Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS: Malicious Nodes Identification Scheme Network-Coding-Based Peer-to-Peer Streaming Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana Department.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "MIS: Malicious Nodes Identification Scheme Network-Coding-Based Peer-to-Peer Streaming Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana Department."— Presentation transcript:

1 MIS: Malicious Nodes Identification Scheme Network-Coding-Based Peer-to-Peer Streaming Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana Department of Computer Science University of Illinois at Urbana‐Champaign IEEE INFOCOM 2010

2 Outlines Introduction MIS: Malicious Node Identification Scheme Simulation Results Conclusion

3 Network Coding New paradigm of routing: – Packet mixing at intermediate nodes Benefits: – Maximum throughput, robustness to link failure, energy efficiency … Applications: – Multicast/broadcast, wireless unicast, P2P streaming, P2P file distributing … 2 A A = f(,, ) Traditional routing : store-and-forwardNetwork coding

4 E A F B C D H G Segment [b 1, b 2, …, b m ] 3 … … Video stream S Network Coding in P2P Streaming Networks 3 Benefits of network coding in P2P streaming: –––––––– Higher playback quality Shorter buffering delays Minimal bandwidth Better resilience to peer dynamics

5 S E A F B C D … GHGH Pollution rapidly spreads over the network! Failure to decode the original blocks! 4 Pollution Attacks in Network Coding 4 Malicious nodes inject corrupted blocks. Segment [b 1, b 2, …, b m ] Video stream …

6 6 The Pollution Attack Attacker joins an ongoing video channel Attacker advertises it has a large number of chunks W hen neighbors request chunks, attacker sends bogus chunks Receiver plays back bogus chunks Each receiver may further forward the polluted chunks P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.

7 7 Peer Polluter request

8 5 S E A F B C D … GHGH Drop corrupted blocks at the runtime Existing Defense Strategy: 5 Checking corrupted blocks at the runtime – Too computationally costly for real‐time streaming Segment [b 1, b 2, …, b m ] Video stream …

9 9 Pollution Defense Strategy Blacklist Traffic Encryption Chunk Signing –Use PKI –Every video source has public-private key pair –Source uses private key to sign the chunks –Receiver uses public key of source to verify integrity of chunk P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.

10 6 The Idea of MIS (Malicious Identification Scheme) Optimal online efficiency: – We don’t check corrupted blocks at the runtime (before decoding). Fundamental limit on pollution attacks: – Instead, we identify malicious nodes whenever pollution attacks take place. – We “permanently” remove the identified malicious nodes from the overlay, so that the system is free from pollution attacks in the future.

11 7 MIS (Malicious node Identification Scheme) B C D E FGFG H I J K AMAM L S‐server

12 8 MIS (Malicious node Identification Scheme) Infected nodes: I, J, K, M, L B C D E FGFG H I J K AMAM L S‐server

13 9 B C D E FGFG H I J K AMAM L MIS (Malicious node Identification Scheme) Detect the existence of pollution attacks based on the content of decoded original blocks. Alert (with the sequence number of the segment, a time stamp, the reporting node’s ID)

14 10 MIS (Malicious node Identification Scheme) S‐server generates a random checksum for the polluted segment. S‐server disseminates the checksum to the overlay. B C D E F G H I J K AMAM L S‐server Checksum

15 11 MIS (Malicious node Identification Scheme) The checksum can help the infected node (K, or I) to find out which neighbor (J, or F) has sent him a corrupted block. B C D E F G H I J K AMAM L S‐server Checksum

16 MIS (Malicious node Identification Scheme) The Infected node (K, or I) reports the discovered suspicious neighbors (J, or F) to the M‐server, and forwards the checksum to the reported suspicious neighbors (J, or F). A B C D E F G H I J K M L S‐server F is suspicious J F Suspicious node list (SNL) 12 M‐server J is suspicious

17 MIS (Malicious node Identification Scheme) With the received checksum, an innocent suspicious node (J) can find another suspicious node (F), but the malicious node (F) cannot. A B C D E F G H I J K M L S‐server JFJF Suspicious node list (SNL) 13 M‐server F is suspicious

18 MIS – Security Guarantees Correctness –A malicious node cannot deny having sent a corrupted block or disparage any innocent node. Guarantee –When a suspicious node is reported, an evidence is shown to the M-server to demonstrate that this reported node has indeed sent out a corrupted block. Approaches –Public-key signature scheme Let each node sign the block it sends out using a public-key signature scheme, and the signature associated with the block can be used as the evidence. This approach requires applying public key signature on each transmitted block, introducing substantial computational delays due to the expensive signature generation and verification. –Non-repudiation transmission protocol

19 Fig. 2: An example to illustrate network coding in P2P streaming. Each segment consists of m = 2 blocks, and each block has d = 3 codewords. Peer X receives two coded blocks e 1,i, e 2,i in S i from the S-server, and produces a new coded block e 3,i for peer Y.

20

21 Non-Repudiation Transmission Protocol λ=6 δ=3 Upstream neighbor Downstream neighbor X: the suspicious node Y: the reporting node e Verify evidence with γ 2, γ 4, γ 5

22 Non-Repudiation Transmission Protocol Table I lists the probabilities that a malicious party succeeds in our protocol under several sample parameter selections. Prob X (or Prob Y) – the probability that a malicious X (or Y ) succeeds. The space overhead includes Φ(e) and Seq(e) (one byte for Seq(e)). 0 ≤ θ ≤ λ- δ

23 Evaluation Simulation based on real PPLive overlays obtained in our previous work [TOMCCAP’09] –The overlay contains 1600, or 4000 nodes –Malicious nodes are picked at random –Each segment consists of 32 blocks, and each block has 256 codewords in GF(256) –Time taken to identify malicious nodes is less than 6 seconds [TOMCCAP’09] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang “Understanding the Overlay Characteristics of a Large‐scale Peer‐to‐Peer IPTV system”, ACM TOMCCAP, 2009.

24

25 17 Comparison Online computational times: MIS (5‐10us), Null‐key (1‐2us), MAC‐based (2ms), Homomorphic signatures or hashes (> 1s). Per‐block communication overhead: MIS (22B), Homomorphic signatures or hashes (128‐256B), Null‐key and MAC‐based (>256B).

26 Conclusions We propose a novel scheme (MIS) to limit network-coding pollution attacks by identifying malicious nodes. MIS can fully satisfy the requirements of P2P live streaming systems. MIS has high computational efficiency, small space overhead, and the capability of handling a large number of corrupted blocks and malicious nodes.

27 References [5] M. Krohn, M. Freeman, and D. Mazieres, “On-the-fly Verification of Rateless Erase Codes for Efficient Content Distribution”, in Proc. IEEE Symp. on Security and Privacy (Oakland), 2004. [6] C. Gkantsidis, and P. R. Rodriguez, “Cooperative Security for Network Coding File Distribution”, in Proc. of IEEE INFOCOM, 2005. [7] Q. Li, D.-M. Chiu, and J. C. S. Lui, “On the Practical and Security Issues of Batch Content Distribution Via Network Coding”, in Proc. of IEEE International Conference on Network Protocols (ICNP’06), 2006. [9] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An Efficient Signature-based Scheme for Securing Network Coding against Pollution Attacks”, in Proc. IEEE INFOCOM, 2008. [10] E. Kehdi, and B. Li, “Null Keys: Limiting Malicious Attacks Via Null Space Properties of Network Coding”, in Proc. of IEEE INFOCOM, 2009. [11] Z. Yu, Y. Wei, B. Ramkumar, Y. Guan, “An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks”, IEEE INFOCOM, 2009. [16] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang, “Understanding the Overlay Characteristics of a Large-scale Peer-to-Peer IPTV System”, ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP), 2009.

28 Related Works Homomorphic signatures or hashes [Krohn04, Gkantsidis05, Li06, Charles06, Yu08, Boneh09] –It’s computationally expensive to verify/generate the signature for each packet at each hop. Null ‐ key based on the property of null space [Kehdi09] –Verification key needs to be repeatedly distributed. MAC ‐ based scheme [Yu09] –Substantial communication overheads are introduced. Error ‐ correction codes [Jaggi07, Kotter07] –Achievable throughput is determined by the power of the adversary Combining homomorphic MAC and TESLA [Dong09] –It introduces authentication delay and is suspicious to DoS attacks.

Download ppt "MIS: Malicious Nodes Identification Scheme Network-Coding-Based Peer-to-Peer Streaming Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana Department."

Similar presentations

1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic.

1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Kangaroo: Video Seeking in P2P Systems Xiaoyuan Yang †, Minas Gjoka ¶, Parminder Chhabra †, Athina Markopoulou ¶, Pablo Rodriguez † † Telefonica Research.

Kangaroo: Video Seeking in P2P Systems Xiaoyuan Yang †, Minas Gjoka ¶, Parminder Chhabra †, Athina Markopoulou ¶, Pablo Rodriguez † † Telefonica Research.
Lava: A Reality Check of Network Coding in Peer-to-Peer Live Streaming Mea Wang, Baochun Li Department of Electrical and Computer Engineering University.

Lava: A Reality Check of Network Coding in Peer-to-Peer Live Streaming Mea Wang, Baochun Li Department of Electrical and Computer Engineering University.
Network Coding in Peer-to-Peer Networks Presented by Chu Chun Ngai 1008624233.

Network Coding in Peer-to-Peer Networks Presented by Chu Chun Ngai
Beyond the MDS Bound in Distributed Cloud Storage

Beyond the MDS Bound in Distributed Cloud Storage
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.

Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
A Quality-Driven Decision Engine for Live Video Transmission under Service-Oriented Architecture DALEI WU, SONG CI, HAIYAN LUO, UNIVERSITY OF NEBRASKA-LINCOLN.

A Quality-Driven Decision Engine for Live Video Transmission under Service-Oriented Architecture DALEI WU, SONG CI, HAIYAN LUO, UNIVERSITY OF NEBRASKA-LINCOLN.
1 Data Persistence in Large-scale Sensor Networks with Decentralized Fountain Codes Yunfeng Lin, Ben Liang, Baochun Li INFOCOM 2007.

1 Data Persistence in Large-scale Sensor Networks with Decentralized Fountain Codes Yunfeng Lin, Ben Liang, Baochun Li INFOCOM 2007.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Mobile Ad Hoc Networks Network Coding and Xors in the Air 7th Week.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Mobile Ad Hoc Networks Network Coding and Xors in the Air 7th Week.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Similar presentations

Ads by Google