Ariadne: a secure on-demand routing protocol for ad hoc networks
Proceedings of the 8th annual international conference on Mobile computing and networking
Securing ad hoc routing protocols
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
SPINS: security protocols for sensor networks
Wireless Networks
A high-throughput path metric for multi-hop wireless routing
Proceedings of the 9th annual international conference on Mobile computing and networking
Opportunistic routing in multi-hop wireless networks
ACM SIGCOMM Computer Communication Review
Link-level measurements from an 802.11b mesh network
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Network coding for efficient communication in extreme networks
Proceedings of the 2005 ACM SIGCOMM workshop on Delay-tolerant networking
Architecture and evaluation of an unplanned 802.11b mesh network
Proceedings of the 11th annual international conference on Mobile computing and networking
Algebraic gossip: a network coding approach to optimal multiple rumor mongering
IEEE/ACM Transactions on Networking (TON) - Special issue on networking and information theory
XORs in the air: practical wireless network coding
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
TinySeRSync: secure and resilient time synchronization in wireless sensor networks
Proceedings of the 13th ACM conference on Computer and communications security
Trading structure for randomness in wireless opportunistic routing
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
On the Practical and Security Issues of Batch Content Distribution Via Network Coding
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks
ACM Transactions on Information and System Security (TISSEC)
Network Coding Techniques for Network Monitoring: a Brief Introduction
IZS '06 Proceedings of the 2006 International Zurich Seminar on Communications
Practical defenses against pollution attacks in intra-flow network coding for wireless mesh networks
Proceedings of the second ACM conference on Wireless network security
Signing a Linear Subspace: Signature Schemes for Network Coding
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Homomorphic MACs: MAC-Based Integrity for Network Coding
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Codecast: a network-coding-based ad hoc multicast protocol
IEEE Wireless Communications
IEEE Transactions on Information Theory
Capacity of wireless erasure networks
IEEE Transactions on Information Theory
Secure and resilient clock synchronization in wireless sensor networks
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
Recent studies have shown that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability. In this article, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous solutions are impractical in wireless networks, incurring an unacceptable high degradation of throughput. We propose a lightweight scheme, DART, that uses time-based authentication in combination with random linear transformations to defend against pollution attacks. We further improve system performance and propose EDART, which enhances DART with an optimistic forwarding scheme. We also propose efficient attacker identification schemes for both DART and EDART that enable quick attacker isolation and the selection of attacker-free paths, achieving additional performance improvement. A detailed security analysis shows that the probability of a polluted packet passing our verification procedure is very low (less than 0.002% in typical settings). Performance results using the well-known MORE protocol and realistic link quality measurements from the Roofnet experimental testbed show that our schemes improve system performance over 20 times compared with previous solutions.