CN109257361A - A kind of secure network coding method of anti-pollution attack - Google Patents

A kind of secure network coding method of anti-pollution attack Download PDF

Info

Publication number
CN109257361A
CN109257361A CN201811183438.2A CN201811183438A CN109257361A CN 109257361 A CN109257361 A CN 109257361A CN 201811183438 A CN201811183438 A CN 201811183438A CN 109257361 A CN109257361 A CN 109257361A
Authority
CN
China
Prior art keywords
node
message
data packet
network
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811183438.2A
Other languages
Chinese (zh)
Inventor
宁佐廷
张大方
刘绪崇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Police Academy
Original Assignee
Hunan Police Academy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Police Academy filed Critical Hunan Police Academy
Priority to CN201811183438.2A priority Critical patent/CN109257361A/en
Publication of CN109257361A publication Critical patent/CN109257361A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Abstract

The invention discloses a kind of secure network coding methods of anti-pollution attack, can mainly be divided into three phases: initial phase, identifying code generation phase and detection-phase.The present invention takes full advantage of the advantages of multicast and network code, and solves the safety issue of multicast transmission and network code.

Description

A kind of secure network coding method of anti-pollution attack
Technical field
The present invention relates to network safety filed, especially a kind of secure network coding method of anti-pollution attack.
Background technique
Data multicast becomes the effective ways of transmission in wireless network data because of its flexibility and scalability.Nearest Research in, researcher find network code can be obviously improved wireless multicast transmission performance, such as reduce network delay, reduce retransmit Number and minimum network load.
Network code is the technology that a kind of relay node carries out the operation of linear or nonlinear combination to the data packet received Method is put forward in information theory.Research shows that: network code energy maximization network handling capacity, and to chain Road failure has good robustness.Compared with traditional storage forwards routing mode, the feature of network code maximum is exactly can Node is allowed to perform the encoding operation the data received.However, the characteristics of this data splitting of network code, makes it for pollution It attacks very fragile.In this way, malicious node can be by injecting prior data bank to network, when the prior data bank and legal number After being combined operation according to packet, the generation of contamination data packet is directly resulted in, so that hop-by-hop influences other nodes in network, directly Lead to the pollution of whole network.This attack not only prevents destination node from obtaining source data, but also consumes wireless network Relay node is very valuable and the limited energy.It therefore, is especially as early as possible to the filtering of contamination data in network code It is important and significant.
In order to solve the pollution attack of malicious node, some scholars propose different schemes.On the whole, these schemes Two classes: data verification and error correction can be generalized into.Data verification is based on public key encryption system, such as homomorphism Hash and homomorphism label Name, such methods bring complicated computing cost to node each in network, and therefore, it will inevitably result in high calculating Time delay.Later approach, that is, error correcting technique, it is mainly to be corrected to each data block so that it is guaranteed that each receiving Data are not contaminated.However, this method is confined to that the contamination data packet for being very limited quantity can only be corrected.
Malicious attack brings very big threat and harm to network code, and some researchers have devised safety detection machine System is divided into two aspects of cryptography and information theory.Currently, malicious attack is broadly divided into two classes: in relay node or in purpose Node filters contamination data.These methods are mainly directed towards error correction and attack detecting.
Krohn et al. is earliest research network code pollution attack, they propose the scheme based on homomorphism Hash.So And this scheme computing cost is very big.In order to reduce computing cost,
Gkantsidis and Rodrigues proposes the scheme of probability detection data block, but this scheme result in it is non- Often big communication overhead.The scheme that Agrawal et al. is proposed supports detection in network, but the program is signed based on homomorphism, this The main deficiency of kind scheme is embodied in two aspects: (i) very big verifying cost: signature verification includes public key signature verifications It is verified with homomorphism Hash;(ii) large-scale signature space: including public key signature and more Hash calculations.Jaggi et al.[68]It proposes Polynomial time algorithm is used to fight the pollution attack of multicast transmission network.But the program is only suitable for smaller finite field, It is not appropriate for general pollution detection.Ho et al. proposes the safety approach for the pollution attack in multicast network, the program It is realized by executing Hash operation more than one.Equally, when message size is unsatisfactory for condition, program failure.Dong et al. is mentioned The pollution attack and defense schemes of network coding system in wireless streams are gone out, but the program is only effective in network in flowing.R. Gayathri et al. proposes a kind of scheme for preventing malicious node in Manet network.However, the program can not be well Resist active attack.
In order to avoid repeated authentication information, Li et al. people proposes a kind of based on the unidirectional assembled scheme of thresholding.
Charles et al. and Yu et al. propose homomorphism signature scheme.But these schemes need each node additionally to hold high Expensive Montgomery Algorithm, and this is not appropriate for multicast transmission.Yu et al. is based on symmetric key and proposes in a kind of exclusive-OR network coding Calculating efficient scheme.However, this scheme brings a large amount of computing cost.
Malicious node detection research is detected throughout many fields, such as botnet, network and Byzantium's link based on prestige Failure positioning.These schemes need monitoring traffic in network or nodes ' behavior within a specified time, and rely on statistics and calculate Method identifies Byzantium attacker.Finally, there are also some schemes, and " house dog " technology to be used to detect malicious node.
On the one hand, network code itself not can be well solved the safety issue of data transmission, on the other hand, existing Network code antipollution attack scheme be not suitable for multicast transmission scene.
Summary of the invention
The technical problem to be solved by the present invention is in view of the shortcomings of the prior art, provide a kind of safety of anti-pollution attack Network coding method solves the safety issue of multicast transmission and network code.
In order to solve the above technical problems, the technical scheme adopted by the invention is that: a kind of secure network of anti-pollution attack Coding method, comprising the following steps:
1) whether each identifying code for receiving message of verification is legal;If it is illegal, it enters step 2);
2) data packet e, e=α are calculated1e12e2...+αmem;Wherein, α1、α2……αmFor coefficient, e1、 e2……emFor Data packet;
3) judge whether data packet e is in plain text, if e is in plain text and e is legal, output data packet e;Otherwise, by data packet e It is reported for illegal data packet and gives security centre's server;If e is not in plain text, to be based on node ID, SecP and data packet e are calculated The check code of data packet e;
4) message e, message SN and the identifying code of the message are sent as a whole;
5) for the message in nodeThe consistency for verifying the message and true messages that receive, if unanimously, continued Other message in node are verified;
6) it to the consistency of node R verifying message e and identifying code χ (e), if inconsistent, is sent out to trusted party server Alarm for pollution is sent to report, the authenticity of trusted party server authentication warning, it is ensured that node cheating is not present;
7) malicious node list is exported.
Identifying code χ (e) includes η value { v1,...,vη, these values pass through formula vi=truncθ(H(e|Seq(e),ψi)) It obtains, 1≤i≤η;Seq (e) is the sequence number of message e;H () is safe one-way Hash function;truncθIt indicates to cut input It is taken as most θ left.
Compared with prior art, the advantageous effect of present invention is that: the present invention takes full advantage of multicast and network and compiles The advantages of code, and solve the safety issue of multicast transmission and network code.
Detailed description of the invention
Fig. 1 is present system illustraton of model;
Fig. 2 is message encoding processes figure of the present invention;
Fig. 3 is that downstream node of the present invention is contaminated schematic diagram;
Fig. 4 is present invention pollution message detection schematic diagram;
Fig. 5 is present invention attack schematic diagram;
Fig. 6 is influence of the malicious node of different number to end-to-end time delay under the present invention program and homomorphism signature scheme;
Fig. 7 reduces schematic diagram with the increase of malicious node quantity for network throughput;
Fig. 8 be different number attacker in the case where maliciously detect average delay.
Specific embodiment
Present system model is as shown in Figure 1, system is pacified by a basic network by several mobile devices (MDs) and one Full central server (SCS) composition, one of mobile device is as source node.Security centre's server is each mobile device Security key is provided, and source node transmits data to destination node in a manner of multicast.It is main to consider in the solution of the present invention A kind of general multicast transmission network has a source node, multiple destination nodes and a large amount of intermediate nodes, together in the network Shi Youyi credible and secure central server nodes.Source node S sends message to all destination nodes, and intermediate node uses Linear network encoding method generates coded message and is forwarded.As shown in Figure 1, central server all nodes into network Pre- distribution key, after network is added in new node, which needs to central server login key.Particularly, of the invention Think that central server is credible and secure.
M might as well be used1,...,MnExpression source message, n indicate the message that source node S is issued within the unit time with optimal rate Quantity.The present invention assert that source node S constantly can generate and send message.That is, source node S is raw within the unit time At n message and transmission is encoded, and relay node is forwarded message using identical coding method.For example, when relaying section Point X receives m data packet M1...Mm, which is the linear combination that source node S corresponds to source data packet, then relaying section Point randomly selects m code coefficient α1,...,αm, and to this m message progress linear combination to generate new coded message y,And it is transmitted to next-hop node.Meanwhile these code coefficients are attached in corresponding data and are passed It is defeated.Therefore, relay node or destination node can use code coefficient to verify the message received.
In the present invention, each message is cut into the l code words with equal length.Particularly, each code word is 256.In currently existing scheme, each code word is a random element on finite field q.Meanwhile message is that have same It is encoded in confinement.But, message is divided into code word and is intended merely to generate Message Authentication Code by our schemes.Therefore, it draws The finite field of demal word is not that code word is encoded the corresponding finite field of operation.Once each message is divided into code word, each Source message Mi(i=1...n) energy form turns to a vector Mi=(mi,1,mi,2...mi,m), herein, mi,j(j=1...m) Indicate code word.Therefore, a coded message E can turn to E=(e in the form of1,e2,...,em), ejIndicate code word, (j= 1,...,m).This process description is as shown in Figure 2.
In network code network, if a node is malice, all downstream nodes will be contaminated.Such as Shown in Fig. 3, if node P is malicious node, node Q and I will be contaminated downstream.Moreover, destination node J and K cannot be extensive Multiple source message.Therefore, detected before pollution further transmission just seems particularly significant.Message according to Fig.2, is compiled Code procedure chart, if node P is malicious node, it will generate malicious messages e′P, and it is sent to downstream node Q and I.As node Q (or I) is by message e′P, it is by message e′PWith the message e of oneselfQ(or eI) operation is combined to form transmission data c1e′P+c2eQ(or c3e′P+c4eI).Due to the message on link Q → J (or I → K) be it is contaminated, destination node J (or Person K) it cannot will necessarily decode acquisition origination message.Meanwhile current invention assumes that all nodes all have distribution key.Especially Ground, the corresponding key of each node is randomly selected from a big pool of keys.Source node S is to send to disappear using its key Breath generates MACs value, and relay node verifies the message received by verifying Message Authentication Code.
It is considered herein that any malicious node can send contamination data to its any downstream node, and can be right Data are abandoned, distorted or are eavesdropped the arbitrary node of message transmission range.For formalization, we identify a message E It is forged or pollutes, it is inconsistent and if only if the corresponding code coefficient of the message content, that is to say, that E=α1M12M2+...+αnMn
Pollution attack makes destination node with huge broken from obtaining origination message, but also to whole network Bad property results even in periods of network disruption sometimes.Once some node is contaminated attack in network, all disappearing of node transmission Breath will be destroyed, all contaminated so as to cause subsequent node.Therefore, it is very heavy for detecting and filter as soon as possible as early as possible contamination data It wants.
The purpose of the present invention is designing a security framework by using linear network encoding, to filter pollution message.? In the present invention program, pollution attack can be detected as early as possible and filter by being directed generally to relay node.Meanwhile in time delay and meter It is also required in terms of calculating expense efficient.
The present invention program frame can mainly be divided into three phases: initial phase, identifying code generation phase and detection Stage.
Initial phase: according to secure transfer protocol, security centre's server settings security parameter is distributed for each node Key and each node of selection are used to generate the hash function of Hash and signature.
Check code generation phase: security centre's server is based on source node key and generates cryptographic Hash, and source node calculates transmission Message Authentication Code, such as MACs or signature value.Particularly, the verification code information otherwise be attached to output message or directly with A kind of safe mode is transferred directly to relay node or destination node.Middle collection node or destination node use the identifying code The message received is verified.
Detection-phase: relay node or destination node verify the information received, which is based on coding vector, Hash letter Number, verification information and security centre's server public key.Only after being verified, the information received is just received and used to connect down The encoding or decoding operation come.Otherwise, the information received will be dropped.Particularly, once relay node or destination node Detect pollution message, upper hop node U is sent as malicious node to security centre's server and alerted by they.Security centre Report that server acknowledges receipt of simultaneously decides whether node U malicious node blacklist is added.Moreover, its in all-network Its node will no longer receive the message from blacklist node.
The symbol used in the present invention is as shown in table 1.
1 symbol of table indicates
The present invention is based on multicast environments, for ease of description, it is assumed that source node S sends message to node Y.Due to each section It puts to security centre's server registration key, secSIndicate the corresponding key of node S.Node S key secSGenerate identifying code χ (e).Security centre's server provides the part of key information of node S for node Y, which is expressed as ψ (secS, secY).ψ (sec can be used in node YS,secY) χ (e) is verified.ψ(secS,secY) generation process it is as follows: firstly, Security centre's server is by secYIt is mapped to a κ element set 1 ..., subset F (sec is obtained on ηY,IDS), κ < η.When η= 5, κ=3, F (secY,IDS) { 1,3,5 } can be expressed as.Secondly, security centre's server is by calculating ψi=H (secS,IDY, I) from secSObtain η key element.1≤i≤η.Again, security centre's server is by ψ (secS,secY) it is initialized as one Empty set, then to each i*∈F(secY,IDS), security centre's server is by ψi*It is added to ψ (secS,secY) in.Finally, obtaining Value ψ (the sec obtainedS,secY) safely it is supplied to node Y.But only from ψ (secS,secY), node Y cannot obtain about Key secSEffective information.Identifying code χ (e) includes η value { v1,...,vη, these values are by calculating vi=truncθ(H(e| Seq(e),ψi)) obtain, 1≤i≤η.When node Y receives e from source node S | Seq (e) | χ (e), node Y pass through verification vi* For all in ψ (secS,secY) in ψi*, whether it is equal to truncθ(H (e | Seq (e), ψ * i)) verify the conjunction of χ (e) Method.Message with legal identifying code will receive and be used to encode new message by node Y or obtains origination message. The process description of coding and decoding is shown in algorithm 1.Particularly, in a multicast environment, the present invention only needs that downstream node will be based on close The identifying code of key is connected to after transmission message.Downstream node interception identifying code is simultaneously verified.
The present invention program's is described in detail as follows:
Security centre's server is that all nodes generate key in network, while choosing security parameter, hash function and puppet Random function, and all nodes are transmitted these information in a secured manner.
Two parameters l and u are set, and l expression is attached to the quantity of the MAC value after message, and u is indicated for generating
MAC value obtains number of codewords.
L random integers r1,...,rl, each integer rj∈ [1, m], j=1 ..., l.All integers are embedded in MAC In codewords indexes for identification.
Hash function h:Hq u→Hq, in the function, HqCode word range is limited, and parameter h is disclosed.
Pseudo-random function F:[1, m] → [1, m], function F is disclosed, and each node is used by specific seed and is somebody's turn to do Function calculates ltsh chain table.
L MACs is attached to each message M by source node Si, i=1 ..., the source n, n message number.MAC value be pass through by U random selection code word and key secSHash operation is carried out with downstream node public identifier ID to obtain.Linear Network is compiled For code, coded message is to select the stochastic linear combination of code word.
Specifically, message MiOn attached l Message Authentication Code MACi,1,...,MACi,l.Therefore, source node S generates And it transmits
Mi,MACi,1,...,MACi,l. (6.1)
For j=1 ..., l, it is considered herein that
MACi,j={ rj,Hi,j}secS (6.2)
In above-mentioned equation, { } secSIt indicates to encrypt using source node key, Hi,jMessage MiU code word Hash.
After code word is selected, source node S generates cryptographic Hash by using function H.
In above-mentioned equation, factor alphaiIt is chosen out of finite field, k=1 ..., u.
Then, MAC value is added behind each message, each MAC value from u code word by being calculated.
In a multicast environment, relay node P only needs the corresponding MAC value of different nodes being attached to one and same coding message Afterwards, it therefore does not need that identical coded message is transmitted several times.
When node P has received m message e1,e2,...,em, and node P needs to generate a new message em+1Hair Give node Y.It calculates Seq (e firstm+1)=max1≤k≤mSeq(em)+1, it then generates and is based on message em+1With its sequence Number Seq (em+1) identifying code χ (em+1), finally, node P is by em+1,Seq(em+1)andχ(em+1) it is sent to node Y.
When node Y receives em+1,Seq(em+1) and χ (em+1) after, it is by using ψ (secP,secY) verifying χ (em+1) for Message em+1With its sequence number Seq (em+1) legal.If illegal, the message newly received will be dropped;Otherwise, what is newly received disappears Breath will be stored in caching.
When receiving e from source node S | χ (e), for all in ψ (secS,secP) ψi*, intermediate node P verifying check code χ (e) legitimacy.
When message e is detected after a pollution message, node P sends to security centre's server and alerts.It returns the most It answers, security centre's server will send a confirmation message ACK and give node P.If node P is in μ (when μ is a less times greater than mRTT) Between confirmation message is not received after unit, node P alerts lasting transmission until the confirmation that it receives security centre's server disappears Breath.The malice of transmission report is distorted in order to prevent, node P adds a HMAC value to provide verifying, which is to make It is generated with the key of node P.Whether security centre's server can verify message e from node P by HMAC.For every It is a in ψ-(secS, secP) in ψj, only work as vjEqual to truncθ(H(e|Seq(e),ψj)), security centre's server can It with confirmation message e is sent by node S.Otherwise, it is not the message sent by node S that message e, which is considered as one,.The retrospect The process description of pollution attack is shown in algorithm 2.
The present invention supports group to verify, and can greatly reduce computing cost and verifying time delay by group's verifying.For example, When a node receives multiple message E1,E2,...,Ej, node randomly selects j factor alpha first12,...,αj, then, it According to these coefficients by calculating α1E12E2+...+αjEjGenerate a new coded message E.The coding of newly-generated message E Coefficient is message E1,E2,...,EjThe corresponding linear combination for choosing coefficient.Finally, node verification message E.
Only after newly encoded message successfully passes verifying, all message is just received.Otherwise, in j message at least One message is tampered with.Therefore, node can consider that the corresponding source node of message is malicious node, and save as malice Point is sent to security centre's server.
In the present invention, pollution message definition is that its message content and its source node counterpart keys mismatch.Malicious node Pollution message can be generated by a variety of modes.The present invention is broadly divided into two classes and these attack methods is discussed and propose to correspond to Solution.
If a node not to security centre's server registration key, when the node sends malicious messages, Pollution message can be directly detected, because attacker does not know how to generate one based on the legal identifying code for sending message. As shown in Figure 4.Node M is the malicious node of not legitimate secret, if it sends pollution message to node R, node R can be with horse On detected because node M cannot generate effective MAC check value.If attacker has legitimate secret, attacker can be produced Raw legitimate messages MAC value, therefore, it can slander not guilty node.Nevertheless, this pollution attack also can detecte out, It only needs to calculate Message Authentication Code, and it is compared with the message that does not pollute.Because polluting the MAC value and message of message And key is unmatched certainly.The attack is as shown in Figure 5.If node P slanders its predecessor node, such as node R, then it Transmission malicious node is reported and gives security centre's server.In this case, security centre's server only needs to verify node R It is sent to the message of node P, then it may determine which node is malicious node.If node P is malicious attacker, it is tasted One on probation is not from the message e of source node SCheat security centre's server, node P confirmation has certainly in ψ (e ') Some correct part of key information.But for complete key information, it can not be obtained by calculating.Because node P is quasi- Really the probability of conjecture key value is
The probability that node P slanders node S transmission malicious messages is less than
When malicious node P wants to allow other nodes to receive pollution message e, and once other nodes detect χ (e) ' In value and ψ (secS,secP) inconsistent or security centre's server obtains more than ζ and ψ-(secS,secP) mismatch Value, node P will not succeed.Meanwhile for sending node P, it can be to pollute the probability of message spoofing receiving node Y not It is greater than
Prove: we are indicated with variable x from χ (e)*The right value of middle calculating obtains quantity.On the one hand, x should be less than κ+ζ; Otherwise, at least in χ (e)*There is ζ value to pass through the inspection of security centre's server.On the other hand, x should be not less than κ;Otherwise, until Few unmatched value of x- κ will be arrived by other nodal tests.So variable x ∈ [κ, κ+ζ -1].It is not anti-that variable j is allowed to indicate to calculate The quantity being correctly worth.Therefore, the quantity of right value is x-j.Therefore, as χ (e)*In when having x matching value, node receives dirty Dye message probability be
Experimental setup of the present invention is as follows:
Glomosim emulator, for the emulator using 802.11 as mac-layer protocol, the bandwidth of 2Mbps is that a kind of function is strong Big movable simulation device.In the present invention, experimental evaluation is carried out to scheme using the emulator.
Experiment is unfolded in the present invention under a general network configuration.The Experimental Network is made of 50 nodes, and malice saves Point quantity most 20, these nodes are randomly dispersed in 1000 × 1000 region.Experiment repeats 30 times, continues 400 seconds every time, Finally it is averaged.
In an experiment, the present invention assesses the effect of influence and this programme of the malicious attack to network using following three index Fruit.
End-to-end time delay: end-to-end time delay refers to that data packet is sent to the time consumed by destination node from source node.And In the present invention, we are defined as the size of delayed data packet in the unit time, are expressed as M/Sec.Network throughput: net Network handling capacity refers to the total data receptance of recipient, and is expressed as kbps.
Identification time delay: identification time delay, which refers to, to be initiated to be detected required average time to attack from malicious attack.
Fig. 6 is described using under the present invention program and homomorphism signature scheme, and the malicious node of different number is to end-to-end The influence of time delay.It can be found that under two schemes, on end-to-end time delay tends to be steady with the increase of malicious node quantity It rises.But homomorphism signature scheme is far smaller than using the time delay of the present invention program, probably averagely there is 28.6% advantage.Mainly The reason is that each several points need to be implemented the encryption, decryption and signature operation of a series of complex under homomorphism signature scheme, need to expend The a large amount of time;And under the present invention program, each node only needs to be implemented Hash calculation several times, and this dramatically saves on networks The calculating time of interior joint.
From in Fig. 7 it can be found that network throughput is reduced with the increase of malicious node quantity under five kinds of schemes. Compared to the slow decline of handling capacity under the present invention program, clearly, this is primarily due to other four kinds of scheme throughput degradations The present invention program quickly and efficiently can detect contamination data packet to the greatest extent, and this considerably improves bandwidth availability ratios, promote network and gulp down The amount of spitting.Averagely get off, compared with other four kinds of schemes, this programme correspondence can obtain 43.8%, 16.7%, 13.8% He 23.1% network throughput flow gain.
Fig. 8 maliciously detects average delay in the case where describing different number attacker.When malicious node quantity increases to When 4, time delay is sharply increased.This main cause is, when attacker occurs, system consumption vast resources detects these attacks, This process needs a large amount of expense, and when without attack, this consumption does not need then.With the increase of attacker's quantity, time delay It tends towards stability.This is because pollution detection is very high in terms of identifying and attack node is isolated after the injection of contamination data packet Effect.Meanwhile the present invention program corresponds to reduced time delay average out to 20.8%, 13.3% and 23.4%.Moreover, working as malicious node Quantity from 12 increase to 20 when, identify that the time of malicious node tends to be steady, and be lower than 250ms.
The results show, the present invention program have best performance in terms of computational efficiency, and this is mainly due to we Case only needs to consume the time of 3~4ms on the machine of 3.2GHz dominant frequency and double-core CPU to check the legitimacy of message, and Under the same terms, other schemes at least need to consume the time of 1s to identify fallacious message.Moreover, the present invention program only needs most Small space expense, because the present invention program only needs Hash operation several times.Finally, the present invention program does not need to repeat distribution Verification information, this reduces information processing expenses.
6.2 performance of table compares

Claims (2)

1. a kind of secure network coding method of anti-pollution attack, which comprises the following steps:
1) whether each identifying code for receiving message of verification is legal;If it is illegal, it enters step 2);
2) data packet e, e=α are calculated1e12e2...+αmem;Wherein, α1、α2……αmFor coefficient, e1、e2……emFor data Packet;
3) judge whether data packet e is in plain text, if e is in plain text and e is legal, output data packet e;It otherwise, is not by data packet e Legal data packet, which is reported, gives security centre's server;If e is not in plain text, to be based on node ID, SecP and data packet e calculate data Wrap the check code of e;
4) message e, message SN and the identifying code of the message are sent as a whole;
5) for the message in nodeThe consistency for verifying the message and true messages that receive, if unanimously, continued to section Other message in point are verified;
6) it to the consistency of node R verifying message e and identifying code χ (e), if inconsistent, is sent to trusted party server dirty Dye warning report, the authenticity of trusted party server authentication warning, it is ensured that node cheating is not present;
7) malicious node list is exported.
2. the secure network coding method of anti-pollution attack according to claim 1, which is characterized in that identifying code χ (e) packet Include η value { v1,...,vη, these values pass through formula vi=truncθ(H(e|Seq(e),ψi)) obtain, 1≤i≤η;Seq(e) For the sequence number of message e;H () is safe one-way Hash function;truncθIndicate that by input interception be most θ left.
CN201811183438.2A 2018-10-11 2018-10-11 A kind of secure network coding method of anti-pollution attack Pending CN109257361A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811183438.2A CN109257361A (en) 2018-10-11 2018-10-11 A kind of secure network coding method of anti-pollution attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811183438.2A CN109257361A (en) 2018-10-11 2018-10-11 A kind of secure network coding method of anti-pollution attack

Publications (1)

Publication Number Publication Date
CN109257361A true CN109257361A (en) 2019-01-22

Family

ID=65046167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811183438.2A Pending CN109257361A (en) 2018-10-11 2018-10-11 A kind of secure network coding method of anti-pollution attack

Country Status (1)

Country Link
CN (1) CN109257361A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111432411A (en) * 2020-03-19 2020-07-17 重庆邮电大学 Malicious coding node positioning method based on random verification
CN111628866A (en) * 2020-05-22 2020-09-04 深圳前海微众银行股份有限公司 Neural network verification method, device and equipment and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006060967A1 (en) * 2006-12-20 2008-06-26 Vodafone Holding Gmbh Method for verification of authentication functions, involves transmitting reply message to mobile network which is generated with parameters alternatively maintained at mobile terminal
CN102208976A (en) * 2011-07-21 2011-10-05 北京邮电大学 Coding vector encryption based secure network coding method
US20120284523A1 (en) * 2011-05-03 2012-11-08 Alcatel-Lucent Usa Inc. MAC Aggregation Resilient To Denial-Of-Service Attacks For Use In A Multi-Node Data Network
CN103746770A (en) * 2013-12-20 2014-04-23 浙江工业大学 Message authentication code and probability secret key distribution mechanism-based anti-pollution network coding method
CN105187326A (en) * 2015-08-25 2015-12-23 湖南大学 Network coding interception management method in two-hop wireless network topology
CN107154855A (en) * 2017-06-23 2017-09-12 南京邮电大学 The anti-omnipotent attack secure network coding method signed based on homomorphism linear subspaces

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006060967A1 (en) * 2006-12-20 2008-06-26 Vodafone Holding Gmbh Method for verification of authentication functions, involves transmitting reply message to mobile network which is generated with parameters alternatively maintained at mobile terminal
US20120284523A1 (en) * 2011-05-03 2012-11-08 Alcatel-Lucent Usa Inc. MAC Aggregation Resilient To Denial-Of-Service Attacks For Use In A Multi-Node Data Network
CN102208976A (en) * 2011-07-21 2011-10-05 北京邮电大学 Coding vector encryption based secure network coding method
CN103746770A (en) * 2013-12-20 2014-04-23 浙江工业大学 Message authentication code and probability secret key distribution mechanism-based anti-pollution network coding method
CN105187326A (en) * 2015-08-25 2015-12-23 湖南大学 Network coding interception management method in two-hop wireless network topology
CN107154855A (en) * 2017-06-23 2017-09-12 南京邮电大学 The anti-omnipotent attack secure network coding method signed based on homomorphism linear subspaces

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
宁佐廷: "无线网络编码侦听及安全性研究", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111432411A (en) * 2020-03-19 2020-07-17 重庆邮电大学 Malicious coding node positioning method based on random verification
CN111432411B (en) * 2020-03-19 2022-09-23 重庆邮电大学 Malicious coding node positioning method based on random verification
CN111628866A (en) * 2020-05-22 2020-09-04 深圳前海微众银行股份有限公司 Neural network verification method, device and equipment and readable storage medium
WO2021233183A1 (en) * 2020-05-22 2021-11-25 深圳前海微众银行股份有限公司 Neural network verification method, apparatus and device, and readable storage medium

Similar Documents

Publication Publication Date Title
Pongle et al. A survey: Attacks on RPL and 6LoWPAN in IoT
Sultana et al. A lightweight secure scheme for detecting provenance forgery and packet dropattacks in wireless sensor networks
Le et al. Cooperative defense against pollution attacks in network coding using spacemac
Lysyanskaya et al. Multicast authentication in fully adversarial networks
Dong et al. Practical defenses against pollution attacks in wireless network coding
Adat et al. On blockchain enhanced secure network coding for 5G deployments
Slater et al. A coding-theoretic approach for efficient message verification over insecure channels
CN109257361A (en) A kind of secure network coding method of anti-pollution attack
Le et al. TESLA-based defense against pollution attacks in p2p systems with network coding
Lee et al. Performance evaluation of secure network coding using homomorphic signature
Guangjun et al. Secure network coding against intra/inter-generation pollution attacks
Kausar et al. Secure and efficient data transfer using spreading and assimilation in MANET
CN103746813A (en) Anti-pollution network coding method based on digital signature
Jain et al. Secure AODV routing protocol based on homomorphic digital signature
Goodrich Leap-frog packet linking and diverse key distributions for improved integrity in network broadcasts
Chung et al. DHB-KEY: an efficient key distribution scheme for wireless sensor networks
Chen et al. Secure routing based on network coding in wireless sensor networks
Mohammadizadeh et al. SEAODV: Secure efficient AODV routing protocol for MANETs networks
He et al. Survey on secure transmission of network coding in wireless networks
Choi Denial-of-service resistant multicast authentication protocol with prediction hashing and one-way key chain
Khan et al. Reducing the severity of black hole and DDoS attacks in MANETs by modifying AODV protocol using MAC authentication and symmetric encryption
CN103838605B (en) Tolerate with packet loss and the secret wireless sensor network code distribution method ensured
CN107809760A (en) A kind of method of message authentication in wireless sensor network
He et al. An integrated system solution for secure P2P content distribution based on network coding
Zhang et al. Flooding attacks against network coding and countermeasures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190122