Hongyi Yao

RIPPLE Authentication for Network Coding

By allowing routers to randomly mix the information content in packets before forwarding them, network coding can maximize network throughput in a distributed manner with low complexity. However, such mixing also renders the transmission vulnerable to {\em pollution attacks}, where a malicious node injects corrupted packets into the information flow. In a worst case scenario, a single corrupted packet can end up corrupting {\it all} the information reaching a destination. In this paper, we propose RIPPLE, a symmetric key based in-network scheme for network coding authentication. RIPPLE allows a node to efficiently detect corrupted packets and encode only the authenticated ones. Despite using symmetric key based homomorphic Message Authentication Code (MAC) algorithms, RIPPLE achieves asymmetry by delayed disclosure of the MAC keys. Our work is the first symmetric key based solution to allow arbitrary collusion among adversaries. It is also the first to consider {\em tag pollution attacks}, where a single corrupted MAC tag can cause numerous packets to fail authentication farther down the stream, effectively emulating a successful pollution attack.

Padding for orthogonality: Efficient subspace authentication for network coding

Network coding provides a promising alternative to traditional store-and-forward transmission paradigm. However, due to its information-mixing nature, network coding is notoriously susceptible to pollution attacks: a single polluted packet can end up corrupting bunches of good ones. Existing authentication mechanisms either incur high computation/bandwidth overheads, or cannot resist the tag pollution proposed recently. This paper presents a novel idea termed “padding for orthogonality” for network coding authentication. Inspired by it, we design a public-key based signature scheme and a symmetric-key based MAC scheme, which can both effectively contain pollution attacks at forwarders. In particular, we combine them to propose a unified scheme termed MacSig, the first hybrid-key cryptographic approach to network coding authentication. It can thwart both normal pollution and tag pollution attacks in an efficient way. Simulative results show that our MacSig scheme has a low bandwidth overhead, and a verification process 2–4 times faster than typical signature-based solutions in some circumstances.

Network codes resilient to jamming and eavesdropping

We consider the problem of communicating information over a network secretly and reliably in the presence of a hidden adversary who can eavesdrop and inject malicious errors. We provide polynomial-time distributed network codes that are information-theoretically rate-optimal for this scenario, improving on the rates achievable in prior work by Ngai Our main contribution shows that as long as the sum of the number of links the adversary can jam (denoted by ZO) and the number of links he can eavesdrop on (denoted by ZI) is less than the network capacity (denoted by C) (i.e., ), our codes can communicate (with vanishingly small error probability) a single bit correctly and without leaking any information to the adversary. We then use this scheme as a module to design codes that allow communication at the source rate of C- ZO when there are no security requirements, and codes that allow communication at the source rate of C- ZO- ZI while keeping the communicated message provably secret from the adversary. Interior nodes are oblivious to the presence of adversaries and perform random linear network coding; only the source and destination need to be tweaked. We also prove that the rate-region obtained is information-theoretically optimal. In proving our results, we correct an error in prior work by a subset of the authors in this paper.

Network Coding Tomography for Network Failures

Network Tomography (or network monitoring) uses end-to-end measurements to characterize the network, such as estimating the network topology and localizing random or adversarial glitches. Under the setting that all nodes in the network perform random linear network coding, this work provides a comprehensive study of passive network tomography in the presence of network failures, in particular adversarial/random errors and adversarial/random erasures. Our results are categorized into two classes: 1. Topology Estimation. In the presence of both adversarial/random failures, we prove it is both necessary and sufficient for all nodes in the network to share common randomness, i.e., the receiver knows the random code-books of other nodes. Without such common randomness, we prove that in the presence of adversarial or random failures it is either theoretically impossible or computationally intractable to estimate topology accurately. With common randomness, we present the first set of algorithms for characterizing topology exactly. Our algorithms for topology estimation in the presence of random errors/erasures have polynomial-time complexity. 2. Failure Localization. Given the topology, we present the first polynomial time algorithms to localize random errors and adversarial erasures. For the problem of locating adversarial errors, we prove that it is intractable.

Multiple-Access Network Information-Flow and Correction Codes

This work considers the multiple-access multicast error-correction scenario over a packetized network with z malicious edge adversaries. The network has min-cut m and packets of length l, and each sink demands all information from the set of sources S. The capacity region is characterized for both a “side-channel” model (where sources and sinks share some random bits that are secret from the adversary) and an “omniscient” adversarial model (where no limitations on the adversarys knowledge are assumed). In the “side-channel” adversarial model, the use of a secret channel allows higher rates to be achieved compared to the “omniscient” adversarial model, and a polynomial-complexity capacity-achieving code is provided. For the “omniscient” adversarial model, two capacity-achieving constructions are given: the first is based on random subspace code design and has complexity exponential in lm, while the second uses a novel multiple-field-extension technique and has O(lm|S|) complexity, which is polynomial in the network size. Our code constructions are “end-to-end” in that all nodes except the sources and sinks are oblivious to the adversaries and may simply implement predesigned linear network codes (random or otherwise). Also, the sources act independently without knowledge of the data from other sources.

Network Codes Resilient to Jamming and Eavesdropping

We consider the problem of communicating information over a network secretly and reliably in the presence of a hidden adversary who can eavesdrop and inject malicious errors. We provide polynomial-time, rate-optimal distributed network codes for this scenario, improving on the rates achievable in (Ngai and Yeung, 2009). Our main contribution shows that as long as the sum of the adversarys jamming rate Z_O and his eavesdropping rate Z_I is less than the network capacity C, (i.e., Z_O + Z_I < C), our codes can communicate (with vanishingly small error probability) a single bit correctly and without leaking any information to the adversary. We then use this to design codes that allow communication at the optimal source rate of C - Z_O - Z_I, while keeping the communicated message secret from the adversary. Interior nodes are oblivious to the presence of adversaries and perform random linear network coding; only the source and destination need to be tweaked. In proving our results we correct an error in prior work (Jaggi and Langberg, 2007) by a subset of the authors in this work.

Passive Network Tomography for Erroneous Networks: A Network Coding Approach

Passive network tomography uses end-to-end observations of network communications to characterize the network, for instance, to estimate the network topology and to localize random or adversarial faults. Under the setting of linear network coding, this work provides a comprehensive study of passive network tomography in the presence of network (random or adversarial) faults. To be concrete, this work is developed along two directions: 1) tomographic upper and lower bounds (i.e., the most adverse conditions in each problem setting under which network tomography is possible, and corresponding schemes (computationally efficient, if possible) that achieve this performance) are presented for random linear network coding (RLNC). We consider RLNC designed with common randomness, i.e., the receiver knows the random codebooks of all intermediate nodes. (To justify this, we show an upper bound for the problem of topology estimation in networks using RLNC without common randomness.) In this setting, we present the first set of algorithms that characterize the network topology exactly. Our algorithm for topology estimation with random network errors has time complexity that is polynomial in network parameters. For the problem of network error localization given the topology information, we present the first computationally tractable algorithm to localize random errors, and prove that it is computationally intractable to localize adversarial errors. 2) New network coding schemes are designed that improve the tomographic performance of RLNC while maintaining the desirable low-complexity, throughput-optimal, distributed linear network coding properties of RLNC. In particular, we design network codes based on Reed–Solomon codes so that a maximal number of adversarial errors can be localized in a computationally efficient manner even without the information of network topology. The tomography schemes proposed in the paper can be used to monitor networks with other faults such as packet losses and link delays, etc.

Distributed reed-solomon codes for simple multiple access networks

We consider a simple multiple access network in which a destination node receives information from multiple sources via a set of relay nodes. Each relay node has access to a subset of the sources, and is connected to the destination by a unit capacity link. Arbitrary errors may be introduced by up to z of the relay nodes. We propose an efficient distributed error correction coding scheme, where the relay nodes encode independently such that the overall codewords received at the destination are codewords from a single Reed-Solomon code. We show that it achieves the full capacity region for up to three sources.

On erasure correction coding for streaming

We consider packet erasure correction coding for a streaming system where specific information needs to be decoded by specific deadlines, in order to ensure uninterrupted playback at the receiver. In our previous work [1], we gave a capacity-achieving code construction for the case of a fixed number of erasures. In this work, we consider a sliding window erasure pattern where the number of erasures within windows of size above some threshold is upper bounded by a fraction of the window size, modeling a constraint on burstiness of the channel. We lower bound the rates achievable by our previous code construction as a fraction of the capacity region, which approaches to one as the window size threshold and the initial playout delay increase simultaneously.

Seed Optimization Is No Easier than Optimal Golomb Ruler Design

Spaced seed is a lter method invented to eciently identify the regions of interest in similarity searches. It is now well known that certain spaced seeds hit (detect) a randomly sampled similarity region with higher probabilities than the others. Assume each position of the similarity region is identity with probability p independently. The seed optimization problem seeks for the optimal seed achieving the highest hit probability with given length and weight. Despite that the problem was previously shown not to be NP-hard, in practice it seems dicult to solve. The only algorithm known to compute the optimal seed is still exhaustive search in exponential time. In this article we put some insight into the hardness of the seed design problem by demonstrating the relation between the seed optimization problem and the optimal Golomb ruler design problem, which is a well known dicult problem in combinatorial design.