Cooperative Defense Against Pollution Attacks in Network Coding Using SpaceMac

Abstract

Intra-session network coding is inherently vulnerable to pollution attacks. In this paper, first, we introduce a novel homomorphic MAC scheme called SpaceMac, which allows an intermediate node to verify whether received packets belong to a specific subspace, even if the subspace is expanding over time. Then, we use SpaceMac as a building block to design a cooperative scheme that provides complete defense against pollution attacks: (i) it can detect polluted packets early at intermediate nodes, and (ii) it can identify the exact location of all, even colluding, attackers, thus making it possible to eliminate them. Our scheme is cooperative: parents and children of any node cooperate to detect any corrupted packets sent by the node, and nodes in the network cooperate with a central controller to identify the exact location of all attackers. We implement SpaceMac in both C/C++ and Java as a library, which we make publicly available. Our evaluation on both a PC and an Android device shows that the SpaceMac algorithms can be computed quickly and efficiently and that our cooperative defense scheme has low computation overhead and significantly lower communication overhead than those of state-of-the-art schemes.