TY - JOUR
T1 - Pollution attacks and defenses in wireless interflow network coding systems
AU - Dong, Jing
AU - Curtmola, Reza
AU - Nita-Rotaru, Cristina
AU - Yau, David K.Y.
N1 - Funding Information:
A preliminary version of this paper appeared in [58]. This research was sponsored in part by US National Science Foundation (NSF) grants NETS 0905266-CNS and CNS-0963715.
PY - 2012
Y1 - 2012
N2 - We study data pollution attacks in wireless interflow network coding systems. Although several defenses for these attacks are known for intraflow network coding systems, none of them are applicable to interflow coding systems. We formulate a model for interflow network coding that encompasses all the existing systems, and use it to analyze the impact of pollution attacks. Our analysis shows that the effects of pollution attacks depend not only on the network topology, but also on the location and strategy of the attacker nodes. We propose CodeGuard, a reactive attestation-based defense mechanism that uses efficient bit-level traceback and a novel cross-examination technique to unequivocally identify attacker nodes. We analyze the security of CodeGuard and prove that it is always able to identify and isolate at least one attacker node on every occurrence of a pollution attack. We analyze the overhead of CodeGuard and show that the storage, computation, and communication overhead are practical. We experimentally demonstrate that CodeGuard is able to identify attacker nodes quickly (within 500 ms) and restore system throughput to a high level, even in the presence of many attackers, thus preserving the performance of the underlying network coding system.
AB - We study data pollution attacks in wireless interflow network coding systems. Although several defenses for these attacks are known for intraflow network coding systems, none of them are applicable to interflow coding systems. We formulate a model for interflow network coding that encompasses all the existing systems, and use it to analyze the impact of pollution attacks. Our analysis shows that the effects of pollution attacks depend not only on the network topology, but also on the location and strategy of the attacker nodes. We propose CodeGuard, a reactive attestation-based defense mechanism that uses efficient bit-level traceback and a novel cross-examination technique to unequivocally identify attacker nodes. We analyze the security of CodeGuard and prove that it is always able to identify and isolate at least one attacker node on every occurrence of a pollution attack. We analyze the overhead of CodeGuard and show that the storage, computation, and communication overhead are practical. We experimentally demonstrate that CodeGuard is able to identify attacker nodes quickly (within 500 ms) and restore system throughput to a high level, even in the presence of many attackers, thus preserving the performance of the underlying network coding system.
KW - Pollution attacks
KW - interflow network coding
KW - wireless networks
UR - http://www.scopus.com/inward/record.url?scp=84864761168&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84864761168&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2012.39
DO - 10.1109/TDSC.2012.39
M3 - Article
AN - SCOPUS:84864761168
SN - 1545-5971
VL - 9
SP - 741
EP - 755
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 5
M1 - 6178262
ER -