Network Coding and Reliable Communications Group
A Multi-hop Multi-source Algebraic Watchdog
Muriel Médard†
Joint work with MinJi Kim†, João Barros‡
†Massachusetts Institute of Technology
‡University of Porto
Network Coding and Reliable Communications Group
Background• Secure network coding
– Network error correction [Yeung et al. 2006]– Resilient coding in presence of Byzantine adversaries
[Jaggi et al. 2007]– Confidential coding scheme [Vilela et al. 2008]– Signature scheme [Charles et al. 2006][Zhao et al. 2007] – Locating attackers [Siavoshani et al. 2008]– NOTE: downstream nodes check for adversaries, the upstream nodes
unaware.• Watchdog and pathrater [Marti et al. 2000]
– Extensions of Dynamic Source Routing– Detect/mitigate misbehavior of the next node– Use wireless medium: promiscuous monitoring
• Algebraic Watchdog [Kim et al. 2009]– Combine the benefits of network coding and watchdog– Extend to multi-hop, multi-source setting
Network Coding and Reliable Communications Group
Problem Statement
• Wireless network G = (V, E1,E2).– V : Set of nodes in the network– E1: Set of hyperedges for connectivity/wireless links– E2: Set of hyperedges for interference
• Transition probability known (Binary symmetric channel)
Intended transmission in E1Intended transmission in E1
Overhearing with noise in E2Overhearing with noise in E2Is vm+1 consistent
with…• Overheard packets from v2 , v3
,… vm?• Channel statistics?
Network Coding and Reliable Communications Group
Problem Statement
• How can upstream nodes (v1, v2, …,vm) detect misbehaving node (vm+1) with high probability?
Routing: Packets individually recognizableNetwork Coding: Packets are mixed
Errors from BSC channel : Probabilistic detection
Few bit errors can make dramatic change in the algebraic interpretation
Intended transmission in E1Intended transmission in E1
Overhearing with noise in E2Overhearing with noise in E2
Network Coding and Reliable Communications Group
Packet Structure
• A node vi that receives messages xj ’s and transmits pi
– Note: hash is contained in one hop, dependent on in-degree• Goal:
If vi transmits xi = e + Σ αj xj where e≠0, detect it with high probability.– Even if |e| small, the algebraic interpretation may change
dramatically.
aj’s xi
coding coefficients aj’scoded data xi = Σ αj xj with error-
correcting code Ci = (n, ki, di)
pi = h(xj)
hash of received messages h(xj)
h(xi)
hash of message h(xi)
aj’s h(xj) h(xi)
header: protected with error correction codes
Network Coding and Reliable Communications Group
Threat Model
• Adversary– Eavesdrops its neighbors’ transmissions– Injects/corrupts packets– Computationally unbounded– Knows the channel statistics, but does not know the
specific realization of the channel errors
• Adversary’s objective: Corrupt information flow without being detected by other nodes
• Our objective: limit errors introduced by the adversaries to be at most that of the channel
Network Coding and Reliable Communications Group
Algebraic Watchdog
• Focus on v1
– Listens to neighbors and infer the messages: Using transition matrix T
– Combines the inferred messages to “guess” what the next hop node should transmit: Watchdog trellis & Viterbi-like algorithm
– Check the “guessed message” with next-hop node’s transmission: Inverse transition matrix T-1
Network Coding and Reliable Communications Group
Transition Matrix/List T
• Relates the overheard information from source vi to list of candidates (inferred list of xi)
Overheard information
Start state
Overheard information Inferred informationxi
y
Edge iff
Edge weight proportional to
probability of receiving given y is original message:
Network Coding and Reliable Communications Group
Watchdog Trellis• Uses overheard & inferred
information (candidates) to generate a list of “guesses” on what vm+1 should send
Layer 1α1x1
Start stateStart state
Layer 2α1x1 +α2x2
Layer 3α1x1 +α2x2 +α3x3
Layer m-1Σ1≤i≤m-1 αixi
Layer mΣ1≤i≤m αixi
What v1 already has
Combine infor-mation from v2
Combine infor-mation from vm-1
Combine infor-mation from vm
“guesses” are states with positive weight at Layer m
Network Coding and Reliable Communications Group
Inverse Transition Matrix T-1
• Using the “guesses” generated, checks that vm+1 is well-behaving
• Same as T, just inverse
Overheard information
Overheard information[x� m+1,h(xm+1)]
GuessesΣ1≤i≤m αixi
Inferred linear combinations (guesses) Σ1≤i≤m αixi
End node
y
Edge iff
Edge weight proportional to
probability of receiving given y is original message:
Network Coding and Reliable Communications Group
Decision Making
• Total weight of end state = p* = probability of overhearing given channel statistics
• Can use various decision policy, such as threshold decision rule p*>t– Depending on the rule, different false positive/false negative probabilities
Layer 1α1x1
Start stateStart state
Layer 2α1x1 +α2x2
Layer 3α1x1 +α2x2 +α3x3
Layer m-1Σ1≤i≤m-1 αixi
Layer mΣ1≤i≤m αixi
Overheard information[x� m+1,h(xm+1)]
“Guesses”
Endstate
Network Coding and Reliable Communications Group
Simulation Results: Varying adversarial attack
• All channel noise: 10%, i.e. BSC(0.1)• 3 sources• 10-bit field size• 2-bit hash size
Adversarial relay (flips bit with probability padv)
Honest relay (does not inject errors)
When adversary injects more than channel noise (10%), the p*adv and p*relay have different distribution!
Network Coding and Reliable Communications Group
Conclusions• Probabilistically police downstream neighbors in a multi-hop,
multi-source network using network coding– Only discussed multi-source, two-hop setting
• Trellis-like graphical model: – Capture inference process– Compute/approximate probabilities of consistency within the network
(Viterbi-like algorithm)
• Preliminary simulation results agree with the intuition
Future Work:– Combine with reputation based protocol and some practical
considerations
Network Coding and Reliable Communications Group
EXTRA SLIDES
Network Coding and Reliable Communications Group
Multi-hop Algebraic Watchdog
• As long as the min-cut to any node from the source is not dominated by adversarial node, can detect malicious behavior
Network Coding and Reliable Communications Group
Multi-hop Algebraic Watchdog
edges in E1
S0
S1
S2v1
v2
v3
v5
v4
v6
v7
v8
• As long as the min-cut to any node from the source is not dominated by adversarial node, can detect malicious behavior
S0 monitors v5
S1 monitors v7
S1 monitors v8
S2 monitors v4
Network Coding and Reliable Communications Group
Simulation Results: Varying hash size
• All channel noise & adversarial attack level: 10%, i.e. BSC(0.1)• 3 sources• 10-bit field size
Adversarial relay (flips bit with probability 10%)
Honest relay (does not inject errors)
Hash size > 1 bit sufficient
Hash size (in bits)
Network Coding and Reliable Communications Group
Simulation Results: Varying channel noiseAdversarial relay (flips bit with probability 10%)
Honest relay (does not inject errors)
Channel noise between sources
• Adversarial attack level: 10%, i.e. BSC(0.1)• 3 sources• 10-bit field size• 2-bit hash size
When channel noise > 10% (adversarial attack level), then may not be able to detect the adversary!
Network Coding and Reliable Communications Group
Simulation results: Varying number of sourcesAdversarial relay (flips bit with probability 10%)
Honest relay (does not inject errors)
Number of sources
• All channel noise & adversarial attack level: 10%, i.e. BSC(0.1)
• 3 sources• 10-bit field size• 2-bit hash size
When only one source, v1 can detect adversary with high probability
v1 can detect (even by itself) when there are moderate number of sources
v1 can not detect by itself when many sources•Need more hash or better overhearing channel•Does not take into account other nodes vi’s independent watchdog