Results 11  20
of
118
On wiretap networks II
 IN PROC. IEEE INT. SYMP. INFORMATION THEORY
, 2008
"... We consider the problem of securing a multicast network against a wiretapper that can intercept the packets on a limited number of arbitrary network links of his choice. We assume that the network implements network coding techniques to simultaneously deliver all the packets available at the source ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
(Show Context)
We consider the problem of securing a multicast network against a wiretapper that can intercept the packets on a limited number of arbitrary network links of his choice. We assume that the network implements network coding techniques to simultaneously deliver all the packets available at the source to all the destinations. We show how this problem can be looked at as a network generalization of the OzarowWyner Wiretap Channel of type II. In particular, we show that network security can be achieved by using the OzarowWyner approach of coset coding at the source on top of the implemented network code. This way, we quickly and transparently recover some of the results available in the literature on secure network coding for wiretapped networks. We also derive new bounds on the required secure code alphabet size and an algorithm for code construction.
A Framework for Identifying Compromised Nodes in Wireless Sensor Networks
"... Sensor networks are often subject to physical attacks. Once a node’s cryptographic key is compromised, an attacker may completely impersonate it and introduce arbitrary false information into the network. Basic cryptographic mechanisms are often not effective in this situation. Most techniques to ad ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
Sensor networks are often subject to physical attacks. Once a node’s cryptographic key is compromised, an attacker may completely impersonate it and introduce arbitrary false information into the network. Basic cryptographic mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. In this article, we propose an applicationindependent framework for accurately identifying compromised sensor nodes. The framework provides an appropriate abstraction of applicationspecific detection mechanisms and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false
Correction of adversarial errors in networks
 in Proceedings of International Symposium in Information Theory and its Applications
, 2005
"... Abstract — We design codes to transmit information over a network, some subset of which is controlled by a malicious adversary. The computationally unbounded, hidden adversary knows the message to be transmitted, and can observe and change information over the part of the network he controls. The ne ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
(Show Context)
Abstract — We design codes to transmit information over a network, some subset of which is controlled by a malicious adversary. The computationally unbounded, hidden adversary knows the message to be transmitted, and can observe and change information over the part of the network he controls. The network nodes do not share resources such as shared randomness or a private key. We first consider a unicast problem in a network with E  parallel, unitcapacity, directed edges. The rateregion has two parts. If the adversary controls a fraction p<0.5 of the E  edges, the maximal throughput equals (1 − p)E. We describe lowcomplexity codes that achieve this rateregion. We then extend these results to investigate more general multicast problems in directed, acyclic networks. I.
On the Practical and Security Issues of Batch Content Distribution Via Network Coding
"... Abstract — File distribution via network coding has received a lot of attention lately. However, direct application of network coding may have security problems. In particular, attackers can inject “faked ” packets into the file distribution process to slow down the information dispersal or even dep ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
Abstract — File distribution via network coding has received a lot of attention lately. However, direct application of network coding may have security problems. In particular, attackers can inject “faked ” packets into the file distribution process to slow down the information dispersal or even deplete the network resource. Therefore, content verification is an important and practical issue when network coding is employed. When network coding is used, it is infeasible for the source of the content to provide all the hash values or signatures required for verification, and hence the traditional “hashandsign ” methods are no longer applicable. Recently, a new onthefly verification technique is proposed by Krohn et al. for rateless erasure codes [1]. However, their scheme requires a large number of hash values to be distributed in advance, and all of them are needed to verify even for a single packet. We propose a new batch delivery and verification scheme that is similar to the classical scenario where the authentication information of a message is embedded with the message and is sufficient for the verification purpose. We investigate how our technique can be applied when random linear network coding is employed, and show that both the computational and the bandwidth overhead can be greatly reduced by using a variant of the random network coding. We further show by simulation that this variant is sufficiently effective in practice.
Secure Network Coding for Wiretap Networks of Type II
, 2009
"... We consider the problem of securing a multicast network against a wiretapper that can intercept the packets on a limited number of arbitrary network edges of its choice. We assume that the network employs the network coding technique to simultaneously deliver the packets available at the source to a ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
We consider the problem of securing a multicast network against a wiretapper that can intercept the packets on a limited number of arbitrary network edges of its choice. We assume that the network employs the network coding technique to simultaneously deliver the packets available at the source to all the receivers. We show that this problem can be looked at as a network generalization of the wiretap channel of type II introduced in a seminal paper by Ozarow and Wyner. In particular, we show that the transmitted information can be secured by using the OzarowWyner approach of coset coding at the source on top of the existing network code. This way, we quickly and transparently recover some of the results available in the literature on secure network coding for wiretap networks. Moreover, we derive new bounds on the required alphabet size that are independent of the network size and devise an algorithm for the construction of secure network codes. We also look at the dual problem and analyze the amount of information that can be gained by the wiretapper as a function of the number of wiretapped edges.
Characterizations of network error correction/detection and erasure correction
 in Proc. NetCod
, 2007
"... Abstract — In classical algebraic coding theory, the minimum distance of block code completely determines the ability of the code in terms of error correction/detection and erasure correction. We have obtained generalizations of these results for network codes. I. ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
Abstract — In classical algebraic coding theory, the minimum distance of block code completely determines the ability of the code in terms of error correction/detection and erasure correction. We have obtained generalizations of these results for network codes. I.
Distributed Detection in the Presence of Byzantine Attacks
"... Abstract—Distributed detection in the presence of cooperative (Byzantine) attack is considered. It is assumed that a fraction of the monitoring sensors are compromised by an adversary, and these compromised (Byzantine) sensors are reprogrammed to transmit fictitious observations aimed at confusing t ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Distributed detection in the presence of cooperative (Byzantine) attack is considered. It is assumed that a fraction of the monitoring sensors are compromised by an adversary, and these compromised (Byzantine) sensors are reprogrammed to transmit fictitious observations aimed at confusing the decision maker at the fusion center. For detection under binary hypotheses with quantized sensor observations, the optimal attacking distributions for Byzantine sensors that minimize the detection error exponent are obtained using a “waterfilling ” procedure. The smallest error exponent, as a function of the Byzantine sensor population, characterizes the power of attack. Also obtained is the minimum fraction of Byzantine sensors that destroys the consistency of detection at the fusion center. The case when multiple measurements are made at the remote nodes is also considered, and it is shown that the detection performance scales with the number of sensors differently from the number of observations at each sensor. Index Terms—Byzantine attack, distributed detection, network defense. I.
Efficient network coding signatures in the standard model.” Cryptology ePrint Archive, Report 2011/696
, 2011
"... Abstract. Network Coding is a routing technique where each node may actively modify the received packets before transmitting them. While this departure from passive networks improves throughput and resilience to packet loss it renders transmission susceptible to pollution attacks where nodes can mis ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Network Coding is a routing technique where each node may actively modify the received packets before transmitting them. While this departure from passive networks improves throughput and resilience to packet loss it renders transmission susceptible to pollution attacks where nodes can misbehave and change in a malicious way the messages transmitted. Nodes cannot use standard signature schemes to authenticate the modified packets: this would require knowledge of the original sender’s signing key. Network coding signature schemes offer a cryptographic solution to this problem. Very roughly, such signatures allow signing vector spaces (or rather bases of such spaces). Furthermore, these signatures are homomorphic: given signatures on a set of vectors it is possible to create signatures for any linear combination of these vectors. Designing such schemes is a difficult task, and the few existent constructions either rely on random oracles or are rather inefficient. In this paper we introduce two new network coding signature schemes. Both of our schemes are provably secure in the standard model, rely on standard assumptions, and are in the same efficiency class with previous solutions based on random oracles. 1