Efficient weakly secure network coding scheme against node conspiracy attack based on network segmentation
 Rong Du^{1}Email author,
 Chenglin Zhao^{2},
 Shenghong Li^{1} and
 Jian Li^{1}
https://doi.org/10.1186/1687149920145
© Du et al.; licensee Springer. 2014
Received: 12 November 2013
Accepted: 30 December 2013
Published: 13 January 2014
Abstract
In this paper, we consider the problem of building a secure network against node conspiracy attack that based on network segmentation. As we know, network coding has demonstrated its great application prospects in wireless sensor network (WSN) transmission. At the same time, it is facing a variety of security threats, especially conspiracy attack. In existing research, secure coding design strategies are much more than secure topological structure. In this background, a weakly secure scheme is proposed from the perspective of topology and network segmentation. Based on the network segmentation and topology design, the network coding transmission is weakly secure. We conduct a simulation to show that the proposed scheme can efficiently prevent conspiracy attack.
Keywords
1. Introduction
In 2003, Li [1] demonstrated that with a finite field size, the maximum flow from the single source to sinks can be achieved by linear network coding [2, 3]. Based on this theory, network coding technology, network coding has demonstrated its great application prospects in both wired networks and wireless networks. With largescale application of network coding, it faces a growing number of security issues.
There are many studies on the safety of network coding. Based on secure models, it can be separated into two groups in previous, Shannon secure and weakly secure. The difference of these two classes is that Shannon secure disallows any information leakage and weakly secure disallows any meaningful information leakages. For example, given two data streams x and y, based on weakly secure requirements, the attacks allow to get the combination value of x ⊕ y, but not x or y alone, while in Shannon secure, the attacks disallow learning neither of them. In this paper, we focus on the weakly secure topological structure.
Based on the attack models, there are mainly two attack models, polluting attacks (active attack) [4–8] and wiretapping attacks (passive attacks) [9–18]. In this paper, we focus on wiretapping attacks, defined by Cai and Yeung in [9] and proposed a multicast network coding against wiretapping attacks in [10, 11]. Feldman et al.[12] proposed a coding scheme in small infinite field at the expense of a small amount of bandwidth. Chan [13] gave the boundaries of the multicast capacity in secure network coding. Bhattad and Narayanan [14] proposed a weakly secure network coding system. On the basis of [14], Silva [15] proposed a general weakly secure network coding system. When the calculation ability of eavesdroppers is limited, Jain [16] designed a weakly secure networking system using oneway function. In [17, 18], the authors discussed the security issues in the light of the different conditions and different other safety requirements in wireless sensor network (WSN). Fancsali et al.[19–21] did the corresponding research and gave the respective security coding system.
Most existing researches are mostly from a coding perspective with given topologies, which propose different coding algorithms in different network environments, but there is almost no research in secure topology design. Topology design strategies do not need complicated encoding and decoding process which save a lot of memory and computing time. Topology design also has certain failure rate, but when the cooperative eavesdroppers are relatively fewer and allow a certain error rate, the topology design scheme reflects its advantage.
In view of the fact, the secure topology design is worthy of study. In this paper, we propose a weakly secure network topology algorithm based on topology design and network segmentation. The rest of the paper is organized as follows: We first discuss related work and the security goals we aim to in Section 2. Then, we discuss the problem and present an algorithm for secure network topology design and network segmentation in Section 3. Finally, the results and discussions are addressed in Section 4, and the paper is concluded in Section 5.
2. Problem statement
In this section, we first summarize network coding and then we introduce the system model. Finally, we introduce the threat model and security goals to be used in this paper.
2.1 Network coding
2.2 System model
In this paper, a directed acyclic graph G = 〈V, E〉 is considered, where V and E are the node set and the edge set, respectively. C_{min}(G) is the minimum cut of G, and the capacity C_{min}(G) is the maximal possible information rate of network G. Each edge has one data stream unit per time slot. The source node s generates and sends out an n symbol message vector X = (x_{1}, x_{2}, …, x_{ n })^{ T } in a finite field F_{q}. In linear coding systems, the messages on outgoing edges of node v_{ n } are linear combinations of messages on its incoming edges. It can be understood as that each edge of the network carries an equation of source symbols.
2.3 Threat model and security goals
In wiretapping attack, the eavesdroppers are able to gain access to the information transmitted on these nodes, suppose the positions of malicious nodes are known. Also, they can cooperate with each other to decode the packet sent from the source S. Precisely, they can wiretap on a collection of M = 〈M_{1}, M_{2}, …, M_{ K }〉, where M represents a set of malicious nodes; accordingly, they can gain the data stream carried by the incoming links of these malicious nodes, suppose E = 〈E_{1}, E_{2}, …, E_{ K }〉 is the incoming link of these malicious nodes. In this paper, we focus on weakly secure. We disallow any meaningful information leakages transmitted from the source node to the sink node.
3. Problem description and analysis
3.1 Related definitions
Assume C_{ G }(s, t) = k, for any intermediate node v_{i} in G; if the In (v_{i}) is less than the capacity of the graph C_{ G }(s, d), then for sufficiently large size q, the generated network code is said to be secure with high probability, because the intermediate node v_{i} cannot recover any of the k symbols based on k  1 or fewer linear equations. On the other hand, if C_{ G } ≤ ln (v_{i}), the security is said to be topology dependent, and the network is considered secure if and only if rank(in(v_{ i })) < C_{ G }.
In [22], the sibling work of this paper, we analyzed how the topology design influenced the security of networks, and we proposed a secure strategy against node conspiracy attack by topology design. This method is suitable for the small network environment; when in a large network, the wiretapping nodes become more, increasing the number of links that needs to be removed. Therefore, we propose a strategy of network coding against wiretapping attack based on network segmentation.
3.2 Secure network segmentation algorithm
In Figure 2, we randomly generate a 50node network diagram; after path enforcement, we get a directed graph G(V, E). The entire network is divided into two subnetworks G_{1}(V_{1}, E_{1}) and G_{2}(V_{2}, E_{2}) by the red line; the dashed line is the link to be removed. C(G_{1}) = C(G_{2}) = 3, any one of the subnetwork is safe and leads the whole network security.
How to find the best split routing is the problem that we are mainly faced with, and we get two objective functions.
To ensure the throughput of the network, the divided maximum flow is as close as possible to the original maximum flow.
The two objective functions are max $\left({C}_{{G}_{1}}+{C}_{{G}_{2}}\right)$ and min E_{ p }. Such an algorithm is referred to as secure network segmentation (SNS) algorithm.
3.3 An improved scheme based on the network segmentation and topology design
We recommend a conception. As node i,
Case 1. in(i) = 1, out(i) = 1, the outgoing message is no change with incoming message (shown in Figure 3a)
Case 2. in(i) = 1, out(i) > 1, the outgoing messages are linear correlation of incoming message (shown in Figure 3b)
Case 3. in(i) > 1, out(i) = 1, the outgoing message is a combination of the incoming messages (shown in Figure 3c)
Case 4. in(i) > 1, out(i) > 1, the outgoing messages are not linear correlation of incoming messages. We can mark these no linear correlation messages as G_{i,j} = (x_{1}, x_{2}, …, x_{ l })^{ N } (shown in Figure 3d)
From the above transmission matrix G, polluted links {2 → 3, 4 → 5} carry the data stream x^{1,2}, {7 → 8} carries the data stream x^{1,1}, which both come from the data stream x^{1}, and the sink node d receives both x^{1} and x^{2}. Once link {6 → 7} is removed, the eavesdroppers cannot get the data stream x, while the sink node d can get complete information from the source node s.
It needs to be mentioned that the same data streams need to be combined. For example, the data x^{1,2,3,4} and x^{1,2,3,5} can be combined into x^{1,2,3}, and the data x^{1,2,3,4} and x^{1,1,2,3} are combined into x^{1}; the combination is to find the maximum number of occurrences of the original data. In Figure 4, {5 → d} carries the data (x^{1,2}, y^{2}, (z^{1}, z^{2,1}))^{1} where (z^{1}, z^{2,1}) means the data stream z comes from both {9 → 3} and {9 → 10}, and it can be grouped into z. The biggest features of the ISTD algorithm are finding the sources of each polluted edges and removing these relatively few source edges to make the network secure.

Step 1: Given a directed acyclic graph G = 〈V, E〉, after path enforcement, suppose the positions of malicious nodes are known, the minimum cut of G is C_{ G }. ${V}^{\prime}=\left({v}_{1}^{\prime},{v}_{2}^{\prime},\dots ,{v}_{m}^{\prime}\right)$ is the set of malicious nodes. ${E}^{\prime}=\left({e}_{1}^{\prime},{e}_{2}^{\prime},\dots ,{e}_{n}^{\prime}\right)$ is the set of the incoming edges of V′. We call it polluted edges.

Step 2: Mark all links of the network topology, fill the transmission matrix G with the data stream X, and combine the source of information flow.

Step 3: Remove the same linear correlation of incoming message. We define E″ is the set of the remaining edges which we called it polluted edges.

Step 4: Get a forward routing which contains the polluted edges. The total number of the forward routing cannot be more than the total polluted edges. The forward routing is the split routing. The entire network is divided into two subnetworks G_{1}(V_{1}, E_{1}) and G_{2}(V_{2}, E_{2}). Suppose the split routing is E_{ p }.

Step 5: We calculate the number of polluted links of the two subnetworks ${E}_{1}^{\u2033}$ and ${E}_{2}^{\u2033}$. Suppose the less polluted links is ${E}_{1}^{\u2033}$. For safety requirements, all the links that need to be removed is ${E}_{1}^{\u2033}+{E}_{p}$.

Step 6: Get the solution of the topology design and network segmentation. The least links to be removed is the optimal solution, if there is no such a topology that satisfies the condition. Then, the message leakage is unavoidable.
4. Simulation and discussion
4.1 The performance and discussion of SNS
In this section, simulations are conducted based on ns2 simulator and MATLAB to evaluate the effectiveness of the proposed algorithm. The network is defined by these parameters, the number of nodes, N, (the number of edges, E_{all}), the probability of malicious nodes in intermediate nodes, p, and the removed links E_{ p }. The algorithm in [22] is the STD algorithm, and the SNS algorithm is the basic scheme in this paper. For each combination of parameters, we generate 50 instances.
We can see from Figures 5 and 6 that, with the increase of p and N, the SNS algorithm removes few links than the STD algorithm. It improves the link utilization, when faced with a large number of wiretapping nodes, and performs particularly well. Compared to the STD algorithm, the SNS algorithm in this paper has been greatly improved, especially suitable for larger networks.
4.2 Improved SNS algorithm (ISNS)
STD is the proposed scheme in [22]. We proposed an advanced scheme ISTD, relative to STD. ISTD was greatly increased efficiently. In this paper, the ISTD algorithm will be integrated into SNS. ISNS is the improved scheme based on the network segmentation and topology design. Compared with ISTD, the efficiency of ISNS algorithm has been greatly improved. It removed less polluted links; the small change of the transmission topology improves the successful rate.
The network is defined by four parameters, the number of nodes, N, the probability of malicious nodes in intermediate nodes, p, the largest degree of each node D (the largest amount of incoming links), and the successful rate of transmission r. For each combination of parameters, we generate 50 instances.
4.3 Performance comparison between coding design strategies and topology design strategies
Performance comparison of coding design strategies and topology design strategies
Encoding and decoding cost  Security  Success rate  

Coding design strategies  o(h^{2})  o(h^{3})  Shannon or weakly  ≈1  
Topology design strategies (ISNS)  o(h)  Weakly  Wiretappers' rate less than 0.1  Wiretappers' rate less than 0.2, more than 0.1 
≈1  >0.9 
5. Conclusion
In this paper, we have investigated the topology design and network segmentation issue for weakly secure against node conspiracy attack. We analyzed how the network segmentation and topology design influenced the security of networks. We proposed a secure strategy against node conspiracy attack by network segmentation and topology design. We compared the ISTD and ISNS strategies. Simulations showed that the proposed routing algorithm ISNS achieved good performance. It can cope with larger structures and more malicious node network than ISTD. As a future research, we will study the secure topology design strategy under a large number of malicious nodes and a larger structure.
Declarations
Acknowledgements
This work is funded by the National Science Foundation of China (61271316, 61071152, 61271180), 973 Program (2010CB731403, 2010CB731406, 2013CB329605) of China, Chinese National ‘Twelfth FiveYear’ Plan for Science & Technology Support (2012BAH38 B04), Key Laboratory for Shanghai Integrated Information Security Management Technology Research, and Chinese National Engineering Laboratory for Information Content Analysis Technology.
Authors’ Affiliations
References
 Li S, Yeung R, Cai N: Linear network coding. IEEE Trans Inf Theory 2003, 49(2):371381.MathSciNetView ArticleGoogle Scholar
 Ahlswede R, Cai N, Li SYR, Yeung RW: Network information flow. IEEE Trans Inf Theory 2000, 46(4):12041216. 10.1109/18.850663MathSciNetView ArticleGoogle Scholar
 Koetter R, Medard M: An algebraic approach to network coding. IEEE/ACM Transactions on Networking 2003, 11(5):782795. 10.1109/TNET.2003.818197View ArticleGoogle Scholar
 Yu Z, Wei Y, Ramkumar B, Guan Y: An efficient signaturebased scheme for securing network coding against pollution attacks. In Proceedings of the 27th IEEE Conference on Computer Communication, INFOCOM 2008. Phoenix; 13–18 Apr 2008:14091417.Google Scholar
 Ho T, Leong B, Koetter R, Medard M, Effros M, Karger D: Byzantine modification detection in multicast networks using randomized network coding. In Proceedings of IEEE International Symposium on Information Theory (ISIT). Chicago; 27 June–2 July 2004:144.Google Scholar
 Jaggi S, Langberg M, Katti S, Ho T, Katabi D, Medard M: Resilient network coding in the presence of Byzantine adversaries. In Proceedings of the 26th IEEE Conference on Computer Communications, INFOCOM 2007. Barcelona; 6–12 May 2007:616624.View ArticleGoogle Scholar
 Krohn M, Freedman M, Mazieres D: Onthefly verification of rateless erasure codes for efficient content distribution. In Proceedings of IEEE Symposium on Security and Privacy. Berkeley; 9–12 May 2004:226240.Google Scholar
 Gkantsidis C, Rodriguez PR: Cooperative security for network coding file distribution. In Proceedings of the 25th IEEE International Conference on Computer Communications, INFOCOM 2006. Barcelona; 23–29 Apr 2006:113.View ArticleGoogle Scholar
 Cai N, Yeung R: Secure network coding. In Proceedings of IEEE International Symposium on Information Theory (ISIT). Lausanne; 30 June–5 July 2002:323.Google Scholar
 Cai N, Yeung RW: A security condition for multisource linear network coding. IEEE International Symposium on Information Theory, Nice 24–29 June 2007, 561565.Google Scholar
 Zhang Z, Yeung RW: A general security condition for multisource linear network coding, 2009, in. In IEEE International Symposium on Information Theory (ISIT). IEEE; 2009:11551158.Google Scholar
 Feldman J, Malkin T, Stein C: On the capacity of secure network coding. In Proceedings of the 42nd Annual Allerton Conference on Communication, Control, and Computing. Monticello; 29 Sept–1 Oct 2004.Google Scholar
 Chan T: Capacity bounds for secure network coding. In IEEE Communication Theory Workshop. Christchurch; 30 Jan–1 Feb 2008:95100.Google Scholar
 Bhattad K, Narayanan KR: Weakly secure network coding. In First Workshop on Network Coding, Theory and Applications. Riva del Garda; 7 Apr 2005.Google Scholar
 Silva D, Kschischang FR: Universal weakly secure network coding. In Information Theory Workshop on Networking and Information Theory. Volos; 10–12 June 2009:281285.Google Scholar
 Jain K: Security based on network topology against the wiretapping attack. IEEE Wirel Comm 2004, 1(1):6871.View ArticleGoogle Scholar
 Jing D, Curtmola R, Sethi R: Toward secure network coding in wireless networks: threats and challenges. In 4th Workshop on Secure Network Protocols. Orlando; 19–22 Oct 2008:3338.Google Scholar
 Mills A, Smith B, Clancy T: On secure communication over wireless erasure networks. In IEEE International Symposium on Information Theory. Toronto; 6–11 July 2008:161165.Google Scholar
 Fancsali S, Ligeti LP: Some applications of finite geometry for secure network coding. J. Math. Crypt. 2008, 2(3):18622984.MathSciNetGoogle Scholar
 Hassanzadeh MM, Ravanbakhsh M, Ytrehus O: Two layer secure network coding(2LSNC). In IEEE International Symposium on Telecommunications. Tehran; 27–28 Aug 2008:712.Google Scholar
 Harada K, Yamamoto H: Strongly secure linear network coding. IEICE Transactions on Fundamentals 2008, E91A(10):27202728. 10.1093/ietfec/e91a.10.2720View ArticleGoogle Scholar
 Du R, Zhao C, Zhao F, Li S: Strategies of network coding against nodes conspiracy attack. Security and Communication Networks 2013. doi:10.1002/Sec.753Google Scholar
Copyright
This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.