Key Distribution in DTNs

Using Erasure Codes

Ed BirraneEdward.Birrane@jhuapl.edu

443-778-7423

2

Erasure Coding

Forward Error Correction Code Store redundant information in a transmission Reed-Solomon Code

Erasure Channel Lossy Communication channel Lost data is considered “erased” data

Concept Message M captured in N chunks. Require R < N chunks to re-create message. Computationally infeasible to re-create message with C < R

chunks.

Forward error correction code over an erasure channel.

3

Creating/Using Redundant Chunks

Produce initial set of K chunks in finite field For binary files, choose power of 2 for field size (say, 2^1024) Number of chunks = file size / chunk size Name chunks 0 – (k-1)

Generate Lagrange Interpolation Polynomial p(x) Calculate efficient polynomial through K points p(0) = chunk 0, p(i) = chunk i…

Use polynomial to generate redundant points Generate p(k) through p(n).

Receiver constructs polynomial from any k points With polynomial, can extract p(0) through p(k-1).

4

Wikipedia Example

Sender encodes two messages: a = 555 and b = 629

Polynomial: f(i) = a + (b - a)(i - 1)

f(1) = 555, f(2) = 629, f(3) = 703, f(4) = 777, f(5) = 851

Receiver only receives f(4) and f(5)

Can reconstruct polynomial and then extract f(1) and f(2)

5

Considerations

Efficient Implementation as Reed-Solomon Coding Use generator polynomial and send coefficients, not values

More efficient decoding of values

Need large enough chunk size and large # chunks Larger the size, harder to brute-force guess a value when too few

chunks received.

Need k to be large enough to span paths in the network

Chunk values should not repeat Assume original data is compressed or otherwise entropy-encoded

to reduce the chance of constructing chunks with the same value.

6

Erasure Codes as Key Distribution

Key is binary data May include meta-data as part of key message. To a point, bigger message is better.

Construct Key Chunks No apparent need to generate redundant chunks May produce small set of redundancy for reliability, but this is

likely handled by other transmission mechanisms

Build discrete paths through network Chunks sent from source to destination via discrete paths No intermediate node may hold more than x% of chunks for a

key message

7

Network Example

F(1), F(2), F(3), F(4), F(5), F(6), F(7), F(8)

F(1), F(2), F(3)

F(4), F(5), F(6)

F(7), F(8)

F(1), F(2), F(3), F(4), F(5), F(6), F(7), F(8)

Eight Chunks Require all for re-assembly Send through different paths

Separate Paths Compromise of any one node

or one link does not compromise key.

Relies on Nodes to reject messages based on what they have seen so far.

Restricted routing settings (limits on storage and forwarding)

8

Issues/Mitigations

Cut Vertices Compromise of a cut vertex, or its links subverts the system Separate transmission over time. Node does not hold all chunks at

one time.

Cut Vertices Link The vertex collects all data through the segmented network Hop-by-hop confidentiality protects link transmission.

Node Intelligence Nodes must actively refuse to collect too many chunks Nodes must maintain some repository of chunks seen Key Distribution protocol counts chunks received by hashing on

destination node. Allowed collision count embedded in chunk message.

9

Issues/Mitigations

Chunk Poisoning Current system vulnerable to bogus data injection by a

compromised node. Exploit redundancy in the erasure coding approach. Calculate key

using redundant messages from multiple paths and agree on quorum.

Rely on Authentication to avoid injection attacks.

Relies on authentication between nodes Key distribution relying on key distribution… Multiple keys exist in the system. Do not rely on key being updated,

but other keys can be relied upon. Use for distribution of partial key in combination with identity-based

scheme.

10

Next Steps

Draft key distribution protocol Chunk construction, addressing, meta-data Intermediate Node actions Endpoint node actions

Detailed analysis Field space, chunk size, redundancy, entropy coding

Sample implementation Performance measurement Simulate link and node compromise and effects

11

Thank you!

Questions?