Network coding has attracted the attention of many researchers in security and cryptography. In this paper, a well-known attack selective forwarding attack will be studied in network coding systems. While most of the works have been dedicated to the countermeasures against pollution attacks where an attacker modifies intermediate packets, only few works concern selective forwarding attacks on data or acknowledgment (ACK) packets; those last ones are required in network coding. However, selective forwarding attacks stay a real threat in resource constraint networks such as wireless sensor networks, especially when selective forwarding attacks target the acknowledgment (ACK) messages, referred to as flooding attack. In the latter model, an adversary can easily create congestion in the network and exhaust all the resources available. The degradation of the QoS (delay, energy) goes beyond the capabilities of cryptographic solutions. In this paper, we first simulate and analyze the effects of selective forwarding attacks on both data flows and ACK flows. We then investigate the security capabilities of multipath acknowledgment in more details than in our original proposal (Zhang et al., 2011). 1. Introduction Network coding is a very active field of both information theory and networking for information dissemination. It consists in encoding a message into several packets and transmitting those packets in an oriented multicast way through the network to the destination. The intermediate nodes can also combine the received packets. It has been shown that network coding could reach the maximum possible information flow in a network. Network coding is also very interesting for security. Many works have been interested in demonstrating the security capacity of network coding. Two security worlds coexist, and the border is delimited by the adversary capabilities. Network coding can be used to bring secrecy if the adversary eavesdropping capabilities are bounded (see [1–3]). Otherwise, cryptography and security must be used to defeat more powerful adversaries [4–6]. This paper falls in the second class of works related to network coding and security. In network coding, two information flows are identified: the data flow and the acknowledgment (ACK) flow. Both flows can be targeted by an adversary with different consequences. An adversary attacking the data flow wants to affect the messages produced by different sources and decoded by the destinations. An example of such an attack is pollution attacks [6]. Many works have proposed countermeasures against pollution
References
[1]
L. Lima, J. Barros, and M. Médard, “Random linear network coding: a free cypher?” in Proceedings of the IEEE International Symposium on Information Theory (ISIT '07), pp. 176–180, Nice, France, July 2007.
[2]
N. Cai and R. W. Yeung, “Secure network coding,” in Proceedings of the IEEE International Symposium on Information Theory (ISIT '02), p. 323, July 2002.
[3]
S. Y. El Rouayheb and E. Soljanin, “On Wiretap networks II,” in Proceedings of the IEEE International Symposium on Information Theory (ISIT '07), pp. 551–555, Nice, France, June 2007.
[4]
Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An efficient scheme for securing XOR network coding against pollution attacks,” in Proceedings of the 28th IEEE Communications Society Conference on Computer Communications (IEEE INFOCOM '09), pp. 406–414, Rio de Janeiro, Brazil, April 2009.
[5]
Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An efficient signature-based scheme for securing network coding against pollution attacks,” in Proceedings of the 27th IEEE Communications Society Conference on Computer Communications (IEEE INFOCOM '08), pp. 2083–2091, Phoenix, Ariz, USA, April 2008.
[6]
J. Dong, R. Curtmola, and C. Nita-Rotaru, “Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks,” in Proceedings of the 2nd ACM Conference on Wireless Network Security (WiSec '09), pp. 111–122, ACM, March 2009.
[7]
A. Apavatjrut, W. Znaidi, A. Fraboulet, C. Goursaud, C. Lauradoux, and M. Minier, “Energy friendly integrity for network coding in wireless sensor networks,” in Proceedings of the 4th International Conference on Network and System Security (NSS '10), pp. 223–230, IEEE, September 2010.
[8]
D. Charles, K. Jain, and K. Lauter, “Signatures for network coding,” International Journal in Information and Coding Theory, vol. 1, no. 1, pp. 3–14, 2009.
[9]
D. Boneh, D. Freeman, J. Katz, and B. Waters, “Signing a linear subspace: signature schemes for network coding,” in Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography (PKC '09), vol. 5443 of Lecture Notes in Computer Science, pp. 68–87, Springer, Irvine, Calif, USA, 2009.
[10]
S. Agrawal and D. Boneh, “Homomorphic MACs: MAC-based integrity for network coding,” in Proceedings of the 7th International Conference on Applied Cryptography and Network Security (ACNS '09), vol. 5536 of Lecture Notes in Computer Science, pp. 292–305, Paris, France, 2009.
[11]
J. Dong, R. Curtmola, and C. Nita-Rotaru, “Secure network coding for wireless mesh networks: threats, challenges, and directions,” Computer Communications, vol. 32, no. 17, pp. 1790–1801, 2009.
[12]
C. L. Schuba, I. V. Krsul, M. G. Kuhn, E. H. Spafford, A. Sundaram, and D. Zamboni, “Analysis of a denial of service attack on TCP,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 208–223, IEEE Computer Society, Oakland, Calif, USA, May 1997.
[13]
R. Ahlswede, N. Cai, S. Y. R. Li, and R. W. Yeung, “Network information flow,” IEEE Transactions on Information Theory, vol. 46, no. 4, pp. 1204–1216, 2000.
[14]
T. Ho and D. Lun, Network Coding: an Introduction, Cambridge University Press, 2008.
[15]
R. W. Yeung, S.-Y. R. Li, N. Cai, and Z. Zhang, Network Coding Theory, NOW Publishers, 2005.
[16]
J. Cannons, R. Dougherty, C. Freiling, and K. Zeger, “Network routing capacity,” IEEE Transactions on Information Theory, vol. 52, no. 3, pp. 777–788, 2006.
[17]
T. Ho, M. Médard, R. Koetter et al., “A random linear network coding approach to multicast,” IEEE Transactions on Information Theory, vol. 52, no. 10, pp. 4413–4430, 2006.
[18]
C. Karlof and D. Wagner, “Secure routing in wireless sensor networks: attacks and countermeasures,” Ad Hoc Networks, vol. 1, no. 2-3, pp. 293–315, 2003.
[19]
S. Marti, T. J. Giuli, K. Lai, and M. Baker, “Mitigating routing misbehavior in mobile ad hoc networks,” in Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (MOBICOM '00), pp. 255–265, ACM, Boston, Mass, USA, August 2000.
[20]
H. Krawczyk, “LFSR-based hashing and authentication,” in Proceedings of the Annual International Cryptology Conference (CRYPTO '94), vol. 839 of Lecture Notes in Computer Science, pp. 129–139, Springer, Santa Barbara, Calif, USA, 1994.
[21]
H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication,” 1997, rFC 2104.
[22]
J. Black and P. Rogaway, “CBC MACs for arbitrary-length messages: the three-key constructions,” Journal of Cryptology, vol. 18, no. 2, pp. 111–131, 2005.
[23]
L. Eschenauer and V. D. Gligor, “A key-management scheme for distributed sensor networks,” in Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02), pp. 41–47, ACM, Washingtion, DC, USA, November 2002.
[24]
S. Katti, H. Rahul, W. Hu, D. Katabi, M. Medard, and J. Crowcroft, “XORs in the air: practical wireless network coding,” IEEE/ACM Transactions on Networking, vol. 16, no. 3, pp. 497–510, 2008.
[25]
O. Erdene-Ochir, M. Minier, F. Valois, and A. Kountouris, “Toward resilient routing in wireless sensor networks: gradient-based routing in focus,” in Proceedings of the 4th International Conference on Sensor Technologies and Applications (SENSORCOMM '10), pp. 478–483, Venice, Italy, July 2010.
[26]
J. Faruque and A. Helmy, “Gradient-based routing in sensor networks,” ACM SIGMOBILE Mobile Computing and Communications Review, vol. 7, no. 4, pp. 50–52, 2003.
[27]
A. Fraboulet, G. Chelius, and E. Fleury, “Worldsens: development and prototyping tools for application specific wireless sensors networks,” in Proceedings of the 6th International Symposium on Information Processing in Sensor Networks (IPSN '07), pp. 176–185, ACM, April 2007.
[28]
M. Médard and R. Koetter, “Beyond routing: an algebraic approach to network coding,” in Proceedings of the IEEE Communications Society Conference on Computer Communications (IEEE INFOCOM '02), pp. 122–130, IEEE, New York, NY, USA, June 2002.
