TY - GEN
T1 - Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks
AU - Dong, Jing
AU - Curtmola, Reza
AU - Nita-Rotaru, Cristina
PY - 2009
Y1 - 2009
N2 - Recent studies show that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability. In this paper, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions to the problem are impractical in wireless networks, incurring an unacceptably high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low. Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared to previous solutions.
AB - Recent studies show that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability. In this paper, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions to the problem are impractical in wireless networks, incurring an unacceptably high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low. Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared to previous solutions.
KW - Network coding
KW - Network coding security
KW - Pollution attacks
KW - Security
KW - Wireless network security
UR - http://www.scopus.com/inward/record.url?scp=70349146976&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70349146976&partnerID=8YFLogxK
U2 - 10.1145/1514274.1514292
DO - 10.1145/1514274.1514292
M3 - Conference contribution
AN - SCOPUS:70349146976
SN - 9781605584607
T3 - Proceedings of the 2nd ACM Conference on Wireless Network Security, WiSec'09
SP - 111
EP - 122
BT - Proceedings of the 2nd ACM Conference on Wireless Network Security, WiSec'09
T2 - 2nd ACM Conference on Wireless Network Security, WiSec'09
Y2 - 16 March 2009 through 18 March 2009
ER -