Network Coding Security · Main Questions in this Tutorial !! ... Secrecy Capacity of Noisy ... The...
98
João Barros Instituto de Telecomunicações Universidade do Porto Network Coding Security European Training School in Network Coding Barcelona, Spain, February 2013
Transcript of Network Coding Security · Main Questions in this Tutorial !! ... Secrecy Capacity of Noisy ... The...
João Barros
Instituto de Telecomunicações
Universidade do Porto
Network Coding Security
European Training School in Network Coding
Barcelona, Spain, February 2013
4
Instituto de Telecomunicações
•! National Laboratory for
Telecommunications
•! More than 30 research groups with about
180 PhDs
•! Four fundamental areas:
•! Basic Sciences
•! Wireless Technologies
•! Optical Communications
•! Networks and Multimedia
•! Associate Laboratory status awarded by
the Portuguese Foundation for Science and
Technology
•! IT Porto: about 80 members, of which 19
with a PhD, and a total of about 3M EUR in
research funding for 2010-2012;
Porto
Covilhã
Aveiro
Coimbra
Leiria
Lisboa
5
Universidade do Porto
!! Founded in 1911 (roots in the 18th century)
!! 14 different schools
!! ~31000 students
!! ~6000 graduate students
!! ~2300 professors
!! 70 research institutes
6
IT Porto
!! Founded in 2007 at the University of Porto
!! Delegation of IT at FEUP and FCUP
!! 26 researchers with a PhD (average age 38 yrs)
!! 50+ PhD students (ECE, CS, Math, Psychology)
!! 43% international researchers | 27% women
!! >2200 citations since 2007
!! IEEE Awards in 2010 and 2011
!! National Innovation Award in 2012
!! 3 spin-offs
!! Strong participation in IEEE TPCs (organized IEEE ITW 2008)
!! Coordinating the Carnegie Mellon Portugal Program
9
Today’s Layered Architecture
Standard Protocol Stack
Application
Link
Transport
Network
Physical
Programs and applications
End-to-end reliability, cong. control
Routing and forwarding
Medium access control
Channel coding and modulation
Where is security ?
10
Security: a patchwork of add-ons!
Application
Link
Transport
Network
Physical
End-to-end cryptography
Secure Sockets Layer (SSL)
Virtual private networks (IPSec)
Admission control (e.g.WPA)
Application
Link
Transport
Network
Physical Physical-layer security ?
11
A typical graduate course in cryptography and security always starts by
discussing Shannon's notion of perfect secrecy (widely accepted as the
strictest notion of security):
Then, it emphasizes its conceptual beauty.
Then, it states that it is basically “useless” for any practical application.
Alice
Eve
Bob Message W decoded
message Wb
key K
X X
X key K
Computational Security
p(w|x)=p(w)
Information-Theoretic-Security – are we biased?
12
Main Questions in this Tutorial
!! What are the fundamental security limits at the physical layer?
!! Which notions of security are we talking about?
!! Is information-theoretic security practical?
!! What kind of code constructions can we use?
!! How do we build protocols based on information-theoretic security?
!! Can we combine physical-layer security with classical cryptography?
!! How can we secure novel networking paradigms?
!! How can we go beyond confidentiality at the physical layer?
13
!! Theoretical Foundations
!! Fundamentals of Information-Theoretic Security
!! Strong Secrecy versus Weak Secrecy
!! Secrecy Capacity of Noisy Channels
!! Practical Techniques
!! Combining Cryptography and Coding
!! Secrecy Capacity Achieving Codes
!! Secret Key Agreement at the Physical Layer
!! Advanced Topics and Applications
!! Multi-user Secrecy and Network Coding Security
!! Active Attacks on Coded Systems
!! Beyond Secure Communications
Our program for today
14
What we will not do
!! Provide an exhaustive review of related work
!! Elaborate on the details of the proofs
!! Cover all the topics in depth
!! Adress quantum information theory
!! Say bad things about modern cryptography
15
Theoretical Foundations
16
Notions of Security
Computational Security
!! Alice sends a k-bit message W to Bob
using an encryption scheme;
!! Security schemes are based on
(unproven) assumptions of intractability of
certain functions;
!! Typically done at upper layers of the
protocol stack
Information-Theoretic (Perfect or
unconditional) Security
!! strictest notion of security, no
computability assumption
!! Prob{W | Eve’s knowledge}=Prob{W}
H(W|X)=H(W) or I(X;W)=0
!! e.g. One-time pad
[Shannon, 1949] : H(K) ! H(M)
Alice
Eve
Bob k-bit
message W
k-bit decoded message Wb
key K
X X
X key K
17
Eve
Key k-bit message W
Xk
k bits
Key
k bits
k-bit decoded message Wb
Alice Bob
If Eve does not know the key and P(Key=k-tuple)=1/2k
then we have p(w|xk) = p(w).
Xk
Xk
One-time Pad
18
This model is somewhat pessimistic, because most
communications channels are actually noisy.
Alice
Eve
Bob k-bit message W
k-bit decoded message Wb
key K key K
X X
X
Shannon’s Model
21
Because the transmission range is so short, NFC-enabled transactions are inherently
secure. Also, physical proximity of the device to the reader gives users the reassurance
of being in control of the process.
24
Increasing the Secrecy Capacity via Feedback
!! Suppose Alice, Bob and Eve are connected via binary symmetric
channels and a public authenticated feedback channel is available.
Noisy
Channel Error-free
public
communication
Computation
Alice X V+X+E V+X+E+X V+E
Bob X+E V+X+E V V
Eve X+D V+X+E V+X+E+X+D V+E+D
!! Bob and Eve observe different noises (D, E).
!! Bob feeds back random value V plus what he observed (X+E)
!! Eve ends up with more noise than Bob (as in the wiretap channel)
26
Notions of Security
!! Weak secrecy
!! Strong secrecy
!"#1)|(1 nn
XUHn
!"# nXUHnn )|(
[Maurer & Wolf, 2000]
!!The secrecy capacity of the discrete memoryless wiretap
channel does not change with strong secrecy.
!! Proof requires fundamental tools of theoretical computer
science (extractors)
27
Example of Weak Secrecy
Un
Kn
Xn
Binary data (n bits)
One-time-pad (n-k bits)
Unprotected data (k bits) Protected data (n-k bits)
!!This trivial scheme satisfies the weak secrecy condition
while disclosing an unbounded number of bits:
!! Clearly, it does not satisfy the strong secrecy condition:
!"#"="= 11)(1
)|(1
n
kkn
nXUH
n
nn
!"#"= nknXUHnn )|(
28
Network Security
Interference
Cooperation
Feedback
Network
X1
X3
X4
X2
Y1
Y2
?
What happens when we have multiple parties
communicating over unreliable noisy networks with
multiple eavesdroppers and jammers?
29
M users communicate messages F and agree on secret key K
!! common secret key
!! secrecy against eavesdropper
!! uniformity
!! secret key (SK) capacity is the largest entropy rate of K
Multi-user Secrecy Generation
1)...( 21 !====MKKKKP
0);( !FKI
||log)( spacekeyKH !
30
Example with three users and two-bit sequences
Bob
Alice
Charlie
1211BB
2221BB
3231BB
!! Bob and Charlie observe sequences of Bernoulli (1/2) symbols.
!! Alice observes the symbolwise XOR of their sequences.
Optimal Secret Key Agreement
!! Alice sends
!! Bob sends
!! Charlie sends
!! All are able to recover
11B
22B
3231BB !
31B
0);,,( 3132312211 =! BBBBBI
2
1)(
2
131 =BH
!! Eavesdropper is in the dark:
!! SK rate:
[Csiszár and Narayan, 2006]
32
Many correlated sources
1
2
0
U1
U2
R10
R20
M UM
RM0
))(|)((0
c
Si
iSUSUHR >!
"
for all sets
Perfect reconstruction is
possible if and only if
0
,0
},,....,2,1{
!
="
#
S
SS
MS
c
33
Secret Key Capacity for Two Terminals
[Maurer ‘93, Ahlswede and Csizár, ‘93]
Bob Alice U2
R1
U1
R1 > H(U1|U2)
R2 > H(U2|U1) R2
)]|()|([),( 122121 UUHUUHUUHCSK
+!=
);( 21 UUI=
non-interactive communication
34
Secret Key Capacity for Multiple Terminals
[Csiszár and Narayan, 2006]
min21 ),...,,( RUUUHCMSK!=
is the minimum sum rate required for all
terminals to be able to
reconstruct all sources
with arbitrarily small
probability of error.
minR
Network
U1
U4
U6
U3
U2
U5
Notice that in this case the eavesdropper observes only the communication between the nodes and not
one of the correlated sources.
35
Extensions and Variations
!! Secret key agreement with helpers [Csizár, Narayan, 2005]
!! Multiple group keys with secrecy with respect to a prescribed
subset of users [Ye, Narayan, 2005]
!! Satellite Channel Model [Csizár, Narayan, 2005]
!! Secret key capacity when eavesdropper observes a
correlated source of randomness remains unsolved.
36
Active Attacker
!! Adversary has access to the communications
channel used by the legitimate parties and can do
the following:
!! Send / Receive;
!! Read;
!! Replay;
!! Forge;
!! Block;
!! Modify;
!! Insert;
36
39
Store-and-Forward versus Network Coding
!! In today’s networks, information is viewed as a
commodity, which is transmitted in packets and
forwarded from router to router pretty much as water
in pipes or cars in highways.
!! In contrast, network coding allows intermediate
nodes to mix different information flows by combining
different input packets into one or more output
packets.
[Ahlswede, Cai, Li and Yeung, 2000]
40
A simple three-node example
A B
C
a a
b b
In the current networking paradigm we require 4 transmissions.
41
Network Coding
A B
C
a b
With network coding we require only 3 transmissions.
a+b
43
Packetized Network Coding
!! Assume each packet carries L bits
!! s consecutive bits can be viewed as a symbol in Fq
L s
!! Perform network coding on a symbol by symbol basis.
!! Output packet also has length L.
!! Send the coefficients (the “encoding vector”) in the header.
!! Information is spread over multiple packets.
enc. vector
44
Practical Considerations
!! Encoding: Elementary linear operations which can be implemented in a
straightforward manner (with shifts and additions).
!! Decoding: Once a receiver has enough linearly independent packets, it can
decode the data using Gaussian elimination, which requires operations.
!! Generations: To manage the complexity and memory requirements, we mix
only generations with fixed number of packets and limit the field size. Each keeps
a buffer sorted by generation number. Non-innovative packets are discarded.
!! Delay: Since we must wait until we have enough packets to decode, there is
some delay (not very significant, since we require less transmissions in many
relevant scenarios)
45
Other benefits
!! Reliability: Network Coding can achieve optimal delay and rate in the
presence of erasures and errors.
!! Simpler Optimization: The multicast routing problem is NP-hard
(packing Steiner trees), however with network coding there exist
polynomial time algorithms.
!! Robustness: Random network coding is completely decentralized
and preserves the information in the network, even in highly volatile
networking scenarios.
46
Applications of Network Coding
!! Distributed Storage and Peer-to-Peer: robustness against failures
in highly volatile networks;
!! Wireless Networks: Information dissemination using opportunistic
transmission;
!! Sensor Networks: Data gathering with extremely unreliable sensing
devices;
!! Network Management: Assessing critical network parameters (e.g.
topology changes and link quality)
First real-life application in July 2007:
Microsoft Secure Content Downloader (a.k.a. Avalanche)
47
Classes of Network Coding Protocols
We distinguish between two types of protocols:
!! stateless network coding protocols, which do not rely on network
state information (e.g. topology or link costs) to decide when to mix
different packets (e.g. Random Linear Network Coding);
!! state-aware network coding protocols, which rely on partial or
full network state information to compute a network code or
determine opportunities to perform network coding in a dynamic
fashion (e.g. COPE).
48
Secret Key Dist. [Oliveira, Barros, ’07]
SPOC [Vilela, Lima, Barros, ’08]
Cooperative Security [Gkantsidis, Rodriguez, ’06]
Network Coding Security Taxonomy
Network Coding
Protocols
State
information
Security
Infrastructure
Stateless
RLNC [Ho et al, ’04]
State-aware
COPE [Katti et al, ’06]
Polynomial time [Jaggi et al, ’05]
Cooperative Key Management
"! some intrinsic
security (no state
information)
"! Prone to
Byzantine
attacks
"! Prone to
Byzantine attacks "! Network state
information
- Extra redundancy - Hash symbols included in packets
- Cooperative security schemes - Homomorphic hash
functions
-!Signatures -! Key distribution -! Confidentiality
Signatures Content Dist. [Zhao et al, ’07]
Detection Byzantine [Ho et al, ’04]
Resilient codes [Jaggi et al, ’06] [Koetter, Kschischang, ’07]
Network codes
49
Network Coding: A Free Cipher?
!! Nodes are assumed to be “nice but
curious” (comply with protocol but could
be malicious eavesdroppers)
!! Intermediate nodes have different levels
of confidentiality;
!! Nodes T and U have partial information
about the data;
!! Node W has full access to the data;
!! Node X cannot decode any useful data –
a free cypher!
S
T U
W
Y Z
X
a b
a
a
b
b a+b
a+b a+b
Previous work considered wiretapping attacks on multiple links,
e.g. [Cai and Yeung,’02], [Feldman et al,’04] [Bhattad et al,’05]
[Lima, Médard and Barros, ISIT’07]
50
Secure Network Coding
S
T U
a
b
c
d
e
f
g
h
S
T U
a+b+c+d+e+f+g
3a+b+c+d+5f
a+2b+c+d+4g
a+b+c+3d+5h
5a+b+5h
6b+c+4g
b+7c+3a
b+c+9e
R R
Nodes T and U have access to half
of the sent data. NodesT and U need to decode to
obtain partial data.
51
Algebraic Security Criterion
Definition (Algebraic Security Criterion): The level of security provided
by random linear network coding is measured by the number of
symbols that an intermediate node v has to guess in order to decode
one of the transmitted symbols.
!! In other words, we compute the difference between the global rank
of the code and the local rank in each intermediate node.
52
Results
Theorem 1:The probability P(ld > 0) of recovering a strictly positive number
of symbols ld at the intermediate nodes (by Gaussian elimination) goes to
zero for sufficiently large number of nodes and alphabet size
Proof Idea:
An intermediate node can gain access to relevant information
1)! when the partial transfer matrix has full rank
2)! when the partial transfer matrix has diagonalizable parts.
Carry out independent analyzes in terms of rank and in terms of partially
diagonalizable matrices.
Show that the probability of having partially diagonizable matrices goes to zero for
sufficiently large number of nodes and alphabet size.
53
SPOC - Secure Practical netwOrk Coding
!! Assured confidentiality against
attacker with access to all the links.
!! Two types of coefficients:
!! Locked
!! Unlocked
!! Same operations
!! Requirements:
!! Key management mechanism
54
SPOC - Secure Practical netwOrk Coding - Results
Number of AES encryption operations according to the payload
size, for SPOC (encryption of locked coefficients) versus traditional
encryption mechanism (encryption of the whole payload).
56
Mutual Information between Payload and Coding Coefficients
[Lima, Vilela, Barros, Médard, 2008]
57
Conventional Encryption
•! Insensitive to the characteristics of the communication
system
•! Compression, channel reliability, etc.
•! Limitations
•! Delay constraints, energy and power constraints, etc.
58
Combining compression and protection features
Compression
One-time pad Analysis
Encryption
Entropy coder
Multiplexer u
x
t
y = x ! t
k
z
t’
k’
x
•! Joint design of analysis and entropy
coder blocks.
•! Minimize the size of t’ to reduce the
computational complexity of
encryption.
Encoder
Eavesdropper
Decoder
Key Source
Message Source
k
u z u
59
Combining compression and protection features
Encoder
Eavesdropper
Decoder
Key Source
Message Source
k
u z u
z
Decompression
One-time pad
Decryption
Entropy coder Demultiplexer
u
t
x = y ! t
k
t’ k’
y y
y
60
The case of Huffman codes
•! Catastrophic error propagation
•! C = {A: 100, B: 0, C: 111, D: 101, E: 110}
•! Source message: BBCBECDBBB
•! Encoded bitstream: 001110110111101000
•! Decoded symbols: DBDDCBAB
•! Fliped two bits and changed several source symbols.
•! Exploit this property for encryption
•! Generated keystreams will have long runs of zeros.
•! Runlength entropy coder reduces the amount of information we need
to encrypt.
61
Trellis based keystreams
•! Cryptogram cannot
contain the trellis root
states of the original
codewords
•! Define path cost
function that reflects the
cost of the entropy coder
•! Compute the minimum
path cost using greedy
approach
62
Error state automaton based keystreams
•! Transition function between automaton states
•! If a codeword leads to a synchronization state modify
codeword
•! Choice can be subject to optimization regarding the
efficiency of the entropy coder
•! Keystream is the concatenation of the sequence of
modifications
•! Source alphabet: {A:0001, C:0000, G:111, H:110, O:
101, P:011, R:010, T:100, Y:001}
•! Error states: {0, 1, 00, 01, 10, 11, 000}
•! Source message: CRYPTOGRAPHY
•! Cryptogram: YYOHRGOCOGA
x t s
- - I
0000 0010 0
010 000 0
001 010 1
011 000 1
100 000 0
101 000 1
111 000 1
010 000 0
0001 0000 1
011 000 1
110 000 0
001 000 S
63
Detection of Byzantine Modification
!! Hash symbols, calculated as simple polynomial functions of the
source data, are included in each source packet.
!! Receiver nodes check if decoded packets are consistent, i.e. have
matching data and hash values.
!! Additional computation is minimal as no other cryptographic
functions are involved.
!! Detection probability can be traded off against communication
overhead, field size (complexity) of the network code and the time
taken to detect an attack.
[Ho et al, ISIT 2004]
L s
enc. vector hash
64
[Gkantsidis, Rodriguez, Infocom 2006]
!! Cooperation to achieve on-the-fly detection of malicious packets.
!! Homomorphic hash functions: a hash of an encoded packet is easily
derived from the hashes of the previously encoded packets.
!!However, these hash functions are computationally expensive.
!! To increase efficiency every node performs block checks with a
certain probability and alerts its neighbors upon detection.
!! In addition, there exist techniques to prevent Denial of Service (DoS)
attacks aimed at the dissemination of alarms.
Cooperative security for network coding
68
Threat Model
!! Adversary
!! Eavesdrops its neighbors’ transmissions
!! Injects/corrupts packets
!! Computationally unbounded
!! Knows the channel statistics, but does not know
the specific realization of the channel errors
!! Adversary’s objective: Corrupt
information flow without being detected by
other nodes
!! Our objective: limit errors introduced by
the adversaries to be at most that of the
channel
69
Algebraic Watchdog
!! Focus on v1!
!! Listens to neighbors and infer the messages: Using transition matrix T!
!! Combines the inferred messages to “guess” what the next hop node should
transmit: Watchdog trellis & Viterbi-like algorithm
!! Check the “guessed message” with next-hop node’s transmission: Inverse transition matrix T-1!
72
In summary
!! Probabilistically police downstream neighbors in a multi-
hop, multi-source network using network coding
!! Only discussed multi-source, two-hop setting
!! Trellis-like graphical model:
!! Capture inference process
!! Compute/approximate probabilities of consistency
within the network (Viterbi-like algorithm)
!! Preliminary simulation results agree with the intuition
Open issues:
!! Combine with reputation based protocol and some practical considerations
73
Resilient Network Codes
!! Use the error correction capabilities of linear network coding.
!! An active attacker can be viewed as a second source of data.
!! Add enough redundancy to allow the destination to distinguish
between valid and erroneous packets.
!! Some information may have to be protected by a shared secret key.
[Jaggi et al. , Infocom 2006]
[Koetter and Kschischang, 2007]
75
Key Pre-distribution
!! Goal: Store keys into the memory of the sensor nodes for them to share a secret with their
neighbors after the deployment.
!! Challenges:
!! Minimize the impact of compromised nodes;
!! Efficient use of the resources;
!! Scalability in dynamic environments;
!! Avoid single points of attack.
76
Secret Key Distribution using Network Coding
!! Our approach:
!! Key pre-distribution scheme;
!! Efficient use of resources;
!! Uses a mobile node to “blindly” complete the key distribution
process;
!! Designed for dynamic scenarios.
!! Prior to sensor node deployment:
!! Generate a large pool of keys and their identifiers;
!! Load different keys and the corresponding identifiers into the memory of each sensor node;
!! Store in the memory of the mobile node all the keys encrypted with
the same one-time pad and their corresponding identifiers.
[Oliveira and Barros, 2007]
77
Secret Key Distribution in WSNs
!! After sensor node deployment:
B S A
Hello Hello
)()( BiAiKK ! )()( BiAi
KK !
)()( BAKmE
Ai!
)()( ABKmE
Bi!
)(Ai )(Bi
RKRKBiAi!!! )()(
)()()( BiBiAiKKK !!)()()( AiBiAi
KKK !!
)(BiK)(AiK
)(BiK)(AiK
RK
RK
RK
i
Bi
Ai
!
!
!
(.)
)(
)(
...
[Oliveira and Barros, 2007]
78
One-Time Pad Security
!! One-time pad is secure if the key is:
!!Truly random;
!!Never reused;
!!Kept secret.
!!The knowledge of does not
increase the information that the attacker has about any one key
},...,,{ 21 RKRKRKm!!!
( ) ( ) { }mixKPyRKyRKxKPnimmi ,...,1,2
1,...,| 11 !"====#=#=
[Oliveira, Costa and Barros, 2007]
79
Extensions and Variations
!! Mobile key distribution for many nodes
!! Group and cluster keys
!! Key revocation
!! Key renewal
!! Authentication
80
81
82
84
N1 N2 N3
t1 t2 t3 t4
N1
N2
N3
B
A+B
A B A A B
t1 t2 t3 t4
N1 X
N2
N3
t1 t2 t3 t4
N1 X
N2
N3 X
t1 t2 t3 t4
N1 X
N2 X
N3 X
t1 t2 t3 t4
N1 X
N2 X X
N3 X
A B
A B
t1 t2 t3 t4
N1 X
N2
N3 X
t1 t2 t3 t4
N1 X
N2 X
N3 X
B A
Network coding
!! Network coding allows us to improve delay and throughput.
!! Basic idea: send coded packets instead of dummy packets.
!! With some probability, coded packets will be useful, while
still confusing the eavesdropper.
85
Prior Work
!! Source anonymity (crowds, Reiter and Rubin, 1998)
!! Destination anonymity (k-anonymity, Sweeney, 2002)
!! Onion Routing (TOR, 2004)
!! Global eavesdropper (P. Venkitasubramaniam et al., 2008)
!! Mixing (Chaum, 1981, Ghaderi and Srikant, 2009)
Our contributions
!! A methodology to design fixed transmission schedules for
perfect information-theoretic session anonymity
!! Analysis in terms of throughput, delay and anonymity
!! Network coding techniques to reduce the cost of anonymity.
86
Measure of Anonymity
Active Session
Transmission Schedule
I(S;T) = H(S) - H(S|T)
87
Line network
#! Maximize throughput
t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
N1 X X
N2 X X
N3 X X
N4 X X
N5 X X
N6 X X
N1 N2 N3 N4 N5 N6
#! Minimize delay t1 t2 t3
N1 X
N2 X
N3 X
N4 X
N5 X
N6 X
"! Half the transmissions
"! Double throughput
t1 t2 t3 t4 t5 t6
N1 X X
N2 X X
N3 X X
N4 X X
N5 X X
N6 X X
t1 t2 t3 t4 t5 t6
N1 X X
N2 X X
N3 X X
N4 X X
N5 X X
N6 X X
88
Scheduling policies
!! Every node should look the same, that is, transmit at the same rate
!! Maximize the throughput
!! Maximize simultaneous transmissions
!! Auxiliary conflict graph
!! Stable sets - Valid simultaneous transmissions
!! Span the whole network – graph coloring
!! Each color is a stable set
!! Chromatic number - number of time slots for every node to transmit
N1 N2 N3 N4
4 node wireless line network
N1 N2
N3 N4
4 node wireless line network
conflict graph
N1
N4
N2
X = 3
89
Simulation results
Anonymous transmission rate:
(blue) - simple padding using dummy
transmissions
(red) – optimization of anonymous information flow formulation
Simulation performed on unit disk graph with r = 0.2 and N = 50 nodes
!! Unit disk graphs
!! Wireless transmission range modelled by circle of radius r
!! Random deployment of N nodes inside a square of side 1
!! Average over 200 deployments (MATLAB)
91
Summary
!! Anonymous communication is relevant and not trivial
to implement efficiently.
!! Network coding can alleviate the cost of anonymity in
terms of delay, throughput and energy, particularly for
multiple unicast sessions.
!! In line networks, network coding gives the same level
of anonymity with double the throughput and half the
energy of routing. The delay increase of network coding
is at most 0.5, whereas with routing it is at most 2.
!! A graph coloring formulation can be used to design
schedules for general network topologies.
92
Problem setup
Goal: To determine the probability of a successful
distributed denial of service attack
93
Node Behavior
:! Each data keeper becomes Byzantine
with a certain probability
:! Data source transmits data packets to N
nodes using random linear network
coding
:! At each timestep:
!! Data keeper requests list of informed
nodes from Tracker
!! Data keeper requests packets from a
subset of informed nodes and stores a
random linear combination of those
packets
:! Data collector collects the information
from M nodes
94
Metrics of interest
!! Contaminated packet: either randomly
scrambled by Byzantine node, or result of a
linear combination with at least one
contaminated packet
!! For the Information Contact Graph defined
by the rules in the Algorithm:
:! Blocking probability - Probability that the data
collector collects at least one contaminated
packet
:! Expected number of contaminated packets at
a certain time Information contact graph evolving through time.
95
Evolving list of informed nodes
!! Probability of adding contaminated node at timestep t+1
dependent on number of contaminated nodes at timestep t
!! Model number of contaminated nodes at each timestep as
Markov Chain with states (number of contaminated nodes,
number of uncontaminated nodes)
96
Blocking Probability
![Java Wiretap - Universität Bernscg.unibe.ch/archive/projects/Fier07a.pdf · Java Wiretap Extracting Feature ... [11] extended with DynaMoose [5] for Feature Analysis and Object-Flow](https://static.fdocuments.in/doc/165x107/5ada76e47f8b9a52528cde3f/java-wiretap-universitt-wiretap-extracting-feature-11-extended-with-dynamoose.jpg)
