Research On Securing Network Coding Against Pollution Attacks

Network coding has emerged as a promising technique with extensive application prospect, and it has become the development trend of Next Generation Intertnet(NGI). However, because the nature of packet mixture, network coding systems have become susceptible to pollution attack, where malicious nodes inject corrupted packets into the information flow. Digital signature mechanisms can effectively resist pollution attack in traditional network, but they are not applicable in network coding due to the different way of information transmission. Therefore, the problem of pollution attack in network coding needs further research and solution. It is important to design suitable pollution detection scheme and limit pollution attacks in network coding systems. Although there are several research results at home and abroad, existing pollution detection schemes are still lack of the ability of application in the real network.In this paper, we focus on typical problems and common needs of defensing against pollution attacks in network coding, and discuss research status at home and abroad. We regard the basic model of secure network coding as the starting point of our research, and work on the security characteristics of network coding as well as the lack of existing solutions for pollution attack. We propose three different secure network coding schemes against pollution attack, and use different techniques to enhance the security of network coding system. In the end, we design and realize a secure network coding system against pollution attack. The major contributions of this paper are as following:1. Network coding transmission model is the foundation of our research on secure network coding scheme. According to the basic idea of network coding, we research on the algebraic model of network coding with the consideration of network security, and describe random linear network coding model with the consideration of practical application. We also research the security characteristics of network coding system, including null space and time key, which provide theoretical support for the research of secure network coding.2. Based on the security ability of null space and time key, we propose NT scheme, a security scheme against pollution attack with arbitrary collusion among malicious nodes. In arbitrary collusion attack, malicious nodes collude to obtain NT vectors which are used for security validation, and inject polluted packets which can pass the validation of those collected NT vectors. However, NT scheme use data segmentation technology to generate different versions of NT vectors, and polluted packets need to be verified by the latest version NT vector, which gets into the network after those polluted packets do. Therefore, malicious nodes can not obtain the latest version NT vector by using old version NT vectors, and NT scheme can keep the probability of a successful pollution attack very low. Both security analysis and simulation show that NT scheme can effectively improve the security ability of defensing against pollution attack in network coding system, and limit the spread of pollution packets, as well as isolate malicious nodes. It can also provide technical support for positioning and tracking the attacker.3. According to the security characteristics of network coding, we research on secure network coding scheme based on time key and traditional digital signature, and propose ST scheme, a security scheme against pollution attack with arbitrary collusion among malicious nodes. In arbitrary collusion attack, malicious nodes collude to obtain ST vectors which are used for security validation, and inject polluted packets which can pass the validation of those collected ST vectors. However, the generation process of ST vectors is randomized, and the randomness is protected by the discrete logarithm problem, so malicious nodes can not obtain the latest version ST vector by using old version ST vectors. ST scheme provides efficient packet verification without requiring the existence of any extra secure channels. Both security analysis and simulation show that ST scheme can effectively improve the security ability of defensing against pollution attack in network coding system, and limit the spread of pollution packets, as well as isolate malicious nodes. It can also provide technical support for positioning and tracking the attacker.4. According to the matter of practical network environment, we research on secure network coding scheme with pollution awareness technology, and propose AT scheme which can dynamically adjust the security strategy of participating nodes according to the security situation in network coding system. AT scheme has the ability of defensing against pollution attack as well as arbitrary collusion, and automatically use strict security strategy in the case of severe pollution to ensure the security of network coding transmission, and use loose security strategy in the case of rare pollution to reduce unnecessary pollution detection. AT scheme can dynamically adjust the strategy of pollution detection in intermediate nodes, and adapt to current network security situation. AT scheme neither needs extra pre-distribution of security parameters, nor the existence of any extra secure channels. AT scheme can maximize network throughput while keeping the security of network coding system, and provide efficient and comprehensive protection to network security.5. Based on the research of secure network coding against pollution attack, we design and implement a secure network coding validation system. We also provide specific application scenarios for NT scheme, ST scheme and AT scheme. We propose the structure of distributed network platform, and provide the design of secure network coding validation system. We also show the test environment, and visual results of the system operation.In this paper, we launch a useful exploration in the field of secure network coding against pollution attack, and research results has good theoretical and practical value to secure network coding against pollution attack. The work of this paper has partially applied in The National Basic Research Program of China(973 Program) and Hunan Provincial Natural Science Foundation of China.