Key Distribution in DTNs Using Erasure Codes
description
Transcript of Key Distribution in DTNs Using Erasure Codes
2
Erasure Coding
Forward Error Correction Code Store redundant information in a transmission Reed-Solomon Code
Erasure Channel Lossy Communication channel Lost data is considered “erased” data
Concept Message M captured in N chunks. Require R < N chunks to re-create message. Computationally infeasible to re-create message with C < R
chunks.
Forward error correction code over an erasure channel.
3
Creating/Using Redundant Chunks
Produce initial set of K chunks in finite field For binary files, choose power of 2 for field size (say, 2^1024) Number of chunks = file size / chunk size Name chunks 0 – (k-1)
Generate Lagrange Interpolation Polynomial p(x) Calculate efficient polynomial through K points p(0) = chunk 0, p(i) = chunk i…
Use polynomial to generate redundant points Generate p(k) through p(n).
Receiver constructs polynomial from any k points With polynomial, can extract p(0) through p(k-1).
4
Wikipedia Example
Sender encodes two messages: a = 555 and b = 629
Polynomial: f(i) = a + (b - a)(i - 1)
f(1) = 555, f(2) = 629, f(3) = 703, f(4) = 777, f(5) = 851
Receiver only receives f(4) and f(5)
Can reconstruct polynomial and then extract f(1) and f(2)
5
Considerations
Efficient Implementation as Reed-Solomon Coding Use generator polynomial and send coefficients, not values
More efficient decoding of values
Need large enough chunk size and large # chunks Larger the size, harder to brute-force guess a value when too few
chunks received.
Need k to be large enough to span paths in the network
Chunk values should not repeat Assume original data is compressed or otherwise entropy-encoded
to reduce the chance of constructing chunks with the same value.
6
Erasure Codes as Key Distribution
Key is binary data May include meta-data as part of key message. To a point, bigger message is better.
Construct Key Chunks No apparent need to generate redundant chunks May produce small set of redundancy for reliability, but this is
likely handled by other transmission mechanisms
Build discrete paths through network Chunks sent from source to destination via discrete paths No intermediate node may hold more than x% of chunks for a
key message
7
Network Example
F(1), F(2), F(3), F(4), F(5), F(6), F(7), F(8)
F(1), F(2), F(3)
F(4), F(5), F(6)
F(7), F(8)
F(1), F(2), F(3), F(4), F(5), F(6), F(7), F(8)
Eight Chunks Require all for re-assembly Send through different paths
Separate Paths Compromise of any one node
or one link does not compromise key.
Relies on Nodes to reject messages based on what they have seen so far.
Restricted routing settings (limits on storage and forwarding)
8
Issues/Mitigations
Cut Vertices Compromise of a cut vertex, or its links subverts the system Separate transmission over time. Node does not hold all chunks at
one time.
Cut Vertices Link The vertex collects all data through the segmented network Hop-by-hop confidentiality protects link transmission.
Node Intelligence Nodes must actively refuse to collect too many chunks Nodes must maintain some repository of chunks seen Key Distribution protocol counts chunks received by hashing on
destination node. Allowed collision count embedded in chunk message.
9
Issues/Mitigations
Chunk Poisoning Current system vulnerable to bogus data injection by a
compromised node. Exploit redundancy in the erasure coding approach. Calculate key
using redundant messages from multiple paths and agree on quorum.
Rely on Authentication to avoid injection attacks.
Relies on authentication between nodes Key distribution relying on key distribution… Multiple keys exist in the system. Do not rely on key being updated,
but other keys can be relied upon. Use for distribution of partial key in combination with identity-based
scheme.
10
Next Steps
Draft key distribution protocol Chunk construction, addressing, meta-data Intermediate Node actions Endpoint node actions
Detailed analysis Field space, chunk size, redundancy, entropy coding
Sample implementation Performance measurement Simulate link and node compromise and effects
11
Thank you!
Questions?