190 likes | 318 Views
A Multi-hop Multi-source Algebraic Watchdog. Muriel Médard † Joint work with MinJi Kim † , João Barros ‡ † Massachusetts Institute of Technology ‡ University of Porto. Background. Secure network coding Network error correction [Yeung et al. 2006]
E N D
A Multi-hop Multi-source Algebraic Watchdog Muriel Médard† Joint work with MinJi Kim†, João Barros‡ †Massachusetts Institute of Technology ‡University of Porto
Background • Secure network coding • Network error correction [Yeung et al. 2006] • Resilient coding in presence of Byzantine adversaries [Jaggi et al. 2007] • Confidential coding scheme [Vilela et al. 2008] • Signature scheme [Charles et al. 2006][Zhao et al. 2007] • Locating attackers [Siavoshani et al. 2008] • NOTE: downstream nodes check for adversaries, the upstream nodes unaware. • Watchdog and pathrater [Marti et al. 2000] • Extensions of Dynamic Source Routing • Detect/mitigate misbehavior of the next node • Use wireless medium: promiscuous monitoring • Algebraic Watchdog [Kim et al. 2009] • Combine the benefits of network coding and watchdog • Extend to multi-hop, multi-source setting
Problem Statement • Wireless network G = (V, E1,E2). • V : Set of nodes in the network • E1: Set of hyperedges for connectivity/wireless links • E2: Set of hyperedges for interference • Transition probability known (Binary symmetric channel) • Is vm+1 consistent with… • Overheard packets from v2 , v3 ,… vm? • Channel statistics? Overhearing with noise in E2 Intended transmission in E1
Problem Statement • How can upstream nodes (v1, v2, …,vm) detect misbehaving node (vm+1) with high probability? Overhearing with noise in E2 Intended transmission in E1 Routing: Packets individually recognizable Network Coding: Packets are mixed Errors from BSC channel : Probabilistic detection Few bit errors can make dramatic change in the algebraic interpretation
Packet Structure coded data xi = Σ αj xj with error-correcting code Ci = (n, ki, di) • A node vi that receives messagesxj ’s and transmits pi • Note: hash is contained in one hop, dependent on in-degree • Goal:If vitransmits xi = e + Σ αj xjwheree≠0, detect it with high probability. • Even if |e| small, the algebraic interpretation may change dramatically. coding coefficients aj’s pi = aj’s aj’s h(xj) h(xj) h(xi) h(xi) xi hash of received messages h(xj) hash of message h(xi) header: protected with error correction codes
Threat Model • Adversary • Eavesdrops its neighbors’ transmissions • Injects/corrupts packets • Computationally unbounded • Knows the channel statistics, but does not know the specific realization of the channel errors • Adversary’s objective: Corrupt information flow without being detected by other nodes • Our objective: limit errors introduced by the adversaries to be at most that of the channel
Algebraic Watchdog • Focus on v1 • Listens to neighbors and infer the messages: Using transition matrix T • Combines the inferred messages to “guess” what the next hop node should transmit: Watchdog trellis & Viterbi-like algorithm • Check the “guessed message” with next-hop node’s transmission: Inverse transition matrix T-1
Transition Matrix/List T Overheard information • Relates the overheard information from source vi to list of candidates (inferred list of xi) Inferred information xi Overheard information y Start state Edge weight proportional to probability of receiving given y is original message: Edge iff
Watchdog Trellis Layer 2 α1x1 +α2x2 Layer 3 α1x1 +α2x2 +α3x3 Layer m Σ1≤i≤m αixi Layer 1 α1x1 Layer m-1 Σ1≤i≤m-1 αixi • Uses overheard & inferred information (candidates) to generate a list of “guesses” on what vm+1 should send Start state Combine infor-mation from v2 Combine infor-mation from vm-1 Combine infor-mation from vm What v1 already has “guesses” are states with positive weight at Layer m
Overheard information [x̃m+1,h(xm+1)] Guesses Σ1≤i≤m αixi Inverse Transition Matrix T-1 Inferred linear combinations (guesses) Σ1≤i≤m αixi Overheard information • Using the “guesses” generated, checks that vm+1is well-behaving • Same as T, just inverse Edge iff y End node Edge weight proportional to probability of receivinggiven y is original message:
Overheard information [x̃m+1,h(xm+1)] Decision Making Layer 2 α1x1 +α2x2 Layer 3 α1x1 +α2x2 +α3x3 Layer m Σ1≤i≤m αixi Layer 1 α1x1 Layer m-1 Σ1≤i≤m-1 αixi • Total weight of end state = p* = probability of overhearing given channel statistics • Can use various decision policy, such as threshold decision rule p*>t • Depending on the rule, different false positive/false negative probabilities Start state “Guesses” Endstate
Simulation Results: Varying adversarial attack Adversarial relay (flips bit with probability padv) Honest relay (does not inject errors) • All channel noise: 10%, i.e. BSC(0.1) • 3 sources • 10-bit field size • 2-bit hash size When adversary injects more than channel noise (10%), the p*advand p*relayhave different distribution!
Conclusions • Probabilistically police downstream neighbors in a multi-hop, multi-source network using network coding • Only discussed multi-source, two-hop setting • Trellis-like graphical model: • Capture inference process • Compute/approximate probabilities of consistency within the network (Viterbi-like algorithm) • Preliminary simulation results agree with the intuition Future Work: • Combine with reputation based protocol and some practical considerations
Multi-hop Algebraic Watchdog • As long as the min-cut to any node from the source is not dominated by adversarial node, can detect malicious behavior
Multi-hop Algebraic Watchdog S2 S0 v1 v4 v2 edges in E1 S0monitors v5 v5 v7 S1monitors v7 v3 S1monitors v8 v6 S2monitors v4 v8 S1 • As long as the min-cut to any node from the source is not dominated by adversarial node, can detect malicious behavior
Simulation Results: Varying hash size Honest relay (does not inject errors) Adversarial relay (flips bit with probability 10%) Hash size (in bits) Hash size > 1 bit sufficient • All channel noise & adversarial attack level: 10%, i.e. BSC(0.1) • 3 sources • 10-bit field size
Simulation Results: Varying channel noise Channel noise between sources Honest relay (does not inject errors) Adversarial relay (flips bit with probability 10%) When channel noise > 10% (adversarial attack level), then may not be able to detect the adversary! • Adversarial attack level: 10%, i.e. BSC(0.1) • 3 sources • 10-bit field size • 2-bit hash size
Simulation results: Varying number of sources Number of sources Honest relay (does not inject errors) Adversarial relay (flips bit with probability 10%) v1can detect (even by itself) when there are moderate number of sources When only one source, v1 can detect adversary with high probability • All channel noise & adversarial attack level: 10%, i.e. BSC(0.1) • 3 sources • 10-bit field size • 2-bit hash size • v1 can not detect by itself when many sources • Need more hash or better overhearing channel • Does not take into account other nodes vi’s independent watchdog