基于RSA的多源网络编码签名方案

由于网络编码极易遭受污染攻击的破坏,文中基于RSA问题的难解性提出了一种适用于多源网络编码同态签名方案,以应对污染攻击和重放攻击.该方案能够阻止恶意修改的数据分组,被污染的数据分组会被验证者丢弃,从而保证了系统的安全性.由于方案是为多源网络编码设计的,不需要额外的安全信道,且采用线性计算,大大降低了对结点计算能力的要求,节省了结点的验证时间.此外,通过引入消息代序号,该方案可以防止代间重放攻击.     

基于数字签名的防污染网络编码方案

网络编码技术对于提高网络吞吐量、均衡网络负载、提高带宽利用率、增强网络的鲁棒性等方面都有明显的优势,但是无法直接抵抗污染攻击.最近,学者提出了基于同态哈希函数的签名方案,可以较好检测污染攻击,但是很难定位被污染的节点.本文结合两者的优势提出了一个基于数字签名的网络编码方案,该方案不仅能够抵抗污染攻击,而且能有效地确定出攻击源的位置,从而降低污染攻击对网络造成的影响,并提升网络的健壮性.     

一种多源网络编码快速签名算法

针对污染和重放攻击提出一个新的多源网络编码签名算法,利用同态加密算法构造签名方案来抵御污染攻击,通过引入消息代的序号,防止了代间的重放攻击,并且采用线性计算方法来减少节点的验证时间,降低了对结点计算能力的要求,特别适合于无线传感器网络或自组织网络.     

基于消息认证混合同态签名的无线网络抗污染攻击方案

为提高无线网络抗污染攻击性能,提出一种基于消息认证混合同态签名的无线网络抗污染攻击方案。首先,采用有向多重图的源节点、非源节点集和链路集对无线网络编码过程进行模型构建,并考虑数据污染攻击和标签污染攻击2种类型的污染攻击建立网络抗污染模型;其次,利用MACs和D-MACs以及Sign同态签名方案,建立混合型的同态签名方案,实现对抗污染攻击模型的消息验证过程的改进,保证了每个MAC编码数据包内容的完整性,并提升了算法的执行效率;最后,通过在基于ASNC机制的实验模拟环境下,对所提算法在被污染节点百分比、流量累积分布和计算效率3个指标中的实验对比,验证了所提算法的性能优势。     

一个基于LPN问题的网络编码同态MAC加密方案

基于网络编码的应用系统很容易遭受到污染攻击。在目前解决污染攻击的对称密钥方法中,中间节点往往不具备防御能力。针对以上问题,提出一个基于LPN问题难度的HB协议网络编码同态MAC加密方案,并在基本模型下证明方案的安全性。与以往的基于对称密钥的方法相比,该方案允许网络中间节点验证所收到数据包的合法性,可以尽早地发现并过滤掉被污染的数据包。同时,由于具有较低的计算开销和带宽开销,该方案非常适用于实时性较强的网络编码应用。     

多源线性网络编码的同态签名算法

网络编码易遭受污染攻击,但传统的签名技术不适用于多源网络编码。为此,基于同态函数,使用双线性对技术,提出一种可抵御污染攻击的多源线性网络编码签名算法,其中,每个源节点用自己的私钥对文件签名,中间或信宿节点仅用公钥即可验证收到的签名,利用随机预言模型证明该算法能够抵抗信源节点和中间节点的攻击。     

多源网络编码数据完整性验证方案

基于同态向量哈希函数和向量合并算法,提出一种能够抵御污染攻击的多源网络编码数据完整性验证方案。通过信源节点计算发送向量的哈希值,利用私钥对该哈希值进行签名,并将消息向量、哈希值以及哈希值的签名发送至中间节点。中间节点和信宿节点基于系统公钥,验证来自不同信源节点的线性编码消息的完整性。实验结果表明,当信源节点数大于200时,该方案的计算效率优于现有多源网络编码方案,更适用于大规模分布式网络数据的安全验证。     

一种可确认身份的网络编码签名方案

网络编码理论的提出在提高网络吞吐量、构建网络的鲁棒性等方面都有着明显的优势,但是极易受到污染攻击。很多学者提出了使用同态函数的性质来构造安全方案,能够有效地抵抗污染攻击。但是很少能够确定出污染攻击所发生的网络节点。针对确定污染攻击所发生的节点问题,设计出一个基于同态哈希函数的签名方案,能够抵抗污染攻击并有效地确定出攻击所发生的节点位置。     

一种安全的多源网络编码签名算法

网络编码已被证明在提高网络传输速率、减少网络拥塞、增强网络可靠性以及降低结点能耗等方面有着巨大优势,因此可被广泛用于计算机网络、无线传感器网络以及p2p系统中。但是,网络编码也面临着多方面的安全威胁,其中污染攻击是其最主要的安全威胁之一。目前,绝大部分的签名方案均只能适用于对单源网络编码中的污染攻击,无法满足普遍存在的多源网络编码的安全要求。对多源网络编码中的污染攻击进行了更深入的分析,给出了安全的多源网络编码所需要满足的条件,提出了一个安全高效的多源网络编码签名算法来预防网络中的污染攻击,该算法可以满足多源网络编码的全部安全要求。     

随机线性网络编码污染数据的检测分析

网络编码对注入网络的污染数据攻击具有固有的脆弱性,针对该问题,讨论2种分别基于同态哈希函数和线性空间签名来检测随机线性网络编码中污染数据的方案,推导同态哈希函数的一般形式并证明方案的正确性。对比分析2种方案在不同数据分块大小情况下的计算开销和荷载效率,并给出一种新的组合检测方案。     

An efficient homomorphic MAC-based scheme against data and tag pollution attacks in network coding-enabled wireless networks

Recent research efforts have shown that wireless networks can benefit from network coding (NC) technology in terms of bandwidth, robustness to packet losses, delay and energy consumption. However, NC-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted packets that prevent the destination nodes from decoding correctly. Due to recoding, occurred at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research effort has been devoted to schemes against data pollution attacks. Homomorphic MAC-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modifies tags appended to the end of the transmitted packets. Therefore, in this paper, we propose an efficient homomorphic message authentication code-based scheme, called HMAC, providing resistance against data pollution attacks and tag pollution attacks in NC-enabled wireless networks. Our proposed scheme makes use of three types of homomorphic tags (i.e., MACs, D-MACs and one signature) which are appended to the end of the coded packet. Our results show that the proposed HMAC scheme is more efficient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead.     

Short signature scheme for multi-source network coding

It has been proven that network coding can provide significant benefits to networks. However, network coding is very vulnerable to pollution attacks. In recent years, many schemes have been designed to defend against these attacks, but as far as we know almost all of them are inapplicable for multi-source network coding system. This paper proposed a novel homomorphic signature scheme based on bilinear pairings to stand against pollution attacks for multi-source network coding, which has a broader application background than single-source network coding. Our signatures are publicly verifiable and the public keys are independent of the files so that our scheme can be used to authenticate multiple files without having to update public keys. The signature length of our proposed scheme is as short as the shortest signatures of a single-source network coding. The verification speed of our scheme is faster than those signature schemes based on elliptic curves in the single-source network.     

延迟容忍网络的安全网络编码方案

当前针对污染攻击的解决方案需要公钥基础设施支持,但这对于移动Ad hoc网络而言并不可取,因此提出了无需公钥基础设施的网络编码方案。所提方案允许数据包相互验证,从而使中间节点可判断这些包是否可以未经源验证即可共同编码。分析和比较了其他签名方案,表明无需公钥的网络编码签名功能足以防止污染攻击。     

An efficient dynamic-identity based signature scheme for secure network coding

The network coding based applications are vulnerable to possible malicious pollution attacks. Signature schemes have been well-recognized as the most effective approach to address this security issue. However, existing homomorphic signature schemes for network coding either incur high transmission/computation overhead, or are vulnerable to random forgery attacks. In this paper, we propose a novel dynamic-identity based signature scheme for network coding by signing linear vector subspaces. The scheme can rapidly detect/drop the packets that are generated from pollution attacks, and efficiently thwart random forgery attack. By employing fast packet-based and generation-based batch verification approaches, a forwarding node can verify multiple received packets synchronously with dramatically reduced total verification cost. In addition, the proposed scheme provides one-way identity authentication without requiring any extra secure channels or separate certificates, so that the transmission cost can be significantly reduced. Simulation results demonstrate the practicality and efficiency of the proposed schemes.     

An efficient MAC scheme for secure network coding with probabilistic detection

Network coding is vulnerable to pollution attacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to verify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability.Meanwhile, our scheme is able to efficiently restrict pollution propagation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.