Network Coding Homomorphic Signature Scheme Against Pollution Attacks

Network coding is an effective method that allows intermediate nodes of the network to re-encode data on the basis of traditional network data storage and forwarding,thereby improving network throughput,robustness,and security.However,the polluted data packets sent to the downstream intermediate nodes by malicious intermediate nodes in the network coding will also be re-encoded by the downstream intermediate nodes,thereby polluting the entire network,resulting in that the sink nodes cannot decode the original data correctly.Therefore,it is very important to design a network coding security scheme with anti-pollution characteristics.This thesis first analyzes some defects of the existing null-space-based pollution data packets identification schemes based on a single-source multicast network,and proposes a homomorphic signature scheme based on null space symmetric key separation(SKIL).Unlike the HSM scheme,of which each intermediate node and sink node uses different sub-matrice of the source node key matrix as the key for checking information.Each intermediate node in the scheme uses different row vector key to check data packets,which reduces the risk of data packets being successfully forged and the communication overhead.Each sink node uses the entire key matrix to check data packets,which enhances the checkability.Moreover,Each sink node can also use the entire key matrix to locate malicious nodes that forged data packets.Experiments show that,compared with the HSM scheme,the intermediate nodes calculation time of this scheme is less,and compared with the game-based Byzantine attacker optimal identification scheme(OBAI),The calculation time of this scheme is less,the speed of malicious nodes locating is faster,and the accuracy rate of malicious nodes locating is higher.Then,this thesis introduces the public key idea for checking data pakets of the homomorphic subspace signature scheme(HSS),improves the SKIL scheme,and proposes a homomorphic signature scheme(DLIL)based on combination of discrete logarithmic public key and SKIL scheme.The source node uses the non-exponentiated key matrix to sign information,Each intermediate node uses different exponentiated key vector to check data packets,and each sink node uses the exponentiated key matrix to check data packets and locate malicious nodes,which make the original key before exponentiation difficult acquired by the attacker.This facilitates key management and increases the security of the scheme.Experiments show that,compared with the OBAI scheme,the accuracy rate of malicious nodes locating of this scheme is higher.Finally,this thesis also proposes a signature scheme(NSDLIL)combining SKIL scheme and DLIL scheme.The source node of this scheme adopts the same signature method as the DLIL scheme,that is,using the entire non-exponentiated key matrix to sign information.Each intermediate node uses the same check method as the SKIL scheme,that is,using different non-exponentiated key vector to check data packets,sothat the calculation overhead is low.Each sink node adopts the same method of checking and locating as the DLIL scheme,that is,using the entire exponentiated key matrix to check data packets and locate malicious nodes,so the key itself has high security.Experiments show that,compared with the DLIL scheme,the calculation time of this scheme is less,malicious nodes locating speed is faster,and malicious nodes locating accuracy rate is slightly higher.