Security Analysis and Improvements on Two Homomorphic Authentication Schemes for Network Coding

摘要

Recently, based on the homomorphic signatures, the authentication schemes, such as homomorphic subspace signature (HSS) and key predistribution-based tag encoding (KEPTE), have been proposed to resist against pollution attacks in network coding. In this paper, we show that there exists an efficient multi-generation pollution attack on HSS and KEPTE. In particular, we show that using packets and their signatures of different generations, the adversary can create invalid packets and their corresponding signatures that pass the verification of HSS and KEPTE at intermediate the nodes as well as at the destination nodes. After giving a more generic attack, we analyze the cause of the proposed attack. We then propose the improved key distribution schemes for HSS and KEPTE, respectively. Next, we show that the proposed key distribution schemes can combat against the proposed multi-generation pollution attacks. Finally, we analyze the computation and communication costs of the proposed key distribution schemes for HSS and KEPTE, and by implementing experiments, we demonstrate that the proposed schemes add acceptable burden on the system.