基于零向量的抗污染攻击的高效网络编码方案研究与设计

发布时间：2018-07-10 07:41

本文选题：零向量 + 抗污染攻击　；参考：《苏州大学》2014年硕士论文

【摘要】：网络编码允许结点对数据包进行编码操作。相较于传统存储转发机制，网络编码在吞吐量、数据机密性、数据流的不可追踪性、鲁棒性等方面有显著优势。因此该思想引起了学界的广泛关注。虽然引入网络编码能带来很多好处，但如果网络中有恶意结点发起污染攻击，那么，整个系统的各方面性能将会大大下降。Kehdi等人提出了基于零向量的方案。该方案能很好地抵抗污染攻击，而且还有诸如分布式特性好、检测计算开销小、系统简单易实现等优点。然而，该零向量方案中，如果恶意结点获得了源结点分发的零向量所构成的零向量空间，那么它们就可以轻易攻破整个系统，亦即方案的安全性较低。针对上述问题，我们提出了全零向量空间的概念。该空间的特点是，没有污染包能通过它的检测。如果在上述基于零向量的方案中，源结点分发的零向量空间能构成全零向量空间，那么就可以有效提高方案的安全性。但这会给系统带来很大的开销。为了减少零向量带来的开销，我们推广了零向量的概念，提出了部分位置检测的思想，构造了长度比原来的零向量短的零向量。我们证明短零向量存在全零向量空间，并且证明在构成全零向量空间时，相比于原来的零向量，短零向量带来的开销会减少。随后，我们在前面的研究基础上给出了短的零向量存在全零向量空间的充分条件。接着，我们设计了基于短零向量的抗污染攻击网络编码方案，并通过严格的证明分析了方案的安全性，通过数值分析综合考虑方案的各种性能，确定了该方案中各个参数的取值。在这些参数设定下，短零向量方案的安全性高且计算开销、通信开销小，是一种高效的抗污染攻击网络编码方案。由于短零向量之间的检测位置不一定相同，使得在上述方案中源结点只能以逐个秘密分发的方式向网络中的各结点分发短零向量。这在网络规模很大或动态性很强时会大大增加源结点的负载，影响方案的分布式性能。为了解决该问题，我们构造了压缩短零向量，使零向量仍能以网络编码的形式传播。在此基础上，，我们对压缩短零向量进行了优化，构造了新型压缩短零向量。我们证明压缩短零向量和新型压缩短零向量都存在全零向量空间，并且证明在构成全零向量空间时，相比于原来的零向量，这两种零向量带来的开销都会减少。然后，我们设计了基于新型压缩短零向量的方案。在该方案中，新型压缩短零向量以网络编码的形式传播。这使该方案保持了原有方案的分布式性能，解决了短零向量方案分布式性能差的问题。接着，我们通过严格的证明分析了新型压缩短零向量方案的安全性，证明当参数取值满足一定条件时，该方案的计算开销、通信开销、安全性都会优于原零向量方案。最后，我们通过实验数据说明该方案相对于同态哈希方案和原有的零向量方案的优势，是一种高效的抗污染攻击网络编码方案。
[Abstract]:Network coding allows nodes to encode packets. Compared with traditional storage and forward mechanism, network coding has significant advantages in throughput, data confidentiality, non traceability of data flow, robustness and so on. Therefore, this idea has aroused widespread concern in the academic field.
Although the introduction of network coding can bring a lot of benefits, if there are malicious nodes in the network to launch a pollution attack, the performance of the whole system will be greatly reduced by.Kehdi et al. And the scheme based on zero vector is proposed. The scheme can resist pollution attacks well, and also such as good distributed characteristics and small detection computing overhead. However, in the zero vector scheme, if the malicious node gets the zero vector space formed by the zero vector of the source node distribution, then they can easily break the whole system, that is, the security of the scheme is low.
In order to solve the above problem, we propose the concept of all zero vector space. The characteristic of this space is that no pollution packet can be detected by it. If the zero vector space distributed by the source node can constitute all zero vector space in the zero vector based scheme, the security of the scheme can be improved effectively. But this will bring the system very much. Big expenses.
In order to reduce the overhead caused by zero vector, we generalized the concept of zero vector, proposed the idea of partial position detection, constructed a zero vector with shorter length than the original zero vector. We prove that the short zero vector exists all zero vector space, and proves that when the whole zero vector space is formed, the short zero vector is compared to the original zero vector and the short zero vector. Then we will give sufficient conditions for the existence of all zero vector spaces of short zero vectors on the basis of previous studies.
Then, we design an anti pollution attack network coding scheme based on short zero vector, and analyze the security of the scheme through strict proof. Through the comprehensive consideration of various performance of the scheme through numerical analysis, we determine the value of each parameter in the scheme. Under these parameters, the short zero vector scheme has high security and computing overhead. Communication overhead is small, and it is an efficient network coding scheme against pollution attacks.
Because the detection location between short and zero vectors is not necessarily the same, the source nodes in the proposed scheme can only distribute short and zero vectors to each node in the network by one by one distribution. This will greatly increase the load of the source nodes and the distributed performance of the scheme when the network is large or dynamic. In order to solve this problem, We construct the compressed short zero vector, so that the zero vector can still be propagated in the form of network coding. On this basis, we optimize the compressed short zero vector and construct a new compressed short zero vector. We prove that both the compressed short zero vector and the new compressed short zero vector have all zero vector spaces, and prove that the zero vector space is made up of all zero vector space. Compared with the original zero vectors, the cost of these two zeros will be reduced.
Then, we design a scheme based on the new compression short zero vector. In this scheme, the new compressed short zero vector is propagated in the form of network coding. This makes the scheme keep the distributed performance of the original scheme and solve the problem of the poor distributed performance of the short zero vector scheme. Then, we analyze the new compression by strict proof. The security of the short zero vector scheme proves that the calculation overhead, the communication overhead and the security of the scheme are superior to the original zero vector scheme when the parameter value satisfies certain conditions. Finally, we show the superiority of the scheme compared with the homomorphic hash scheme and the original zero direction scheme through experimental data. It is an efficient anti pollution attack network. Collaterals coding scheme.
【学位授予单位】：苏州大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】