FIGHTING ADVERSARIES IN NETWORKS

Michelle Effros

Michael Langberg

Tracey Ho

Philip Chou

Kamal Jain

Muriel Médard

Dina Katabi

Peter Sanders

Ludo Tolhuizen

Sebastian Egner

Sidharth Jaggi (MIT)

“The core notion of network coding is to allow and encourage mixing of data at intermediate network nodes. “

(Network Coding Homepage)

Network Coding . . . what is it?

Justifications - I

s

t1 t2

b1 b2

b2

b2

b1

b1 ?b1

b1 b1

b1 (b1,b2)

b1+b2

b1+b2b1+b2

(b1,b2)[ACLY00]

Throughput

Gap Without Coding

. . .

. . .

h2

( )hh2

Coding capacity = h Routing capacity≤2

[JSCEEJT05]

s

Multicasting

Webcasting

P2P networks

Sensor networks

s1

t1

t2

t|T|

Network

s|S|

Background

Upper bound for multicast capacity C,

C ≤ min{Ci}

s

t1

t2

t|T|

C|T|

C1

C2

Network

[ACLY00] - achievable!

[LYC02] - linear codes suffice!!

[KM01] - “finite field” linear codes suffice!!!

Background

{ } )2(1,0)...( 21mm

m Fbbb ∈→∈ α

2α

kα

b1b2 bmα

1α

kkαβαβαβ +++ ...2211

β1

β2

βk

F(2m)-linear network[KM01]

Source:- Group together `m’ bits,

Every node:- Perform linear combinations over finite field F(2m)

Background

s

t1

t2

t|T|

C|T|

C1

C2

Network

[ACLY00] - achievable!

[LYC02] - linear codes suffice!!

[KM01] - “finite field” linear codes suffice!!!

[JCJ03],[SET03] - polynomial time code design!!!!

[HKMKE03],[JCJ03] - random distributed code design!!!!!

Justifications - II

s

t1 t2

One link breaks

Robustness/Distributeddesign

Justifications - II

s

t1 t2

b1 b2

b2

b2

b1

b1

(b1,b2)

b1+b2

Robustness/Distributeddesign

(b1,b2)

b1+2b2

(Finite field arithmetic)b1+b2 b1+b2

b1+2b2

Random Robust Codes

s

t1

t2

t|T|

C|T|

C1

C2

Original Network

C = min{Ci}

Random Robust Codes

s

t1

t2

t|T|

C|T|'

C1'

C2'

Faulty Network

C' = min{Ci'}

If value of C' known to s,same code can achieve C' rate!

(interior nodes oblivious)

Random Robust Codes

Choose random [ß] at each node

Decentralized design

Percolate overall transfer function down network

With high probability, invertible

Justifications - III

s

t1 t2

Security

Evil adversary hiding in networkeavesdropping,

injecting false information[JLHE05],[JLHKM06?]

Greater throughputRobust against random errors...

Aha!Network Coding!!!

??

?

Xavier

Yvonne1

Zorba

???

Yvonne|T|

???

.

.

.

Setup

1. Scheme X Y Z2. Network Z3. Message X Z4. Code Z5. Bad links Z6. Coin X7. Transmit Y Z8. Decode Y

Eureka

WiredWireless (packet losses, fading)

Eavesdropped links ZI

Attacked links ZO

Who knows what

Stage

Xavier

Yvonne1

?

Zorba

??

Zorba sees MI links ZI, controls MO links ZO pI=MI/C, pO=MO/C

Xavier and Yvonnes share no resources (private key, randomness)

Zorba computationally unbounded; Xavier and Yvonnes -- “simple” computations

Setup

Zorba knows protocols and already knows almost all of Xavier’s message (except Xavier’s private coin tosses)

Goal: Transmit at “high” rate and w.h.p. decode correctly

Zorba (hidden) knows network; Xavier and Yvonnes don’t

C

MO

Yvonne|T|

??

?

Distributed design (interior nodes oblivious/overlay to network coding)

pO (“Noise parameter”)

0

1

1

C

(C

apac

ity)

Upper bounds

0.5

0.5

1-pO

pO (“Noise parameter”)

0

1

1

C

(C

apac

ity)

Upper bounds

0.5

0.5

??

?

0

pI=pO (“Noise parameter” = “Knowledge parameter”)

0

1

1

C

(C

apac

ity)

Unicast [JLHE05]

0.5

0.5

pO (“Noise parameter”)

0

1

1

C

(C

apac

ity)

Unicast [Folklore]

0.5

(“Knowledge parameter” pI=1)

pO (“Noise parameter”)

0

1

1

C

(C

apac

ity)

Upper bounds

0.5

(“Knowledge parameter” pI=1)

pO

pO

1-2pO

pO (“Noise parameter”)

0

1

1

C

(C

apac

ity)

Upper bounds

0.5

“Knowledge parameter” pI>0.5

??

?

pO (“Noise parameter”)

0

1

1

C

(C

apac

ity)

Upper bounds

0.5

“Knowledge parameter” pI>0.5

pO (“Noise parameter”)

0

1

1

C

(C

apac

ity)

0.5

0.5

“Knowledge parameter” pI<0.5

Choose random [ß] at each node

Decentralized design

Percolate overall transfer function down network

With high probability, invertible

Distributed Design [HKMKE03]

t1

t|T|

S

Distributed Design [HKMKE03]

ys(j)=Txs(j)

x

y1

β1

βi

βh

y|T|

xb(i)

01...0000),(),()1,(

0...1...00),(),()1,(

0...10000),1(),1()1,1(

nhxjhxhx

nixjixix

nxjxx

LL

MMMM

LL

MMMM

LL

xb(i)

xs(j)

xb(1)

xb(h)

Rate h=C

Block

Slice

hxh identitymatrix

x’b(i)

h<<n

T

xs(j)=T-1ys(j)

pO

0

1

1

C

(N

orm

aliz

ed b

y h)

0.5

0.5

Achievability - 1

R1

R|T|

S

S’|Z|

S’2

S’1

Observation 1: Can treatadversaries as new sources

)(']T' T[)('

)( 1 jyjx

jxs

s

s −=⎥⎦

⎤⎢⎣

⎡

01...0000),(),()1,(

0...1...00),(),()1,(

0...10000),1(),1()1,1(

nhxjhxhx

nixjixix

nxjxx

LL

MMMM

LL

MMMM

LL

y’s(j)=Txs(j)+T’x’s(j)

SS

Supersource

Observation 2: w.h.p. over network code design, {TxS(j)} and {T’x’S(j)} do not intersect (robust codes…).

Corrupted Unknown

Achievability - 1

y’s(j)=Txs(j)+T’x’s(j)

ε redundancy

xs(2)+xs(5)-xs(3)=0

ys(2)+ys(5)-ys(3)=vector in {T’x’s(j)}

{T’x’s(j)}{Txs(j)}

xs(3)+2xs(9)-5xs(1)=0

ys(3)+2ys(9)-5ys(1)=another vector in {T’x’s(j)}

Achievability - 1

y’s(j)=Txs(j)+T’x’s(j)

ε redundancy

{T’x’s(j)}{Txs(j)}

Repeat MO timesDiscover {T’x’s(j)}“Zero out” {T’x’s(j)}

Estimate T (redundant xs(j) known)

Decode

Achievability - 1

y’s(j)=Txs(j)+T’x’s(j)

xs(2)+xs(5)-xs(3)=0

ys(2)+ys(5)-ys(3)=vector in {T’x’s(j)}

x’s(2)+x’s(5)-x’s(3)=0

ys(2)+ys(5)-ys(3)=0

Achievability - 1

Secret Uncorrupted ε-rate Channels

Useful abstraction

[r,(∑jxs(j)rj)]Secret, correct hashes of xs(j)

Zorba doesn’t know how to hide

Will return to this…

Achievability - 2“Distributed Network Error-correcting Code”

(Knowledge parameter pI>0.5)

[CY06] – bounds, high complexity construction

[JHLMK06?] – tight, poly-time construction

pO (“Noise parameter”)0

1

1

C

(C

apac

ity)

0.5

pO

pO

y’s(j)=Txs(j)+T’x’s(j)error vector

1-2pO

Achievability - 2

y’s(j)=T’’xs(j)+T’x’s(j)

01...0000),(),()1,(

0...1...00),(),()1,(

0...10000),1(),1()1,1(

nhxjhxhx

nixjixix

nxjxx

LL

MMMM

LL

MMMM

LL

Achievability - 2T’’

y’s(j)=T’’xs(j)+T’x’’s(j)

01...0000),(),()1,(

0...1...00),(),()1,(

0...10000),1(),1()1,1(

nhxjhxhx

nixjixix

nxjxx

LL

MMMM

LL

MMMM

LL

e

e

e’

Achievability - 2 T’’

y’s(j)=Txs(j)+T’x’s(j)

Achievability - 2

y’s(j)=(T+T’L)xs(j)+T’(x’s(j)-Lxs(j))

y’s(j)=T’’xs(j)+T’x’’s(j)

01...0000),(),()1,(

0...1...00),(),()1,(

0...10000),1(),1()1,1(

nhxjhxhx

nixjixix

nxjxx

LL

MMMM

LL

MMMM

LL

T’’

known

Any set of MO+1 {x’’s(j)}s linearly dependent

Let T’x’’s(1) = a(1),…,T’x’’s(MO)=a(MO)A=[a(1)…a(MO)]

y’s(j)=T’’xs(j)+Ac(j)

knownLinearized equation,Size of A finite,Redundancy

MI+2MO<C

MI<C-2MO Network error-correcting codes

Zorba’s observations

Using network error-correcting codes as small header, can transmit secret, correct information…

… which can be used for first scheme!

Achievability - 1.5Not quite 2MO<C, 2MI<C

Working on it…

“Slightly” non-linear codes

Achievability - 12MO<C, 2MI<C

Use fact that T, T’ in generalunknown to adversary

Overview

Hidden, eavesdropping, malicious, computationally unbounded adversary

Network topology unknown Polynomial time decoding overlaid on

network code, achieves “almost optimal” performance

THE END