%0 Journal Article
%T Selective Forwarding Attacks against Data and ACK Flows in Network Coding and Countermeasures
%A Yuanyuan Zhang
%A Marine Minier
%J Journal of Computer Networks and Communications
%D 2012
%I Hindawi Publishing Corporation
%R 10.1155/2012/184783
%X Network coding has attracted the attention of many researchers in security and cryptography. In this paper, a well-known attack selective forwarding attack will be studied in network coding systems. While most of the works have been dedicated to the countermeasures against pollution attacks where an attacker modifies intermediate packets, only few works concern selective forwarding attacks on data or acknowledgment (ACK) packets; those last ones are required in network coding. However, selective forwarding attacks stay a real threat in resource constraint networks such as wireless sensor networks, especially when selective forwarding attacks target the acknowledgment (ACK) messages, referred to as flooding attack. In the latter model, an adversary can easily create congestion in the network and exhaust all the resources available. The degradation of the QoS (delay, energy) goes beyond the capabilities of cryptographic solutions. In this paper, we first simulate and analyze the effects of selective forwarding attacks on both data flows and ACK flows. We then investigate the security capabilities of multipath acknowledgment in more details than in our original proposal (Zhang et al., 2011). 1. Introduction Network coding is a very active field of both information theory and networking for information dissemination. It consists in encoding a message into several packets and transmitting those packets in an oriented multicast way through the network to the destination. The intermediate nodes can also combine the received packets. It has been shown that network coding could reach the maximum possible information flow in a network. Network coding is also very interesting for security. Many works have been interested in demonstrating the security capacity of network coding. Two security worlds coexist, and the border is delimited by the adversary capabilities. Network coding can be used to bring secrecy if the adversary eavesdropping capabilities are bounded (see [1每3]). Otherwise, cryptography and security must be used to defeat more powerful adversaries [4每6]. This paper falls in the second class of works related to network coding and security. In network coding, two information flows are identified: the data flow and the acknowledgment (ACK) flow. Both flows can be targeted by an adversary with different consequences. An adversary attacking the data flow wants to affect the messages produced by different sources and decoded by the destinations. An example of such an attack is pollution attacks [6]. Many works have proposed countermeasures against pollution
%U http://www.hindawi.com/journals/jcnc/2012/184783/