An Algebraic Watchdog for Wireless Network Coding

MinJi Kim†

Joint work with

Muriel Médard†, João Barros‡, Ralf Kötter*

†Massachusetts Institute of Technology‡University of Porto

*Technischen Universität München

Background• Secure network coding

– Network error correction [Yeung et al. 2006]– Resilient coding in presence of Byzantine adversaries

[Jaggi et al. 2007]– Signature scheme [Charles et al. 2006][Zhao et al. 2007] – Locating attackers [Siavoshani et al. 2008]– NOTE: downstream nodes check for adversaries, the upstream

nodes unaware.

• Watchdog and pathrater [Marti et al. 2000]– Extensions of Dynamic Source Routing– Detect/mitigate misbehavior of the next node– Use wireless medium: promiscuous monitoring

• Combine the benefits of network coding and watchdog– Focus on two-hop network

Problem Statement

Intended transmission in E1Intended transmission in E1

Overhearing with noise in E2Overhearing with noise in E2

• Wireless network G = (V, E1,E2).– V : Set of nodes in the network– E1: Set of hyperedges for connectivity/wireless links– E2: Set of hyperedges for interference• Transition probability known (Binary symmetric

channel)

Is v3 consistent with…• Overheard packets from v2 and v3?• Channel statistics?

Problem Statement

Intended transmission in E1Intended transmission in E1

Overhearing with noise in E2Overhearing with noise in E2

• How can upstream nodes (v1 and v2) detect misbehaving node (v3) with high probability?

Routing: Packets individually recognizable

Network Coding: Packets are mixed

Errors from BSC channel : Probabilistic detection

Few bit errors can make dramatic change in the algebraic interpretation

Packet Structure

• A node vi that receives messages xj ’s and transmits pi

– Note: hash is contained in one hop, dependent on in-degree• Goal:

If vi transmits xi = e + Σ αj xj where e≠0, detect it with high probability.

– Even if |e| small, the algebraic interpretation may change dramatically.

aj’s xicoding coefficients aj’s coded data xi = Σ αj xj

pi = h(xj)

hash of received messages h(xj)

h(xi)

hash of message h(xi)

aj’s h(xj) h(xi)

header: protected with error correction codes

Algebraic Analysis

• v1 knows:

x1

h(x1)Estimate of x2: 2

h(x2)Estimate of x3: 3

h(x3)a1 and a2

Note: • h(x3) and x3 consistent• Errors in a1 and a2 translates to errors in x3

Algebraic Analysis

• v1 knows:

x1

h(x1)Estimate of x2: 2

h(x2)Estimate of x3: 3

h(x3)a1 and a2

• v1 computed all “plausible” x3

• • • Intersect this with all typical x3

• v1 claims that v3 is misbehaving if this intersection is empty.

Algebraic Analysis• Lemma 1: For n large enough, probability of false detection ≤ ε for

any constant ε.– If a neighbor sends valid packets, then the node overhears valid

information with noise introduced by the channel only.

• Lemma 2: P(A malicious v3 is undetected by v1) is

where ri→j is the radius such that the probability that the interference channel/noise from vi to vj is within a ball of radius ri→j is at least 1- ε.

• Using Lemma 2 (and equivalent result for v2), probability of misdetection is:Prob that v3

passes v2’s check

Prob that v3 passes v1’s check

Number of potential msgs v3 can send

Graphical Model

• v1 knows:

x1

h(x1)Estimate of x2: 2

h(x2)Estimate of x3: 3

h(x3)a1 and a2

Layer 1: ( 2, h(x2)) Layer 2: x2

hash value: h(x2)

Layer 3: x3 Layer 4: ( 3, h(x3))

hash value: h(x3)a1 x1 + a2 x2

PermutationChannel Errors Channel Errors

Graphical Model

• 4 Layers:– Layer 1 & 4: 2n+h vertices, representing [codeword, hash] pairs– Layer 2 & 3: 2n vertices, representing codewords

Layer 1: ( 2, h(x2)) Layer 2: x2 Layer 3: x3 Layer 4: ( 3, h(x3))

P(x2|Channel ∆( 2 , x2) & h(x2)) P(x3|Channel ∆( 2 , x3) & h(x3))

Compute x3 given x2

Graphical Model

• Start & destination point in Layer 1 and 4: what v1 overhears.

• Computes the sum of the product of the weights of all possible paths from start to destination (= the probability that v3 is consistent)

• This model illustrates sequentially/visually the inference process.

Layer 1: ( 2, h(x2)) Layer 2: x2 Layer 3: x3 Layer 4: ( 3, h(x3))

Summary• Probabilistically police downstream neighbors• Algebraic analysis:– Exact formulae for probabilities of misdetection and false-

detection• Graphical model: – Capture inference process– Compute/approximate probabilities of consistency within

the network

Future Work:– Generalize to multiple sources, multi-hop network– Combine with reputation based protocol and some practical

considerations

Extra Slides

Is v3 behaving?

Is v3 consistent with…• Overheard packets from v1 and v3?• Channel statistics?

Problem Statement

How to fool v2?• Insert errors without being noticed?• Lie about message from v1?

Two-hop Network• Graphical model– Explains the decision process

• Algebraic analysis– Understand the performance of the protocol

Graphical Model• 4 Layers:

– Layer 1 & 4: 2n+h vertices, representing [codeword, hash] pairs– Layer 2 & 3: 2n vertices, representing codewords

Graphical Model

• Edges:– [v,u] in Layer 1 to w in Layer 2 iff h(w) = u .

Normalized, but edge weight proportional to:

– v in Layer 2 to w in Layer 3 iff All edge weights = 1.

– v in Layer 3 to [w,u] in Layer 4 iff h(v) = u . Normalized, but edge weight proportional to:

Extensions

• More than 2 sources:– Generalized graphical model – Use Viterbi-like Algorithm to compute:• Most likely path (i.e. set of codewords)• Total probability of reaching a linear combination

• Multi-hop:– As long as not dominated by the adversaries– Hidden terminal problem: the probability of

detecting decreases, but still possible.

Future Work

• Generalize to multiple sources, multi-hop network– Develop models/framework (cascading graphical model?)

• Develop inference methods/approximation algorithms to efficiently make decision regarding malicious neighbors

• Combine with reputation based protocol and some practical considerations

• Eventually, develop/analyze a protocol which allows nodes to probabilistically verify and locally police their neighbors (especially downstream)– Self-checking network