network coding and reliable communications group a multi-hop multi-source algebraic watchdog muriel...

Network Coding and Reliable Communications Group

A Multi-hop Multi-source Algebraic Watchdog

Muriel Médard†

Joint work with MinJi Kim†, João Barros‡

†Massachusetts Institute of Technology

‡University of Porto


Background• Secure network coding

– Network error correction [Yeung et al. 2006]– Resilient coding in presence of Byzantine adversaries

[Jaggi et al. 2007]– Confidential coding scheme [Vilela et al. 2008]– Signature scheme [Charles et al. 2006][Zhao et al. 2007] – Locating attackers [Siavoshani et al. 2008]– NOTE: downstream nodes check for adversaries, the upstream nodes

unaware.• Watchdog and pathrater [Marti et al. 2000]

– Extensions of Dynamic Source Routing– Detect/mitigate misbehavior of the next node– Use wireless medium: promiscuous monitoring

• Algebraic Watchdog [Kim et al. 2009]– Combine the benefits of network coding and watchdog– Extend to multi-hop, multi-source setting


Problem Statement

• Wireless network G = (V, E1,E2).– V : Set of nodes in the network– E1: Set of hyperedges for connectivity/wireless links– E2: Set of hyperedges for interference

• Transition probability known (Binary symmetric channel)

Intended transmission in E1Intended transmission in E1

Overhearing with noise in E2Overhearing with noise in E2Is vm+1 consistent

with…• Overheard packets from v2 , v3

,… vm?• Channel statistics?


Problem Statement

• How can upstream nodes (v1, v2, …,vm) detect misbehaving node (vm+1) with high probability?

Routing: Packets individually recognizableNetwork Coding: Packets are mixed

Errors from BSC channel : Probabilistic detection

Few bit errors can make dramatic change in the algebraic interpretation

Intended transmission in E1Intended transmission in E1

Overhearing with noise in E2Overhearing with noise in E2


Packet Structure

• A node vi that receives messages xj ’s and transmits pi

– Note: hash is contained in one hop, dependent on in-degree• Goal:

If vi transmits xi = e + Σ αj xj where e≠0, detect it with high probability.– Even if |e| small, the algebraic interpretation may change

dramatically.

aj’s xi

coding coefficients aj’scoded data xi = Σ αj xj with error-

correcting code Ci = (n, ki, di)

pi = h(xj)

hash of received messages h(xj)

h(xi)

hash of message h(xi)

aj’s h(xj) h(xi)

header: protected with error correction codes


Threat Model

• Adversary– Eavesdrops its neighbors’ transmissions– Injects/corrupts packets– Computationally unbounded– Knows the channel statistics, but does not know the

specific realization of the channel errors

• Adversary’s objective: Corrupt information flow without being detected by other nodes

• Our objective: limit errors introduced by the adversaries to be at most that of the channel


Algebraic Watchdog

• Focus on v1

– Listens to neighbors and infer the messages: Using transition matrix T

– Combines the inferred messages to “guess” what the next hop node should transmit: Watchdog trellis & Viterbi-like algorithm

– Check the “guessed message” with next-hop node’s transmission: Inverse transition matrix T-1


Transition Matrix/List T

• Relates the overheard information from source vi to list of candidates (inferred list of xi)

Overheard information

Start state

Overheard information Inferred informationxi

y

Edge iff

Edge weight proportional to

probability of receiving given y is original message:


Watchdog Trellis• Uses overheard & inferred

information (candidates) to generate a list of “guesses” on what vm+1 should send

Layer 1α1x1

Start stateStart state

Layer 2α1x1 +α2x2

Layer 3α1x1 +α2x2 +α3x3

Layer m-1Σ1≤i≤m-1 αixi

Layer mΣ1≤i≤m αixi

What v1 already has

Combine infor-mation from v2

Combine infor-mation from vm-1

Combine infor-mation from vm

“guesses” are states with positive weight at Layer m


Inverse Transition Matrix T-1

• Using the “guesses” generated, checks that vm+1 is well-behaving

• Same as T, just inverse

Overheard information

Overheard information[x� m+1,h(xm+1)]

GuessesΣ1≤i≤m αixi

Inferred linear combinations (guesses) Σ1≤i≤m αixi

End node

y

Edge iff

Edge weight proportional to

probability of receiving given y is original message:


Decision Making

• Total weight of end state = p* = probability of overhearing given channel statistics

• Can use various decision policy, such as threshold decision rule p*>t– Depending on the rule, different false positive/false negative probabilities

Layer 1α1x1

Start stateStart state

Layer 2α1x1 +α2x2

Layer 3α1x1 +α2x2 +α3x3

Layer m-1Σ1≤i≤m-1 αixi

Layer mΣ1≤i≤m αixi

Overheard information[x� m+1,h(xm+1)]

“Guesses”

Endstate


Simulation Results: Varying adversarial attack

• All channel noise: 10%, i.e. BSC(0.1)• 3 sources• 10-bit field size• 2-bit hash size

Adversarial relay (flips bit with probability padv)

Honest relay (does not inject errors)

When adversary injects more than channel noise (10%), the p*adv and p*relay have different distribution!


Conclusions• Probabilistically police downstream neighbors in a multi-hop,

multi-source network using network coding– Only discussed multi-source, two-hop setting

• Trellis-like graphical model: – Capture inference process– Compute/approximate probabilities of consistency within the network

(Viterbi-like algorithm)

• Preliminary simulation results agree with the intuition

Future Work:– Combine with reputation based protocol and some practical

considerations


EXTRA SLIDES


Multi-hop Algebraic Watchdog

• As long as the min-cut to any node from the source is not dominated by adversarial node, can detect malicious behavior


Multi-hop Algebraic Watchdog

edges in E1

S0

S1

S2v1

v2

v3

v5

v4

v6

v7

v8

• As long as the min-cut to any node from the source is not dominated by adversarial node, can detect malicious behavior

S0 monitors v5

S1 monitors v7

S1 monitors v8

S2 monitors v4


Simulation Results: Varying hash size

• All channel noise & adversarial attack level: 10%, i.e. BSC(0.1)• 3 sources• 10-bit field size

Adversarial relay (flips bit with probability 10%)


Hash size > 1 bit sufficient

Hash size (in bits)


Simulation Results: Varying channel noiseAdversarial relay (flips bit with probability 10%)


Channel noise between sources

• Adversarial attack level: 10%, i.e. BSC(0.1)• 3 sources• 10-bit field size• 2-bit hash size

When channel noise > 10% (adversarial attack level), then may not be able to detect the adversary!


Simulation results: Varying number of sourcesAdversarial relay (flips bit with probability 10%)


Number of sources

• All channel noise & adversarial attack level: 10%, i.e. BSC(0.1)

• 3 sources• 10-bit field size• 2-bit hash size

When only one source, v1 can detect adversary with high probability

v1 can detect (even by itself) when there are moderate number of sources

v1 can not detect by itself when many sources•Need more hash or better overhearing channel•Does not take into account other nodes vi’s independent watchdog

network coding and reliable communications group a multi-hop multi-source algebraic watchdog muriel...

Documents