On Security Problems In Network Coding System

The advent of network coding, which is said to "spark networking’s next revolution ", has attracted a lot of attention in both the industry and academia. However, recent work has demonstrated the severe harm of attacks such as pollution attacks and entropy attacks. If we cannot solve these problems properly, the communication system that employs network coding may face severe challenges, which could destroy the benefits of network coding, or even result in a worse performance than that in the system with traditional store-and-forward mechanism.In this dissertation, we fucus on the security problems in network coding system. The major contribution of the dissertation can be summarized as follows:We present a detection scheme to provide authentication for the network coding based directed acyclic network, to resist against pollution attack. First of all, we propose a new construction of the homomorphic message authentication code (MAC), and the security analysis proves that the proposed MAC could achieve the same security with previous meth-ods using a smaller key size. Then, considering the feature of network coding based directed acyclic network, we propose an improved message transmission scheme, which is combined with the proposed homomorphic MAC to detect corrupted packets in the network. Final-ly, the experiments show that, the proposed method indeed has both low computation and communication overhead.We propose a defense scheme to provide authentication for the network coding based dynamic network. Specifically, we focus on how to provide authentication for the network coding based peer-to-peer (P2P) live streaming system, to resist against pollution attacks and entropy attacks, simultaneously. Taking into consideration the high computation efficiency and small communication overheads that are vital requirements for the P2P live streaming, we first propose a homomorphic MAC with smaller key size and lower computation cost, which is called as PMAC. Then, we employ the homomorphic MAC and delayed key dis-closure technique to detect the corrupted packets in the network, and make the nodes code correctly in accordance with the requirements of randomly linear network coding. Next, we prove the security of the proposed scheme. At last, the experiments demonstrate the advantage of proposed scheme in reducing the computation and communication cost.We propose a key distribution scheme which is suitable for the network coding system. The key idea is that, we make full use of the mixing feature of network coding to distribute keys. Specifically, every communication participant shares a secret with the key generation center (KGC), with which only authorized participant could recover the session key. In addition, the KGC only need to broadcast the messages that are needed for recovering the keys once, even in a public channel. Security analysis demonstrates that the proposed scheme could resist against the insider and outsider attacks, which shows that the proposed scheme achieves both confidentiality and authentication in the transmission of the keys.