Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete l...Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.展开更多
Through caching popular contents at the network edge,wireless edge caching can greatly reduce both the content request latency at mobile devices and the traffic burden at the core network.However,popularity-based cach...Through caching popular contents at the network edge,wireless edge caching can greatly reduce both the content request latency at mobile devices and the traffic burden at the core network.However,popularity-based caching strategies are vulnerable to Cache Pollution Attacks(CPAs)due to the weak security protection at both edge nodes and mobile devices.In CPAs,through initiating a large number of requests for unpopular contents,malicious users can pollute the edge caching space and degrade the caching efficiency.This paper firstly integrates the dynamic nature of content request and mobile devices into the edge caching framework,and introduces an eavesdroppingbased CPA strategy.Then,an edge caching mechanism,which contains a Request Pattern Change-based Cache Pollution Detection(RPC2PD)algorithm and an Attack-aware Cache Defense(ACD)algorithm,is proposed to defend against CPAs.Simulation results show that the proposed mechanism could effectively suppress the effects of CPAs on the caching performance and improve the cache hit ratio.展开更多
With the rapid development of Peer-to-Peer(P2P) technology,IPTV applications based on that have received more and more attention from both industry and academia. Several applications using the data-driven mesh-pull ar...With the rapid development of Peer-to-Peer(P2P) technology,IPTV applications based on that have received more and more attention from both industry and academia. Several applications using the data-driven mesh-pull architectures raised and gained great success commercially. At present,PPLive system is one of the most popular instances of IPTV applications which attract a large number of users from across the globe. At the same time,however,the dramatic rise in popularity makes it more likely to become a vulnerable target. In this paper,we propose an effective measurement architecture,which is based on the peer's nature not only receiving polluted video chunks but also forwarding those to other peers,to measure the video streaming pollution attack and then use a dedicated crawler of PPLive developed by us to evaluate the impact of pollution in P2P live streaming. Specifically,the results show that a single polluter is capable of compromising all the system and its destructiveness is severe.展开更多
Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the com...Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the communicating endpoints.Named data networking(NDN)secures the data by enforcing the data publisher to sign the data.Any user can verify the data by using the public key of the publisher.NDN is resilient to most of the probable security attacks in the TCP/IP model due to its new architecture.However,new types of attacks are possible in NDN.This article surveys the most significant security attacks in NDN such as interest flooding attacks,cache privacy attacks,cache pollution attacks,and content poisoning attacks.Each attack is classified according to their behavior and discussed for their detection techniques,countermeasures,and the affected parameters.The article is an attempt to help new researchers in this area to gather the domain knowledge of NDN.The article also provides open research issues that could be addressed by researchers.展开更多
As a representative architecture of contentcentric paradigms for the future Internet,named data networking(NDN)enables consumers to retrieve content duplicates from either the original server or intermediate routers.E...As a representative architecture of contentcentric paradigms for the future Internet,named data networking(NDN)enables consumers to retrieve content duplicates from either the original server or intermediate routers.Each node of NDN is equipped with cache that buffers but not validates the data,making it vulnerable to various attacks.Cache pollution,one of the specific attacks in NDN,fraudulently alters the cached contents by excessively requesting worthless information,squeezing the space of real popular contents and thus degrading the experience of normal users.In order to address the issue,this paper proposes a defense scheme based on deep reinforcement learning(DRL)against cache pollution attack,in which whether a data packet is to be cached is decided by a trained intelligent agent,that is adaptive to dynamic network states and following long term rewards,the accumulative data-requesting delays.Finally,the DRL-based scheme is evaluated and compared to two other existing schemes.Experimental results show that the proposed defense mechanism outperforms the others significantly,and is proved to be effective against cache pollution attacks.展开更多
Multi-source network coding allows intermediate nodes to linearly combine packets from multiple sources, but it is vulnerable to pollution attacks which can cause multiple down- stream data to be polluted. To solve th...Multi-source network coding allows intermediate nodes to linearly combine packets from multiple sources, but it is vulnerable to pollution attacks which can cause multiple down- stream data to be polluted. To solve this problem, we take advan- tage of lattice signature and homomorphic property to build a se- cure multi-source network coding scheme. By means of the lattice basis delegation algorithms, our scheme can generate a public lattice for all source nodes and the homomorphic signatures can be calculated on this lattice. Consequently, the multi-source signature problem can be transformed into single-source signature problem only if all source nodes are considered as a whole. Scheme analy- sis shows the correctness and homomorphic property of the pro- posed scheme.展开更多
Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the ori...Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to ver- ify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability. Mean- while, our scheme is able to efficiently restrict pollution prop- agation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.展开更多
A tag encoding authentication scheme for network coding proposed by Wu et al was claimed to defend pollution attacks efficiently. However, we find that the scheme easily incurs multi-generation pollution attacks, wher...A tag encoding authentication scheme for network coding proposed by Wu et al was claimed to defend pollution attacks efficiently. However, we find that the scheme easily incurs multi-generation pollution attacks, where an adversary may be able to recover the main secret key of the source with high probability during multi-generation transmitting, and the scheme also cannot resist against inter-generation pollution attacks. Using a dynamic source secret key technology that the key can be updated with the change of generation identifier, an improved scheme is then presented, which can counteract these security defects without any efficiency compromise.展开更多
Network coding can improve network efficiency by extending copy-and-forward paradigm to code-and- forward paradigm. It thus imposes a security problem called pollution attack that some network coding or forwarding nod...Network coding can improve network efficiency by extending copy-and-forward paradigm to code-and- forward paradigm. It thus imposes a security problem called pollution attack that some network coding or forwarding nodes may intentionally fabricate, modify, forge, or drop packets. Recently, many authentication methods are proposed to guarantee the correctness of encoding and forwarding results via the verification from receivers. Those methods include homomorphic hashing, homomorphic message authentication code, and homomorphic signature. However, those schemes result in expensive computation overhead due to the homomorphic cryptographic primitives, so that those methods will not be able to work in most applications that confront resource constraints. In this paper, we propose an ultra-lightweight checking protocol to guarantee the secure network coding without any homomorphic cryptographic primitives. The extensive analysis proofs that it has following advantages: the least security assumption for intermediate nodes, the least cryptographic primitive requirement, ultra-lightweight computation, flexible message length with probably proof, and minimal rounds in terms of message exchanging.展开更多
基金Supported by the General Program of Science and Technology Development Project of Beijing Municipal Education Commission(KM201311232014)the Opening Project of Beijing Key Laboratory of Internet Culture and Digital Dissemination Research (ICDD201206, ICDD201207)
文摘Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.
文摘Through caching popular contents at the network edge,wireless edge caching can greatly reduce both the content request latency at mobile devices and the traffic burden at the core network.However,popularity-based caching strategies are vulnerable to Cache Pollution Attacks(CPAs)due to the weak security protection at both edge nodes and mobile devices.In CPAs,through initiating a large number of requests for unpopular contents,malicious users can pollute the edge caching space and degrade the caching efficiency.This paper firstly integrates the dynamic nature of content request and mobile devices into the edge caching framework,and introduces an eavesdroppingbased CPA strategy.Then,an edge caching mechanism,which contains a Request Pattern Change-based Cache Pollution Detection(RPC2PD)algorithm and an Attack-aware Cache Defense(ACD)algorithm,is proposed to defend against CPAs.Simulation results show that the proposed mechanism could effectively suppress the effects of CPAs on the caching performance and improve the cache hit ratio.
基金supported by the National 973 Key Basic Research Program under grant JG2008031
文摘With the rapid development of Peer-to-Peer(P2P) technology,IPTV applications based on that have received more and more attention from both industry and academia. Several applications using the data-driven mesh-pull architectures raised and gained great success commercially. At present,PPLive system is one of the most popular instances of IPTV applications which attract a large number of users from across the globe. At the same time,however,the dramatic rise in popularity makes it more likely to become a vulnerable target. In this paper,we propose an effective measurement architecture,which is based on the peer's nature not only receiving polluted video chunks but also forwarding those to other peers,to measure the video streaming pollution attack and then use a dedicated crawler of PPLive developed by us to evaluate the impact of pollution in P2P live streaming. Specifically,the results show that a single polluter is capable of compromising all the system and its destructiveness is severe.
文摘Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the communicating endpoints.Named data networking(NDN)secures the data by enforcing the data publisher to sign the data.Any user can verify the data by using the public key of the publisher.NDN is resilient to most of the probable security attacks in the TCP/IP model due to its new architecture.However,new types of attacks are possible in NDN.This article surveys the most significant security attacks in NDN such as interest flooding attacks,cache privacy attacks,cache pollution attacks,and content poisoning attacks.Each attack is classified according to their behavior and discussed for their detection techniques,countermeasures,and the affected parameters.The article is an attempt to help new researchers in this area to gather the domain knowledge of NDN.The article also provides open research issues that could be addressed by researchers.
文摘As a representative architecture of contentcentric paradigms for the future Internet,named data networking(NDN)enables consumers to retrieve content duplicates from either the original server or intermediate routers.Each node of NDN is equipped with cache that buffers but not validates the data,making it vulnerable to various attacks.Cache pollution,one of the specific attacks in NDN,fraudulently alters the cached contents by excessively requesting worthless information,squeezing the space of real popular contents and thus degrading the experience of normal users.In order to address the issue,this paper proposes a defense scheme based on deep reinforcement learning(DRL)against cache pollution attack,in which whether a data packet is to be cached is decided by a trained intelligent agent,that is adaptive to dynamic network states and following long term rewards,the accumulative data-requesting delays.Finally,the DRL-based scheme is evaluated and compared to two other existing schemes.Experimental results show that the proposed defense mechanism outperforms the others significantly,and is proved to be effective against cache pollution attacks.
基金Supported by the National Natural Science Foundation of China(61571024,61272501)the National Basic Research Program of China(2012CB315905)the Research Promotion Grants-in-Aid for KUT Graduates of Special Scholarship Program and the Fundamental Research Funds for Central Universities(YWF15GJSYS059)
文摘Multi-source network coding allows intermediate nodes to linearly combine packets from multiple sources, but it is vulnerable to pollution attacks which can cause multiple down- stream data to be polluted. To solve this problem, we take advan- tage of lattice signature and homomorphic property to build a se- cure multi-source network coding scheme. By means of the lattice basis delegation algorithms, our scheme can generate a public lattice for all source nodes and the homomorphic signatures can be calculated on this lattice. Consequently, the multi-source signature problem can be transformed into single-source signature problem only if all source nodes are considered as a whole. Scheme analy- sis shows the correctness and homomorphic property of the pro- posed scheme.
文摘Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to ver- ify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability. Mean- while, our scheme is able to efficiently restrict pollution prop- agation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.
基金Supported by the National Natural Science Foundation of China(61271174,61301178)the Specific Scientific Research Plan Project of Shaanxi Education Department(15JK2150)the Science and Technology Innovation Foundation of Xi’an(CXY1352WL28,CXY1531WL38)
文摘A tag encoding authentication scheme for network coding proposed by Wu et al was claimed to defend pollution attacks efficiently. However, we find that the scheme easily incurs multi-generation pollution attacks, where an adversary may be able to recover the main secret key of the source with high probability during multi-generation transmitting, and the scheme also cannot resist against inter-generation pollution attacks. Using a dynamic source secret key technology that the key can be updated with the change of generation identifier, an improved scheme is then presented, which can counteract these security defects without any efficiency compromise.
基金Supported by the Open Research Fund from the Shandong Provincial Key Laboratory of Computer Networks (No.SDKLCN-2011-01)the Fundamental Research Funds for the Central Universities, China University of Geosciences(Wuhan) (Nos. 110109 and 090109)the National Natural Science Foundation of China (No. 61170217)
文摘Network coding can improve network efficiency by extending copy-and-forward paradigm to code-and- forward paradigm. It thus imposes a security problem called pollution attack that some network coding or forwarding nodes may intentionally fabricate, modify, forge, or drop packets. Recently, many authentication methods are proposed to guarantee the correctness of encoding and forwarding results via the verification from receivers. Those methods include homomorphic hashing, homomorphic message authentication code, and homomorphic signature. However, those schemes result in expensive computation overhead due to the homomorphic cryptographic primitives, so that those methods will not be able to work in most applications that confront resource constraints. In this paper, we propose an ultra-lightweight checking protocol to guarantee the secure network coding without any homomorphic cryptographic primitives. The extensive analysis proofs that it has following advantages: the least security assumption for intermediate nodes, the least cryptographic primitive requirement, ultra-lightweight computation, flexible message length with probably proof, and minimal rounds in terms of message exchanging.