SpaceMac pa Ma Anh Le, Athina Markopoulou University of - - PowerPoint PPT Presentation

Locating Byzantine Attackers in I S i N k C di i Intra-Session Network Coding using

SpaceMac pa Ma

Anh Le, Athina Markopoulou

University of California, Irvine

Byzantine (a.k.a. Pollution) Attacks Byzantine (a.k.a. Pollution) Attacks S

x1 x2 x z x

S A B

x2 z x1 x1

A B C

z

x1+z x1+z D x1+z

E F D

S b ll Eff t

E F

Snowball Effect

Anh Le - UC Irvine - SpaceMac 2

Prior Byzantine Defense Mechanisms Prior Byzantine Defense Mechanisms

Error Attack Locating Error Correction Attack Detection Locating Attackers

• Error-

ti

• Extension of

d li NC

• Subspace

ti Communications correcting codes: use redundancy random linear NC

• Subspace

properties properties

• Homomorphic

crypto. primitives:

• Probabilistic

Non-repudiation protocol Cryptography primitives: H.Hash, H.Mac, H.Signature protocol

Anh Le - UC Irvine - SpaceMac 3

Prior Byzantine Defense Mechanisms Prior Byzantine Defense Mechanisms

• Error Correction

[Yeung and Cai, 2006], [Zhang, 2006], [Jaggi et al., 2007]

• Attack Detection

[Ho et al., 2008], [Kehdi and Li, 2009], [Gkantsidis and Rodriguez 2007] [Boneh et al 2009] [Agrawal and Boneh Rodriguez, 2007], [Boneh et al., 2009], [Agrawal and Boneh, 2009], [Li et al., 2010]

L ti Att k

• Locating Attackers

[Jafarisiavoshani et al, 2008], [Wang et al., 2010]

Anh Le - UC Irvine - SpaceMac 4

Our Proposal

Error Attack Locating Error Attack Locating

Our Proposal

Error Correction Attack Detection Locating Attackers

• Error-

ti

• Extension of

d li NC

• Subspace

ti

Error Correction Attack Detection Locating Attackers

• Error-

ti

• Extension of

d li NC

• Subspace

ti Subspace Communications correcting codes: use redundancy random linear NC

• Subspace

properties (Null keys) properties Communications correcting codes: use redundancy random linear NC

• Subspace

properties (Null keys) properties Subspace properties + SpaceMac for keys)

• Homomorphic

crypto. primitives:

• Probabilistic:

Non-repudiation protocol keys)

• Homomorphic

crypto. primitives:

• Probabilistic:

Non-repudiation protocol p expanding spaces + non‐repudiation Cryptography primitives: H.Hash, H.Mac, H.Signature protocol Cryptography primitives: H.Hash, H.Mac, H.Signature protocol protocol

Anh Le - UC Irvine - SpaceMac 5

Outline Outline

• Background and Motivation
• Prior defense mechanisms
• Error Correction
• Attack Detection
• Locating Attackers
• Our proposal
• Key Observation
• SpaceMac

p

• Collusion Resistance
• Evaluation Results
• Concluding Remarks

Anh Le - UC Irvine - SpaceMac 6

NC & Pollution: Background NC & Pollution Background

• Augmentation

| l b l n din t

b (0 1 0 1 0) a

S

v | global encoding vector

• Source space

d b d

(0,1,0,1,0) (0,0,1,0,1)

S A B

a+b (1 1 1 1 1) a+b (0 1 1 1 1)

space spanned by augmented vectors sent by source

A B C

(1,1,1,1,1) (0,1,1,1,1)

• Benign node send vectors

belonging to source space

D

• Pollution attacker sends vectors

not in source space

E F

Anh Le - UC Irvine - SpaceMac 7

Locating attackers with subspace properties …

(Jafarisiavoshani et al., 2007)

• When a polluted packet is
• When a polluted packet is

detected:

1. Each node reports its incoming

C

p g spaces to a controller 2 C nt ll l ssifi s sp

j

• 2. Controller classifies space

as polluted or not

j

• 3. Nodes initiating polluted edges

are identified as attackers

i h

Anh Le - UC Irvine - SpaceMac 8

Example Example

• Scenarios:
• (1) the attacker lies
• (2) the attacker is honest
• Result: Attacker could be either A or B

Anh Le - UC Irvine - SpaceMac 9

Another Example Another Example

E and D are honest E and D lie

• Suspected nodes: A, B, C, D, E

E and D are honest E and D lie

p

Anh Le - UC Irvine - SpaceMac 10

Key observation Key observation

• If every node cannot lie about its incoming
• If every node cannot lie about its incoming

space, … then exact identification is possible … then exact identification is possible

Anh Le - UC Irvine - SpaceMac 11

Overview of Our Proposal Overview of Our Proposal

• Child reports a random vector of

each incoming space

• Use message authentication code
• Use message authentication code

(MAC) to prevent child from lying.

1. A malicious child can’t compute a valid MAC tag for a vector out of his incoming space S 2. A benign child is able to compute a valid MAC tag for any vector in his SpaceMac incoming space

Anh Le - UC Irvine - SpaceMac 12

Our Proposal Our Proposal

• Assumptions
• Controller knows topology and source space
• Reliable channels btw controller and nodes

Sh d i k

• Shared symmetric keys
• Pollution Detection
• Pollution Detection
• In-network: Homomorphic MAC

[HomMac, RIPPLE] [ ]

• At receiver: application specific

b t d id f e.g. by corrupted video frame

Anh Le - UC Irvine - SpaceMac 13

SpaceMac: Send and Report SpaceMac Send and Report

• When j sends vectors,

it d S M t t d

j

it sends SpaceMac tags generated using the shared key between j and the controller C

j C

(v1, t1) …

• When i reports, tag of the random

reported vector is computed using

i

(vn, tn) (yr, tr)

p p g tags that j sends

• SpaceMac allows for generating

i

• SpaceMac allows for generating

tag of any linear combination of vi‘s but not vector out of span(vi)

Anh Le - UC Irvine - SpaceMac 14

SpaceMac: Construction SpaceMac Construction

Anh Le - UC Irvine - SpaceMac 15

SpaceMac: Attack Game SpaceMac Attack Game

C

• Adversary wins if:

y1

…

y t1 … t

A

yp tp

• Results:

Adversary wins with prob at most 1/q

(y*, t*)

prob at most 1/q

Anh Le - UC Irvine - SpaceMac 16

Expanding Space Expanding Space

j C

(v1, t1) …

• Note that span(vi) expands
• ver time

i

(vn, tn) (yr, tr)

i

Anh Le - UC Irvine - SpaceMac 17

Related Work: Agrawal and Boneh’ HomMac

Anh Le - UC Irvine - SpaceMac 18

Related Work: RIPPLE [Li et. al, 2010]

• Inner product MAC
• Support nested MACs
• Focus on in-network detection

Anh Le - UC Irvine - SpaceMac 19

To prevent parents from lying …

(W t l 2010) (Wang et al., 2010)

• Non repudiation
• Non-repudiation

protocol:

• to prevent j from

di i lid t sending invalid tags

Anh Le - UC Irvine - SpaceMac 20

SpaceMac: Illustrated

x2, t2 x1, t1 x4, t4 x3, t3

SpaceMac Illustrated S

Controller

4 4 3 3

S A B

Controller

x1, t1 x2, t2 x4, t4 x3, t3

A B C

x*, t*

…

D

Pollution detected!

x3+x4, t3+t4 x2+2x4, t2+2t4 3x1+x3, 3t1+t3

C is located

E F D

x*, t* x*, t*

E F

Anh Le - UC Irvine - SpaceMac 21

2x*+(x1+x2), 2t*+(t1+t2)

Locating Attackers Locating Attackers

In a network with M attackers, with high probability, , g p y, all attackers can be identified after N generations which experience pollution attack, where N ≤ M.

D is identified in E is identified in

Anh Le - UC Irvine - SpaceMac 22

D is identified in generation 1 E is identified in generation 2

Collusion Resistance Collusion Resistance

C ll si ff ts th d i hi h Collusion affects the order in which the attackers are identified.

Anh Le - UC Irvine - SpaceMac 23

Performance Evaluation

• Communication Overhead:

Performance Evaluation

• Prob. Child blames Parent
• Prob. Parent tricks Child

Overhead (1 byte per tag)

2-14 2-16 25 bytes 2-16 2-21 30 bytes

• Computation Overhead (per tag):

Parameters Mac Verify Combine Parameters Mac Verify Combine q=28 , m=5, m+n=1024 <1000 µs <1000 µs <1 µs

• Locating latency:

Number of attackers 12 16 20 Average number of generations 3.85 4.69 4.89

24

Conclusion Conclusion

Error Correction Attack Detection Locating Attackers

• Extension of

S b

(+) Exactly locating

Comm.

• Error-

correcting codes f random linear NC

• Null Keys
• Subspace

properties

M

( ) E y g all attackers (+) Low computation and communication

y

• SpaceMac
• Homomorphic

cryptographic i iti Non

and communication

• verhead

(+) Can deal with

Crypto. primitives: H.Hash, H.Mac, H.Signature

• Non-

repudiation protocol

( ) large collusion

25 Anh Le - UC Irvine - SpaceMac

• Questions

Anh Le - UC Irvine - SpaceMac 26