Requirements for Total Resistance to Pollution Attacks in HMAC-Based Authentication Schemes for Network Coding

Abstract

AbstractNetwork coding (NC) authentication schemes based on homomorphic message authentication codes (HMACs) are usually preferred due to the low computational complexity associated with their implementation. A basic requirement of these schemes is that they should be able to resist both message and tag pollution attacks. A common approach adopted in the design of these schemes uses key vectors to generate tags that are then used to detect these attacks. Conventionally, the only constraint placed on existing key selection models is that key elements must be chosen from a predefined finite cyclic field. In this work we prove that this condition alone is not sufficient to ensure total resistance to pollution attacks. We also provide a detailed description of this security loophole as well as a proposition that defines what a scheme needs in order to achieve total resistance to pollution attacks. Based on our findings we propose a modified authentication scheme for NC that is not exposed to the security loophole and therefore provides complete resistance to pollution attacks. Our evaluation of the proposed scheme against similar state of the art schemes shows that it achieves this at no extra overhead. As a matter of fact, the proposed scheme incurs a slightly lower computational overhead at non-source nodes coupled with a slightly lower key storage overhead.KeywordsNetwork codingComplete resistance to pollution attacksKey selection modelHMAC-based authentication