchdog for Wireless Network Coding MinJi Kim † Joint work with Muriel Médard †, João Barros ‡, Ralf Kötter * † Massachusetts Institute of.

Network Coding and Reliable Communications Group Algebraic Network Coding Approach to Deterministic Wireless Relay Networks MinJi Kim, Muriel Médard.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

How to Turn on The Coding in MANETs Chris Ng, Minkyu Kim, Muriel Medard, Wonsik Kim, Una-May O’Reilly, Varun Aggarwal, Chang Wook Ahn, Michelle Effros.

Ad Hoc Wireless Routing COS 461: Computer Networks

Network Coding vs. Erasure Coding: Reliable Multicast in MANETs Atsushi Fujimura*, Soon Y. Oh, and Mario Gerla *NEC Corporation University of California,

On the Node Clone Detection inWireless Sensor Networks.

Routing Security in Wireless Ad Hoc Networks Chris Zingraf, Charisse Scott, Eileen Hindmon.

Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.

A Cooperative Diversity- Based Robust MAC Protocol in wireless Ad Hoc Networks Sangman Moh, Chansu Yu Chosun University, Cleveland State University Korea,

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Improving QoS Support in Mobile Ad Hoc Networks Agenda Motivations Proposed Framework Packet-level FEC Multipath Routing Simulation Results Conclusions.

Resilient P2P Anonymous Routing by Using Redundancy Yingwu Zhu.

Circuit & Packet Switching. ► Two ways of achieving the same goal. ► The transfer of data across networks. ► Both methods have advantages and disadvantages.

Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,

Dynamic Source Routing in ad hoc wireless networks Alexander Stojanovic IST Lisabon 1.

Optimal XOR Hashing for a Linearly Distributed Address Lookup in Computer Networks Christopher Martinez, Wei-Ming Lin, Parimal Patel The University of.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.

Energy-Efficient Shortest Path Self-Stabilizing Multicast Protocol for Mobile Ad Hoc Networks Ganesh Sridharan

Power Control in Wireless Ad Hoc Networks Background An ad hoc network is a group of self configuring wireless nodes that lack infrastructure. Motivation—Power.

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

TCP-Cognizant Adaptive Forward Error Correction in Wireless Networks

Forward Error Correction vs. Active Retransmit Requests in Wireless Networks Robbert Haarman.

1 Gossip-Based Ad Hoc Routing Zygmunt J. Haas, Joseph Halpern, LiLi Cornell University Presented By Charuka Silva.

SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.

Network RS Codes for Efﬁcient Network Adversary Localization Sidharth Jaggi Minghua Chen Hongyi Yao.

Network Coding and Reliable Communications Group Modeling Network Coded TCP Throughput: A Simple Model and its Validation MinJi Kim*, Muriel Médard*, João.

S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu,David B.Johnson, Adrian Perrig.

Advisor: Prof. Han-Chieh Chao Student: Joe Chen Date: 2011/06/07.

Puzzle You have 2 glass marbles Building with 100 floors

A New Approach to Coding in Content-Based MANETs

Impact of Interference on Multi-hop Wireless Network Performance

Author：Zarei.M.；Faez.K. ；Nya.J.M.

Key Distribution in DTNs

A Fault Tolerance Protocol for Uploads: Design and Evaluation

Space Time Codes.

Packet Leashes: Defense Against Wormhole Attacks

A Study of Group-Tree Matching in Large Scale Group Communications

Advanced Computer Networks

Fault-Tolerant Routing

任課教授：陳朝鈞教授學生：王志嘉、馬敏修

Ariadne A Secure On-Demand Routing Protocol for Ad Hoc Networks

Hidden Terminal Decoding and Mesh Network Capacity

A New Multipath Routing Protocol for Ad Hoc Wireless Networks

Anupam Das , Nikita Borisov

High Throughput Route Selection in Multi-Rate Ad Hoc Wireless Networks

ITIS 6010/8010 Wireless Network Security

CRBcast: A Collaborative Rateless Scheme for Reliable and Energy-Efficient Broadcasting in Wireless Sensor/Actuator Networks Nazanin Rahnavard, Badri N.

Privacy Preservation and Protection Scheme over ALARM on Geographical routing B. Muthusenthil, S. Murugavalli Results The PPS is geographical routing protocol,

Capacity of Ad Hoc Networks

Detect and Prevent Rogue Traffic in Mobile Ad Hoc Networks

A Secure Ad-hoc Routing Approach using Localized Self-healing Communities MobiHoc, 2005 Presented by An Dong-hyeok CNLAB at KAIST.

How MAC interacts with Capacity of Ad-hoc Networks – Interference problem Capacity of Wireless Networks – Part Page 1.

Presentation transcript:

MinJi Kim, Muriel Médard, João Barros Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Counteracting Byzantine Adversaries with Network Coding: An Overhead Analysis MinJi Kim, Muriel Médard, João Barros IAMANET DARPA Speaker Name Speaker Name Speaker Name 1 1

Background and Motivation Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Background and Motivation Network coding offers throughput gains [Ho et al. '03], robustness against failures and erasures [Lun et al. '04] Problem 1: Impact of Byzantine adversaries End-to-end network error correction [Yeung et al. '06] [Jaggi et al. '07] Packet-based Byzantine detection scheme [Zhao et al. '07] Generation-based Byzantine detection scheme [Ho et al. '06] Problem 2: Overhead for detection of attacks We ask: Can we do better than just using error correction codes? What kind of detection scheme? Coding + Byzantine detection vs. non-coding approach? Speaker Name Speaker Name Speaker Name 2 2

Network model Network: directed graph G = (V,E). Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Network model Network: directed graph G = (V,E). Node v: non-malicious, has public key K, receives m packets (n bits each) per unit time. Probability p of corrupted packets (from Byzantine adversary). If node v detects an attack, then it discards data; otherwise, forwards data. Destinations perform erasure correction. Speaker Name Speaker Name Speaker Name 3 3

End-to-end network error correction Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 End-to-end network error correction [Jaggi et al. '07] offers distributed, polynomial-time, rate-optimal network codes that are information-theoretically secure against Byzantine attacks. Idea: Byzantine adversaries = secondary sources. Adds redundancy to distinguish the packets. Analysis: Node v does not check for attacks, and naively performs network coding. Transmits at the remaining network capacity. Error correction at destinations (more expensive than erasure correction). Expected ratio of corrupted bits transmitted and total bits received is: p. Speaker Name Speaker Name Speaker Name 4 4

Packet-based detection scheme Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Packet-based detection scheme [Zhao et al. '07] Signature scheme for linear network coding. Idea: Valid packets span a subspace; Add signature (discrete log) to check the membership in the given subspace. Requires public key infrastructure. Analysis: Node v checks the validity of every packet using K. Size of the public key K and signature: 6% and 0.1% of the packet, respectively. Approximate overhead: hp≈ 0.06n. Maximum throughput: Expected ratio of overhead bits and total bits received is: When , then “bandwidth saved” > “cost of detection”. Speaker Name Speaker Name Speaker Name 5 5

Generation-based detection scheme Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Generation-based detection scheme [Ho et al. '04] Information-theoretic approach to detect Byzantine adversaries (assumption: secrets from adversaries). Idea: Data and hash symbols must be consistent with its coefficient vector. Analysis: Node v checks for error on a generation. If error, then discards the entire generation of G packets; otherwise, it forwards the data. Can extend to a local Byzantine detection scheme. Ex. 2% overhead, the detection probability is at least 98.9%. Approximate overhead: hg≈ 0.02nG. Maximum throughput: Expected ratio of overhead bits and total bits received is: where is the probability of dropping a generation. Speaker Name Speaker Name Speaker Name 6 6

Comparison of three schemes Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Comparison of three schemes Cost of error correction scheme = O(p). p<0.03: the cost of detection >> cost introduced by the attacker. Cost of generation-based scheme: p ≈ 0.2: few corrupted packets, but many invalid generations. p << 0.2: cost effective: hash across G packets. p >> 0.2: many invalid generations. Cost of packet-based scheme high for small p. Large p: the hashes become “cheaper”. Infrastructure needed (authentication and public key distribution). Ratio between the expected overhead and the total bits received by a node v with hp≈ 0.06n and hg≈ 0.02nG Speaker Name Speaker Name Speaker Name 7 7

Comparison of coded and non-coded systems Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Comparison of coded and non-coded systems Secure routing protocols for uncoded systems (especially for wireless ad hoc networks) has on average 24% overhead [Marti et al. '00]. Coded systems need to authentication as well; but also benefit from the throughput gain. Coded systems always do better than the non-coded system. Before this point, packet- based and end-to-end error correction achieve lower overhead. After this point, generation- based schemes (with G ≤ 4) perform better. Cost of authentication, and size of signature grows linearly with number of hops for uncoded systems. Packet-based scheme's signatures remain constant in size. Public key infrastructure. Authentication for all nodes. At the very best, the uncoded system will achieve this (assuming no losses in the channel). In a non-coded system, overhead is equal to probability of attack. Coding gives throughput gains as well as robustness against erasures. Ratio between the expected overhead and the total bits received by a node v with hp≈ 0.06n and hg≈ 0.02nG Speaker Name Speaker Name Speaker Name 8 8

Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Conclusions Network coding: throughput gains, robustness against failures and erasures. When under attack, Byzantine detections can be beneficial: Data in network is clean; thus, increases throughput. Erasure correction (not error correction); thus, computationally cheaper. Choice of scheme: varies with p. Very small p: detection too costly; use end-to-end error correction. Small p: generation-based scheme is effective. Distribute the cost of hash across G packets. Right balance between G and p needed. Large p: packet-based scheme is effective. Future work: Watchdog scheme for network coding. Speaker Name Speaker Name Speaker Name 9 9

Generation size G in the generation-based scheme Presentation Title Presentation Title Presentation Title September 30, 2008 09/30/08 09/30/08 Generation size G in the generation-based scheme As generation size G increases, the cost increases dramatically. The probability that at least one packet is corrupted in a generation grows exponentially, for any p. Asymptotically, the cost approaches: where However, this should not be too much of a problem in MANET, since G is usually kept small. Ratio between the expected overhead and the total bits received by a node v for generation-based detection generation size G, packet size n=1000, and hg≈ 0.02nG. Speaker Name Speaker Name Speaker Name 10 10