﻿ 网络编码的安全性综述 Survey on Security of Network Coding

Hans Journal of Wireless Communications
Vol.05 No.06(2015), Article ID:16544,12 pages
10.12677/HJWC.2015.56018

Survey on Security of Network Coding

Yuyang Zhang1, Yuanyuan Gao2, Baofeng Yang1, Qianqian Zhang1, Yaokun Gu3

1College of Communication Engineering, PLA University of Science and Technology, Nanjing Jiangsu

2Nanjing University of Posts and Telecommunications, Nanjing Jiangsu

3Unit 65040, Shenyang Liaoning

Received: Nov. 17th, 2015; accepted: Dec. 2nd, 2015; published: Dec. 16th, 2015

ABSTRACT

In this paper, we mainly summarize secure problems of network coding. Firstly, existing malicious attacks are discussed in detailed definition and classification, and then we describe the relationship and difference among them and point out the basic defense thought of all kinds of malicious attacks. Secondly, aiming at all kinds of malicious attacks, we introduce some classic network coding defense schemes and analyze their advantages and disadvantages. Finally, we summarize existing network coding defense schemes and propose some improvement ideas.

Keywords:Network Coding, Security, Entropy Attack, Byzantine Attack, Pollution Attack, Eavesdropping Attack, Universal Attack, Informationism, Cryptology

1解放军理工大学通信工程学院，江苏 南京

2南京邮电大学，江苏 南京

365040部队，辽宁 沈阳

1. 引言

2. 基本概念

Table 1. Classification of four malicious attacks

Figure 1. Entropy attack

3. 防御方案

Figure 2. Pollution attack

Figure 3. Eavesdropping attack

Table 2. Relationship and difference

3.1. 熵攻击

Gkantsidis等人[4] 首次提出了熵攻击的概念，并设计了一种防御熵攻击的方案，即检测已编码数据间的线性相关性来判断哪个已编码数据为非创新数据，然后舍弃。但该防御方案的缺点是在一个很大的有限域内进行，所以其计算量很大，耗时很长，大幅降低了网络吞吐量。

Jiang等人[5] 基于自适应概率子集的线性相关性检测算法(S-PSLD)，设计了一种高效的非创新数据过滤方案来防御熵攻击，此方案改进了文献[4] 提出的防御方案，大幅降低了计算量。

3.2. 拜占庭攻击

3.2.1. 基于信息论的防御方案

Cai等人[7] 将经典纠错码的思想引入到网络编码系统中，提出了网络纠错编码这一概念，即在某一时刻通信网络中发生符号错误的链路数没有超出纠错能力范围时，信宿可以通过译码将错误进行纠正。

Jaggi等人[10] 设计了一种分布式随机网络编码防御方案对拜占庭攻击进行纠错。根据恶意节点攻击能力的不同，作者提出了三种算法，但三种算法的基本思想都是将恶意节点视为第二信源。因为信宿接收到的数据是来自信源和恶意节点数据的线性组合，所以只要信宿接收到足够多线性独立的编码数据，就可以译码出来自信源和来自恶意节点的数据，并根据一些限制条件判断出来哪些是来自信源的有用数据，哪些是来自恶意节点的污染数据。

Figure 4. Defense of BM

3.2.2. 基于密码学的防御方案

3.3. 污染攻击

3.3.1. 基于信息论的防御方案

3.3.2. 基于密码学的防御方案

Figure 5. Two X common topologies

Figure 6. Homomorphic Hash and verification

(1)

3.4. 窃听攻击

3.4.1. 基于信息论的防御方案

Cai等人[14] 提出了搭线窃听的网络通信模型GSTW，并构造了在信息论意义下的安全网络编码防御方案，即窃听者无论窃听所给定窃听集内的哪个窃听子集都无法恢复出原始数据。随后，他们进一步提出了r-安全网络编码防御方案[15] [16] ，该方案也需限制窃听者的窃听能力，即窃听信道数小于加入的随机数个数r。

3.4.2. 基于密码学的防御方案

Figure 7. A simple two-way scheme

Figure 8. Non-collaborating eavesdroppers of known location

Figure 9. Eavesdroppers of unknown location

Figure 10. Permutation encryption on coded messages

(2)

X左乘P可得到

(3)

(4)

3.5. 万能攻击

(5)

(6)

(7)

(8)

T为n个数据系数组成的系数矩阵，求出逆矩阵，解码出数据矩阵。数据向量的前k位是数据消息，通过安全信道接受到随机向量，信宿可以从中解出。稍后信宿通过哈希函数计算出，与收到的矩阵对比，如果值相同，则说明没有受到污染攻击。反之则受到，那么就丢弃此数据矩阵D。

4. 总结

1) 网络编码的最大优势是提高通信网络的有效性，而信道编码是提高可靠性，研究怎样将网络编码和信道编码完美结合则可以同时提高通信网络的有效性和可靠性。

2) 在防御广义污染攻击时，可以考虑建立集检错和纠错于一体的网络编码防御方案。

3) 大多数现有的网络编码防御方案只针对一类或两类恶意攻击，或者限制了攻击者的攻击能力。例如，针对拓扑结构设计的NC方案来防御窃听者们也是假设窃听者们不共谋罢了。随着攻击技术的快速发展，我们的防御方案也需要在深度上和广度上快速发展，最好能实现深度和广度的完美结合，达到真正意义上的抗万能攻击。

4) 一些防御方案需要特殊的网络拓扑结构或额外的安全信道，如方格网络拓扑结构、两个X型网络拓扑结构等。在现实的无线网络系统中，这些拓扑环境都很难满足，所以适用性更强的网络编码防御方案是未来的趋势。

Survey on Security of Network Coding[J]. 无线通信, 2015, 05(06): 126-137. http://dx.doi.org/10.12677/HJWC.2015.56018

1. 1. Ahlswede, R., Cai, N. and Yeung, R.W. (2000) Network Information Flow. IEEE Transactions on Information Theory, 46, 1204-1216. http://dx.doi.org/10.1109/18.850663

2. 2. Yao, S.X., Chen, J., et al. (2014) A Survey of Security Network Coding toward Various Attacks. 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 24-26 September 2014, 252-259. http://dx.doi.org/10.1109/TrustCom.2014.35

3. 3. He, M., Chen, L., et al. (2012) Survey on Secure Transmission of Network Coding in Wireless Networks. 2012 International Conference on Computer Science and Service System, Nanjing, 11-13 August 2012, 1216-1219. http://dx.doi.org/10.1109/CSSS.2012.308

4. 4. Christos, G. and Pablo, R. (2006) Cooperative Security for Net-work Coding File Distribution. Infocom, 3, 5.

5. 5. Jiang, Y.-X., Fan, Y.-F., Xue, M., et al. (2009) A Self-Adaptive Probabilistic Packet Filter Scheme against Entropy Attacks in Network Coding. Computer Networks, 53, 3089-3101. http://dx.doi.org/10.1016/j.comnet.2009.08.002

6. 6. Newell, A.J., Curtmola, R. and Nita-Rotaru, C. (2012) En-tropy Attacks and Countermeasures in Wireless Network Coding. Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York, 16-18 April 2012, 185-196. http://dx.doi.org/10.1145/2185448.2185473

7. 7. Cai, N. and Yeung, R.W. (2002) Network Coding and Error Correction. IEEE Information Theory Workshop, Bangalore, 20-25 October 2002, 119-122.

8. 8. Zhang, Z. (2006) Network Error Correction Coding in Packetized Networks. IEEE Information Theory Workshop, Chengdu, 433-437. http://dx.doi.org/10.1109/itw2.2006.323836

9. 9. Zhang, Z. (2008) Linear Network Error Correction Codes in Packet Networks. IEEE Transactions on Information Theory, 54, 209-218. http://dx.doi.org/10.1109/TIT.2007.909139

10. 10. Jaggi, S., Langberg, M., Katti, S., Ho, T., Katabi, D. and Medard, M. (2007) Resilient Network Coding in the Presence of Byzantine Adversaries. 26th IEEE International Conference on Computer Communications, Anchorage, 6-12 May 2007, 616-624. http://dx.doi.org/10.1109/INFCOM.2007.78

11. 11. Pandit, V., Jun, J.H. and Agrawal, D.P. (2011) Inherent Security Benefits of Analog Network Coding for the Detection of Byzantine Attacks in Multi-Hop Wireless Networks. Pro-ceedings of the 2011 IEEE 8th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), Valencia, 17-21 October 2011, 697-702.

12. 12. Li, Q., Lui, J.C.S. and Chiu, D.-M. (2012) On the Security and Efficiency of Content Distribution via Network Coding. IEEE Transactions on Dependable and Secure Computing, 9, 211-221.

13. 13. Bin, D., Zhang, S., Qu, Y., Yang, J. and Wang, F. (2010) Orthogonal Vector Based Network Coding against Pollution Attacks in n-Layer Combination Networks. Proceedings of the 5th International ICST Conference on Communications and Networking in China (CHINACOM), Beijing, 22-25 August 2010, 1-5.

14. 14. Cai, N. and Yeung, R.W. (2002) Secure Network Coding. Proceedings of the IEEE International Symposium on Information Theory, Lausanne, 30 June-5 July 2002, 323.

15. 15. Cai, N. and Yeung, R.W. (2011) Secure Network Coding on a Wiretap Network. IEEE Transactions on Information Theory, 57, 424-435. http://dx.doi.org/10.1109/TIT.2010.2090197

16. 16. Cai, N. and Chan, T. (2011) Theory of Secure Network Coding. Proceedings of the IEEE, 99, 421-437. http://dx.doi.org/10.1109/JPROC.2010.2094592

17. 17. Bhattad, K. and Narayanan, K.R. (2005) Weakly Secure Network Coding. Proceedings of the First Workshop on Network Coding, Theory, and Applications, Riva del Garda, 7 April 2005, 281-285.

18. 18. Capar, C. and Goeckel, D. (2012) Network Coding for Facilitating Secrecy in Large Wireless Networks. Proceedings of the 46th Annual Conference on Information Sciences and Systems (CISS), Princeton, 21-23 March 2012, 1-6.

19. 19. Zhang, P., Jiang, Y., Lin, C., Fan, Y. and Shen, X. (2010) P-Coding: Secure Network Coding against Eavesdropping Attacks. Proceedings of the IEEE INFOCOM, San Diego, 14-19 March 2010, 1-9.

20. 20. 武萌, 吴蒙. 防窃听的弱安全网络编码[J]. 计算机技术与发展, 2014, 24(10): 167-169.

21. 21. 赵佳佳, 任平安. 基于抗窃听和拜占庭攻击的随机网络编码[J]. 计算机科学, 2014, 41(9): 174-177.

22. 22. 徐光宪, 付晓. 抗万能攻击的安全网络编码[J]. 计算机科学, 2012, 39(8): 88-91.

23. 23. 杨柳, 钟诚. 一种高效的安全数据包过滤算法[J]. 兰州大学学报(自然科学版), 2012, 48(4): 105-108.