Organization Introduction to Network Coding Practical Network Coding Secure Network Coding ...

Secure Network Coding and its

Application

Yongdae KimUniversity of Minnesota

OrganizationIntroduction to Network Coding

Practical Network Coding

Secure Network Coding

Structured File Sharing

Conclusion

Network Coding: What is it? Traditional Coding/Routing

Coding is done on End-to-End bases. Intermediate nodes forward data blindly.

Network CodingAllowing intermediate nodes to manipulate

information Information flowing out of a node is a function of

information coming into the node Originally developed for wireless multicast Very popular in wireless/sensor networks Relatively much less attention in P2P

AB

C

f (A,B,C)

A? B? C?

AB

C

Linear Network Coding InformationPackets are vectors over finite field

with a fixed dimension

EncodingOutgoing packets are linear

combination of incoming packets

DecodingSolving a linear equation

Linear Network Coding: Equation

Setup Information (Data)a file

Setup Information (Data)a filem original blocks (vectors)

x1 x2 … xi … … xm

Setup Information (Data)a filem original blocks (vectors)n elements in a block

x1 x2 … xi … … xm

n dimension(xi1, xi2, …, xij, …,

xin)

Setup Information (Data)m augmented vector (coded block)m+n elements in an augmented vector

x1

x2

x3

x4

x5

x1

x2

x3

x4

x5

10000

01000

00100

00010

00001

yj30102

Example: m=5

BitTorrent: How it works?

Seed

Seed

1

2

5

3

4

…

…

…

…

…

…

…

…

1

3

Network Coding for P2P Benefits: Most blocks are useful!

Solving New Peer Disadvantage in BitTorrent New peer can download one block for free

Solving Rare Block Problem All blocks have to be downloaded in BitTorrent Churn may result in rare block problem Taking long time to finish

As a result, potentially almost all nodes can finish at the same time!

ApplicationsFile sharing, Software update, streaming, CDN, P2P TV

Network Coding for P2P Problems

Resource Overhead Encoding: Pout = S ai Pi, ai is an random in Fp

Decoding: Solving linear equation: O(n3) DVD: 4.3 GB Can’t fit everything in memory Requires random disc I/O

Pollution Attack Intermediate node has no way to verify if the incoming

packet is linear combination of the original block Corrupted packets can be easily propagated

Solving Resource OverheadIncremental Encoding

Solving Resource OverheadIncremental Encoding: Linear Dependency

Secure Network CodingThreatPollution AttacksGeneral (traditional) hashes do NOT work Corrupted packet can be mixed with others

Corrupted data can easily be propagated

ProblemCan we verify the integrity of a network-coded block?Or can we verify if a received block is legitimately

mixed before decoding a file?

Secure Network Coding: possible solutions

Homomorphic HashFind homomorphic hash function h such that:

h(x+y) = h(x) h(y) If hash of each block can be securely distributed, the receiver

can verify the integrity of a linearly transformed block.

Homomorphic signatureFind homomorphic signature function s such that

s(x+y) = s(x) s(y)Verification: v(linearly transformed block, signature) returns

true or false.

Ours: Signature GenerationPrivate key(s1, …, …, sm+n)

Public keyp, q, g, (gs1, gs2 ,…, …, gsm+n)

Signature generation at a sourcenetwork-coded block v =(v1, v2, …,…, vm+n)signature σ= s1v1+s2v2 + … + sm+nvm+n

Signature aggregation at intermediate nodesnew block w’ = a1w1+ … + akwk new signature (s w’) = a1s1+ … + aksk

Ours: signature verificationPublic Keyp, q, (gs1, gs2 ,…, …, gsm+n)

network-coded blockv =(v1, v2, …,…, vm+n)

Compute d = (gs1)v1 (gs2)v2 … (gsm+n)vm+n

verify: d ?= gs

ComparisonKrohn’s Ours Etc

Type Hash Signature

Generators n m+n

# of hash/signature

m m

Signing cost n modexp m+n mult

Precomputation n modexp N/A h(xi) = P nj=1 gj

xi j

Robust Channel Needed N/A Delivery of h(xi)

Aggregation N/A Linear combination

Verification m+n modexp

m+n+1 modexp

Batch VerificationFor each block, verify signatures

ProblemA single block verification takes 13 seconds.

Solution? PipeliningWhile downloading/uploading verify signature.

Downloading time of a block: 7 seconds.

Solutions? BatchingVerify linearly combined blocks before sending it out.

Batch Verification

Structured File SharingTo improve mixing

SetupPeers form a DHT. Nodes choose their partners from their routing

tables.

Data TransferA source randomly distributes blocks to nodes. A node exchange blocks with partners starting

from closest partners.

Simulation Result (No Churn)

ConclusionNetwork codingHave not fully investigatedMainly by researchers in coding and networking

independently

Many problems remaining before large deployment