Embed Size (px)
Citation preview
Secure Network Coding and its
Application
Yongdae KimUniversity of Minnesota
OrganizationIntroduction to Network Coding
Practical Network Coding
Secure Network Coding
Structured File Sharing
Conclusion
Network Coding: What is it? Traditional Coding/Routing
Coding is done on End-to-End bases. Intermediate nodes forward data blindly.
Network CodingAllowing intermediate nodes to manipulate
information Information flowing out of a node is a function of
information coming into the node Originally developed for wireless multicast Very popular in wireless/sensor networks Relatively much less attention in P2P
AB
C
f (A,B,C)
A? B? C?
AB
C
Linear Network Coding InformationPackets are vectors over finite field
with a fixed dimension
EncodingOutgoing packets are linear
combination of incoming packets
DecodingSolving a linear equation
Linear Network Coding: Equation
Setup Information (Data)a file
Setup Information (Data)a filem original blocks (vectors)
x1 x2 … xi … … xm
Setup Information (Data)a filem original blocks (vectors)n elements in a block
x1 x2 … xi … … xm
n dimension(xi1, xi2, …, xij, …,
xin)
Setup Information (Data)m augmented vector (coded block)m+n elements in an augmented vector
x1
x2
x3
x4
x5
x1
x2
x3
x4
x5
10000
01000
00100
00010
00001
yj30102
Example: m=5
BitTorrent: How it works?
Seed
Seed
1
2
5
3
4
…
…
…
…
…
…
…
…
1
3
Network Coding for P2P Benefits: Most blocks are useful!
Solving New Peer Disadvantage in BitTorrent New peer can download one block for free
Solving Rare Block Problem All blocks have to be downloaded in BitTorrent Churn may result in rare block problem Taking long time to finish
As a result, potentially almost all nodes can finish at the same time!
ApplicationsFile sharing, Software update, streaming, CDN, P2P TV
Network Coding for P2P Problems
Resource Overhead Encoding: Pout = S ai Pi, ai is an random in Fp
Decoding: Solving linear equation: O(n3) DVD: 4.3 GB Can’t fit everything in memory Requires random disc I/O
Pollution Attack Intermediate node has no way to verify if the incoming
packet is linear combination of the original block Corrupted packets can be easily propagated
Solving Resource OverheadIncremental Encoding
Solving Resource OverheadIncremental Encoding: Linear Dependency
Secure Network CodingThreatPollution AttacksGeneral (traditional) hashes do NOT work Corrupted packet can be mixed with others
Corrupted data can easily be propagated
ProblemCan we verify the integrity of a network-coded block?Or can we verify if a received block is legitimately
mixed before decoding a file?
Secure Network Coding: possible solutions
Homomorphic HashFind homomorphic hash function h such that:
h(x+y) = h(x) h(y) If hash of each block can be securely distributed, the receiver
can verify the integrity of a linearly transformed block.
Homomorphic signatureFind homomorphic signature function s such that
s(x+y) = s(x) s(y)Verification: v(linearly transformed block, signature) returns
true or false.
Ours: Signature GenerationPrivate key(s1, …, …, sm+n)
Public keyp, q, g, (gs1, gs2 ,…, …, gsm+n)
Signature generation at a sourcenetwork-coded block v =(v1, v2, …,…, vm+n)signature σ= s1v1+s2v2 + … + sm+nvm+n
Signature aggregation at intermediate nodesnew block w’ = a1w1+ … + akwk new signature (s w’) = a1s1+ … + aksk
Ours: signature verificationPublic Keyp, q, (gs1, gs2 ,…, …, gsm+n)
network-coded blockv =(v1, v2, …,…, vm+n)
Compute d = (gs1)v1 (gs2)v2 … (gsm+n)vm+n
verify: d ?= gs
ComparisonKrohn’s Ours Etc
Type Hash Signature
Generators n m+n
# of hash/signature
m m
Signing cost n modexp m+n mult
Precomputation n modexp N/A h(xi) = P nj=1 gj
xi j
Robust Channel Needed N/A Delivery of h(xi)
Aggregation N/A Linear combination
Verification m+n modexp
m+n+1 modexp
Batch VerificationFor each block, verify signatures
ProblemA single block verification takes 13 seconds.
Solution? PipeliningWhile downloading/uploading verify signature.
Downloading time of a block: 7 seconds.
Solutions? BatchingVerify linearly combined blocks before sending it out.
Batch Verification
Structured File SharingTo improve mixing
SetupPeers form a DHT. Nodes choose their partners from their routing
tables.
Data TransferA source randomly distributes blocks to nodes. A node exchange blocks with partners starting
from closest partners.
Simulation Result (No Churn)
ConclusionNetwork codingHave not fully investigatedMainly by researchers in coding and networking
independently
Many problems remaining before large deployment
