quantitative evaluation of secure network coding dawn meeting ucsc nov 4, 2010

1

Quantitative Evaluation of Secure Network Coding

Dawn MeetingUCSC Nov 4, 2010

Quantitative Evaluation of Secure Network Coding

Dawn MeetingUCSC Nov 4, 2010

SeungHoon Lee, Mario GerlaIn collaboration with IBM researchers

2

Improves throughput and reliability in disruptive MANETs

Packets mixed by intermediate nodes

Receivers still can recover original data under partial packet drop

2

Network Coding (NC)

Decoding success

pkt drop

No pollution detection/prevention in conventional NC protocols

Internal/ external attacks possible

Even one invalid packet can disrupt the entire data

Homomorphic cryptography can protect NC

However,

Computation is cumbersome, discouraging implementations

6

Vulnerability of NC

Decoding Failure

Pollution Attack

Investigate the scalability of secure network coding based on homomorphic functions

We address PUSH scenario only (PULL is an extension)

Perform practical evaluation of the theoretical work[1] GKKR by TA2 researchers on secure network coding

Over the INTEGERS (as opposed to Galois field)

7

Objective of this work

[1] R. Gennaro, J. Katz, H. Krawczyk, and T. Rabin. Secure network coding over the integers. In Public Key Cryptography, pages 142–160, 2010.

Implementationof Secure NC

(Linux)

Experimental Measurement

Qualnet Network Simulator

8

Implementation: NC + NSig

Source Intermediate node Destination

X 1 X 2 X 3

9


(1) NSig(): Computing signatures of each block*Only once at the beginning


X 1 X 2 X 3

σ 1 σ 2 σ 3

10




+

X 1 X 2 X 3

e1 e2 e3

e1X1+e2X2+e3X3[e1,e2,e3]

σ 1 σ 2 σ 3

(2) encode(): Generating a coded blockNC: Random linear network coding

11




x

X 1 X 2 X 3

e1X1+e2X2+e3X3[e1,e2,e3]

σ 1 σ 2 σ 3


(3) combine(): Combining signatures

σ

e1 e2 e3

12




x

X 1 X 2 X 3

e1X1+e2X2+e3X3[e1,e2,e3]

σ 1 σ 2 σ 3


(3) combine(): Combining signatures

σ

e1 e2 e3

13



e1X1+e2X2+e3X3[e1,e2,e3] σ

14



e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(): Checking linear independency(By Gaussian Elimination)

15




If independent,(2) vry_Sig(): Validating signatures

16





If valid, store the coded block*If either verification fails, immediately drop.

17





If valid, store the coded block*If either verification fails, immediately drop.

Generate a new coded blockby encode(data), combine(signatures)

18



e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(), vry_Sig()If valid, store the coded block.

19



e1X1+e2X2+e3X3[e1,e2,e3] σ (1) vry_NC(), vry_Sig()If valid, store the coded block.

Once collect m blocks (valid & independent),(2) decode(): Recover the original data

*m: # of blocks of data in the generation

Another way of Secure Network Coding

instead of NSig (computing/validating signatures)

Hash Verification:

verify multiple coded blocks with a single verification

20

Implementation: NC + NHash

+

X 1 X 2 X 3

e1 e2 e3

e1X1+e2X2+e3X3[e1,e2,e3] x

encode()vry_Hash() If vry_Hash() passes,

sends out the coded block

Hardware Intel Core 2 Duo T9600 processor (2.8GHz, 6MB cache)

RAM: 2GB

Software Linux platform

C++ / GMP library[2] (for cryptography implementation)

21

Experimental Setup (1)

[2] The GNU Multiple Precision Arithmetic Library. http://gmplib.org/

23

Experimental Results (1)

vry_NC()

Processing delays are proportional to # of blocksAs downloaded more blocks, vry_NC() requires more delay for processing Gaussian elimination

24

Experimental Results (2)

Processing delays of vry_Sig() and vry_Hash() do not depend on mThe operations done with only a coded block being verified

In general, Secure NC operations require more delay than NC0.015ms (vry_NC) vs 22.5ms (vry_Sig), m=8

Evaluate the performance in realistic network scenario (PUSH Model)

QualNet 3.9.5Bandwidth: 2Mbps (broadcasting)

Data rate at source: 256Kbps

Network Topology (static topology)1 Source/ 1 destination

Variable # of hops H

We compare four schemesNC_Only: Plain NC

NC + Nsig

NC + Nhash

BFKW[3]: Previously proposed homomorphic signature schemes

25

Simulation Setup

[3] D. Boneh, D. Freeman, J. Katz, and B. Waters. Signing a linear subspace: Signature schemesfor network coding. In Public Key Cryptography (PKC), 2009.

27

Simulation Results

Delay increases with more hops between Src/ Dst NSig/NHash take less delay than BFKW

Conclusion

28

Studied feasibility of secure network coding schemes Implemented the theoretical works and measured processing overhead from

experiments Integrated the experimental results into a packet-level network simulator,

and evaluated the schemes in a realistic network scenario Secure NC increases delay by only 30% with respect to plain NC GKKR secure NC outperforms previously proposed BFKW

Ongoing work Extend to PULL model (large generation) Comparison with end-to-end coding schemes (Fountain/ Raptor codes)

Protected from internal attacks by conventional signatures

More dynamic network scenarios: node mobility, pollution attacks Heterogeneous nodes(some cannot do Homomorphic operations)

Question & Answer

29

Thank You!

quantitative evaluation of secure network coding dawn meeting ucsc nov 4, 2010

Documents