secure network coding using computational …
TRANSCRIPT
SECURE NETWORK CODING USING COMPUTATIONAL INTELLIGENCE
DOCTOR OF PHILOSOPHY (PHD)
IN COMPUTER SCIENCE
BY:
MUHAMMAD IRSHAD NAZEER
REG. NO. COMP-2016-052
DEPARTMENT OF COMPUTER SCIENCE
FACULTY OF PHYSICAL SCIENCES
SHAH ABDUL LATIF UNIVERSITY, KHAIRPUR
SINDH, PAKISTAN
2018
SECURE NETWORK CODING USING COMPUTATIONAL INTELLIGENCE
A thesis submitted in the partial fulfillment of the requirements for the Degree of
DOCTOR OF PHILOSOPHY (PHD)
IN COMPUTER SCIENCE
BY:
MUHAMMAD IRSHAD NAZEER
REG. NO. COMP-2016-052
Supervisor:
Supervisor
PROF. DR. GHULAM ALI MALLAH
Co-Supervisor
PROF. DR. NOOR AHMED SHAIKH
DEPARTMENT OF COMPUTER SCIENCE
FACULTY OF PHYSICAL SECIENCES
SHAH ABDUL LATIF UNIVERSITY, KHAIRPUR
SINDH, PAKISTAN
2018
Author’s Declaration
I, Muhammad Irshad Nazeer, hereby state that my PhD thesis titled “Secure Network Coding
Using Computational Intelligence” is my own work and has not been submitted previously by
me for taking any degree for this University (Shah Abdul Latif University, Khairpur) or
anywhere else in the country/world.
At any time, if my statement is found to be incorrect even after my graduation, the university
has right to withdraw my PhD degree.
Name of Student: Muhammad Irshad Nazeer
Date __________________________
Plagiarism Undertaking
I, Muhammad Irshad Nazeer, PhD scholar solemnly declare that research work presented in
the thesis titled “Secure Network Coding Using Computational Intelligence” is solely my
research work with no significant contribution from any other person. Small contribution/help
wherever taken has been duly acknowledged and that complete thesis has been written by me.
I understand the zero-tolerance policy of the HEC and University (Shah Abdul Latif
University, Khairpur) towards plagiarism. Therefore, I, as an Author of the above titled
thesis declare that no portion of my thesis has been plagiarized and any material used as
reference is properly referred/cited.
I undertake that if I am found guilty of any formal plagiarism in the above titled thesis even
after award of PhD degree, the University reserves the rights to withdraw/revoke my degree
and the HEC and the University has the right to publish my name on the HEC/University
Website on which names of students are placed who submitted plagiarized thesis.
Student/Author Signature __________________
Name: Muhammad Irshad Nazeer
CERTIFICATE OF RESEARCH GUIDE(S)
This is to certify that the thesis entitled: “Secure Network Coding Using Computational
Intelligence” submitted to Shah Abdul Latif University, Khairpur in partial fulfillment of
requirements for the award of Degree of Doctor of Philosophy (PhD) in Computer Science, is
a record of original research work done by Mr. Muhammad Irshad Nazeer under my/our
supervision and guidance.
GUIDE/SUPERVISOR
Prof. Dr. Ghulam Ali Mallah
CO-SUPERVISOR
Prof. Dr. Noor Ahmed Shaikh
Certificate of Approval
This is to certify that the research work presented in this thesis, titled “Secure Network
Coding Using Computational Intelligence” was conducted by Mr. Muhammad Irshad Nazeer
under the supervision of Prof. Dr. Ghulam Ali Mallah and Prof. Dr. Noor Ahmed Shaikh. No
part of this thesis has been submitted anywhere else for any other degree. This thesis is
submitted to the Department of Computer Science in partial fulfillment of the requirements
for the degree of Doctor of Philosophy in the Field of Computer Science, Department of
Computer Science Shah Abdul Latif University, Khairpur. The thesis is evaluated by:
Examination Committee:
a) Prof. Dr. Zahid Hussain Abro Signature______________
Dean Faculty of Basic Sciences,
Quid-e-Awam University f Engineering,
Sciences and Technology, Nawab Shah,
External Examiner
b) Prof. Dr. M Sadiq Ali Khan Signature______________
Head of Computer Science Department
University of Karachi,
External Examiner
c) Prof. Dr. Ghulam Ali Mallah Signature______________
Professor and Chairman of Computer
Science department, SALU, Khairpur Mirs,
Supervisor/Internal Examiner
Name of Chairman/HOD____________________ Signature______________
Prof. Dr. Ghulam Ali Mallah
Name of Dean ____________________ Signature______________
Prof. Dr. Mumtaz Hussain Mahar
Contents
List of Tables .............................................................................................................................. i
List of Figures ............................................................................................................................ ii
List of Abbreviations ................................................................................................................iii
Acknowledgment ...................................................................................................................... iv
Abstract ...................................................................................................................................... v
Introduction ................................................................................................................................ 1
1.1 Notations of Graph Theory and Background of Network Coding ................................... 1 1.2 How Network Coding Works?......................................................................................... 4
1.3 From Network Coding to Secure Network Coding ......................................................... 6
1.4 Techniques of Computational Intelligence Security and Network Coding ..................... 8 1.5 Problem Description and Research Questions. ................................................................ 9 1.6 Organization of Thesis ................................................................................................... 10
Literature and Background Studies .......................................................................................... 13
2.1 Definitions and Fundamentals Results in Network Coding ........................................... 15
2.2 Taxonomy of Network Coding schemes........................................................................ 17 2.3 Coding Techniques for Network Coding ....................................................................... 20
2.3.1 Linear network codes ........................................................................................... 22
2.1.1.1 Random linear network codes .......................................................................... 22
2.1.1.2 Quantum linear Network codes ....................................................................... 26
2.3.2 Rank matrix codes ................................................................................................ 26
2.3.3 Heuristic based approximate solution ................................................................. 26
2.4 Network Coding (NC) aware routing Protocols ............................................................ 27
2.5 Secure Network Coding Schemes .................................................................................. 28
2.5.1 Threshold Cryptography ..................................................................................... 30
2.5.2 Filtered Secret Sharing ......................................................................................... 31
2.5.3 Cryptography – Signature based ......................................................................... 32
2.5.4 Cryptography – Hash Function Homomorphism .............................................. 32
2.5.5 Rank Metric Codes ............................................................................................... 32
2.5.6 Based on Cost Criterion ....................................................................................... 32
2.5.7 Random Coefficients as a Tool of Security ......................................................... 32
2.5.8 Quantum Cryptography ....................................................................................... 33
2.6 Computational Intelligence Techniques in Security ...................................................... 33
2.6.1 Major Computational Intelligence Techniques and their uses in Network
Coding ............................................................................................................................. 34
2.6.1.1 Genetic Algorithms .......................................................................................... 34
2.6.1.2 Particle Swarm Optimization ........................................................................... 36
2.6.1.3 Ant Colony Optimization ................................................................................. 37
2.6.1.4 Simulated Annealing ....................................................................................... 37
2.6.2 Meeting Security Requirements using Computational Intelligence ................. 38
2.4.2.1 For authentication ............................................................................................ 39
2.4.2.2 for confidentiality............................................................................................. 40
2.4.2.3 Both Authentication and Confidentiality ......................................................... 40
Materials and Methods ............................................................................................................. 42
3.1 Description of Research Questions ................................................................................ 42 3.2 Research Methods .......................................................................................................... 44
3.2.1 Theoretical Methods ............................................................................................. 44
3.2.2 Empirical Methods................................................................................................ 44
3.3 Experiment Design......................................................................................................... 45
3.4 Simulation Tools....................................................................................................... 47
Results and Discussions ........................................................................................................... 51
4.1 Comparative Analysis of Secure Network Coding Schemes ......................................... 51
4.1.1 Taxonomy of attacks ............................................................................................. 51
4.1.2 Selected Schemes ................................................................................................... 53
4.1.3 Selecting Cryptographic Techniques in Peer to Peer Systems ......................... 65
4.1.4 Proposed Hybrid Model ....................................................................................... 73
4.2 A System Model for Incorporating Secure Network Coding in Existing Networks ..... 74
4.2.1 The Need and motivation for a System Model ................................................... 75
4.2.2 Definitions, Assumptions and Protocol Model ................................................... 76
4.2.2 Network Coding Protocol: System Model .......................................................... 77
4.2.3 Threat Model ......................................................................................................... 78
4.2.4 Proposed System Model for a Secure Network Coding Protocol ..................... 79
4.2.5 Threats Importance and Actions ......................................................................... 80
4.3 Generic Security requirements ....................................................................................... 81 4.4 Implementing Secure Network Coding using Computational Intelligence ................... 81
4.4.1 Implication of Genetic Algorithm in Cryptography to Enhance Security ...... 82
4.4.1 Comparative Analysis of Method ........................................................................ 87
4.4.2 Proposed Algorithm .............................................................................................. 89
4.2.2.1 Key Generation ................................................................................................ 92
4.4.2.2 Diffusion of Original Text .......................................................................... 92
4.4.2.3 Encryption of Text: ..................................................................................... 93
4.4.2.4 Performance of Genetic Crypto ....................................................................... 93
4.4.2.5 Role of other Computational Intelligence Techniques .................................... 95
4.5 Implementing Genetic Crypto to Secure Network Coding ............................................ 97
4.6 Conclusions and Future Work ..................................................................................... 105
4.6.1 Conclusions .......................................................................................................... 105
4.6.2 Future Work ........................................................................................................ 107
4.6.2.1 Efficient Hardware Implementation .............................................................. 107
4.6.2.2 Performance evaluation in Delay/Disruption Tolerant Networks (DTNs) .... 107
4.6.2.3 More Applications of Genetic Crypto............................................................ 107
4.6.2.4 Use in Defense Applications .......................................................................... 107
4.6.2.5 Developing and Incorporating this Work as a Network Service ................... 108
References .............................................................................................................................. 109
Appendix A List of Publication ............................................................................................. 120
i
List of Tables
Table-1: Organization of different coding schemes in terms of network type, network
configuration and number of sources and sinks ....................................................................... 18
Table-2: Survey of Network Coding Schemes ........................................................................ 24 Table-3: Pros and Cons of different schemes .......................................................................... 26 Table-4: List of available simulations tools and their specifications ....................................... 47 Table-5: Schemes under study ................................................................................................. 53 Table-6: Comparison of different schemes to Secure Network Coding .................................. 61
Table-7: Inner vs Outer Codes ................................................................................................. 63 Table-8: Grouping of schemes on the basis of encountered attacks ........................................ 63 Table-9: Limitations of Schemes under Study......................................................................... 63 Table-10: Security Strength of Schemes under Study ............................................................. 64 Table-11: Comparison of Peer to Peer protocols ..................................................................... 70
Table-12: Comparison of Genetic Crypto with DES and AES................................................ 93
ii
List of Figures
Figure-1: Inter-relation of other fields with Network Coding .................................................. 2 Figure-2: Graph representation .................................................................................................. 3 Figure-3: A network where intermediate nodes retransmit the received symbol ...................... 4
Figure-4: Transmission setting for data rate of 1.5 bits per unit time a) transmission of bits b1
and b2 b) transmission of bits b2 and b3 ..................................................................................... 5 Figure-5: Network of Figure-3 with one less link and with network codes .............................. 5 Figure-6: Coding at intermediate nodes ..................................................................................... 7 Figure-7: Taxonomy of Network Coding schemes .................................................................. 19
Figure-8: Taxonomy of Various Coding Techniques for Network Coding ............................. 20 Figure-9: Taxonomy of Applying Network Coding ................................................................ 21 Figure-10: Taxonomy of Network Codes ................................................................................ 22
Figure-11: Approaches to Secure Network Coding ................................................................. 29 Figure-12: Taxonomy of attack in Network Coding Communications ................................... 53 Figure-13: Security Requirements met by selected schemes ................................................... 61 Figure-14: A structure of Peer to Peer Network ...................................................................... 67
Figure-15: A hybrid model ...................................................................................................... 74 Figure-16: A system model for Secure Network Coding ........................................................ 79
Figure-17: Flow Chart of Genetic Algorithm .......................................................................... 84 Figure-18: Single Point Crossover ........................................................................................... 85 Figure-19: Two Point Crossover .............................................................................................. 85
Figure-20: Uniform Crossover ................................................................................................. 86 Figure-21: Mutation ................................................................................................................. 86
Figure-22: Genetic Crypto Flow Diagram ............................................................................... 89 Figure-23: Results of Implementation of Proposed Algorithm ............................................... 91
Figure-24: Avalanche Effect on 32 bit block of Plain Text ..................................................... 95 Figure-25: Evolutionary Computation Methods ...................................................................... 96
Figure-26: Evolutionary Computation Methods in Cryptography........................................... 96 Figure-27: Block Diagram of proposed Secure Network Coding Model ................................ 99
Figure-28: Flow diagram of the Overall Process ................................................................... 100 Figure-29: Flow diagram of Bootstrapping Process .............................................................. 101 Figure-30: Flow diagram of Key distribution Process ........................................................... 102
Figure-31: Flow diagram of applying Outer Code Process ................................................... 103 Figure-32: Amount of data to be Encrypted as compared to Traditional Encryption ........... 104
Figure-33: Time taken by Encryption and Decryption Process ............................................. 104
iii
List of Abbreviations
Ant Colony Optimization (ACO)
Computational Intelligence (CI)
Differential Evolution (DE)
Digital Signature Standard (DSS)
Distributed Hash Algorithm (SHA)
Genetic Algorithms (GAs)
GNU’s Not Unix (GNU)
Graphical User Interface (GUI)
Hash MAC (HMAC)
Internet Engineering Task Force (IETF)
Key Distribution Center (KDC)
Message authentication Code (MAC)
Network Coding (NC)
Network Coding Problem (NCP)
Particle Swarm Optimization (PSO)
Pseudo Identity Certificate (PIC)
Pseudo Trust (PT)
Request for Comments (RFC)
Secure Network Coding (SNC)
Simulated Annealing (SA)
Transmission Control Protocol and Internet Protocol (TCP/IP)
Wireless Sensor Networks (WSN)
Zero Knowledge Proof (ZKF)
iv
Acknowledgment
I am thankful to my supervisors Dr Ghulam Ali Mallah and Dr Noor Ahmed Shaikh for their
time and supervising me throughout my research.
I appreciate the support of Dr Mohammad Shahid Shaikh and Dr Zubair Ahmed Shaikh for
their encouragement and mentorship during my academic career.
I am thankful to Rakhi Batra, Raheel Ahmed Memon, Ubedullah alias Kashif Muhammad
Ismail Mangerio for their help in compilation work and coding some parts of algorithms and
Nasarullah Dharejo for proof reading.
I also acknowledge the support of HEC for my studies under Indigenous scholarship scheme.
v
Abstract
The Network Coding is a potential candidate for the future wireless communications because
it reduces number of transmissions and offers energy efficiency. Network Coding is
vulnerable to threats and attacks that can harm intermediate nodes or coding operations as a
whole. Though it exhibits an ability to incorporate security of transmitted data yet a lot of
work needs to be done in this regard. A number of schemes to incorporate security in
Network Coding have been presented by many researchers. There is an ongoing research to
cater security issues regarding Network Coding. Most of these works are focusing on one or a
few aspects of security into consideration as generic requirements for Network Coding
Protocols are not already formed.
This work considers security issues of Network Coding in general to make a system model to
deal the issues of security and develop generic security requirements. The objective is to
obtain generic security requirements of Secure Network Coding Problem by incorporating
system’s approach. This work proposes a hybrid approach by combining a key distribution
and code encryption approaches along with feasibility to use techniques of computational
intelligence particularly Genetic Algorithms (GAs) which can help to implement efficient
encoding and decoding. This combined approach can produce good results in terms of
security strength and with better key management while retaining the benefits of Network
Coding.
A comprehensive study of more a dozen Secure Network Coding schemes suggest that some
candidate solution can be combined to obtain more general and more secure way to protect
and manage secure communications over Network Coding enabled wireless ad-hoc
Networks. The comparative study, comparisons and commonalities lead towards bigger
perspective Incorporating Secure Network Coding has been seen from a system approach for
which this work introduces a system model for its implementation. In order to have more
general notion of security requires this work proposes a set of security requirements. To
fulfill these requirements approach from Computational Intelligence has been combined with
Network Coding. A Genetic Algorithm based Crypto System is introduced and tested in
vi
wireless ad-hoc network setting to which exhibit a strong avalanche. Simulations show good
performance of this cryptosystem used for Secure Network Coding Communications.
1
Chapter 1
Introduction
The field of Network Coding has emerged in the year 2000 and since then it has been
growing by leaps and bounds. Many researchers are looking it as a critical technology for
future communication networks. The importance of this field was magnified with
establishment of Institute of Network Coding at Chinese University of Hong Kong. There are
many research groups, individuals, communities contributing to the fundamentals of Network
Coding and developing application based on NC. The Network Coding and Reliable
Communications Group at MIT, Caltech, EPFL, and CUHK are to name a few of them.
Many international vendors related to Information Technology and Networking are also
investing in the research and development of Network Coding. The top three among these are
Microsoft, Intel, HP and Cisco.
The nature of field of Network Coding is interdisciplinary which lies at the cross borders of
the Computer Science and the Communication Theory. Network Coding requires two basic
fields for its understanding, the maximum flow of network which is mostly studied by
Computer Science folks and the coding techniques for communication which are mostly
studied by communication engineering folks. Mathematical Science is a common base
between Computer Science and Communication Engineering. Others fields derived from
these such as Information Theory (Network and Algorithmic) and coding theory are also vital
in understanding the field of Network Coding fully. Figure-1 shows the inter-relation of
above stated field with Network Coding.
This chapter provides an overview of characteristics of Network Coding field, its
background, working and transition towards Secure Network Coding. It also discusses the
role of Computational Intelligence techniques in security and network. The problem
identification, research questions and organization of this thesis are also part of this chapter.
1.1 Notations of Graph Theory and Background of Network Coding
One of the applications of graph theory is to represent a certain network. It may be a
marketing network, a transport network etc. where things are moved according to the rules of
2
business. The intension is to use a graph for the representation of a communication network.
The term communication network is used for a setup where two or multiple parties
communicate with one another. A collection of multiple devices (computers or smart phones)
connected through wires or without wires via some wireless link, is one of the example of a
communication network where data or voice is moved among the communicating nodes. In
this network the initiator of the call dials desired number to get connected to other party.
Figure-2 shows the graph that represents a communication network with seven nodes. Using
the notions of graph theory, each communication party is represented by a node called the
initiator node as “source” represented as a square box (colored green) and “non-source”,
otherwise, represented by a circle. The recipient will be called as “sink” (colored red). Node
other than source and sink are called intermediate nodes (colored blue). Each node is
connected by some link (wired or wireless) represented by the directed edges; hence this
graph is called a directed acyclic graph (DAG). The given graph has no cycle. Let V be the
set of vertexes (nodes) and E be the set of edges then the graph G is defined as ),( EVG .
In the graph shown in Figure 2, YXWUTSV ,,,,, where S is source, X and Y are sink
and WUT ,, are intermediate nodes and UZTYWXSUSTE ,,,, .
The maximum amount of transmission that can take place over a link (edge) is denoted by
capacity function ),( vuc where Vvu , . Assuming this quantity to be non-negative value, so
Network Coding
Information Theory
Computer Science
Communication Theory
Figure-1: Inter-relation of other fields with Network Coding
3
it can be written as 0),( vuc . In the Figure 2, each node has capacity of one bit. The reason
for using a graph for the representation of a network is the ease of storing graphs in computer
memory using adjacency matrix or incidence matrix of the graph. This is also the fact that
many fast algorithms exist for graph processing. The graph of Figure 2 is named as Butterfly
network due to its resemblance with Butterfly.
Given the network, a flow network can be formed by showing current flow/capacity along
each edge. There can be multiple paths (at least one) to reach destination from source
through intermediate nodes. Maximum flow of a flow network is an upper bound on the
amount of data that can be carried simultaneously exploiting all possibilities. There are ways,
methods or algorithms to determine maximum flow of a flow network like Ford Fulkerson
and Bellman Ford [1]. Determining maximum flow of a flow network prior to transmitting
on it is beneficial in making better resource utilization, and makes operations cost effective.
However, as matter of fact, the existing communication and routing approaches do not
determine maximum flow prior to transmission. Hence the link capacities may be left
unutilized. It is the use of Network Coding that takes the link capacities into consideration
prior to transmission so meeting the upper bounds of transmission rate in a given flow
network.
Figure-2: Graph representation
4
Network Coding was introduced in a seminal paper of Yeung et al [2]. One can conceive
Network Coding as a data processing technique which exploits the characteristics of
channels. The transmitted data is processed at intermediate nodes to get two main benefits,
first, higher bit rate and, second, reduced network latency and energy consumption.
Network Coding is more advantageous in wireless multicasts than uni-cast where it can be
applied for peer-to-peer content distribution networks and data transmission in Sensor
Networks.
Another beneficial application of Network Coding is rerouting where it helps avoid the link
failures and hence making the network more resilient [3].
1.2 How Network Coding Works?
Consider the network of Figure-3 which is the same butterfly network of Figure-2 but with an
additional channel from W to X , if one intends to send the symbols b1 and b2 generated by
source node S to both sink nodes Y and Z . One way to do this is that each intermediate
node retransmits the received symbol and each channel carries either b1 or b2. Here the data
rate is 2 symbols/unit time as two channels are being used between W and X. Consider the
scenario of having only one link between W and X , even then the maximum flow of 2 units
can be obtained but with lesser transmission rate. This situation is shown in Figure-4:
Figure-3: A network where intermediate nodes retransmit the received symbol
5
Figure-4: Transmission setting for data rate of 1.5 bits per unit time a) transmission of bits b1 and b2 b)
transmission of bits b2 and b3
In the first time unit Z receives b1 and b2 but Y only receives b1, in the second time unit Y
receives b2 and b3 and Z receives b3. This setting achieves a transmission rate of 1.5
symbols per unit time. To get the performance improvement, coding is introduced at
intermediate nodes W and X as shown in Figure 4. Here both symbols are coded using XOR.
At destination each node can get the desired symbol by simply decoding the XOR of both
symbols. This gives the desired flow and transmission rate of 2 symbols per unit time without
adding additional link.
Figure-5: Network of Figure-3 with one less link and with network codes
6
To understand the Network Coding problem formally, consider a network G with n number
of nodes. Let S and T represent set of source and sink nodes respectively. A node other
than source and sink node and participating in communication is called an intermediate node.
For a particular node, all the edges terminating on it are incoming edges while all edges
originating from this node are outing edges. If there is a need to transfer a particular data d
from a source node S to a set of sink nodeT , then q nodes )( nq on all the paths from
source to sink(s) will participate in this transfer by establishing a set of connections C . The
Network Coding operation requires all the intermediate nodes to encode information of all
incoming edges using a transformation matrix M and then send the encoded information
)(dM on all outgoing edges. Now given a pair ),( CG , finding a transfer matrix that
duplicates all bits produced at origin to the sink, is known as Network Coding Problem [4].
As graph theoretic approach was difficult to manage so an algebraic formulation of the
Network Coding problem is suggested in [4].To encode symbols of incoming edges, XOR is
the simplest coding strategy while other coding strategies include linear, random,
probabilistic, semi-deterministic and timed Network Coding [5].
1.3 From Network Coding to Secure Network Coding
The initial work on Network Coding contributed a lot to the fundamental theoretical aspects
where many practical aspects were not considered like assumption that prior knowledge
about the topology of given flow network. However, the subsequent work made its progress
toward practical aspects. There were many researches that supported this concept while some
others made good criticism. Wang et al [6] made a good discussion on the practical aspects
of Network Coding. One such important aspect was related to security of transmitted data. As
coding and decoding information is being supplied to intermediate nodes which further
transmit after decoding if the message is intended for intermediate node. In this way, there
are chances that intermediate node may inject false data or modify the received data or may
perform any other malicious activity. As a consequence any node can be compromised or link
data can be eavesdropped. Security issue of Network Coding attracted proper attention of
researchers by introducing Secure Network Coding filed. A number of Secure Network
Coding schemes have been suggested so far. As evaluation of solution of particular problem
is a beauty of scientific research. Same happened to the solution to Secure Network Coding
problem that each scheme has its merits, demerits and limitations.
7
Continuing with the model of communication for Network Coding that is being considered in
section-1.2, suppose a single source in the network wishes to transfer data to multiple sinks as
happens in the multicast situations. The source node produces a message
nXXXXX ,321 ,, X, where symbols are taken from set of alphabet represented by F. The
goal is to transmit this message without any error and decode the message correctly at the
destination. Using Network Coding approach an intermediate node needs to perform some
coding operation on received symbols and then re-transmits the symbols to the outgoing
link(s) as shown in Figure-6.
Figure-6: Coding at intermediate nodes
As it can be seen in Figure-7, the message at node W seems insecure due to following
reasons:
a) It can have access to any arbitrary set of edges, or
b) It can know symbol transmitted along edge, or
c) It can know network code, or
d) It can be aware of topology of the network.
As per practices of models of network security following assumption can be made about the
network security:
a) unlimited computational power is available with the adversary and
b) data being transmitted using Network Coding has not already been encrypted.
There are many attacks which can affect data security of Network Coding (NC)-based data
transmissions. Among these most important are Byzantine, impersonation, fabrication, black
8
hole, replay and wormhole attacks. The work by Dong et al discussed the threats and
challenges of Network Coding in detail [7] while the taxonomy of attacks and
countermeasures were presented by Lima [8]. On the notions of the general Network Coding
problem that was defined in section 1.2, Secure Network Coding Problem is the general
Network Coding problem with generic security requirement [9].
1.4 Techniques of Computational Intelligence Security and Network Coding
There is a trend to use computational intelligence approach in Network and information
security. The most popular Computational Intelligence techniques are Genetic Algorithms
(GAs), Particle Swam Optimization (PSO), Ant Colony Optimization (ACO) and Simulated
Annealing (SA). The brief definitions of the terms are given for referencing.
“A genetic algorithm is a search heuristic that is inspired by Charles Darwin’s theory of
natural evolution. This algorithm reflects the process of natural selection where the fittest
individuals are selected for reproduction in order to produce offspring of the next
generation.” [10]
“Particle Swarm Optimization (PSO) is a population-based stochastic optimization algorithm
motivated by intelligent collective behavior of some animals such as flocks of birds or
schools of fish.” [11]
“In computer science and operations research, the Ant Colony Optimization (ACO) is
a probabilistic technique for solving computational problems which can be reduced to finding
good paths through graphs.” [12]
“Simulated Annealing (SA) is an effective and general form of optimization. It is useful in
finding global optima in the presence of large numbers of local optima. “Annealing” refers to
an analogy with thermodynamics, specifically with the way that metals cool and anneal.
Simulated annealing uses the objective function of an optimization problem instead of the
energy of a material.” [13]
These techniques are being used for various tasks of optimization. Hu used Genetic
Algorithms (GAs) in Network Coding [14-[15]. Nallakannu et al used Particle Swarm
9
Optimization (PSO) for optimal peer selection during Network Coding enabled
communications [16]. He et al proposed a Particle Swarm Optimization (PSO) based
authentication scheme [17].
Sabri used Ant Colony Optimization (ACO) protocol in Network Coding [18]. Wag used Ant
Colony Optimization (ACO) for resource minimization [19]. Liying Zhang has covered
many aspects of Network Coding using Simulated Annealing [20].
1.5 Problem Description and Research Questions.
Based upon the facts presented so far that the benefits offered by Network Coding are being
hindered by its security issues. The solutions suggested to Secure Network Coding lack some
of the security requirements while the set of general security requirements is not yet defined
in literature. There is a potential the Computational Intelligence based technique can be
incorporated and this solution may improve the security.
The following is a bird’s eye view of the state of art of related work until now.
There are many ways to construct codes for Network Coding. These are listed as:
a) Linear network codes [21]
b) Random linear network codes [22]
c) Quantum linear Network Coding [23]
d) Rank matrix codes [24]
e) Heuristic based approximate solution [25]
To Secure Network Coding based communication following are some of the approaches:
a) Threshold Cryptography [26]
b) Filtered Secret Sharing [27]
c) Cryptography – signature based [28]
d) Cryptography – hash function homomorphism [29]
Each of the suggested schemes has its own advantages and disadvantages as they are meant
to operate in a particular environment or in specific application or introduces additional
computational overhead. The techniques of computational intelligence having inspired from
nature may help optimize this. The purpose of this research work is to focus on complexity
10
and generality issues related to Secure Network Coding. This work intends to combine and
optimize these schemes in a generic environment and for a generic application.
In order to describe research objectives in a more clear and vivid manner, main research
questions and sub questions against each of these research questions are defined as under:
Main Research Question-1: How can a code be constructed to support all the security
requirements in a computationally efficient manner while retaining all the benefits offered by
Network Coding?
Sub Research Question-1(a): What is current state of art in the field of Network Coding?
Sub Research Question-1(b): What will be constitution of requirements for generic Secure
Network Coding Problem?
Main Research Question-2: How benefit of computational intelligence can be availed to
optimize the algorithms?
Sub Research Question-2(a): What role Computational Intelligence may play in the problem
of Secure Network Coding?
Sub Research Question-2(b): What sort of Computational Intelligence techniques may fulfill
the requirements?
Sub Research Question-2(c): What will be the performance of such kind of solutions?
Through this research work, following contributions are made:
1) Comparisons and broader perspectives of Secure Network Coding schemes
2) A system model for incorporating Secure Network Coding in existing networks
3) A set of generic security requirements
4) Implement Secure Network Coding using Computational Intelligence (Genetic
Algorithms)
1.6 Organization of Thesis
Chapter-1 presents introduction of Network Coding, its background and its transition towards
Secure Network Coding, ideas in Computational Intelligence and the research orientation.
Rest of the thesis is organized in following chapters:
11
Chapter-2 presents literature review. It covers various coding techniques for Network
Coding, Network Coding aware routing Protocols, various approaches to Secure Network
Coding, Computational Intelligence (CI) techniques used in securing data and various
approaches of CI to meet security requirements.
Chapter-3 presents details of the chosen research methodology. It describes how theoretical
analysis of literature is done on literature and how experiment is designed. It also explains the
chosen simulation tools.
First part of Chapter-4 provides full insight on techniques of Network Coding. A comparison
is made for various schemes of Secure Network Coding proposed so far. With the goal to find
an efficient approach towards Secure Network Coding, different schemes used to Secure
Network Coding enabled networks are classified and analyzes in terms of confidentiality,
authentication and level of the security strength they provide. Based upon comparative study
of different schemes a conclusion can be made that a generalized model for Secure Network
Coding may work in broader perspective. The second part of this chapter presents
methodology to carry out the proposed work.
Second part of Chapter-4 presents system model for incorporating Secure Network Coding in
existing networks. It also describes a generic set of security requirements for Network Coding
protocols and systems. This work will serve in two ways, first it may be used as a reference
material for current Network Coding protocols and systems analysis; second, it will serve as
guidelines for extending and designing more Secure Network Coding protocols and systems.
This part also provides a contrast and similarity of these requirements to those that are
recommended for routing protocols by Internet Engineering Task Force (IETF).
Third part of Chapter-4 explores incorporation of Computational Intelligence techniques into
Secure Network Coding. A method which takes the advantage of theory of natural selection.
By using Genetic Algorithm the strength of the key is improved that ultimately make the
whole algorithm good enough.
Finally, the last part of Chapter-4, presents a comparative analysis between the proposed
method and two other cryptographic algorithms. It has been observed that the proposed
12
algorithm has better results in terms of the key strength but is less computational efficient
than other two. It also enlists contributions made by the research work, limitations and future
research proposed to enhance and extend the findings of this research.
13
Chapter 2
Literature and Background Studies
Network Coding exhibits advantages of Coding over Routing [30] particularly in wireless
broadcast setting. There are many ways and areas to exploit more of its benefits. This chapter
covers various coding techniques for Network Coding, Network Coding aware routing
Protocols, various approaches to Secure Network Coding, Computational Intelligence
techniques used in securing data and various approaches of Computational Intelligence to
meet security requirements.
To start with, first point that comes to mind is the justification for further investigation in
Network Coding and its associated topics. For more clarity of this point, some questions can
be formulated, answers to which would significantly highlight the advantages of Network
Coding and the need to further explore this field from research and development point of
view.
The first question is “Does store-and-forward routing give the highest data rate?” The answer
is No, the traditional store-and-forward routing does not offer the highest data rate. Rather in
most of the cases the channel capacity goes unused.
The second question is “How maximum flow be achieved in a Communication Network?”
The answer is that maximum flow is achieved in a Communication Network if and only if
data units are mixed at intermediate nodes.
The third question is “Can a communication link be saved in wireless networks?” The answer
is yes if and only if there is an ability to mix the flow of the link to another link.
The fourth question is “How content distribution in P2P networks can be improved?” The
answer is yes if and only if the content can be deduced from the ongoing mixed stream.
The fifth question is “How quality of highly demanded multicast can be improved?” The
answer is yes if and only if there is an ability to reduce number transmissions and re-
transmissions.
14
The sixth question is “How energy cost can be saved in Sensor Networks?” The answer is
again the same as of previous one i.e. yes if and only if there is an ability to reduce number of
transmissions. It implies that the use of antennas should be less often. Hence saving the
battery or energy.
In other words the answers to all above questions require some sort of mixing of data packets
at intermediate nodes such that statistical information obtained from this mixing will later be
used at destination nodes to reconstruct the original data.
The need for coding at intermediate nodes exits as traditional communication mechanisms are
neither designed to support the maximum flow that a network can admit nor do they make
sure to achieve this bound. So some technique is needed to obtain this upper bound. As the
cost of adding a new communication link is high so new links cannot be added to get this
performance improvement and obviously some processing can be afforded at intermediate
node by adding fast and inexpensive processing capability at intermediate nodes. Consider a
situation where nodes are spreading out at every node, for example the case of binary tree
network. Here one can verify that using routing, routing capacity is just limited to lesser than
or equal to two but if some coding is applied on data packets, this rate could be increased
significantly up to h where h is the height of the network.
Once the maximum flow is determined in a flow network i.e. communication network, the
next task is to work out how this maximum bound could be achieved. For this, there is a need
to understand the communication mechanism in a communication network. A communication
network uses switching for connectivity. There are two types of communication networks:
i) circuit-switched, and
ii) packet-switched
The circuit-switched network is always connection oriented while the packet-switched
network may be either connection oriented or connectionless. Most of the computer networks
nowadays are connectionless packet-switched. In connectionless packet-switched networks,
every packet has the information of its sender and receiver, packets are stored into a buffer on
intermediate node and then they are forwarded according to the route define in routing table
of that intermediate node also known as hop. Such networks are called store-and-forward
15
routing networks. This brings the need to understand different routing schemes i.e. unicast,
multicast, broadcast and any-cast network. Unicast is the sending of information packets to a
single destination. Multicast is the delivery of information to a group of destinations
simultaneously using the most efficient strategy to deliver the messages over each link of the
network only once, creating copies only when the links to the destinations split. Broadcasting
refers to transmitting a packet that will be received (conceptually) by every device on the
network. In practice, the scope of the broadcast is limited to a broadcast domain. In any-cast,
data is routed to the “nearest” or “best” destination as viewed by the routing topology.
Some important definitions, facts, and results are needed for discussion and proper
understanding of literature review and related work. These are presented in next section.
2.1 Definitions and Fundamentals Results in Network Coding
Definition-1: Network Coding - Network Coding is a particular inter-node data processing
technique that exploits characteristics of the channel (the broadcast communication channel)
in order to increase the capacity or the throughput of the network.
Definition-2: Intra flow Network Coding - Let S be the source in the given communication
network ),( EVG and packets generated by source are stored at intermediate nodes in a
buffer. The intra-flow Network Coding make codes on the basis of packets in the buffer and
forwards to next hop. Random Linear Network Coding is an example of intra-flow. The intra-
floor Network Coding make sure the link to link reliability.
Definition-3: Inter flow Network Coding – Let there is a collection of Communications
Networks. Let Si be the source in each given ith communication network ),( EVG and packets
generated by these different sources are stored at intermediate nodes in a buffer. The inter-
flow Network Coding make codes on the basis of packets in the buffer and forwards to next
hop. This is very useful on nodes which act as a relay.
Definition-4: Let ),( EVG be a communication network, with a source node. If U is a
legitimate user on an intermediate. Further assume A is a collection of edges which are
accessible by wiretapper such that EA . Then a collection ),,,( AUSG forms a wiretap
network. [31]
16
Definition-5: Network Cost - Let d quantify overhead of setting up a link e with capacity
c(e) then network cost is sconnection
idi
There are certain seminal theorems in theory of Network Coding. For better understanding of
Network Coding, it is also important to understand the following theorems:
Theorem-1: Law of Conservation of Information
For any intermediate node, the amount of information flow in is always equal to amount of
information flow out [2]. Though there has been a debate in literature about commodity or
non-commodity nature of information, it is very common for the graph theory to assume
information as a commodity to validate the law of conservation of information.
Theorem-2: Maximum achievable rate of communication
As opposed to the Classical Shannon’s work the theory of Network Coding says that:
R≤ maxflow G(V,E)
It means that the maximum achievable rate of commination R is at most maximum flow of
the network G instead of Channel Capacity [32].
Theorem-3: Network Coding problem is NP-hard So will be the Secure Network Coding
The work of Yao et. al. proves regarding complexity that the Network Coding problem
belongs to class NP-hard [33]. As Secure Network Coding Problem is an extension of the
Network Coding Problem so it will also belong to class NP-hard.
Following are some facts, theoretical assumptions and practical consideration when working
with Network Coding:
Fact-1: Network Coding is always done at intermediate node. There is no need of it on
source(s) or sink(s).
Fact-2: Network Coding allows mixing of data at intermediate nodes. This is essential to fully
utilize capacity of associated links.
17
Fact-3: Network Coding is Independent of routing protocols. The Network Coding has
flexibility to work with existing protocols. Even it has room to be incorporated with current
TCP model [34].
Fact-4: Network Coding is dependent on topology of network. It is very necessary to have
advance knowledge of topology of network to efficiently construct the network codes.
Theoretical Assumption-1: Initial Network Coding Theory assumes Synchronous Symbols
flow which possible mostly in delay-free network.
Theoretical Assumption-2: Initial Network Coding Theory also assumes that edges have
known capacities which is only possible in static networks.
Theoretical Assumption-3: Initial Network Coding Theory also assumes centralized topology
and full knowledge of topology is available before coding.
Practical Consideration-1: Most of the networks are delay-tolerant generating asynchronous
information flow. The schemes of Network Coding should deal this issue.
Practical Consideration-2: It is due to the stochastic nature of communications (especially
wireless) random delays and losses occur.
Practical Consideration-3: In case of ad-hoc networks, edge capacities are often unknown and
time-varying.
Practical Consideration-4: There may be difficulty in obtaining centralized knowledge of
topology. This may be due to some administrative or technical issue.
2.2 Taxonomy of Network Coding schemes
In literature, broad categories of Network Coding Schemes are be found namely: Linear
Network Codes, Static Network Codes, Convolutional Network Codes, Superposition
18
Network Codes, Block Network Codes and Random Network Codes. A taxonomy to
organize these schemes is based on number of sources and sinks, configuration of the
network and type of synchronization. Each parameter of classification is described below:
Number of sources and sinks: This can be decided depending upon the number of sources, the
type of mathematical tools to model given network changes. For single source network,
concepts of linear algebra and related mathematics are used and for multi-source network, the
concept of stochastic process are used and hence the probabilistic tools are required to deal
with such networks. For multi-source networks a single value cannot confine the data
transmission rate.
Configuration of the Network: The configuration of network varies due to several reasons. By
adding network configuration it is possible to get more realistic coding scheme. While for
some cases where configuration is fixed, some amount of processing can be saved. Both the
static and variable network configuration cases are considered here.
Synchronization: For the case of delay-free networks, there is no need for synchronization at
intermediate nodes as they maintain upstream to downstream order if they are acyclic. But for
more realistic network it is essential to deal with the cycles in the network.
Figure-7 shows the taxonomy of Network Coding schemes based on the parameters discussed
above.
Table-1 shows this organization of different coding schemes in terms of network type,
network configuration and number of sources and sinks.
Table-1: Organization of different coding schemes in terms of network type, network configuration and
number of sources and sinks
Coding Scheme Network Type Network
Configuration
No. of Sources No. of Sinks
Linear Network
Codes
Acyclic Fixed Single Multiple
Static Network
Codes
Acyclic Variable Single Multiple
19
Convolutional
Network Codes
Cyclic Fixed/variable Single Multiple
Superposition
Network Codes
Cyclic Fixed/variable Multiple Multiple
Block Network
Codes
Cyclic Fixed/variable Multiple Multiple
Random
Network Codes
Cyclic Fixed/variable Single/Multiple Multiple
Figure-7: Taxonomy of Network Coding schemes
Network Coding Scemes
Information generating source
Single - Algebraic methods
Multiple -probabilistic
(information theory)
Configuration
Fixed
Variable
Synchronization
Acyclic (no time dimension)
Cyclic
20
Figure-8: Taxonomy of Various Coding Techniques for Network Coding
By pivoting the taxonomy of Figure-7 on number of sources, a new taxonomy of Network
Coding (NC) is Figure-8.
2.3 Coding Techniques for Network Coding
In this section, the literature is explored to know the coding techniques used by various
Network Coding Schemes. The broad categories of such code construction and application
areas for these techniques and incorporation in current model of networking i.e. OSI are focus
points.
According to literature survey, Network Coding schemes have been incorporated at various
layers of OSI stack Network Coding. The taxonomy of applying Network Coding at various
layers of OSI stack and various domains is given in Figure-9. An example of applying
Network Coding is given in [35] which suggests a scheme for transmitting a signal by a node
so that it reaches several other nodes and vice versa at the same time. An example of applying
Network Coding at network layer can be found in [36] which suggest a practical scheme with
near to theoretical performance. A few examples of applying Network Coding at application
layer include on scheme by Gkantsidis et. al. [37] which deals large scale content
Single Source
Acyclic Networks
Fixed Config
Linear Network Codes
Variable Config
Static Network Codes
Cyclic Networks
Convolutional Network Codes
Multiple information
Source
Superposition Network Codes
Practical Random
Network Codes
21
distribution, and another by Dimakis et. al.[38], which deals with the distributed storage
systems. In addition to single layer based schemes are some cross-layer implementation. An
example of cross-layer scheme for Network Coding is by Katti [39]. As far as domains are
concerned Zhu [40] successfully tested Network Coding in the domain of Overlay Networks.
Following are the names of some Network Coding Schemes:
XOR for Single source acyclic network
Linear Network Code for Single Source Acyclic network
Static Network Codes for Single Source Acyclic network
Convolutional Network Codes for Single Source Cyclic network
Entropy based codes for Multiple Source networks.
There are many ways to construct codes for Network Coding. The very simple way is to
XOR the bits of messages received at intermediate node and then retransmit the code[39].
Figure-9: Taxonomy of Applying Network Coding
Applying NetworkCoding
Layers of OSI stack
Physical
Data Link
Network layer
Between Network and transport
Domains
Overlay Networks (application layer)
22
On the basis of literature survey of more than a dozen Network Coding schemes. The
suggested taxonomy of Network Coding schemes is shown in Figure-10.
Figure-10: Taxonomy of Network Codes
In the proceeding section each of these coding schemes is described.
2.3.1 Linear network codes
This is known as the first approach to construct Network Codes [41]. Using this approach a
block of data is represented as a vector then a linear transformation is made based on the data
vector and coefficients of linearity. These coefficients of linearity are taken over a certain
base field. This scheme is meant to achieve multicast and meets the maximum achievable rate
of communication. The code construction methods for linear codes are well discussed in [42]
for both cyclic and acyclic networks.
2.1.1.1 Random linear network codes
Random Linear Network Codes were first suggested by [43] close to obtain an optimal
throughput using a decentralized algorithm. The key idea is to send additional random linear
combinations until the receiver obtains the appropriate number of packets to decode the
message. In the linear random coding setting for single source multicast, decoding takes some
extra time due to using the Gauss-Jordan elimination method, however to cope this some
Network Codes
linear network codes
random linear network codes
Quantum linear Network codes
rank matrix codes
heuristic based approximate
solution
24
Table-2: Survey of Network Coding Schemes
Co
din
g S
chem
e
Des
ira
ble
pro
per
ties
Sy
nch
ron
iza
tio
n o
f
mes
sag
es
Eff
ect
on
pro
pa
ga
tio
n
del
ay
L
oca
l D
escr
ipti
on
(L
D)
Glo
ba
l D
escr
ipti
on
(GD
)
Is G
D c
om
po
sed
of
LD
? Algorithms/comput
ational methods
and its complexity
Su
ita
ble
fo
r
Rel
ate
d C
on
cep
ts
Lin
ear
Net
wo
rk C
od
es
Sp
ecia
l cl
asse
s: L
inea
r M
ult
icas
t, L
inea
r B
road
cast
an
d
Lin
ear
dis
per
sio
n
Law
of
con
serv
atio
n o
f in
form
atio
n
Ach
iev
able
max
flo
w r
ate.
And
D
im (
VT
) =
w f
or
dec
od
ing
Up
-str
eam
to
do
wn
-str
eam
i.e
eac
h m
essa
ge
is
enco
ded
ind
epen
den
tly
No
. N
o t
ime
dem
issi
on
edk ,
)( ,).(
.
TInd ded
e
fxk
fx
where d and e
belongs to
In(T) and
out(T)
respectively
y
e
s
Generic Linear
Network Coding
Algorithm 2.19 [1]
1
1
NN
Linear Multicast NC
Algorithm 2.31
[1][2]
N
Computational
details in [3]
Fast implementation
IkkMTEF )(
Mu
ltic
ast
and
Bro
adca
st n
etw
ork
s
Gra
ph
th
eory
,M
od
ern A
lgeb
ra
Sta
tic
Net
wo
rk C
od
es
Sp
ecia
l cl
asse
s: S
tati
c L
inea
r M
ult
icas
t S
tati
c L
inea
r B
road
cast
Sta
tic
Lin
ear
dis
per
sio
n
L
aw o
f co
nse
rvat
ion
of
info
rmat
ion
Ach
iev
able
max
flo
w r
ate.
Dim
(V
T)
= w
for
dec
od
ing
Up
-str
eam
to
do
wn
-str
eam
i.e
eac
h m
essa
ge
is
enco
ded
in
dep
end
entl
y
No
, N
o t
ime
dem
issi
on
edk ,
)( ,).(
.
TInd ded
e
fxk
fx
where d and e
belongs to
In(T) and
out(T)
respectively
y
e
s
Generic Linear
Network Coding
Algorithm 2.36[1]
1
1
NN
Mu
ltic
ast
and
Bro
adca
st n
etw
ork
s
Gra
ph
th
eory
,M
od
ern A
lgeb
ra
25
Co
nv
olu
tio
nal
Net
wo
rk
Co
des
zFzkFed
)(,,,
Pro
pag
atio
n a
nd
pro
cess
ing
of
seq
uen
tial
mes
sag
es
con
vo
lve
Yes
, ti
me
dim
ensi
on
inv
olv
es
0
,,
,)(
t
t
ted
ed
zk
zk
0
,)(
t
t
teezfzf N
o
Algorithm
mentioned
in [45]
Co
nv
olu
tio
nal
Mu
ltic
ast
Tim
e sp
atia
l d
om
ain
s
Fo
uri
er t
ran
sform
Su
per
po
siti
on
N
etw
ork
Co
des
As above A
s ab
ov
e
As
abo
ve
As
abo
ve
Random on
Alphabet
N
o
Algorithm
mentioned
In [32]
mu
ltis
ou
rce
mu
ltic
ast
Fo
uri
er T
ran
sfo
rm,
con
vo
luti
on
, ti
me
spac
e
cod
ing
etc
Blo
ck N
etw
ork
Co
des
As above
As
abo
ve
As
abo
ve
As
abo
ve
Random on
Alphabet
N
o
Algorithm
mentioned
In [46]
mu
ltis
ou
rce
mu
ltic
ast
Pro
bab
ilis
tic
To
ols
,
Info
rmat
ion
Th
eory
etc
Ran
do
m L
inea
r N
etw
ork
Co
des
As above
Up
-str
eam
to
do
wn
-str
eam
i.e
each
mes
sag
e is
en
cod
ed
ind
epen
den
tly
No
, N
o t
ime
dem
issi
on
edk ,
Random on
Alphabet
Y
e
s
Algorithm
mentioned
In [44] fo
r m
ost
gen
eral
net
work
En
tro
py
XO
R
Symbols
composed of
Galois Field
GF(2)
Up
-str
eam
to
do
wn
-str
eam
i.e
each
mes
sag
e is
en
cod
ed
ind
epen
den
tly
No
, N
o t
ime
dem
issi
on
N/A
Random on
Alphabet
Y
e
s
Algorithm
mentioned
In [47]
26
2.1.1.2 Quantum linear Network codes
In Quantum network, coding takes care of noiseless quantum channels where the information
is in quantum state [23]. One study that uses the quantum theory for Network Coding
presents quantum network code. These codes are applied to a multiple unicast scenario of
butterfly network [48].
2.3.2 Rank matrix codes
Rank metric approach is basically a remedy to random linear Network Coding where one
corrupted packed affects all others packets which make these packets into their combinations.
This is end-to-end error control coding [49].
2.3.3 Heuristic based approximate solution
Heuristics can play a good role for Network Coding. heuristics related to local topology
information were used in a work by [25] to get excellent performance.
Before paying attention towards review of Secure Network Coding scheme, an overall
comparison in terms of pros and cons of coding schemes is presented in Table-3.
Table-3: Pros and Cons of different schemes
Advantage Disadvantages
XOR Simplest Security issue
Linear Network Codes Coding can be implemented
at low computational cost
Flows law of conservation
of information
Theoretically no delay
Edges have unit (or known
integer) capacities
Centralized and full
Coding/decoding scheme has to
be agreed upon beforehand
Does not support variable
network topology
Does not meet practical
consideration
Practically Information travels
asynchronously in packets
27
knowledge of topology,
which is used to compute
encoding and decoding
functions
Packets subject to random
delays and losses
Edge capacities often unknown,
time-varying
Difficult to obtain centralized
knowledge, or to arrange
reliable broadcast of functions
Practical Random
Network Codes
Coding/decoding scheme
has not to be agreed upon
beforehand
Support variable network
topology
Meets practical
consideration
Considers Information
travels asynchronously in
packets
Considers random delays
and losses
Do not need centralized
knowledge, or to arrange
reliable broadcast of
functions
Probabilistic
Static support for variable network
configuration
Do not care delay and cycles in
the network
Convolution Convolution support delays
and cycle in the network
Cannot handle multiple
information sources
Superposition support multiple sources May be sub optimal in terms of
information flow rate regions
Block Codes support most general
network
Complex
2.4 Network Coding (NC) aware routing Protocols
The Network Coding (NC)-based (intra flow) and Network Coding (NC)-aware (inter flow)
protocols are not the same. The difference has been clarified in section-2.1. The routing
decisions in most of the NC-aware routing protocols look for coding opportunities available
at a forwarding node [50]. First example of NC-based aware (inter flow) protocols is COPE
[39].
28
The literature also suggests a combination of both Inter flow and Intra flow Network Coding
[51] to counter the problem of unnecessary forwarding of a packet. This work exploits the
random New Year recording with addition of opportunistic routing. This is also workable on
random topology.
2.5 Secure Network Coding Schemes
To Secure Network Coding based communication literature suggests many approaches. As it
has already been discussed in Section-2.1 that there are some contradictions between
theoretical assumptions and practical realities, the research has also addressed these
contradictions in later works. One such a work to make Network Coding practical is given in
[22] which assigns the coefficients of linearity randomly instead of computing them
algebraically. Extended work of this model incorporates some of the security concerns [52].
In this work data confidentiality is achieved by locking the encoding coefficients. The
limitation of this work is that in case if a compromised node intended to be a legitimate one
then this scheme is vulnerable to detect any arbitrary modification attack. In most of the
literature this situation is also referred as a Byzantine Attack [53]. Some ways to counter
Byzantine attacks in Network Coding can be found [53].
Figure-11 shows the taxonomy of these approaches. Each of these are described in detail in
preceding section.
29
Figure-11: Approaches to Secure Network Coding
Approches to Secure Network
Coding
Threshold Cryptography
Filtered Secret Sharing
Cryptographic Signatures
Cryptographic hash functions
Rank Metric Codes
Random Coefficients as a tool of security
Quantum Cryptography
30
2.5.1 Threshold Cryptography
There are many ways in cryptography to protect data from theft or cracking keys. Hashing,
encrypting and digitally singing mechanisms are to name a few. Most of these mechanisms
relay on the strength and safe keeping of the key of underlying algorithm. The handling of
key by a single node can create seems a single point of failure. Threshold Cryptography is yet
another mechanism helping distribution of the key over the network instead of being kept
with a single node of a network. Threshold Cryptography achieves secure transmission of the
data over publicly accessible links [26]. To elaborate its working further, suppose there is a
secret key that is going to be used to secure data transmission over a public network between
a sender and a receiver. This method reduces the probability of at least k nodes being
compromised simultaneously with the help of this sharing. Shimmer’s secret sharing [54]
provides this sort of practically viable scheme (mathematical model) . In order to encode or
decode data using Shimmer’s secret sharing scheme k out of n shares will be needed to
reconstruct the secret. Here n is also referred as number of participants. Shimmer’s secret
sharing works in two phases; set up and distribution. In first phase share of a secret are
constructed according to the mathematical model. In second space, these shares are
distributed among participating nodes. An attack is only successful if the adversary has
access to k out of n shares. Note that a dealer node is also required here to distribute the
secret among all nodes of the network. Section-2.1.1 discussed linear network codes which
were constructed to achieve optimal performance but the limitation of the model is obviously
its insecure transmissions. To fulfill the need of security into Linear Network Coding for
single source the authors of [55] incorporated a security condition using threshold secret
sharing. Their security model assumes that a limited number of links of the network can be
accessed by an adversary. This work served the purpose of security up to some extend but it
was only limited to single source multicast. To extend the benefit of threshold cryptography
and Shamir’s secret sharing in multiple source network the work done in [31] is also of great
importance.
The scheme proposed in [55] suggests that Shamir’s secret sharing is one aspect of a Wiretap
Network. Wiretap network of such type can be formed with three layers presuming the access
structure is already defined. The first layer or top layer contains source node S acting as
31
dealer. The second or middle layer consists of all intermediate nodes acting as participates.
The third or bottom layer is comprised of receivers.
It is important to look at capacity analysis of the approach presented in [55]. Capacity
analysis helps understand the maximum capability of network resources and the amount of
new resources needed to cater to future requirements and its associated cost. The work from
Feldman et.al. [56] gives good clues on capacity analysis of Secure linear Coding [55]
highlighting field size required for the construction of linear network codes.
There is a recent innovative idea to incorporate. Another scheme [57] deals with the use of
threshold cryptography for secret key distribution to multiple scattered nods of a sensor
network. Here a distributed reprogramming protocol is introduced. The working of the
protocol includes secure reprogramming, reduction of communication and reduction of
storage at each node of the participating network. The responsibility of trust delegation lies
with network owner who also manages the reprogramming rights of the users. To stop an
adversary from injecting malicious code, every user passes authentication before performing
any task the network.
2.5.2 Filtered Secret Sharing
In filtered secret the shares are not distributed among participating nodes. Those shares are
passed to a filter which produces some linear combinations of passed shares. These linear
combinations are greater in number than the actual number of shares. As it has been
discussed in section-2.3.1 that an attack is only successful if the adversary has access to k out
of n shares. Thus increasing the search space and making the attack more difficult for an
adversary.
A Secure Network Coding scheme based on the concept of filtered secret sharing has been
proposed in [58]. In most of the schemes of Network Coding, security has tradeoff with
bandwidth and or with the capacity of the network. Such tradeoffs are also discussed in the
preceding king scheme. The focus, so far, has been on various ways to secure transmissions
using Network Coding while ignoring important aspect of network cost To address network
cost along with security, the literature also suggests some schemes [59], [60]. These schemes
suggest the use of rank matrix codes to decrease network cost.
32
2.5.3 Cryptography – Signature based
The cryptographic method of digital signatures is very useful for authentication. A message is
digitally signed at source and signatures are recomputed at the discretion so an unauthorized
change can easily be detected. In fact some researchers use the digital signature to Secure
Network Coding enabled communication by keeping away the compromised nodes to harm
the network traffic. One of such a scale is presented [28]. Injecting malicious packets also
known as pollution attack have greater consequences.
Oggier et. al. [61] suggests a signature based solution to cancel pollution to reach the
destination. Han et. al. [62] suggested distributed signature schemes against Byzantine
attackers. Boneah et. al. [63] suggested tailor made signature to be used with Network
Coding.
2.5.4 Cryptography – Hash Function Homomorphism
Cryptographic hash functions are widely used to verify integrity of data a file or a message. It
simply relates a value of a fixed length to data or file or message. Hash Homomorphism
allows to compute combined hash of a group of blocks if the hash values of individual block
has already been computed. It is another layer to make hash more computationally strong.
Zaou et. al. in their first kind of use of homomorphic hash function to Secure Network
Coding come to you such hashes at node [29].
2.5.5 Rank Metric Codes
Silva et. al. [60]. This scheme is universal so it can be applied on top of any network and any
network code. It can resist eavesdropping and data injections but without taking care of the
network cost.
2.5.6 Based on Cost Criterion
Tan et. al. suggests the use cost criterion to make linear Network Coding secure [64].
2.5.7 Random Coefficients as a Tool of Security
33
There is a very interesting aspect of Network Coding that at one hand research progresses to
make Network Coding (NC) more secured while at the other hand the Network Coding itself
has certain room to make secured distribution of secret keys in ad-hoc network settings.
Oliveira et. al. [65]make a very clever way to do this .
2.5.8 Quantum Cryptography
Recent advances in quantum cryptography are very useful ensuring data as well as its
cryptanalysis. Quantum Cryptography and its implications are discussed in a separate work as
following [66]. Quantum cryptography has roots in quantum mechanics. The first ever
quantum key distribution scheme was developed by Bennett and Brassard [67]. Owari et. al.
proposes a scheme where information is transmitted in quantum states. This protocol does
not require any authentication in it. It is known as a single shot.
The pros and cons of Secure Network Coding Schemes will be discussed in Chapter-4.
2.6 Computational Intelligence Techniques in Security
In ad-hoc networks security provision is a challenge. In addition to security requirement in
standard networks nodes of these networks also require confidentiality of location, absence of
traffic diversion and fairness of cooperation among themselves. It becomes more challenging
due to the fact that there are very limited resources in terms of better power, processing and
memory.
Computational intelligence refers to models which have ability of learning and adaptation
according to some rules or guidance. Some famous techniques of computational intelligence
include neural networks, fuzzy logic and revolutionary algorithms. Among evolutionary
algorithms, the most common are Genetic Algorithms (GAs), Particle Swarm Optimization,
Ant Colony Optimization and Simulated Annealing.
Computational Intelligence (CI) has potential to address the problems raised in defense and
security domain ranging from physical security to intrusion prevention systems such as
superior video analytics, intrusion detection systems, unmanned underwater vehicles and
buried explosives detection during battlefield. Physical security and surveillance problems
tackled by computational intelligence have better results than traditional techniques.
34
Suspicious activities can be automatically detected near critical infrastructures [68] by
extracting the objects in video frames through background subtraction and classification by
artificial neural network and alerts are generated by examining the behavior of the objects.
Radar signal emitters [69] with particular attributes are detected by artificial neural network
based approach via removing missing values and feed-forwarding neural network for
classification. Cyber security threats and intrusion attacks are common and can be mitigated
by techniques mentioned ahead. Security breaches caused by dangerous Internet locations
[70] classified by learning from allowed and forbidden URL lists. On the basis of
classification decision of denying or allowing new URL is done. Rough Cognitive Networks
(RCNs) based methodologies used to classify network traffic [71] as normal or abnormal and
proved to be competitive model for intrusion detection systems. Advanced Persistent Threats
(APTs) mitigated by semi-supervised classification where anomaly score metric is used to
detect malicious traffic while data labeled by expert humans and classifiers built by using
genetic programming, support vector machines and decision trees.
2.6.1 Major Computational Intelligence Techniques and their uses in Network
Coding
There are very strong reasons to look for alternative method for path finding and other
resource optimization in Network Coding techniques and to secure as ad-hoc nature of
networks where Network Coding techniques could be used.
One of such alternatives is use of Computational Intelligence techniques which provide
approximate solution to various computational problems. These techniques are being used for
various tasks of optimization. Hu used Genetic Algorithms (GAs) in Network Coding [14]
[15]. Nallakannu et al used Particle Swarm Optimization (PSO) for optimal peer selection
during Network Coding enabled communications [16]. He et al proposed a Particle Swarm
Optimization (PSO) based authentication scheme [17]. Sabri used Ant Colony Optimization
(ACO) protocol in Network Coding [18]. Wag used Ant Colony Optimization (ACO) for
resource minimization [19]. Liying Zhang has covered many aspects of Network Coding
using Simulated Annealing [20].
2.6.1.1 Genetic Algorithms
35
Genetic Algorithms (GAs) are being used to solve the problems of optimization in many
domains. For the best and the robust search techniques, Genetic Algorithms (GAs) method is
used in many Network Coding applications. This method is very popular because it is solving
many problems related to multimodal and multidimensional optimization. The Genetic
Algorithm performance increases by some parameters like mutation probability and fixed
crossover. The optimization techniques for nonlinear problems are divided into two
categories deterministic and stochastic.
Deterministic techniques start with search procedure having some guess or clue about
solution. Deterministic techniques are not generic, because these techniques are built to solve
some particular problems.
In the first stage of the Genetic algorithm implementation a binary alphabets strings were
used for the chromosomes. The computational cost of binary alphabets Genetic Algorithm
was very high due to the costs of the deterministic techniques used for optimizations. The
binary Genetic algorithm has some drawbacks and is very difficult for that problem that is
large in search spaces and seeks high accuracy.
To build a Genetic algorithm, for particular problem there are three steps to be needed
solution coding, objective functions and acceptance criteria for resolving that particular
problem.
To highlight use of Genetic Algorithm in Network Coding Problem (NCP), the approach of
[14] as an example case in which a new Genetic Algorithms (GAs) is proposed for NCP to
improve its performance,. The following changes are made in existing algorithms:
New Chromosome Structure: the existing chromosome structures of Genetic Algorithms
(GAs) is based on binary matrix logging the vigorous state of links; which leads to two
problems, the first one is lack of correct/complete information flow on link, which ultimately
appears as absence of identification information of specific protocol and scheme, because of
incomplete information. Second is without correct/complete information flow on links, the
integration of well-suited heuristic rules is not possible. The proposed algorithm is based on
permutation representation and records entire required information of flow on link.
36
Evolutionary operators: The badly designed operators can degrade performance of Genetic
Algorithms (GAs). The permutation representation based proposed algorithm is conveying
the absolute information flow on link, which solves the mutation and crossover problems by
predetermining the link state of network topology.
Inclusion of new Heuristic Rules and integration of existing rules: for the success Genetic
Algorithms (GAs), the heuristic rules plays important role in its application, thus identifying
the kind of rules, and how to integrate them into algorithms effectively are challenging tasks.
The permutation representation makes this algorithm easy to integrate most needed NCP
specific rules along with inclusion of few new rules.
The comparative result shows that the proposed Genetic Algorithms (GAs) outperforms the
existing algorithms, and considered as more fitness function than previous. It not only keeps a
count on target rate and required resources but also considers actually achieved rate in real
environment.
2.6.1.2 Particle Swarm Optimization
To highlight the use of Particle Swarm Optimization (PSO) in Network Coding optimization
scheme described in [17] is leading one. The purpose of this scheme was to introduce a
dynamic authentication scheme for packets during propagation from source to destination
through multiple nodes and this study also provides the idea of batch authentication for
overhead reduction that is the weakness of other existing authentication techniques.
D-Authentication is an efficient solution for Network Coding against pollution attacks along
with collusion among malicious nodes. D-Authentication differs from other schemes by
tolerating collusion among malicious nodes and usage of linear vector subspaces of Network
Coding. It prevents transmission of corrupted blocks to downstream nodes that are, it limits
pollution attacks.
In D-Authentication scheme security against pollution attacks is based on set of verification
vectors dynamically generated by the source, used by participating nodes to verify incoming
packets and are referred as D-Auth vectors. The authenticity of vectors is protected by source
using digital signature.
37
Each participating node maintains two packet buffers, verified and unverified for verified and
unverified packets. Each node buffers the unverified packet into unverified buffer on
receiving and combines them in verified buffer after verification, which then is transmitted
ahead. Once receiving the D-Auth vector, a participating node first verifies the vector using
signature and then it publishes it to neighbors. Node verifies the integrity of corresponding
data block by checking if it holds a mathematical equality.
Further, individual packet authentication can be extended to efficient batch authentication, in
which node verifies the set of coded packets at one time.
In the simulations, the used network consists of 1000 nodes and block size is decided to be
128 with directed random graph topology consists of one source node. The simulator is
round-based, where in each round a node can upload and download the blocks. Malicious
nodes send polluted message on each of their outgoing link in each round and malicious
nodes are selected randomly. In the given setup after applying various schemes such as:
cooperative security and null keys scheme, D-Authentication scheme has given the better
results after averaging the results over several runs.
2.6.1.3 Ant Colony Optimization
There are certain evidences in literature [18-19] which deals with Network Coding multicast
problem. As traditional coding like linear codes work on very complicated mathematical
structures involving computation over finite field. This consumes both the processing and
buffering resources. Obviously number of coding operations needs to be minimized, the Ant
Colony Optimization is a feedback or reactive optimization techniques which can reactively
construct solution based on local and global information. It is very useful in the problems
seeking optimization where path finding is required. As Network Coding operations needs to
find all link-disjoint list sub-network so the Ant Colony Optimization (ACO) technique
seems a good option.
2.6.1.4 Simulated Annealing
To see the usefulness of Simulated Annealing (SA) in Network Coding Optimization, the
work of [20] is the first one. Authors in the paper “Research on Network Coding
38
Optimization Using Differential Evolution Based on Simulated Annealing” proposed a hybrid
Differential Evolution (DE) algorithm based on Simulated Annealing (SA) to solve the
Network Coding optimization problem.
Networking Coding is a type of data transfer mode, where the intermediate nodes in the
network forward or copy forward the information of upstream link. It allows intermediate
nodes to mix the information received from incoming links to generate new information and
then forward the newly generated information to downstream nodes. Thus, the intermediate
nodes play the role of encoder. Although Network Coding improves the throughput, load
balancing, and reduces transmission delay, yet it increases the complexity and overhead of
the network due to extra coding operation for information. This makes the Network Coding
an optimization problem about how to seek an optimal Network Coding scheme by
consuming network resources as few as possible.
Kim et al [72] proved that Network Coding optimization problem is NP-hard problem, and
used the Genetic algorithm to solve it. This method is not time efficient and also quality of
solution declines with the increase of problem size. Further, Storm et al [73] proposed
Differential Evolution (DE) algorithm optimization problem. The idea of DE algorithm is to
randomly select multiple individuals to construct difference vector to update the individual
and diversify the search direction of the individual. DE algorithm is a kind of greedy Genetic
Algorithms (GAs) algorithm with elitism. The issue with DE algorithm is its greedy selection
of operations which results in premature convergence of the solution. To maintain the
population diversity and search routes of DE, simulated annealing is introduced into DE to
select the better Network Coding schedule.
2.6.2 Meeting Security Requirements using Computational Intelligence
Recently, secure data transmission over network has become a vital and critical issue due to
increased demand of digital media transmission and unauthorized access of important data
[74].
Cryptography uses mathematical techniques for information security, data integrity,
confidentiality, non- repudiation and authentication. Cryptography is based on concepts of
Encryption and Decryption [75]
39
When data is sent from sender to receiver, the data is converted to some unreadable form
called encryption of data and at receiver side data is again converted to its original form
called decryption of data. Both encryption and decryption process require the key. For
protection of valuable information from unlawful imitation, eavesdropper’s attack and
modification, different types of cryptographic algorithms are designed. There are two major
types of such algorithms: symmetric cryptography [76] and asymmetric cryptography [77]. In
asymmetric key cryptography two different keys are used, one for encryption called public
key and one for decryption called private key. Only one same key is used in symmetric
scheme.
The applications of both schemes differ due to efficiency of scheme; symmetric scheme is
mostly used for encryption of data due to its high performance while asymmetric is often
used for digital signature and distribution of key. Moreover, no any symmetrical ciphering
technique such as AES, DES, Advanced AES, and IDEA has taken any benefit from most
recent advances in information processing technology. Various kinds of modern data
encryption techniques [75,78] are found in the literature.
2.4.2.1 For authentication
The recent trend among authentication mechanisms is using multi factor authentication
methods which may be a combination of any behavior, password and biometric. Another
advancement is the process of continuous authentication. The work presented in [79] focuses
on these line and helps selecting modalities of continuous authentication process by selecting
them adaptively. For selection of such modalities, this work proves that such a model is
promising using Genetic Algorithm technique.
The earlier use of Genetic algorithm is for authenticating images [80]. To do this the authors
[80] randomized the original image using cross over and mutation process of Genetic
Algorithm to form a binary string. The binary string is then passed to a pairing function
which forms the digest of the image. While a secret formed from random permutation act as a
key between both communicating parties. This scheme is collision resistant and gives better
performance than standard authentication scheme.
40
The work in [81] suggests the concept of dual server for authentication. The delegation rights
always remains with the server. Whenever a new node joins it is treated as an image of the
first server. The trust is maintained by a node value. This scheme uses the Genetic Algorithm
to find the new node network value.
The approach discussed in [82] is hybrid in the sense that it uses benefits of Genetic
Algorithms (GAs) and Particle Swarm Optimization for Public Key Cryptographic scheme.
This is because of fast and easy implementation of Particle Swarm Intelligence. Particle
Swarm Optimization (PSO) alone are fast and easy to implement along with memory ability
while genetic Algorithm has advantage of sharing information be a set of chromosomes to
reach an optimal solution. The purpose to use this combined approach here is to generate
strongest key from a set of stronger set of keys.
As far as other use of other Computational Intelligence techniques like Ant Colony
Optimization techniques and Simulated Annealing in provision of user authentication in ad-
hoc environment is concerned, there is no significant contribution from literature.
2.4.2.2 for confidentiality
Computational Intelligence techniques are workable for providing data confidentiality. There
is use of Genetic Algorithm in [74,83]where an image is encrypted using a pseudo random
sequence (chaos) for throughput limiting applications.
As far as other use of other Computational Intelligence techniques like Ant Colony
Optimization techniques, Ant Colony Optimization and Simulated Annealing in provision of
data confidentiality in ad-hoc environment, there is no significant contribution from
literature.
2.4.2.3 Both Authentication and Confidentiality
There are certain applications of Computational Intelligence in providing both authentication
and confidentiality of data. The research in [84] provides such a symmetric scheme using
genetic algorithm. First, an encryption algorithm is developed and implemented to achieve
41
the aforementioned purpose. This works in two phases. In first phase plain text is encrypted
with a key. In second phase the cipher text of first phase is encrypted using Genetic
algorithm.
Another scheme [85] presents the usefulness of Genetic algorithm in Key Selection. Whereas
in Key Selection is a process selecting strongest key from a finite search space. The fitness of
key is calculated Pearson’s Coefficient of auto-correlation. The scheme is tested against
frequency and gap attacks.
42
Chapter 3
Materials and Methods
This chapter presents research methodology, its details and rationale of choosing this
methodology explaining theoretical analysis of literature and design of experiment.
Adaptation of a mix of both theoretical and empirical methods of Computer Science research
is a good approach so experiment design, its parameters for performance and comparison of
available tools are described in detail. Explanation of the chosen simulation tools is also part
of this chapter.
The research work of this thesis is mainly based on two methods; first the literature surveys
and second simulation of the proposed work. The experiment is deigned in the form of an
artificial test-bed. This test-bed simulates a communication scenario using appropriate
simulation tools and programming language detail of which are given in relevant sections of
this chapter. The simulation parameter have been selected or derived from literature and
comparative studies.
3.1 Description of Research Questions
Selecting a research methodology is strongly related to the description of research question
that has been raised in section-5 of chapter-1. The research question and related sub
questions are described from the perspective of research methodology in following
paragraphs.
The first question is about development of a coding scheme or modification of some existing
schemes in such a way that the new scheme meets the set of security requirements as well as
it provides maximum benefit of Network Coding? To attempt answer of this question
investigators first need to know what is current state of art in the field of Network Coding
(NC). What are the approaches available in literature to make Network Coding (NC) secure?
What will be constitution of requirements for generic Secure Network Coding Problem?
To investigate the current state-of-the-art of Network Coding, theoretical literature survey is
needed from where some inferences can be made and deep learning of the domain knowledge
can be obtained. By selecting more than a dozen of such schemes, formation of taxonomies
43
and studies on the basis of these taxonomies are helpful. Second and third section of chapter-
2 was mainly focused on this point.
For the investigation of making Network Coding secure, necessary deduction method is
applied on theoretical work by conducting a literature survey of selected schemes. Fifth
section of Chapter-2 was mainly focused on this point.
The second main research question is about finding a way to avail Computational Intelligence
technique to optimize cryptographic algorithms or to find a new way to optimize
cryptographic computation. The answer of this question requires investigators to explore role
of Computational Intelligence in the problem of Secure Network Coding. The study of
Computational Intelligence techniques fulfilling security requirements and performance of
such kind of solutions is necessary before incorporating it in the proposed solution. To
explore the role Computational Intelligence has played in the problem of Secure Network
Coding a survey of the use and application of Computational Intelligence techniques in
provision of data or network security provided in Section-6 of chapter-2 focused this
perspective.
As the field of Network Coding is evolving with the passage of time, the standardization has
yet to come leaving researchers with no standards for security requirements in the case of
Network Coded communications. There is a need to come up with a set of security
requirements at par with that of TCP/IP communications. The deductions from literature
surveys and analogies of related RFCs are used to make the set of security requirement.
Second part of Chapter-4 point towards a blend of some schemes for the sake of security in
chapter-4.
In order to find suitable Computational Intelligence techniques satisfying security
requirements, the best candidates from already existing schemes having the potential for
integration with techniques of Computational Intelligence (CI). In other words, obtaining
solution by combining, either in an appropriate hierarchy or into layers, some schemes or
protocols to make Network Coding (NC) based communication secure. Searching for a
suitable scheme among the already proposed solutions, having potential to give an optimal
solution with some techniques of Computational Intelligence can work better. If so, the
question of performance of such solution will raise later. The simulation method helps to
44
verify the proposed solution and evaluate its performance. The theoretical methods of
security strength are also helpful in this regard.
3.2 Research Methods
As pointed earlier in this chapter, most portions of work presented in this thesis mainly uses
the literature survey and computer simulation methods.
3.2.1 Theoretical Methods
The theoretical analysis of literature includes logical analysis, cognitive synthesis, necessary
deduction, and analogy. The reason to select this method is that it provides deep learning of
these schemes but with a very low possibility of misleading conclusion.
Theoretical fundamentals of Computational Intelligence techniques are studied to see its
potential for provision of optimal solution in cryptography and Secure Network Coding.
Genetic algorithm may be a good point to start with and may lead to develop a solution with
better performance.
The following literature surveys are really important and significant in making further
research contribution:
A comprehensive survey of contemporary Network Coding schemes (section-2.3),
A comprehensive survey of Contemporary Secure Network Coding schemes (section-
2.5), and
A comprehensive survey of Computational Intelligence technique and it applications
in Data Security (section-2.6)
For carrying out following work, deduction and analogies are used.
Deduction of set of security requirements on the basis of literature survey
Development of system model supporting security requirement
3.2.2 Empirical Methods
45
In order to investigate existing models or before proposing a new one, practical evaluation of
these is very helpful in identifying gaps. Empirical research methods are very useful for this
purpose. Simulation method is used for empirically evaluation of research work due to
following reasons:
Standards and many details of Network Coding schemes are not final
Implementing real test-bed costs more.
Executing proposed model on real test-bed can be difficult and time consuming
Repetition of experiments is challenging
Experimenting in real time is difficult to pivot on one aspect and observe others
making it hard to isolate a single aspect.
Hence Simulations are well suited for evaluating coding schemes, protocols and new ideas in
the field of wireless communications. This way enables to look at every aspect and can
isolate one aspect from others, fine tune parameters and reconfigure the model.
Following work is based and computer program and computer simulation methods:
Implementation of solution modeling and analysis
Performance evaluation
The limitations of Simulation method are directly related to the limitation of simulation tool
and the developed model. The major one is the validity of the simulation tool. Others include
managing upper layers and dealing with scalability.
3.3 Experiment Design
For the sake of experiment, Network Coding operations are to be applied at application and
network layer. Coding this layer will introduce less overhead as compared to other upper
layer. Actually Network Coding is not designed keeping in view the OSI model; to
incorporate this in the OSI model a shim layer either above physical layer or somewhere at
higher physical layer so that data can be encoded or decoded soon after the symbols have
been detected.
46
For experiment purpose two scenarios as described later are selected. First scenario is “single
hop” and second is “multiple hops”. In each scenario data is to be sent from source device to
sink device reliably but through a lossy wireless link (characteristics are described in relevant
sections). The sink(s) or receiver(s) may exist in nearby location.
The system under study and its various scenarios are described below:
The butterfly network from literature is adopted. The test-bed contains a multi-hop wireless
communication network for which it is a base model as discussed in [36].
Scenario-A: Single Hop
1. Multicast
Sender sends a 32 byte data in ASCII format stored in a file to nearby nodes.
2. Best effort multicast for multimedia
Sender sends a butterfly image to receiver nodes.
We name this scenario as “Single-hop Butterfly Ad-hoc wireless Network”
Scenario-B: Multi hop
1. Multicast
Sender sends a 32 byte data in ASCII format stored in a file to sink nodes.
2. Best effort multicast for multimedia
Sender a butterfly image to receiver nodes over the multi hop butterfly network.
We name this scenario as “Multiple-hop Butterfly Ad-hoc wireless Network”
The objective of the study is to reliably and securely transmit the data, and observe
performance of implemented models.
The system under study will be using network service like neighbor discovery coding and
decoding services.
The performance metrics include throughput and Bit Error Rate. The parameters that can
control performance are:
47
Packet loss rate
Network Coding rate
Generation size
Galois field size
Number of transmitted packets
3.4 Simulation Tools
There are many software or computer programs or computer tools to simulate experiments in
Communications Networks. For the sake of simplicity and understating there is no any
technical difference between a software, computer tool and simulation tool except the level of
specificity and nature of their uses. As focus is wireless networking specially the broadcast
in ad-hoc wireless network, monitoring network as an abstract model using a computer
simulation tool is useful. Many computer based simulation tools help researchers to design,
configure and test their experiments. For selection of appropriate simulation tools for
experiments, list of available simulation tools along with their current version, license type
and implementation language is given in Table-4. These tools are evaluated by means of their
short description of each of these, the features it supports, easiness of modeling and use; and
its limitations. The purpose of this discussion is to explore each tool so that selection of tools
for work done in this thesis could be justified.
Table-4: List of available simulations tools and their specifications
Tool Version License Type Programming
Language
GloMoSim 2.03 Open source Parsec
J-Sim 2.17 Non-commercial Java
Kodo N/A Open source C++/C
Matlab 8 Commercial
Matlab
Programming
Language
Neco Neco 2.0 GNU Public License
2.0 Python
NetScale 12.2 Commercial xml
48
NetSim 10.2 Proprietary C, Java
NS2 3.27 Open-source C++, Python
OMNet++ OMNet++ 5.3
Released Open-source C++
Opnet 17.5 Commercial C++/Java
QualNet QualNet 8.1
and EXata 6.1. T Commercial Java
WiNeSim N/A Academic Graphical
GloMoSim:
GloMoSim [86] (Global Mobile information System) is a parallel discrete event simulator
network protocol simulator also simulates both wireless and wired network systems. It has
customizable GUI and offers heterogeneous environment.
J-Sim:
J-Sim [87] is simulation tool developed in JAVA. This tool can be used as a component-
based, compositional simulation environment. It has Console and GUI interfaces.
KODO:
Kodo [88] is basically a library having an efficient implementation of many Network Coding
schemes. Although the library has a variety of erasure codes but it's most interesting use is
implementation of many Network Coding schemes. It is available through commercial and
Research license. This library is a part of Steinwurf project. It offers many building blocks
and parameters that can be combined to do custom experimentation. This project offers free
license to researchers for evaluation and other research and development purposes
Matlab/Octive
A simple Matlab based Network Coding simulator [89] developed by Chamitha de Alwis. It
performs Network Coding on a butterfly network. It gives facility to change a limited set of
parameters.
49
NS-2:
NS-2 [90] is a discrete event network simulator. This tool is used to define topology, develop
a model, configure a node and link, execute the model, analyze performance and visualize
results in the form of graphs. Apparently it seems complex and time consuming as it does not
have Graphical User Interface (GUI) and one has to learn TCK to work with it.
NECO
NECO [91] is also a discrete event simulator specifically designed for Network Coding. It
has the ability to define topology, modularly specify the Network Coding protocol and to
visualize network operations. It also has a seamless statistic module. Though it available
freely and it functionality can be extended by adding Python scripts however its utilization in
Network Coding research could not be found.
NetSim:
NetSim [92] is a network discrete event simulation software and it is used for protocol
modeling, with great depth, high power and greater flexibility. It can create network scenarios
using NetSim’s GUI or XML configuration files. It has ability to interface with external
programs and modeling can also be done through XML configuration file
OMNet++:
OMNeT++ [93] (Objective Modular Network Test-bed in C++) is a generic modular
simulation framework. Experiment designers can use this to define topology, develop a
model, configure a node and link, execute the model, analyze performance and visualize
results in the form of graphs. It has GUI for simulation execution, links into simulation
executable and command-line user interface for simulation execution. Working in this is
relatively easy.
Opnet:
OPNET [94] simulator can simulate the behavior and performance of almost any type of
network. It has many built project scenarios.
QualNet:
The QualNet [95] network simulation software robust tool. It is used for both wired, wireless
networks and hybrid network. It offers optimal speed for scalability. Experiment designers
50
can use this to simulate high-fidelity models. Modification is not easy as it does not provide
access to source code.
WiNeSim
WiNeSim [96] is a simulation tool to model Wireless Networks with provision to attack
network. Experiment designers can quickly configure this using GUI. It has some pre-
implemented components of OMNeT++.
The factors that are required for selection of a simulators, computer programs and language
or environment are availability, easiness of uses, adaptability by research community and
efforts in terms of learning and implementation time. Among all of these NS-2 is old and
mature for WSN in this field. For the sake of this research presented in this thesis uses a
Matlab based simulator and Kodo library to implement Network Coding as it is easy to
implement. The Matlab based code is being run on Octave [97] under GNU while an
academic license has been obtained from Kodo to use it for research experiments.
51
Chapter 4
Results and Discussions
This chapter presents detailed comparison of Secure Network Coding schemes. Later, the
discussions are made on the basis of inference technique. Twelve schemes of Secure
Network Coding Schemes from the published research work are selected. The objective of
this comparative study is to find suitable candidate schemes, which in a form of combination
or in some structured or in a certain hierarchy gives a good solution to Secure Network
Coding Problem. The parameters to conduct this comparative study mainly include
confidentiality of data, authentication of message and users and the overall security strength
of a Secure Network Coding scheme. Authentication techniques available for peer-to-peer
system are reviewed to select a potential way of authentication. These reviews suggest a
broader perspective of Secure Network Coding into consideration and conclude with a
recommendation a hybrid Secure Network Coding scheme.
4.1 Comparative Analysis of Secure Network Coding Schemes1
Literature has reported certain limitation of Secure Network Coding schemes [98]. Take the
case of threshold cryptography based Secure Network Coding schemes where an adversary
has access to all k out of n outgoing edges (k shared required out of n shares). If this case
happens then this scheme will not be secured as it is assumed that an adversary has access to
less than k outgoing links [98]. This section provides details of selected schemes and
comparison of the schemes being studied followed by the trade-offs of different
requirements.
4.1.1 Taxonomy of attacks
In order to compare security strength various proposed Secure Network Coding Schemes,
consider taxonomy of attacks given in Figure-12.
1 Some initial findings of this work have been presented in published in proceedings of 2011 International
Conference on Computer and Emerging Technologies (ICCET), Khairpur, Pakistan, 22-23 April 2011 (pp 239-
244).
52
Active Attacks:
Traffic analysis – In straight-forward implementation of Network Coding, the flow of
Network Coded transmission cannot be kept hidden from the intermediate nodes as global
encoding information is available for the assurance that communication reaches its
destination.
Eavesdropping – Network Coding techniques are mostly implemented in wireless
communication. It is due to the open access of wireless medium that this communication is
very much vulnerable to eavesdropping until and unless any protection mechanism like
encryption is applied.
Passive Attacks:
Following are passive attacks to which Network Coding is vulnerable to:
Worm-hole – it is diversion of innovative packets by a compromised node. [99]
Byzantine – An attack where a fully compromised node having arbitrary behavior.
Pollution – It is injection of malicious or unwanted packets by any node of the network.
Wiretapping – It is unauthorized access of a link or a set of links be anyone.
Impersonation – a situation where source node is forged. A fake source acts instead of the
actual source.
Denial of Service (DoS) – It is to slow down the performance or throughput. Though intrinsic
feature of Network Coding discourage DoS in communication using Network Coding,
however a node can generate non-innovative packets (packets that do not increase the rank of
encoding matrix hence they are useless). This is also known as an Entropy Attack [100]. DoS
attacks can also be in following forms:
Jamming – It is bombardment of DoS.
Flooding – Series of DoS so that connection breaks.
Black-hole – A DoS such that node do not forward the received packets.
53
Figure-12: Taxonomy of attack in Network Coding Communications
4.1.2 Selected Schemes
Table-5 shows the name or titles of schemes under study. All of these schemes use
cryptographic approaches which are also mentioned in the table along with the relative
reference. The identity letter has been assigned to each scheme to refer it for the sake of
analysis and comparisons.
Table-5: Schemes under study
No. Identity Approach Name/Title Reference
1 Scheme-A Decentralized
Random Linear
Network Coding
with hash
symbols
Byzantine Modification
Detection in Multicast Networks
[53]
2 Scheme-B Decentralized
Random Linear
Network Coding
Secure Network Coding with a
Cost Criterion
[64]
Attacks in Network Coding
Active
Traffic analysis
Eavesdropping
Passive
Denial of Service (DoS)
Jamming
Flooding
black-hole
Worm-hole Byzantine
Pollution Wiretapping Impersonation
54
with cost criterion
3 Scheme-C standard Network
Coding with
signing subspace
vectors
Signature-based Scheme [101]
4 Scheme-D standard Linear
Network Coding
with
determination of a
rank of matrix
Security for Wiretap Networks
via Rank-Metric Codes
[24]
5 Scheme-E standard Linear
Network Coding
with
determination of a
rank of matrix
Universal Secure Network
Coding via Rank-Metric Codes
[102]
6 Scheme-F standard Linear
Network Coding
with hash
functions
Secure Network Coding Against
the Contamination and
Eavesdropping Adversaries
[103]
7 Scheme-G standard Linear
Network Coding
with random
information and
secret sharing
Secure Network Coding via
Filtered Secret Sharing
[58]
8 Scheme-H standard Network
Coding
A Network Coding Approach to
Secret Key Distribution
[65]
9 Scheme-I standard Network
Coding with
signature
Signatures for Network Coding [104]
10 Scheme-J standard Network
Coding with
lattice signature
(distance between
Secure Network Coding based
on lattice signature
[105]
55
message and its
signature)
11 Scheme-K Standard Network
Coding with light
version of
signatures
Compact Signatures for
Network Coding
[106]
12 Scheme-L Standard Network
Coding with a
method to boost
signatures
Efficient signature scheme for
Network Coding
[107]
13 Scheme-M distributed
polynomial-time
rate-optimal
network codes
Resilient Network Coding in the
presence of Byzantine
adversaries
[108]
14 Scheme-N Standard Network
Coding with a
verification test
for correct coding
by nodes
Going Beyond Pollution
Attacks: Forcing Byzantine
Clients to Code Correctly
[109]
15 Scheme-O Standard Network
Coding with tag
generation
method
MIS: malicious nodes
identification scheme in
network-coding-based peer-to-
peer streaming
[110]
16 Scheme-P Standard Network
Coding with an
identification
method based on
HMAC
A tag encoding scheme against
pollution attack to linear
Network Coding
[111]
17 Scheme-Q Standard Network
Coding with a
MAC function
An efficient signature-based
scheme for securing Network
Coding against pollution attacks
[112]
18 Scheme-R Standard Network
Coding with a
Locating Byzantine attackers in
intra-session Network Coding
[113]
56
linear signature
function
using SpaceMac
This discussion begins with description of each Secure Network Coding Schemes. Then
these schemes are seen in terms of different security requirements like security strength,
confidentiality, authentication etc. The in-depth comparative study of more than a dozen
different Secure Network Coding sachems leads to meet to combine appropriate schemes to
gain good security features using Network Coding.
The scheme-A [53] deals with Byzantine Modification Detection. It considers Single source
multiple sink multicast scenario where an adversary has access to a Subset of packets
transmitted over network. This scheme has been proved to provide Information theoretic
security. The method to secure transmissions involves Decentralized Random Linear
Network Coding with hash symbols. The limitation of this scheme is that at destination one
or more unmodified packets still may arrive.
The scheme-B [64] deals with wiretapping by an adversary. It considers single source
multiple sink multicast scenario where an adversary has access to a subset of packets
transmitted over network. This scheme has been proved to provide Average; probability of
eavesdropping as low as 0.01 security. The method to secure transmissions involves
Decentralized Random Linear Network Coding with cost criterion. The limitation of this
scheme is that A wiretapping adversary has interest for a known subset of transmitted
messages.
The scheme-C [101] deals with modification by malicious nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to a compromised
intermediate node. This scheme has been proved to provide Equivalent to RSA security. The
method to secure transmissions involves standard Network Coding with signing subspace
vectors. The limitation of this scheme is that Adversaries may come in a position to fully
control the compromised forwarders.
The scheme-D [24] deals with wiretapping by an adversary. It considers Single source
multiple sink multicast scenario where an adversary has access to a Subset of packets
57
transmitted over network. This scheme has been proved to provide Information theoretic
security. The method to secure transmissions involves standard Linear Network Coding with
determination of a rank of matrix. The limitation of this scheme is that Whitepaper has access
to a subset of arbitrary chosen links.
The scheme-E [102] deals with wiretapping by an adversary and packet injection by
adversary into the network. It considers Single source multiple sink multicast scenario where
an adversary has access to a Subset of packets transmitted over network and can inject
packets. This scheme has been proved to provide Information theoretic security. The method
to secure transmissions involves standard Linear Network Coding with determination of a
rank of a matrix. The limitation of this scheme is that some information can be leaked but this
is of no use for an adversary.
The scheme-F [102] deals with contamination and eavesdropping. It considers Single source
multiple sink multicast scenario where an adversary has access to a Subset of packets
transmitted over network and can inject packets. This scheme has been proved to provide
Equal to the strength of cryptographic algorithm security. The method to secure transmissions
involves standard Linear Network Coding with hash functions. The limitation of this scheme
is that intermediate nodes have access to the identifiers of the sinks and intermediate nodes
have limited computational power and the number of independent packets available to the
eavesdropper is less than the multicast capacity of the network.
The scheme-G [58] deals with wiretapping. It considers Single source multiple sink multicast
scenario where an adversary has access to a Subset of packets transmitted over network. This
scheme has been proved to provide information theoretic security. The method to secure
transmissions involves standard Linear Network Coding with random information and secret
sharing. The limitation of this scheme is that Filtered secret sharing is unsolvable in certain
cases. Maximum information length can require large field size.
The scheme-H [65] deals with the sharing of secret keys. It considers single source multiple
sink multicast scenario where an adversary has access to a subset of packets transmitted over
network. This scheme has been proved to provide Information theoretic security. The method
to secure transmissions involves standard Network Coding. The limitation of this scheme is
that immune to a single point of failure.
58
The scheme-I [104] deals with authentication and detection of malicious nodes. It considers
single source multiple sink multicast scenario where an adversary has access to a subset of
packets transmitted over network. This scheme has been proved to provide information
theoretic equal to Diffie-Hellman security. The method to secure transmissions involves
standard Network Coding with signature. The limitation of this scheme is that assumption
about availability of a separate secure channel for transmission of hash values in network.
The scheme-J [105] deals with authentication and detection of malicious nodes. It considers
Single source multiple sink multicast scenario where an adversary has access to inject
messages. This scheme has been proved to provide more than RSA security. The method to
secure transmissions involves standard Network Coding with lattice signature (distance
between message and its signature). The limitation of this scheme is that its practical aspects
are not clear.
The scheme-K [106] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to an arbitrary number of d
nodes. This scheme has been proved to provide more than that of Diffie-Hellman security.
The method to secure transmissions involves standard Network Coding with light version of
signatures. The limitation of this scheme is that security condition depends upon a receiving
minimum number of correct packets by sink nodes.
The scheme-L [107] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to a Subset of packets
transmitted over network. This scheme has been proved to provide Information theoretic
security. The method to secure transmissions involves Standard Network Coding with a
method to boost signatures. The limitation of this scheme is that assumption about
orthogonality of vectors.
The scheme-M [108] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to an arbitrary number of d
nodes. This scheme has been proved to provide information theoretic security. The method to
secure transmissions involves distributed polynomial-time rate-optimal network codes. The
limitation of this scheme is that require modification at source and destination nodes.
59
The scheme-N [109] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to an arbitrary number of d
nodes. This scheme has been proved to provide Information theoretic security. The method to
secure transmissions involves Standard Network Coding with a verification test for correct
coding by nodes. The limitation of this scheme is that use of 1024-bits integrity signature.
The scheme-O [110] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to an arbitrary number of d
nodes but server is trusted. This scheme has been proved to provide information theoretic
security. The method to secure transmissions involves Standard Network Coding with tag
generation method. The limitation of this scheme is that trusting a server makes it single point
of failure.
The scheme-P [111] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to an arbitrary number of d
nodes but server is trusted. This scheme is proved to provide information theoretic security.
The method to secure transmissions involves Standard Network Coding with an identification
method based on HMAC. The limitation of this scheme is that all time availability of KDC.
The scheme-Q [112] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to an arbitrary number of d
nodes. This scheme has been proved to provide Information theoretic security. The method to
secure transmissions involves Standard Network Coding with a MAC function. The
limitation of this scheme is that assumption that each message is appended with
its encoding vector.
The scheme-R [113] deals with pollution by Byzantine nodes. It considers Single source
multiple sink multicast scenario where an adversary has access to an arbitrary number of d
nodes. This scheme has been proved to provide Information theoretic security. The method to
secure transmissions involves Standard Network Coding with a linear signature function. The
limitation of this scheme is that low performance when there is lesser number or no attacks.
60
There is yet another case where network has links of unequal capacities. One scheme
suggested in [114] take into account this case and proves that cut-set bound is not
achievable.
Classification, Comparisons and Trade-offs
Eighteen sachems of Secure Network Coding are analyzed. These have been assigned an
English letter identity as shown in first column of Table-5. So for simplicity a scheme is
referred as a scheme with the respective English letter identity.
In Figure-13 Venn’s diagram is used to see if these meet following security requirement(s):
Confidentiality
Authentication
Both confidentiality and authentication
As it can be seen in Figure-13 that most of the schemes depends upon authentication
mechanism to cope attacks lake fabrication, traffic injection etc. The list of attacks
encountered by each scheme is given in Table-6. In addition to encountered attacks, Table-6
also lists whether or not a scheme focuses confidentiality or authentication and what is its
related security strength.
Confidentiality
Only
{B, D}
Confidentiality
and
Authentication
Both
{E, F, G, H}
Authentication
Only
{A,C, I, J, K, L,
M, N, O, P, Q, R}
61
Figure-13: Security Requirements met by selected schemes
Table-6: Comparison of different schemes to Secure Network Coding
Schemes Countered
Attacks
Confident
iality
Authenti
cation
Security Strength
A Byzantine modification
pollution attacks
No Yes Information theoretic
B Wiretapping by an
adversary
Yes No Average; probability of
eavesdropping as low as
0.01
C Modification by malicious
nodes
No Yes
Equivalent to rsa
D Wiretapping by an
adversary
Yes
No Information theoretic
E Wiretapping by an
adversary and packet
injection by adversary into
network
Yes Yes Information theoretic
F Contamination and
eavesdropping
Pollution, wiretapping
Yes
Yes Equal to the strength of
cryptographic algorithm
G Wiretapping
Pollution
Yes Yes Information theoretic
H Sharing of secret keys Yes Yes Information theoretic
62
I Authentication and
detection of malicious
nodes
No Yes Information theoretic
equal to diffie-hellman
J Authentication and
detection of malicious
nodes
No yes More than rsa
K Pollution by Byzantine
nodes
No Yes More than Diffie-Hellman
L Pollution by Byzantine
nodes
No Yes Information theoretic
M Pollution by Byzantine
nodes
No Yes Information theoretic
N Pollution by Byzantine
nodes
No Yes Information theoretic
O Pollution by Byzantine
nodes
No Yes Information theoretic
P Pollution by Byzantine
nodes
No Yes Information theoretic
Q Pollution by Bazantine
nodes
No Yes Information theoretic
R Pollution by Byzantine
nodes
No Yes Information theoretic
There are two main methods to make Network Coding secured. First method, which is known
as Inner Codes requires reconstructing or modifying an existing code in such a way that, the
reconstructed code or modification of previous scheme, now meets the security requirement.
The second method known as Outer Codes requires appending or combining some security
63
mechanism without any change to coding scheme to gain benefits of Network Coding. Table-
7 shows which schemes are Outer Codes and which are Inner Codes among scheme all the
schemes being studied. Here it can be clearly seen that most of the schemes are Outer Codes.
Only four out of eighteen schemes are Inner Codes. The reason for this can be the ease of
implementation and adoptability of a solution as a universal solution so that new solution can
be applied without modification of previous one.
Table-7: Inner vs Outer Codes
Inner Codes Outer Codes
A, B, G, M C, D, E, F, H, I, J, K, L, N, O, P, Q, R
Table-8 summarizes grouping of the schemes under study on the basis of encounter attacks.
Here it can easily be seen that most of the work is focused on Byzantine attacks.
Table-8: Grouping of schemes on the basis of encountered attacks
Sr. Attacks Schemes
1 Byzantine
Modification
A
2 Disclosure B, F
3 Pollution C, E, G, H, I, J, K, L, M, N, O, P, Q, R
4 Wiretapping D, E
5 Eavesdropping G, H
6 All of above H
As every scheme is with certain assumptions and limitations, a list of major limitation of each
scheme is given in Table-9.
Table-9: Limitations of Schemes under Study
Scheme Limitations
A At destination one or more unmodified packets still may arrive.
B A wiretapping adversary has interest for a known subset of transmitted
messages.
C Adversaries may come in a position to fully control the compromised
64
forwarders.
D Whitepaper has access to a subset of arbitrary chosen links.
E Some information can be leaked but this is of no use for an adversary.
F Intermediate nodes have access to the identifiers of the sinks and intermediate
nodes have limited computational power.
G The number of independent packets available to the eavesdropper is less than
the multicast capacity of the network.
H Filtered secret sharing is unsolvable in certain cases.
I Immune to a single point of failure.
Table-10 shows security strength of each scheme.
Table-10: Security Strength of Schemes under Study
Scheme Security Strength
A At destination one or more unmodified packets still
may arrive.
B A wiretapping adversary has interest for a known
subset of transmitted messages.
C Adversaries may come in a position to fully control the
compromised forwarders.
D Whitepaper has access to a subset of arbitrary chosen
links.
E Some information can be leaked but this is of no use
for an adversary.
F Intermediate nodes have access to the identifiers of the
sinks and intermediate nodes have limited
computational power and The number of independent
packets available to the eavesdropper is less than the
multicast capacity of the network.
G Filtered secret sharing is unsolvable in certain cases.
Maximum information length can require large field
size
H Immune to single point of failure.
65
I Assumption about availability of a separate secure
channel for transmission of hash values in network
J Its practical aspects are not clear
K Security condition depends upon a receiving minimum
number of correct packets by sink nodes
L Assumption about orthogonality of vectors
M Require modification at source and destination nodes
N Use of 1024 bits integrity signature
O Trusting a server makes it single point of failure
P All time availability of KDC
Q Assumption that each message is appended with
its encoding vector
R Low performance when there are lesser number or no
attacks
To discuss Tradeoff following are some attribute of an ideal scheme:
Consume lesser time (time efficient),
Consume fewer resources (resource efficient),
Have no vulnerabilities,
Ease of implementation, and
Good security strength.
The study shows many obvious trade-offs. One such trade-off is between cost and
vulnerability of the network, removing vulnerabilities incurs more network cost. The strength
of security has trade-off with computational overhead, stronger security incurs more
computational overhead. Keeping in view the requirements of application and availability and
amount of resources, the decision is made to choose between Inner Code and Outer Code.
4.1.3 Selecting Cryptographic Techniques in Peer to Peer Systems2
As observed in survey of Secure Network Coding schemes that most attacks are related to
authentication of nodes. To select a vivid authentication scheme to cater impersonation (non-
repudiation), eavesdropping and traffic analysis. In wireless ad-hoc network where Network
2 Some initial findings of this work have been presented in published in proceedings of 4th International
Conference on Computer and Emerging Technologies 2014, Khairpur Pakistan
66
Coding (NC) is applied mostly form peer-to-peer network hence cryptographic authentication
techniques are very common. The question arises with selection of such techniques suitable
for ad-hoc environments with lesser overhead on nodes. Selecting a good technique is an
open question. Use of Keys is widespread as first line authentication solution. The next
challenge in designing such a scheme is to choose the key size and Key exchange protocol.
In this section explore authentication techniques and key management Peer to Peer networks.
Six candidate solutions has been taken into consideration in order to select one to incorporate
in proposed model.
The most viable solutions in literature recommends deploying or assigning a node as third
party in client-server environment. However Peer to Peer environment it is very challenging
due to independence of each node, decentralization and openness. Yet some alternative to
central authority or third party in the form of a self-organized system is available [115].
Threshold cryptography is also suitable for implementation of distributed Public key
Infrastructure [116]. These solutions are viable but need certain improvements in terms of
security strength.
Peers or nodes need a high level of cooperation among themselves and a high degree of
decentralization for formation, maintenance and scalability of the network retaining Equality
and full control of data and resources associated with a node. There may also exist multiple
administrative domains which definitely require mutual work to manage the network.
The architecture of a Peer to Peer system can be partially centralized or totally decentralized.
In partially centralized system, a controller is responsible for management but it is also a
single point of failure in case of any disaster [117]. The controller node act as center node to
form star topology with the help of cooperating nodes. Whereas decentralized approach select
a super peer among themselves for management tasks. Apparently, the decentralized
approach seems better but it is most concerned with scalability issue.
67
There is also a possibility to make peers anonymous using cryptographic techniques for the
sake of content distribution. Assuming ),( EVG as a directed graph, the set of N vertexes V
as;
},,,,{ 321 NvvvvV
and set of links E as;
}:{ VVxxE
A simple Peer to Peer system is shown in Figure-14. Also, it can be seen in this figure that
malicious nodes can temper the security.
For the sake of authentication, peer identity is very important as unique identity is required to
make routing and other services easy. In traditional networks, nodes are identified generally
by using their IP address or sockets (combination of IP address and port number). As a matter
of fact this identification is subject to attack known as Sybil attack [118]. A Sybil attack
allows an attacker to create more than one distinct identity. Some solutions to Sybil attack
require the involvement of certifying authority or proof of work or reputation based and
voting system (e.g. Credence). Obviously these techniques cater the problem but put
computational and communication burden on the nodes thus causing decreased performance,
trust and non-applicability. Using Identity Based Encryption (IBE) makes the generation of
the trusted private key a challenging task. In ad-hoc network implementing Network Coding,
identification is still an open area and is challenging due to broadcast nature of
communications and varying layers of coding.
Integrity and confidentiality is an essential security requirement to assure that nothing has
happened to data during transmission.
Figure-14: A structure of Peer to Peer Network
68
Anonymity is not required in some case but can be desired as a security requirement to avoid
censorship of codes or nodes. Some schemes also suggest anonymity to prevent Byzantine
attacks. As far as anonymity of the content is concerned it may raise some legal and ethical
issues. One such an act could lead to violation Digital Millennium Copyright Act (DCMA)
[119] .
The attention can be made towards self-organized public key certificate system (DHT based)
[120] to get rid of trusted third party (central) and to identify peers. Self-organized public key
certificate system is proposed. In order to do so, each peer has three tables. First, a routing
table (definitely this would not be applicable in case of Network Coding transmissions).
Second, tables acting as certificate register storing hash of user name and respective
certificate. Third, it has a table storing IP record of all user names. In self-organized systems
certificate management is another important challenge due to sudden crash of a peer.
OneSwarm [121] is another protocol to provide privacy and improved performance. It
establishes an overlay of mesh to share public keys and DHT to resolve name conflict. To
locate data source, peers flood object lookups and get data over reverse path thus putting an
overhead. However a congestion aware feature of this protocol helps to reduce the overhead.
Identities are also stored using encryption.
The interesting fact here is that with Network Coding (NC) [122] nodes re-code data during
transmission from one hop to another to improve throughput [122]. There are chances of
incorrect coding and corruption of a data packet if a node becomes malicious. The
homomorphic signature scheme [116] solves this issue by real time verification of encoded
data.
The following procedure is adopted.
Let w be a data chunk such that ),,,,( 11 nmmm wwwww
Then signature σ of w is defined as
))(mod,,,,( 1111 qwswswsws nmnmmmmm
Signature verification is done by checking
g σ= ........1
1
wynmw
nmy
(mod q)
69
Another method is based on Threshold cryptography to setup distributed PKI [115]. It may
perform better than the byzantine agreement approach. The procedure is as under:
1. Generate of public secret key pair (P, S) through distributed Boneh and Franklin
algorithm
2. Share secret key according to homomorphic property of RSA. Generally, if S = (e, m)
denotes the RSA network secret key, pick s shares seee ,, 21 Such that eis
i 1
Identity is a fundamental element of any ad-hoc network to manage trust. On the contrary,
some nodes or user want anonymity. This creates a tradeoff between trust and anonymity.
Pseudo Trust [121] is a protocol attempts to manage trust while maintaining the anonymity.
This is achieved with a generation of un-forgeable and verifiable pseudonym by a using hash
function. This protocol also introduces authentication method using Zero-Knowledge Proof
(ZKP). It does not require a third party. It uses a central site store Pseudo Identity Certificates
(PIC) of peer. Every peer generates its Pseudo Identity (PI) and replaces it with its original
identity. Following is the procedure:
1. Choose two random large prime numbers p1 and p2 and compute n=p1xp2 then PT
adopts slightly modified SHA-1.
2. Initialize (by peer A) an anonymous session (Onion Routes OR) with existing peer
using APFS protocol TA to A,
},...}}{...{,{ATAAA KKmixTOR
And
A to TA
XTAT KKmixTXORAA,....}}{,{...,{
3. Authentication and Session Key Exchange: - ZKP protocol but without central server
is used in PT its strength is based on factoring of large integer. Initiator “I” may
receive multiple responses but it selects only highly reputed responder. For
authentication peer Initiate authentication procedure to verify that peer claiming to be
the holder of R so “I” sends
I---->T1---->TR---->R where T1--->TR is TCP connection and other OR
As reply
R ---ORTR----> TR: PICR, TR, f, response
70
T1 ---OR1----> I: PICR, TR, f, response
This involve mutual authentication i.e. peer “I” proves its identity as well as server R proves
its own identity. For generation of session keys between “I” and R Deffie-Hellman key
exchange protocol can be a good option, DSS could also be used for simplicity. The task of
bootstrap server is to publish a pair {P (512 bit or larger), Q (160 bits)} such that g, g Q =1
mod P. Pseudo Trust chooses AES encryption with key K=gab mod P. For this server R is
required to:
i) Compute a MAC, h(f || k), using hash h(), then
ii) Encrypt the file F attached with MAC into cipher text C and delivers to I
There is always a need of a strong mechanism for node identification and node assignment. A
protocol named Likir [123]makes strong identification of nodes in P2P systems. It assumes
that a user has two things; i) a RSA key pair, ii) openId account. The working procedure is as
under:
1. A node register on a web portal identification and certification. Do bootstrap
procedure and join Likir network.
2. Reputation System (RS) maintens reputation of each node
evidenceX = UserIdX ||content||applicationID
degree of badness D is measured as
D = | {(x, y) |x ∈ Good ∧ y ∈ Bad} |
Likir seems a complete suite to provide authentication and message integrity but with a lot
overhead.
Table-11 shows a comparison of six peer to peer protocols. It considers many important
parameters in the peer to peer systems and ways to address these with focus on cryptographic
techniques. In this regard, the most concerned is the PKI, key management techniques,
cryptographic hash techniques for message authentication and anonymity. Factors like
security strength, self-organization, fault tolerance and anonymity are selected to compare
protocols in the study.
Table-11: Comparison of Peer to Peer protocols
Task Self- OneSwarm Secure Distributed Pseudo Likir [123]
71
Organized
Public Key
Certificate
System
(DHT
Based)
[120]
[121] Network
Coding
[122]
PKI [115] Trust
[121]
Cryptograp
hy
Identifier-
Based
Public Key
Cryptogra
phy
Public Key
Cryptograp
hy,
Symmetric
(During
Transmissi
on)
Public Key
Cryptograp
hy
Threshold
Cryptograp
hy
Identity
Based
Public Key
And
Identity
Based
Cryptogra
phy
Key
Generation
Public-
Private
Key Pairs
By The
User
Public/Priv
ate Key
Pair 1024-
Bit
Public And
Secrete
Key
Public And
Secrete
Key 1024-
Bit
Session
Key,
Deffie-
Hellman
Public,
Private
RSA 1024
Vulnerabilit
y to
Attack(s)
Cybil
(Less)
Collusion
(Less)
Not
Evaluated
For Attacks
Cybil
(Less)
MIMA
Fails, P
Of Reply
Attacks
=2-K
Mitigate
Sybil,
Avoid
MIMA
Authenticat
ion
Yes Yes Not
Defined
Yes Yes Yes
Authenticat
ion
Mechanism
Certificate OpenId
and
Certificate
Data
Confidentia
lity
No Yes Yes Yes Yes Yes
Peer No Yes No No Yes No
72
Anonymity
Key
Distribution
Discrete
Hash
Table
Piggy-
Back On
Social
Networks,
Invitation,
Manually
BitTorrent
Based
Homomorp
hic
Property
Of RSA
Encipherin
g Function
No RSA
DHT For Peer
Organizati
on
For Name
Resolution
Service
Discrete
Logarithm
No No Kademlia
DHT
Signatures
Used
Yes Not
defined
Homomorp
hic
Signature
Scheme
RSA No RSA, IBS
Methodolog
y
Certificate
d Register
Table
Flooding Network
Coding
Sharing
Tree
Hash And
ZKP
Reputation
System
(RS)
Self-
Organizatio
n
Yes No No Yes Yes Yes
Involvemen
t of Trusted
Third Party
No No Yes No No Yes Less
Cryptograp
hic
Algorithm
SHA-1 RSA,
SSLv3,
SHA-1
Linear
Equation(
W = AU)
RSASSA-
PKCS1-v1-
5 and
SHA-1
AES RSA,
SHA-1
Self-
Healing
Yes Yes Depends Yes Yes No
Probability
for
Malicious
C
Cr
N
rr
rNP
2/
2/
kpfP )1(
Not
Defined
Not
Defined
2-K Exist But
Not
Defined
73
Peer
Overlay Chord Mesh Depends Kademlia
(Tree
Structure)
Unstructu
red
Secure
Kademlia
Here is the justification of the chosen parameters:
Cryptography - It looks for the type of cryptography being implied.
Key - It looks for the type, generation and management of keys
Attack - It looks for what type of attacks the protocol can handle or it is vulnerable to.
Authentication - It looks for what sort of authentication is being applied.
DHT - It looks for is there any involvement of Distributed Hash Table (DHT).
Signatures - It looks how the use of signature is fruitful.
Message Route – It looks for if there is any message routing protocols that have higher
throughput.
Self-Organization – It looks for if the system has any self-organization
Involvement of TTP - It looks for if the system has any involvement of TTP
Cryptographic Algorithm – it looks for what sort of cryptographic algorithm is used for
encryption and decryption.
Malicious Peer – it looks for how a malicious node can behave.
4.1.4 Proposed Hybrid Model
A lot of trade-offs have been observed in most of these schemes in the literature survey. One
way to handle trade-offs and get most out of most suitable schemes is combining them in some
way to get almost desired results. One viable solution that uses a layered approach is
suggested here. It combines two already proposed schemes in a way that it serves most of the
security requirements. This approach is shown in Figure-15.
The main idea is to separate key distribution from actual data transmissions. To do this, it is
suggested that first start the bootstrapping process and distribute keys using scheme suggested
74
in [65] . After that use the outer coding scheme proposed in [124] . The evaluation of this
model shows positive results.
Figure-15: A hybrid model
By bootstrapping is the process through which a node gets familiarization with other nodes or
its neighbors [125].
There is a need to describe a generic set of security requirements for Network Coding
protocols and systems. This work will serve two fold, first it may be used as a reference
material for current Network Coding protocols and systems analysis; second, it will serve as
guidelines for extension design and new, more secure, Network Coding protocols and
systems. This part of work also provides a contrast and similarity of these requirements with
those that are recommended for routing protocols by Internet Engineering Task Force (IETF).
4.2 A System Model for Incorporating Secure Network Coding in Existing
Networks
Now, it has been convinced that Network Coding (NC) protocols provide better congestion
control and reliability as compared to traditional routing protocols. These protocols/schemes
are responsible for distributing information to destinations attached to the network using the
75
unicast or broadcast nature of the channel[126]. The operating principle of Network Coding
[2] is as simple as coding or mixing packets and then unicast or broadcast them to next hop
node(s) instead of routing them to a predefined node as it happens in case of routing. This
process begins at a sender node where packets from same flow or multiple flows are coded.
At intermediate or forwarder node(s) these packets are decoded and then encoded. This
process is repeated until the transmitted packets reach destination or sink node(s). The
decoding information either travels with the coded packets or is available to all nodes by
some predefined mechanism so Network Coding is vulnerable to threats and attacks that can
harm intermediate nodes or coding operations as a whole. It is very important to identify
threats that can affect NETWORK CODING performance and hence limit the benefits
offered by it. For example, if a node drops the packets it received from predecessor node then
it may result in loss equivalent to half of the throughput [127].
4.2.1 The Need and motivation for a System Model
Network Coding can be discussed with respect to routing. Routing, being a well-established
and well implemented field, has lots of standardizations by Internet Engineering Task Force
(IETF). Request for Comments (RFCs) are available that play a role in the standardization of
routing and other mechanism in traditional store-and-forward networks. To best of
knowledge of the author, no work has been done on these notions in Network Coding.
To streamline the security aspects of Network Coding in the context of system aspects of a
protocol. This work as on lines of IETF presents a generic outline of threats to Network
Coding enabled communications and provides a generic set of security requirements to cope
with those security threats.
A number of Network Coding schemes and protocols have been suggested in literature [43,
127,128,129]. As these schemes are vulnerable to threats (e.g wiretapping, pollution attacks
etc.), a new paradigm of Network Coding Schemes called Secure Network Coding schemes
evolved to counter some of those threats [58,121]. In literature Network Coding schemes are
classified as state aware and stateless [64]or as intra flow and inter flow [51]. Both these
classifications draw the divide line on the level of complexity. There are certain Network
Coding Protocols that do not take into account the network state information (for example
RLNC[43]) and provide some built in security against impersonation attacks but not against
76
other types of attacks. Another class of Network Coding protocols that do take care of
network state information exploits opportunistic coding benefits so as to provide better
performance. According to another classification, some protocols mix packets of single flow
stream called intra-flow while other mix packets from multiple flows called inter-flow
protocols. If one sees at a glance on these protocols, one may come across the understanding
that these protocols may deviate slightly in terms of security requirements. The analysis and
comparisons of those Network Coding protocols/schemes in previous work [122]. None of
them is completely secured against all threats reported so far in literature. There are a few
articles written so far that give insight to the type of attacks, their description, their effect,
consequences and proposed solution to them in some cases[7,8] and no consideration has
been paid to generic case. So, there seems a lack of generic security requirements that should
be kept in mind while designing such protocols.
Throughout this text, words in capital letters and security terminologies are to be interpreted
as described in RFC 2119 [131] and RFC 2828 [132], respectively.
Assumption, definitions and Network Coding System model and its overview; and general
requirements to secure Network Coding protocols and systems are described in this section of
chapter.
4.2.2 Definitions, Assumptions and Protocol Model
To formalize the generic security requirements, the underlying definitions, assumptions and
system model are described as below:.
Assumptions
Only those protocols/schemes are considered which are correctly implemented and do not
consider the problems/actions due to poor implementation. In fact poor implementation
makes the protocol/scheme more vulnerable.
Definitions
Network: A well connected set of nodes G(V,E), where E is the set of links and V is the set
nodes.
77
Path: A path Network Coding based communication is a list of successive intermediate
systems through which the destination can be reached insuring the maximum flow.
Path Properties: Path properties may be obtained from the network information given as
G(V,E). In Network Coding the data dissemination is not path specific so it can be the
properties related to intermediate nodes. This can be done with help of trust model by
declaring a value of trust level.
Trusted Node: A node is trusted if it belongs to same control plane or has some agreement of
trust.
Evaluated Node: A node is evaluated if its trust of that node is evaluated on the basis of path
properties.
Expected Node: A node is expected if it provides path properties but no certainty.
Hazardous Node: A node is hazardous if path properties are not correct.
Encoding/Decoding Information: Information in any form useful for encoding and decoding
of other information.
Eavesdropping: It is accessing of flow on all links or its subset to find some coding/decoding
information, data etc. it can be an internal or external eavesdropping.
Byzantine Attacks: all attacks caused by an adversary node that mimic to a legitimate node.
Arbitrary sort of behavior is expected from such a node.
4.2.2 Network Coding Protocol: System Model
A generic system model for Network Coding protocols is presented here. This model can
support intra-flow, inter-flow, state aware and stateless protocols. It has three major
components as shown in Figure-16.
Network Information maintenance Component: This component keeps updates and maintains
information related to network nodes in the range.
78
Coding/Decoding Information Component: This component takes care of information
necessary for decoding and coding of packets at a node.
Layer Coordination Component: This component coordinate with lower/upper layers to
deliver, send, receive and forward a data or information message.
In case of stateless protocol the Network Information maintenance component is treat as
NULL.
4.2.3 Threat Model
Threat Sources: The threat source can be any of the components of system model as shown in
Figure-16. At each component, there can be an adversary with following assumptions:
Malfunctioning of coding/decoding information,
To disturb or kill neighboring nodes or nodes in its range,
To get something useful for itself.
The adversary (legitimate or illegitimate) can be equipped with following powers:
o Inserting a false packet,
o Computing power,
o Falsifying data and
79
o Taking control of a node.
4.2.4 Proposed System Model for a Secure Network Coding Protocol
There are two major categories of threats to Network Coding based communications at macro
level; first Eavesdropping and second Byzantine attacks. If micro perspective is taken,
following threats are expected for Network Coding Protocols
Threats to Network Information Maintenance Component are Network Information
Falsification, Network Information Modification and Wormhole attacks.
Network Information Falsification: An adversary node provides false information about links
next to it.
Network Information Modification: An adversary forwarding node provides modified link
state information.
Wormhole: Upon compromise, an adversary node shows a link as persistent but actually that
Figure-16: A system model for Secure Network Coding
80
link does not exist.
Threats to Coding/ Decoding Information Component can be Falsification, modification and
dropping of such information.
Threats to Layer Coordination component can be in form of Acknowledgement (ACK)
injection, dropping, modification and delay.
There are some other threats that occur when a node is totally compromised. These are
Pollution attacks, Packet Dropping attacks and Blackhole attacks.
Packet Pollution: In Packet Pollution, an attacker node injects corrupted packets.
Packet Dropping: A compromised node does not forward packets some of packets being
received by it.
Blackhole: A compromised node that denies forwarding the received packets at all.
4.2.5 Threats Importance and Actions
Taking into account the cost of loss of threats there shall be some consequence of threats.
These consequences are well known in literature and are named as Usurpation, Deception,
Disruption and Disclosure in the order of their importance.
There is a need to set security requirements such that they deal with prevention against the
conditions of consequences. This prevention may be against the existence of threat sources
and detect if there is some attack(s).
The actions that can result into usurpation are all falsification attacks. Any sort of pollution
attack, dropping or modifying a packet or ACK and wormhole would cause deception.
Injecting false packets will overload the node and hence cause disruption. All eavesdropping
attacks results into disclosure.
81
4.3 Generic Security requirements
Generic Requirements for Network Coding are listed blew. These are listed as a main
requirements (MR) then each MR is followed by sub requirements.
The First main requirement is:
MR(1) Correct coding/decoding information SHOULD be made available for the
encoding/decoding OR forwarding at a node. This process MUST be completed in time-
efficient manner.
Its sub requirements are:
MR(1.a) When encoding/decoding information is unavailable or incorrect, the first main
requirement means that a correct decoding information SHOULD be made available, either
through the use of another protocol or it SHOULD be discarded.
MR(1.b) When decoding information is available and correct, the first main requirement
means that misuse of the encoding/decoding information SHOULD NOT jeopardize
decoding information availability or correctness, as this would also compromise correct
forwarding.
The second main requirement is:
MR(2) The intermediate node MUST ignore the packets irrelevant to it.
The third main requirement is:
MR(3) The Network Information SHOULD be available in time-efficient manner provide
opportunistic coding.
4.4 Implementing Secure Network Coding using Computational Intelligence
Among many other Computational Intelligence approaches and set of evolutionary methods,
Genetic Algorithms (GAs) are being applied as it is being used to solve many problems by
modeling simplified genetic processes and are considered as a class of optimization
82
algorithms. By using Genetic Algorithm the strength of the key is improved that ultimately
make the whole algorithm strong enough. This chapter describes implication of Genetic
Algorithms (GAs) to provide security and its adaptation in to make Network Coding secure.
4.4.1 Implication of Genetic Algorithm in Cryptography to Enhance Security
Symmetric and asymmetric cryptosystems are not suitable to provide high level of security in
every application and environment. Modern hash function based systems are better than
traditional systems but the complex algorithms of generating invertible functions are very
time consuming. In traditional systems data is being encrypted with the key but still there are
possibilities of eavesdropping the key and altered text. Therefore, key must be strong and
unpredictable. A method which takes the advantage of theory of natural selection is chosen.
There are many applications of Genetic Algorithms (GAs) for optimization [6]. In the
proposed method, data is encrypted by a number of steps. First, a key is generated through
random number generator and by applying genetic operations. Next, data is diffused by
genetic operators and then logical operators are performed between the diffused data and the
key to encrypt the data. Finally, a comparative study has been carried out between the
proposed method and two other cryptographic algorithms. It has been observed that the
proposed algorithm has better results in terms of the key strength but is less computational
efficient than other two.
Cryptography uses mathematical techniques for information security, data integrity,
confidentiality, non- repudiation and authentication. Cryptography is based on concepts of
Encryption and Decryption [74]. When data is sent from sender to receiver, the data is
converted to some unreadable form called encryption of data and at receiver side data is again
converted to its original form called decryption of data. Both encryption and decryption
processes require the key. For protection of valuable information from unlawful imitation,
eavesdropper’s attack and modification, different types of cryptographic algorithms are
designed. There are two major types of such algorithms: symmetric cryptography [76] and
asymmetric cryptography [77]. In asymmetric key cryptography two different keys are used,
one for encryption called public key and one for decryption called private key. Only one
same key is used in symmetric scheme.
83
The applications of both schemes differ due to efficiency of scheme; symmetric scheme is
mostly used for encryption of data due to its high performance while asymmetric is often
used for digital signature and distribution of key. Moreover, no any symmetrical ciphering
technique such as AES, DES, Advanced AES, and IDEA has taken any benefit from most
recent advances in information processing technology. Various kinds of modern data
encryption techniques [78] are found in the literature. Genetic Algorithms (GAs) [133] are
among such techniques.
Genetic Algorithm is kind of adaptive search algorithms which make use of the mechanics of
natural selection and genetics. Genetic Algorithms (GAs) is part of Evolutionary Algorithms;
which are used to solve optimization problems with the help of biological mechanism like
selection, crossover and mutation [134].
The key idea of Genetic Algorithms (GAs) is to imitate the randomness of the nature where
natural selection process and behavior of natural system make population of individuals able
to adapt the surrounding. The survival and reproduction of the individuals is supported by
exclusion of less fitted individuals. The population is generated in such a way that the
individual with the highest fitness value is most likely to be replicated and unfitted individual
is discarded based on threshold set by an iterative application of set of stochastic genetic
operators[135].
84
Figure-17: Flow Chart of Genetic Algorithm
Genetic Algorithm performs following operations to transform the population to new
population based on fitness value:
1. Crossover is a genetic operator which joins two chromosomes to form a new
chromosome. The newly generated child chromosome is composed of chromosomes from
each parent.
Crossover is classified as single point, two point and uniform crossover.
Crossover
Initial Population
Selection
Mutation
One Generation
85
In Single Point only one crossover point is selected to generate new child (Figure-18).
In Two Point crossover two crossover points are selected to generate new child (Figure-
19).
In Uniform crossover bits are selected uniformly from each parent (Figure-20) [135].
Figure-19: Two Point Crossover
Figure-18: Single Point Crossover
86
Figure-20: Uniform Crossover
2. Mutation: In mutation after crossover at least one bit in each chromosome is changed
(Figure-21). [136]. This is performed to reflect the effect of surrounding in natural
genetic process. There are two major types of Mutation i-e Flipping of Bits and
Boundary Mutation. In Flipping of Bits one or more bits are converted into 0 to 1 or 1
to 0. In Boundary Mutation randomly upper or lower block in swapped in chromosome
[136].
Figure-21: Mutation
3. Selection: In selection, chromosomes are chosen from the population for generation of
new population. The selection is based on fitness value, higher the value more is the
chances to be selected. Selection is classified as Roulette-wheel Selection, Tournament
Selection; Truncation Selection [85].
4. Fitness Function: This is very important function of Genetic Algorithm because good
fitness functions are useful for exploring the search space efficiently and bad fitness
functions are confined to local optimum solution. Fitness Function can be categorized
as Constant fitness function and Mutable fitness function [136].
Key Selection in cryptography is kind of selection problem. The key with highest fitness and
randomness is selected. The applications of Genetic Algorithm are also in search heuristic
87
problems, which make the Genetic Algorithms (GAs) a reliable algorithm for key generation
and data encryption.
The key point of the proposed algorithm is if the quality (randomness) of the pseudorandom
numbers generated for keys is good then the keys generated will always be non-repeating and
purely random and ultimately increase the security and strength of keys.
4.4.1 Comparative Analysis of Method
With the help of Genetic Algorithms (GAs) most of the research has been done by different
researchers in the area of data encryption and key generation. Some of the work is defined in
this section.
Hassan et al [137] have used the concept of encryption and decryption with the help of
Genetic Algorithms (GAs) and RSA. First the key was generated with the help of Genetic
Algorithms (GAs) and then generated key was used in RSA to encrypt the data. In this way
the strong key was generated that was non-repeating too and this was not easy to break. This
algorithm is better in terms of key strength than DES, AES, and RSA etc. Sindhuja et al [138]
has given a symmetric key cryptosystem by applying Genetic Algorithms (GAs). Key matrix
and text matrix were added to create an additive matrix and then substitution cipher was
applied on additive matrix to create the intermediate cipher. Crossover and Mutation were
then applied on intermediate cipher to encrypt the data. This method is simple and easy to
implement.
Aarti Soni et al [139] proposed a new algorithm in which pseudorandom number generator
was used to generate the key. The random number generator used the current time of
computer for random numbers. Then genetic operations were performed on random numbers.
Finally selected key was used in AES symmetric algorithm to encrypt the image. The benefits
of this algorithm were increased efficiency, less computational time and irregularity of key.
The same method of key generation was also followed by Sania Jawed et al [140] but in this,
fitness value was calculated by applying Frequency and Gap test along with hams distance
between the two binary keys. This algorithm was implemented in Java technology where 100
chromosomes, 0.5 mutation rate, 2.5 crossover rate were selected for the algorithm.
88
Narendra K. Pareek et al [141] used the Genetic Algorithms (GAs) for encryption of gray
scale images. The performance analysis of scheme revealed that the algorithm possesses the
good statistical results, key sensitivity and can handle the plaintext attack, brute force attack,
entropy attack and differential attack. Kirshna et al [142] proposed cryptographic algorithm
by using genetic function. In this algorithm substitution matrix and double point crossover
was used to encrypt the data. This algorithm was implemented in Xilinx 13.2 version and
verified using Spartan 3e kit. Almarimi et al [74] dealt with security of electronic data over
network. The proposed algorithm integrated the Genetic Algorithms (GAs) and
pseudorandom sequence for encryption and decryption of data. Random sequence was
obtained by using nonlinear shift register. Time and speed of algorithm were calculated for
observing results.
Swati Mishra et al [85] Public Key Cryptography Using Genetic Algorithm worked to
generate a best fit key which could make code difficult to crack. Fitness of key was
calculated by Pearson coefficient of autocorrelation. Two keys public and private were
generated by using random number generator, crossover and then mutation. Finally Gap and
Frequency tests were applied to select the best sample of key. The process was repeated until
there was no best key. C++ programming was used to implement the algorithm and frequency
was tested by chi-square test.
Ankit et al [136] generated the key for stream cipher with the help of natural selection
process. The genetic operations were repeated until fitness value of any chromosome is less
than threshold. Once completed the final selection of key was done through Genetic
Algorithms (GAs). Selected key was unique and non-repeating. Kalaiselvi et al [143]
discussed the need of adaptive and dynamic cryptographic algorithm to reduce computational
cost and enhance security. In this paper two enhanced AES cryptosystems were proposed by
using Genetic Algorithms (GAs) in SP boxes. AES was modified to accommodate the
nonlinear Neural Network in SP network. This scheme ensured the increased security against
timing attacks and reduction of computational time.
Subhajit et al [144] encrypted an image by using genetic algorithm. Then statistical test was
performed to visualize the feasibility of solution. Jhingran et al [134] conducted survey on
applications of genetic algorithm in the field of cryptography. The work done by researchers
has impressive results but each research work has used some existing cryptographic
89
algorithm in combination with genetic operators. The motivation is to create novel
cryptographic algorithm with the help of Genetic operations, which is easy to implement and
secure in terms of key strength and attack time [145].
4.4.2 Proposed Algorithm
The proposed algorithm is named as Genetic Crypto and is divided into three major steps i-e
Key Generation, Data diffusion and Data Encryption (Figure-22).
Figure-22: Genetic Crypto Flow Diagram
Data Packet
Key Generation
Genetic Crypto
Data Packet
Data Diffusion
Data Encryption
90
The genetic operators are used in both key generation and data diffusion. Initial population is
generated through random number generator. For simplicity one point crossover and bit
filliping techniques are used for Crossover and Mutation respectively. Fitness value of key is
calculated through Shannon Entropy because entropy is one of important feature of
randomness. This algorithm is implemented in C# programing language, .net framework 4.5
in Visual Studio 2012. The interface and example result is shown in Figure-23.
92
4.2.2.1 Key Generation
The Key length can vary between 80-128 bits.
Step KG-1: Sixteen random characters are generated with the help of random number
generator from A-Z.
Step KG-2: Each randomly generated character is converted to binary format (8 bits)
Step KG-3: The result is stored in 2D array data structure.
Step KG-4: Sixteen prime random numbers are generated from 0-100.
Step KG-5: Each randomly generated number is converted to binary format (8 bits).
Step KG-6: The result is stored in 2D array data structure.
Step KG-7: Eight random numbers from 1 to 7 are generated for crossover points.
Step KG-8: The numbers are stored in array data structure.
Step KG-9: One point crossover is performed by taking one parent from array of
random prime number and one parent from array of random characters.
The crossover point is identified from the array of random numbers
generated in Step KG-8.
Step KG-10: Step KG-9 will be repeated until there is parent left for crossover.
Step KG-11: For Mutation, bit flipping mutation is used in which first and
last bit of each chromosome is inverted; means 0 will be converted to 1
and vice versa.
Step KG-12: Step KG-11 will be repeated for all the child chromosomes.
Step KG-13: After Mutation, Fitness function of each chromosome is calculated
through Shannon Entropy.
Step KG-14: Chromosomes with the Shannon Entropy of greater than 0.95 will be
merged and selected as key. If there is no any.
Step KG-15: Chromosome with entropy greater than 0.95 then the whole process will
be repeated again until there is no best fit key.
4.4.2.2 Diffusion of Original Text
Step DT-1: Data is converted to binary format.
Step DT-2: Binary data will be segmented into blocks. Each block size is 8 bits and
number of blocks (chromosomes) is size of data/8.
Step DT-3: The result is stored in 2D array data structure.
93
Step DT-4: Eight random numbers from 1 to 7 are generated for crossover points.
Step DT-5: The numbers are stored in array data structure.
Step DT-6: One point crossover is performed between adjacent parents in array of
binary data. The crossover point is identified from the array of random
numbers generated in Step DT-5.
Step DT-7: For Mutation, bit flipping mutation is used in which first and last bit of
each chromosome is inverted.
4.4.2.3 Encryption of Text:
Step ET-1: Length of key and length of data is calculated first. If any of them has
fewer bits than the other, 0s will be appended from left to make the length
of data and key equal.
Step DT-2: Logical XOR operation will be performed between diffused data and key
bit wise.
Step DT-3: The resulting set of bits is encrypted data.
4.4.2.4 Performance of Genetic Crypto
The proposed algorithm (Genetic Cipher) is compared with DES and AES symmetric key
cryptosystems in terms of encryption, decryption time and key strength. The key strength is
categorized by key search space size means how many alternative keys can be tried to break
the cipher, Attack Scenario means how much time is required by eavesdropper to attack on
data. The Encryption and decryption are calculated by implementing the algorithm and key
strength is in terms of attack time is calculated with help of GRC [146] Interactive Brute
Force key “Search Space” Calculator.
Table-12: Comparison of Genetic Crypto with DES and AES
DES AES Genetic Cipher
Encryption Time 068907 mm 084440 mm 27069 mm
Key Search Space
Size
4.85 * 1028 Keys 2.31 * 1057 Keys 1.11 * 10120
Keys
Attack Time (1000
k/s)
15.41 thousand
trillion days
7.34 hundred million
trillion days
3.53 hundred billion
trillion days
94
Table-12 shows that Encryption time of DES and AES is 068907mm and 084440 mm
respectively while Encryption time of Genetic Cipher is 27069 mm, which is higher than
both. The complex cryptographic algorithms with high provision of security are much better
than simple algorithm with less security in cryptography. This point is evidenced by measure
of key strength. In both categories key search space and attack time the Genetic Cipher
requires much higher time to break than DES and AES.
This Genetic Crypto adopted a new way to encrypt the data i-e using Genetic Algorithms
(GAs). First a key of length between 80 and 128 is generated by applying genetic operations
on randomly generated characters and prime numbers. Shannon Entropy is used to calculate
the fitness value of each chromosome. After key generation, data is diffused again by
applying crossover and mutation on data. At last key and diffused data are XORed for
encryption. The result shows that although the proposed algorithm take little longer
encryption time than DES and AES but the key strength is better than the other two compared
algorithms.
Observing avalanche Effect
The Genetic Crypto exhibits strong avalanche effect. Following is observation made during
experiment to test avalanche property of the algorithm. The test is run on 32-bit block of
plain text.
95
Figure-24: Avalanche Effect on 32 bit block of Plain Text
4.4.2.5 Role of other Computational Intelligence Techniques
There is a research work [147] only focused on evolutionary computation methods. This
section provides the overview of all possible evolutionary computation techniques/methods
such as Genetic Algorithms (GAs), Genetic Programming (GP), Tabu Search (TS), and
Simulated Annealing, which can be applied on modern cryptography. Among these methods,
Genetic Algorithms (GAs) and GP follow natural and biological evolution process of
Humans.
It has been observed that most of the evolutionary computation methods have been applied to
only those conventional systems but they do not have any viable application in real world.
Moreover, it is very difficult either to verify results from these methods or to reproduce them
in a different scenario.
0
5
10
15
20
25
30
35
0 5 10 15 20 25 30 35
Avanlache Effect
96
Figure-25: Evolutionary Computation Methods
Figure-26: Evolutionary Computation Methods in Cryptography
Evolutionary Computation methods
Genetic Algorithms
Genetic Programming
Tabu SearchSimulated Annealing
Evolutionary Computation Methods in Cryptography
ICIGA system
Evolving Hardware for RSA Systems
Finding Cryptographically Sound
Boolean Functions
Evolving Block Ciphers and
Cryptographic Hash Functions
Design of S-boxes
Simulated Annealing for S-
boxes
Genetic Algorithms for
Bijective S-boxes
Genetic Algorithms
for Self-inverse S-
boxes
Optimal Tabu-
genetic algorithm
for S-boxes
Design of Pseudorandom
Sequence
97
A. ICIGA (Improved Cryptography Inspired by Genetic Algorithms) Systems used
crossover and mutation concept of Genetic Algorithms (GAs) for encryption and
decryption, however, neither selection scheme nor fitness function is used. This
system helped in making faster encryption and decryption processes.
B. Evolving Hardware for RSA Systems
Cryptographic hardware circuit can evolve dynamically with respect to its environment by
using GP evolvable hardware methods.
C. Finding Cryptographically Sound Boolean Functions
Boolean function’s important property which is high nonlinearity can be achieved by using
Genetic Algorithms (GAs) algorithm together with hill-climbing techniques, and it can have
suitable results as compared to random search.
D. Evolving Block Ciphers and Cryptographic Hash Functions
GP was used to improve the nonlinearity while developing a block cipher and to reduce the
avalanche effect. They used these techniques and modified the parameter of new blocked
cipher known as Wheedham. Moreover, authors used Wheedham together with Miyaguchi-
Preenel construction to develop a new cryptographic hash function named as MPW-512.
E. Design of S-boxes
Simulated annealing for S-Boxes produces better results than human-made conventional S-
box.
F. Design of Pseudorandom Sequence
Cellular automata rules can be used to generate Pseudorandom number generators which can
be utilized in cryptography, and Genetic Algorithms (GAs) can be used to produce new
cellular automata rules.
4.5 Implementing Genetic Crypto to Secure Network Coding
98
Keeping in view the performance and security strength offered by Genetic Crypto, it will be
used for encryption and decryption requirement in the proposed model. Figure-27 shows the
block diagram of the overall proposed model of Secure Network Coding.
99
Error Control Mechanism (Encoding)
Random Linear Network Coding
Security Encoding/signing
Using Genetic Crypto
Error Control Mechanism (Decoding)
Security Decoding/verification
Using Genetic Crypto
Source
Destination
Error Control Mechanism (Encoding)
Simple Network Coding (XOR)
Error Control Mechanism (Decoding)
Boot Strapping, Key Distribution and Key
management
Boot Strapping, Key Distribution and Key
management
Figure-27: Block Diagram of proposed Secure Network Coding Model
100
The source and intermediate nodes know identifiers of the sinks and source and sink nodes
share symmetric keys to encrypt data as needed.
Boot-strapping
Key Distribution
Apply Random Linear Codes
Encrypt Coefficients using Genetic Codes
Sufficient # of packets
Decode at destination node
Figure-28: Flow diagram of the Overall Process
101
Scenario: Node A and C establishes secure connection through intermediate node B
Bootstrapping
Step E-1: Generating Keys: Generate a set of keys. These key must be statistically
independent.
Step E-2: Assigning Identities: Assign an identity to each node
global_key_identity(32 bits)=node_identity(24 bits)||local_key_identity(8 bits)
Step E-3: Generating OTP: Generate One Time pad (OTP). The size of OTP must
be equal to the size of Key. OTP ~ Bernoulli distribution with probability 0.5
Step E-4: Storing Encrypted Keys: Save (global_key_identifier, E(global_key
XOR OTP, )
Step E-5: Getting Neighbors information: Save |edges-out| keys in each node.
Each node is aware of its own node_identity and local_key_ identity
Key Distribution
Step K-1: Identity: Each node broadcast its identity through broad cast messages
and updates its list of neighbors
Generate a set of keys
Assigning Identities
Generating OTP
Storing Encrypted Keys
Getting Neighbors information
Figure-29: Flow diagram of Bootstrapping Process
102
Step K-2: Broadcasting HELLO message: B broadcast HELLO messages. In
return each node returns (number_of_neigbors, list_of_neigbors)
Step K-3: Look up for the communicating parties: The source looks as if the
destination is in the list_of_neighbors of any node. If so, B sends
global_key_identity of A || global_key_identity of C using Network Coding
operation
Step K-4: Performing Simple Network Coding: A and C performs XOR of the
received information with their own Key to get Key of each other.
This Bootstrapping and Key distribution guarantees that attacker can see keys from the XOR
messages. Any sort of injection can be detected by the legitimate node by rejecting invalid
key.
Applying Outer Codes
Encrypting coefficients using Genetic Crypto and sending through random Linear Network
Codes
A) Source Node
Step OCA-1: Generating data blocks: The source node has n block of data
Broadcasting Identity
Broadcasting HELLO message
Look up for the communicating parties
Performing Simple Network Coding
Figure-30: Flow diagram of Key distribution Process
103
Step OCA-2: Form random linear combinations: It forms a random linear
combination of the n packets (the current generation is set in a packet to be sent; •
Step OCA-3: Making Unlocked Coefficients: Adding unlocked coefficients
Step OCA-4: Making Locked Coefficients: Making global encoding vector using
genetic Crypto
B) Intermediate Node
Step OCI-1: Storing: store the received packets
Step OCI-2: Updating unlocked coefficients: change unlock and locked
coefficients
Step OC-1: Forward: forward the updated packets
C) Sink Node
Step OCS-1: Decoding unlocked coefficients: decode using unlocked
coefficients to get locked coefficients
Step OCS-2: Decrypting locked coefficients:
Step OCS-2: Recover the original message:
Generating data blocks
Form random linear combinations
Making Unlocked Coefficients
Making Locked Coefficients
Decoding unlocked coefficients
Decrypting locked coefficients
Recover the original message
Storing
Updating unlocked coefficients
Forward
Source Node Intermediate Node
Sink Node
Figure-31: Flow diagram of applying Outer Code Process
104
6.4 Evaluation of Proposed Model
For the evaluation following are plotted against number of nodes;
i) Amount of data to be encrypted as compared to tradition encryption
ii) Time taken by encryption decryption process
Figure-32: Amount of data to be Encrypted as compared to Traditional Encryption
Figure-33: Time taken by Encryption and Decryption Process
0 200 400 600 800 1000 1200
Am
on
t o
f e
ncr
ypte
d D
ata
Block Size (K Bytes)
Encrypted load
Encryption load - traditional
0
1
2
3
4
5
6
7
0 200 400 600 800 1000 1200
Tim
e in
mic
ro s
eco
nd
s
Block Size
Time taken by GeneticCrypto (micro seconds)
Time taken by AES (microseconds)
105
4.6 Conclusions and Future Work
Since the field of Network Coding is in its evolution phase, it is expected that its deployment
into commercial products soon. Since 2000 soon after the seminal work of Li et. al. it gained
due attention of researchers. Till now researches have been contributing a lot of schemes
with ever increasing efficiency optimization and mitigation of issues raised therefrom.
4.6.1 Conclusions
Earlier works are focused on the theoretical foundations while later work explored more
practical aspects.
Cross-domain work showed good collaboration among researches as well as industry backed
the research and development.
Some researchers looked at various problems in isolation. The research focus moves from
code construction to optimal practical solutions in simple Network Coding while in Secured
Network Coding it is from simple data confidentiality to a combination of confidentiality and
authentication along with intrusion prevention and detection.
The literature shows a lot of concentration on linear code specially the Random Linear
Network Codes as a significant work on Network Coding revolves around this concept.
There are many polynomial time approximate solutions/algorithms that can solve the problem
of Network Coding and hence the Secure Network Coding paradigm.
The current state-of-the-art Network Coding has been investigated and found that random
linear network codes are the most successful codes so far from the perspective of
implementations.
There has always been some trade-offs. Communication bandwidth, network cost and
security. A detailed comparison of different Network Coding security protocols in terms of
their capabilities has been presented which suggest that none of these serves to give benefits
approximately equal to the benefits of Network Coding alone however it was observed that
tradeoffs between network capacity and bandwidth or network cost and security can be made.
106
A combination of good candidates from the available pool of security scheme may serve the
intended purpose with throughput not equal to the throughput of Network Coding itself but
conceivably greater than the throughput of traditional communication networks.
Many security issues has been focused. Problem formulation, proposed approach and its
methodology suggests that by incorporating computational intelligence techniques
particularly Genetic Algorithms, a Secure Network Coding Scheme meets the generic
security requirements described in section-4.2.
Some of the existing schemes combined in an appropriate settings offered good results. The
model proposed in chapter-4 performed well in terms of security strength and offered better
key management.
Security aspects of Network Coding in the context of system aspects of a protocol makes this
model to support intra-flow, inter-flow, state aware and stateless communications.
A generic set of security requirements for Network Coding protocols and systems is used as a
reference material for current Network Coding protocols and systems analysis; second, it will
serve as guidelines for extension design and new, more secure, Network Coding protocols
and systems. It also provide a contrast and similarity of these requirements with those that are
recommended for routing protocols by Internet Engineering Task Force (IETF).
A new way to encrypt the data i.e. using Genetic Algorithms (GAs) using key of length
between 80 and 128 is and applying genetic operations on randomly generated characters and
prime numbers. Shannon Entropy is used to calculate the fitness value of each chromosome.
After key generation, data is diffused again by applying crossover and mutation on data. At
last key and diffused data are XORed for encryption. The result shows that although the
proposed algorithm take little longer encryption time than DES and AES but the key strength
is better than the other two compared algorithms.
The Genetic Crypto provided security in Network Coding (NC)-based transmission network
to test the proposed model. It was observed model performs well as compared to SPOC[124]
in terms of security strength and better key management.
107
4.6.2 Future Work
Future work can be done in following domains to seek further insight of this work.
4.6.2.1 Efficient Hardware Implementation
Efficient hardware implementation of a cryptosystem is always helpful in provision of fast
and efficient communications. A Genetic Crypto is composed simple computation operations
and offers good security strength so it is a suitable candidate for hardware implementation.
It also seems viable to experiment hardware implement of this model as a specific device that
could be commercialize later as a product.
4.6.2.2 Performance evaluation in Delay/Disruption Tolerant Networks (DTNs)
As many networks of this era are heterogeneous and their all-the-time availability is not
assured so there is need to test such systems in Delay/Disruption Tolerant Networks (DTNs).
For this performance evaluation of proposed model in such an environment could be an
interesting project.
4.6.2.3 More Applications of Genetic Crypto
In the future researchers can work to improve this algorithm for multimedia encryption like
images, video and audio. Efficiency in terms of time will be considered first. From the
evaluation point of view, this genetic cipher can be compared with other cryptographic
algorithms. Also, one can use more statistical techniques for evaluation of key randomness.
4.6.2.4 Use in Defense Applications
There are many situations where deployment of isolated network is required beyond the need
of ad-hoc network or any infrastructure-less environment. Such environment or situations are
need in many classified projects, defense organizations and law enforcement agencies.
108
The proposed work in thesis could be adopted and extended for private networks isolated
from the Internet or usual store and forward based Ethernet networks. It is recommended to
adopt this model along with the use of wifi-direct technology [148].
4.6.2.5 Developing and Incorporating this Work as a Network Service
There are certain proposals to use Network Coding a network service [149]. The proposed
system model has an ability to be implemented by Software Defined Network.
109
References
[1] C. C. E. Leiserson, R. R. L. Rivest, C. Stein, and T. H. Cormen, Introduction to
Algorithms, Third Edition, vol. 7. 2009.
[2] R. W. Yeung, S.-Y. R. Li, N. . Cai, and Z. . Zhang, “Network Coding Theory Part I:
Single Sources,” Found. Trends® Commun. Inf. Theory, vol. 2, no. 4, pp. 241–329,
2005.
[3] S. A. Aly, A. E. Kamal, and O. M. Al-Kofahi, “Network protection codes: Providing
self-healing in autonomic networks using network coding,” Comput. Networks, vol.
56, no. 1, pp. 99–111, 2012.
[4] R. Koetter and M. Medard, “An algebraic approach to network coding,” IEEE/ACM
Trans. Netw., vol. 11, no. 5, pp. 782–795, 2003.
[5] E. Fasolo, “Efficient Data Dissemination Protocols In Pervasive Wireless Networks,”
University of Padova, 2008.
[6] M. Wang and B. Li, “How practical is network coding?,” in IEEE International
Workshop on Quality of Service, IWQoS, 2006, pp. 274–278.
[7] J. Dong, R. Curtmola, R. Sethi, and C. Nita-Rotaru, “Toward secure network coding in
wireless networks: Threats and challenges,” 2008 4th Work. Secur. Netw. Protoc., pp.
33–38, 2008.
[8] L. Lima, J. P. Vilela, P. F. Oliveira, and J. Barros, “Network Coding Security: Attacks
and Countermeasures,” Symp. A Q. J. Mod. Foreign Lit., p. 8, 2008.
[9] N. Cai and T. Chan, “Theory of Secure Network Coding,” Proc. IEEE, vol. 99, no. 3,
pp. 421–437, 2011.
[10] J. E. Rowe, “Genetic algorithms,” in Springer Handbook of Computational
Intelligence, 2015.
[11] “Particle swarm optimization,” SpringerBriefs Appl. Sci. Technol., 2016.
[12] C. Blum and R. Groß, “Swarm intelligence in optimization and robotics,” in Springer
Handbook of Computational Intelligence, 2015.
[13] K. A. Dowsland and J. M. Thompson, “Simulated annealing,” in Handbook of Natural
Computing, 2012.
[14] X.-B. Hu, M. S. Leeson, and E. L. Hines, “An effective genetic algorithm for network
coding,” Comput. Oper. Res., vol. 39, no. 5, pp. 952–963, 2012.
[15] Y. Hongyan, “Network Coding Optimization Method Research Based on Genetic
110
Algorithm,” Appl. Mech. Mater., vol. 644–650, pp. 2059–2062, 2014.
[16] S. M. Nallakannu and R. Thiagarajan, “PSO-based optimal peer selection approach for
highly secure and trusted P2P system,” Secur. Commun. Networks, vol. 9, no. 13, pp.
2186–2199, 2016.
[17] F. D. Ming He, Hong Wang, Lin Chen, Zhenghu Gong, “An Efficient Dynamic
Authentication Scheme for Secure Network Coding.”
[18] D. M. Sabri, “Performance Analysis for Network Coding Using Ant Colony Routing,”
2012.
[19] Z. Wang, H. Xing, T. Li, Y. Yang, R. Qu, and Y. Pan, “A Modified Ant Colony
Optimization Algorithm for Network Coding Resource Minimization,” IEEE Trans.
Evol. Comput., vol. 20, no. 3, pp. 325–342, 2016.
[20] L. Zhang, X. Zhuo, and X. Zhao, “Research on Network Coding Optimization Using
Differential Evolution Based on Simulated Annealing,” in Advances in Swarm and
Computational Intelligence, 2015, pp. 346–353.
[21] S. Y. R. Li, R. W. Yeung, and N. Cai, “Linear network coding,” IEEE Trans. Inf.
Theory, vol. 49, no. 2, pp. 371–381, 2003.
[22] L. Lima, M. Medard, and J. Barros, “Random Linear Network Coding: A free
cipher?,” 2007 IEEE Int. Symp. Inf. Theory, no. 1, pp. 546–550, 2007.
[23] N. de Beaudrap and M. Roetteler, “Quantum linear network coding as one-way
quantum computation,” Tqc’14, p. 17, 2014.
[24] D. Silva and F. R. Kschischang, “Security for wiretap networks via rank-metric
codes,” in IEEE International Symposium on Information Theory - Proceedings, 2008,
pp. 176–180.
[25] S. Y. Cho, C. Adjih, and P. Jacquet, “Heuristics for network coding in wireless
networks,” in WICON, 2007.
[26] Y. Desmedt and Y. Frankel, “Threshold cryptosystems,” in Lecture Notes in Computer
Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes
in Bioinformatics), 1990, vol. 435 LNCS, pp. 307–315.
[27] T. M. J. Feldman C. Stein and R. A. Servedio, “Secure network coding via filtered
secret sharing,” in 42nd Annual Allerton Conf. Commun., Control and Comput.,
Monticello, Illinois, 2004.
[28] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An efficient signature-based scheme for
securing network coding against pollution attacks,” in Proceedings - IEEE INFOCOM,
2008, pp. 2083–2091.
111
[29] Y. Zhou, H. Li, and J. Ma, “Secure network coding against the contamination and
eavesdropping adversaries,” Chinese J. Electron., vol. 18, no. 3, pp. 411–416, 2009.
[30] T. Ho, R. Koetter, M. Medard, D. R. Karger, and M. Effros, “The benefits of coding
over routing in a randomized setting,” in IEEE International Symposium on
Information Theory, 2003. Proceedings., 2003, p. 442.
[31] N. Cai and R. W. Yeung, “Secure network coding on a wiretap network,” IEEE Trans.
Inf. Theory, vol. 57, no. 1, pp. 424–435, 2011.
[32] C. Fragouli and E. Soljanin, “Network Coding Fundamentals,” Found. Trends® Netw.,
vol. 2, no. 1, pp. 1–133, 2006.
[33] H. Yao and E. Verbin, “Network coding is highly non-approximable,” in 2009 47th
Annual Allerton Conference on Communication, Control, and Computing, Allerton
2009, 2009, pp. 209–213.
[34] J. K. Sundararajan, D. Shah, M. Médard, S. Jakubczak, M. Mitzenmacher, and J.
Barros, “Network coding meets TCP: Theory and implementation,” Proc. IEEE, vol.
99, no. 3, pp. 490–512, 2011.
[35] S. Zhang and S. C. Liew, “Applying physical-layer network coding in wireless
networks,” Eurasip J. Wirel. Commun. Netw., vol. 2010, 2010.
[36] P. A. Chou, Y. Wu, and K. Jain, “Practical Network Coding,” in 41st Annual Allerton
Conference, 2003, pp. 1–10.
[37] C. Gkantsidis and P. R. Rodriguez, “Network coding for large scale content
distribution,” Proc. IEEE 24th Annu. Jt. Conf. IEEE Comput. Commun. Soc., vol. 4,
no. C, pp. 2235–2245, 2005.
[38] A. G. Dimakis, P. B. Godfrey, Y. Wu, M. J. Wainwright, and K. Ramchandran,
“Network Coding for Distributed Storage Systems,” Inf. Theory, IEEE Trans., vol. 56,
no. 9, pp. 4539–4551, 2010.
[39] S. Katti, H. Rahul, W. Hu, D. Katabi, M. Medard, and J. Crowcroft, “XORs in the air:
Practical wireless network coding,” IEEE/ACM Trans. Netw., vol. 16, no. 3, pp. 497–
510, 2008.
[40] Y. Z. Zhu, B. Li, and J. Guo, “Multicast with network coding in application-layer
overlay networks,” IEEE J. Sel. Areas Commun., vol. 22, no. 1, pp. 107–120, 2004.
[41] S. Y. R. Li, R. W. Yeung, and N. Cai, “Linear network coding,” IEEE Trans. Inf.
Theory, vol. 49, no. 2, pp. 371–381, 2003.
[42] A. Esmaeili, “Linear network codes on cyclic and acyclic networks,” University of
Victoria, 2016.
112
[43] L. Lima, M. Medard, and J. Barros, “Random Linear Network Coding: A free
cipher?,” 2007 IEEE Int. Symp. Inf. Theory, no. 1, pp. 546–550, 2007.
[44] J. Heide, M. V Pedersen, and F. H. P. Fitzek, “Decoding Algorithms for Random
Linear Network Codes,” in NETWORKING 2011 Workshops, 2011, pp. 129–136.
[45] R. W. Yeung and Z. Zhang, “Distributed source coding for satellite communications,”
IEEE Trans. Inf. Theory, 1999.
[46] R. Bassoli, H. Marques, J. Rodriguez, K. W. Shum, and R. Tafazolli, “Network coding
theory: A survey,” IEEE Communications Surveys and Tutorials. 2013.
[47] S. Katti, H. Rahul, W. Hu, D. Katabi, M. Medard, and J. Crowcroft, “XORs in the air:
Practical wireless network coding,” IEEE/ACM Trans. Netw., vol. 16, no. 3, pp. 497–
510, 2008.
[48] M. Owari, G. Kato, and M. Hayashi, “Single-shot secure quantum network coding on
butterfly network with free public communication,” Quantum Sci. Technol., vol. 3, no.
1, p. 14001, 2018.
[49] N. Chen, Z. Yan, M. Gadouleau, Y. Wang, and B. W. Suter, “Rank metric decoder
architectures for random linear network coding with error control,” IEEE Trans. Very
Large Scale Integr. Syst., vol. 20, no. 2, pp. 296–309, 2012.
[50] M. A. Iqbal, B. Dai, B. Huang, A. Hassan, and S. Yu, “Survey of network coding-
aware routing protocols in wireless networks,” Journal of Network and Computer
Applications, vol. 34, no. 6. pp. 1956–1970, 2011.
[51] P. Garrido, D. Gómez, R. Agüero, and J. Serrat, “Combination of Intra-flow Network
Coding and Opportunistic Routing: Reliable Communications over Wireless Mesh
Networks,” in Proceedings of the 8th International Conference on Simulation Tools
and Techniques, 2015, pp. 191–199.
[52] J. P. Vilela, L. Lima, and J. Barros, “Lightweight security for network coding,” in
IEEE International Conference on Communications, 2008, pp. 1750–1754.
[53] T. Ho, B. Leong, R. Koetter, M. Medard, M. Effros, and D. R. Karger, “Byzantine
modification detection in multicast networks with random network coding,” IEEE
Trans. Inf. Theory, vol. 54, no. 6, pp. 2798–2803, 2008.
[54] A. Shamir and A. Shamir, “How To Share a Secret,” Commun. ACM, vol. 22, no. 1,
pp. 612–613, 1979.
[55] C. Ning and R. W. Yeung, “Secure network coding,” Inf. Theory, 2002. Proceedings.
2002 IEEE Int. Symp., p. 323, 2002.
[56] R. A. S. J. Feldman, T. Malkin, “On the Capacity of Secure Network Coding,” in 42nd
113
Annual Allerton Conference on Communication, Control and Computing, Monticello,
Illinois, 2004.
[57] P. Manhas and P. Kaur, “Secure Network Coding Approach With Distributed
Reprogramming Protocol For Cluster Based Ad-hoc Networks In Dynamic Key
Management Of Wireless Sensor Networks [J],” Perform. Eval., vol. 2, no. 12, 2013.
[58] and R. A. S. J. Feldman, T. Malkin, C. Stein, “Secure network coding via filtered
secret sharing,” in 42nd Annual Allerton Conf. Commun., Control and Comput.,
Monticello, Illinois, 2004.
[59] D. Silva and F. R. Kschischang, “Security for wiretap networks via rank-metric
codes,” in IEEE International Symposium on Information Theory - Proceedings, 2008,
pp. 176–180.
[60] D. Silva and F. R. Kschischang, “Universal secure network coding via rank-metric
codes,” IEEE Trans. Inf. Theory, vol. 57, no. 2, pp. 1124–1135, 2011.
[61] F. Oggier and H. Fathi, “An authentication code against pollution attacks in network
coding,” IEEE/ACM Trans. Netw., vol. 19, no. 6, pp. 1587–1596, 2011.
[62] K. Han, T. Ho, R. Koetter, M. Médard, and F. Zhao, “On network coding for security,”
in Proceedings - IEEE Military Communications Conference MILCOM, 2007.
[63] D. Boneh, D. Freeman, J. Katz, and B. Waters, “Signing a linear subspace: Signature
schemes for network coding,” in Lecture Notes in Computer Science (including
subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),
2009, vol. 5443, pp. 68–87.
[64] J. Tan and M. Medard, “Secure network coding with a cost criterion,” in 2006 4th
International Symposium on Modeling and Optimization in Mobile, Ad Hoc and
Wireless Networks, WiOpt 2006, 2006.
[65] P. F. Oliveira and J. Barros, “A Network Coding Approach to Secret Key
Distribution,” IEEE Trans. Inf. Forensics Secur., vol. 3, no. 3, pp. 414–423, 2008.
[66] G. Abbas and M. I. Nazeer, “Quantum Cryptography and Its Implications,” in First
International Conference on Modern Communication & Computing Technologies
(MCCT’14), 2014.
[67] C. H. Bennett and G. Brassard, “Quantum Cryptography: Public Key Distribution, and
Coin-Tossing,” in Proc. 1984 IEEE International Conference on Computers, Systems,
and Signal Processing, 1984, pp. 175–179.
[68] P. Curtis, M. Harb, R. Abielmona, and E. Petriu, “Classification-driven video analytics
for critical infrastructure protection,” Stud. Comput. Intell., vol. 621, pp. 45–69, 2016.
114
[69] I. Jordanov and N. Petrov, Intelligent radar signal recognition and classification, vol.
621. 2015.
[70] P. De Las Cuevas, Z. Chelly, A. M. Mora, J. J. Merelo, and A. I. Esparcia-Alcázar,
“An improved decision system for url accesses based on a rough feature selection
technique,” Stud. Comput. Intell., vol. 621, pp. 139–167, 2015.
[71] G. Nápoles, I. Grau, R. Falcon, R. Bello, and K. Vanhoof, “A granular intrusion
detection system using rough cognitive networks,” Studies in Computational
Intelligence, vol. 621. pp. 169–191, 2015.
[72] M. Kim et al., “Evolutionary approaches to minimizing network coding resources,” in
Proceedings - IEEE INFOCOM, 2007, pp. 1991–1999.
[73] R. Storn and K. Price, “Differential Evolution -- A Simple and Efficient Heuristic for
global Optimization over Continuous Spaces,” J. Glob. Optim., vol. 11, no. 4, pp. 341–
359, Dec. 1997.
[74] A. Almarimi, A. Kumar, I. Almerhag, and N. Elzoghbi, “A NEW APPROACH FOR
DATA ENCRYPTION USING GENETIC Original Image Pseudorandom Binary
Sequence Generator using GA and Decryption Decrypted Image,” Computer (Long.
Beach. Calif)., pp. 2–6, 2014.
[75] D. R. Stinson, Cryptography: Theory and Practice, vol. 30. 2005.
[76] J. Daemen and V. Rijmen, The Design of Rijndael: AES - The Advanced Encryption
Standard. 2002.
[77] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures
and public-key cryptosystems,” Commun. ACM, vol. 21, no. 2, pp. 120–126, 1978.
[78] W. M. H. Company, Modern Cryptography: Theory and Practice, vol. 170, no. 2.
2003.
[79] A. K. Nag, D. Dasgupta, and K. Deb, “An Adaptive Approach for Active Multi-Factor
Authentication,” 9th Annu. Symp. Inf. Assur., pp. 39–47, 2014.
[80] A. Londhey and M. L. Das, “Efficient Image Authentication Scheme Using Genetic
Algorithms,” in Distributed Computing and Internet Technology, 2017, pp. 172–180.
[81] S. Panda, V. Rajappa, and A. Biradar, “Genetic Algorithm Based Secure
Authentication Protocol With Dual Central Server And Token Authentication In Large
Scale Mobile Ad-Hoc Networks,” in Global Telecommunications Conference, 2008.
IEEE GLOBECOM 2008. IEEE, 2008, pp. 1–6.
[82] S. Jhajharia, S. Mishra, and S. Bali, “Public Key Cryptography Using Particle Swarm
Optimization and Genetic Algorithms,” 2013.
115
[83] A. Kumar and M. K. Ghose, “Overview of information security using genetic
algorithm and chaos,” Inf. Secur. J., vol. 18, no. 6, pp. 306–315, 2009.
[84] S. Mondal and T. K. Mollah, “A Survey on Network Security Using Genetic
Algorithm,” Int. J. Innov. Res. Sci. Eng. Technol., vol. 5, no. 1, 2016.
[85] S. Mishra and S. Bali, “Public key cryptography using genetic algorithm.”
[86] L. Bajaj, M. Takai, R. Ahuja, and K. Tang, “Glomosim: A Scalable Network
Simulation Environment,” Comp. A J. Comp. Educ., vol. 28, no. 1, pp. 154–161, 1999.
[87] P. A. C. S. Neves, I. D. C. Veiga, and J. J. P. C. Rodrigues, “G-JSIM - A GUI tool for
wireless sensor networks simulations under J-SIM,” in Proceedings of the
International Symposium on Consumer Electronics, ISCE, 2008.
[88] M. V. Pedersen, J. Heide, and F. H. P. Fitzek, “Kodo: An open and research oriented
network coding library,” in Lecture Notes in Computer Science (including subseries
Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2011,
vol. 6827 LNCS, pp. 145–152.
[89] Chamitha de Alwis, “Network Coding Simulator.” 2015.
[90] K. Fall and K. Varadhan, “The network simulator (ns-2),” URL http//www. isi.
edu/nsnam/ns, 2007.
[91] Diogo Ferrira, J. Serra, and L. Lima, “NECO.” 2011.
[92] M. Lord and D. Memmi, “NetSim: a Simulation and Visualization Software for
Information Network Modeling,” e-Technologies, 2008 Int. MCETECH Conf. DOI -
10.1109/MCETECH.2008.12, pp. 167–177, 2008.
[93] A. Varga, “OMNeT++,” in Modeling and Tools for Network Simulation, 2010, pp. 35–
59.
[94] S. S. Adarshpal and Y. H. Vasil, “The Practical OPNET User Guide for Computer
Network Simulation Title,” Journal of Chemical Information and Modeling, vol. 53,
no. 9. pp. 1689–1699, 2013.
[95] SCALABLE Networks, “QualNet Network Simulator Software,” SCALABLE
Networks Technologies, 2017. [Online]. Available: http://web.scalable-
networks.com/qualnet-network-simulator-software.
[96] M. Emerson, J. Mathe, and S. Duncavage, “WiNeSim: A Wireless Network
Simulation Tool.”
[97] J. W. Eaton, “GNU Octave and reproducible research,” J. Process Control, vol. 22, no.
8, pp. 1433–1438, 2012.
[98] G. Liu and X. Wang, “Homomorphic subspace MAC scheme for secure network
116
coding,” ETRI J., vol. 35, no. 1, pp. 173–176, 2013.
[99] S. Ji, T. Chen, and S. Zhong, “Wormhole attack detection algorithms in wireless
network coding systems,” IEEE Trans. Mob. Comput., vol. 14, no. 3, pp. 660–674,
2015.
[100] A. J. Newell, R. Curtmola, and C. Nita-Rotaru, “Entropy attacks and countermeasures
in wireless network coding,” in Proceedings of the fifth ACM conference on Security
and Privacy in Wireless and Mobile Networks, 2012, pp. 185–196.
[101] D. Boneh, D. Freeman, J. Katz, and B. Waters, “Signing a linear subspace: Signature
schemes for network coding,” in Lecture Notes in Computer Science (including
subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),
2009, vol. 5443, pp. 68–87.
[102] D. Silva and F. R. Kschischang, “Universal secure network coding via rank-metric
codes,” IEEE Trans. Inf. Theory, vol. 57, no. 2, pp. 1124–1135, 2011.
[103] Y. Zhou, H. Li, and J. Ma, “Secure network coding against the contamination and
eavesdropping adversaries,” Chinese J. Electron., vol. 18, no. 3, pp. 411–416, 2009.
[104] D. Charles, K. Jain, and K. Lauter, “Signatures for network coding,” in 2006 IEEE
Conference on Information Sciences and Systems, CISS 2006 - Proceedings, 2007, pp.
857–863.
[105] S. Tao, P. Hengli, and L. Jianwei, “Secure network coding based on lattice signature,”
China Commun., vol. 11, no. 1, pp. 138–151, 2014.
[106] J. Katz and B. Waters, “Compact Signatures for Network Coding,” Security. pp. 1–14,
2006.
[107] E. Porat and E. Waisbard, “Efficient signature scheme for network coding,” in IEEE
International Symposium on Information Theory - Proceedings, 2012, pp. 1987–1991.
[108] S. Jaggi et al., “Resilient network coding in the presence of byzantine adversaries,”
IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2596–2603, 2008.
[109] R. Popa and A. Chiesa, “Going Beyond Pollution Attacks: Forcing Byzantine Clients
to Code Correctly,” arXiv Prepr. arXiv …, pp. 1–20, 2011.
[110] Q. Wang, L. Vu, K. Nahrstedt, and H. Khurana, “MIS: Malicious nodes identification
scheme in network-coding-based peer-to-peer streaming,” in Proceedings - IEEE
INFOCOM, 2010.
[111] X. Wu, Y. Xu, C. Yuen, and L. Xiang, “A tag encoding scheme against pollution
attack to linear network coding,” IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 1, pp.
33–42, 2014.
117
[112] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An efficient signature-based scheme for
securing network coding against pollution attacks,” in Proceedings - IEEE INFOCOM,
2008, pp. 2083–2091.
[113] A. Le and A. Markopoulou, “Locating Byzantine attackers in intra-session network
coding using SpaceMac,” in 2010 IEEE International Symposium on Network Coding,
NetCod 2010, 2010, pp. 19–24.
[114] T. Cui, T. Ho, and J. Kliewer, “On secure network coding with unequal link capacities
and restricted wiretapping sets,” in 2010 IEEE Information Theory Workshop, ITW
2010 - Proceedings, 2010.
[115] F. Lesueur, L. Me, and V. V. T. Tong, “An efficient distributed PKI for structured P2P
networks,” 2009 IEEE Ninth Int. Conf. Peer-to-Peer Comput., pp. 1–10, 2009.
[116] H. Kang, A. Yun, E. Vasserman, and H. Lee, “Secure Network Coding for a P2P
System,” ACM Conf. \ldots, 2009.
[117] R. Rodrigues and P. Druschel, “Peer-to-peer systems,” Commun. ACM, vol. 53, no. 10,
p. 72, 2010.
[118] K. Zhang, X. Liang, R. Lu, and X. Shen, “Sybil attacks and their defenses in the
internet of things,” IEEE Internet Things J., vol. 1, no. 5, pp. 372–383, 2014.
[119] R. Mansell and W. E. Steinmueller, “Copyright infringement online: The case of the
Digital Economy Act judicial review in the United Kingdom,” New Media Soc., vol.
15, no. 8, pp. 1312–1328, 2013.
[120] K. V. Nguyen, “Simplifying peer-to-peer device authentication using identity-based
cryptography,” in International Conference on Networking and Services 2006,
ICNS’06, 2006.
[121] L. Lu et al., “Pseudo trust: Zero-knowledge authentication in anonymous P2Ps,” IEEE
Trans. Parallel Distrib. Syst., vol. 19, no. 10, pp. 1325–1337, 2008.
[122] M. I. Nazeer and M. S. Shaikh, “Secure Network Coding Schemes: Comparisons and
Broader Perspective,” Sindh Univ. Res. Jour. (Sci. Ser.), vol. 43, no. 1A, pp. 85–90,
2011.
[123] L. M. Aiello, M. Milanesio, G. Ruffo, and R. Schifanella, “An identity-based approach
to secure P2P applications with Likir,” Peer-to-Peer Netw. Appl., 2011.
[124] J. P. Vilela, L. Lima, and J. Barros, “Lightweight security for network coding,” in
IEEE International Conference on Communications, 2008, pp. 1750–1754.
[125] J. R. Vacca, Computer and Information Security Handbook. Elsevier Science, 2012.
[126] J. Sen, “Security in wireless sensor networks,” Wirel. Sens. Networks Curr. Status
118
Futur. Trends, vol. 407, 2012.
[127] J. Dong, R. Curtmola, R. Sethi, and C. Nita-Rotaru, “Toward secure network coding in
wireless networks: Threats and challenges,” 2008 4th Work. Secur. Netw. Protoc., pp.
33–38, 2008.
[128] P. A. Chou and Y. Wu, “Network coding for the internet and wireless networks,” IEEE
Signal Process. Mag., vol. 24, no. 5, pp. 77–85, 2007.
[129] D. Wang, Q. Z. Q. Zhang, and J. L. J. Liu, “Partial Network Coding: Theory and
Application for Continuous Sensor Data Collection,” 200614th IEEE Int. Work. Qual.
Serv., pp. 93–101, 2006.
[130] O. M. Al-Kofahi and A. E. Kamal, “Max-flow protection using network coding,” IEEE
Int. Conf. Commun., 2011.
[131] S. Bradner and H. University, “RFC 2119 - Key words for use in RFCs to Indicate
Requirement Levels Status,” Network Working Group, 1997. [Online]. Available:
https://www.rfc-editor.org/rfc/pdfrfc/rfc2119.txt.pdf.
[132] R. Shirey, “RFC 2828–Internet security glossary, 2000,” URL http//www. faqs.
org/rfcs/rfc2828. html, 2000.
[133] D. E. Goldberg, Genetic Algorithms in Search, Optimization, and Machine Learning.
1989.
[134] R. Jhingran and A. Prof, “A Study on Cryptography using Genetic Algorithm Vikas
Thada Shivali Dhaka,” Int. J. Comput. Appl., vol. 118, no. 20, pp. 975–8887, 2015.
[135] S. Jhajharia, S. Mishra, and S. Bali, “Public key cryptography using neural networks
and genetic algorithms,” in 2013 Sixth International Conference on Contemporary
Computing (IC3), 2013, pp. 137–142.
[136] A. Kumar and K. Chatterjee, “An efficient stream cipher using Genetic Algorithm,”
2016 Int. Conf. Wirel. Commun. Signal Process. Netw., pp. 2322–2326, 2016.
[137] A.-K. S. O. Hassan, A. F. Shalash, and N. F. Saudy, “MODIFICATIONS ON RSA
CRYPTOSYSTEM USING GENETIC OPTIMIZATION,” Int. J. Res. Rev. Appl. Sci.,
vol. 19, no. 2, p. 150, 2014.
[138] S. K and P. D. S, “A Symmetric Key Encryption Technique Using Genetic
Algorithm.” .
[139] A. Soni and S. Agrawal, “Using Genetic Algorithm for Symmetric key Generation in
Image Encryption,” Int. J. Adv. Res. Comput. Eng. Technol., vol. 1, no. 10, pp. 2278–
1323, 2012.
[140] S. Jawaid and A. Jamal, “Article: Generating the Best Fit Key in Cryptography using
119
Genetic Algorithm,” Int. J. Comput. Appl., vol. 98, no. 20, pp. 33–39, Jul. 2014.
[141] N. K. Pareek and V. Patidar, “Medical image protection using genetic algorithm
operations,” Soft Comput., vol. 20, no. 2, pp. 763–772, 2014.
[142] G. M. K. and V. Lakshmi, “A Proposed Method for Cryptographic Technique by
Using Genetic Function,” Int. J. Emerg. Eng. Res. Technol., pp. 1–7, 2015.
[143] K. Kalaiselvi and A. Kumar, “Enhanced AES cryptosystem by using genetic algorithm
and neural network in S-box,” in 2016 IEEE International Conference on Current
Trends in Advanced Computing, ICCTAC 2016, 2016.
[144] S. Das, S. N. Mandal, and N. Ghoshal, “Diffusion and Encryption of Digital Image
Using Genetic Algorithm,” in Proceedings of the 3rd International Conference on
Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014, 2015, pp.
729–736.
[145] D. Singh, P. Rani, and R. Kumar, “To design a genetic algorithm for cryptography to
enhance the security.”
[146] S. Gibson, “GRC’s | Password Haystacks: How Well Hidden is Your Needle?”
[Online]. Available: https://www.grc.com/haystack.htm. [Accessed: 25-Apr-2018].
[147] S. Picek and M. Golub, “On evolutionary computation methods in cryptography,”
2011 Proc. 34th Int. Conv. MIPRO, pp. 1496–1501, 2011.
[148] D. Camps-Mur, A. Garcia-Saavedra, and P. Serrano, “Device-to-device
communications with WiFi direct: Overview and experimentation,” IEEE Wirel.
Commun., vol. 20, no. 3, pp. 96–104, 2013.
[149] D. Szabó, A. Csoma, P. Megyesi, A. Gulyás, and F. H. P. Fitzek, “Network coding as a
service,” Infocommunications J., vol. 7, no. 4, pp. 2–11, 2015.
120
Appendix A: List of Publication
Journal Publication(s):
1. Shafaq Siddiqui , Sher Muhammad Daudpota, Abdul Rehman Somrani and
Muhammad Irshad Nazeer, “Opinion Mining: An approach to Feature
Engineering”, submitted for publication to Baheria University Journal of
Information and Communication technologies
2. Muhammad Irshad Nazeer, Ghulam Ali Mallah, Noor Ahmed Shaikh, Rakhi
Bhatra, Raheel Ahmed Memon, and Muhammad Ismail Mangrio (2018).
Implication of Genetic Algorithm in Cryptography to Enhance
Security. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER
SCIENCE AND APPLICATIONS, 9(6), 375-379.
3. Raheel Ahmed Memon, Jianping Li, Anwar Ahmed Memon, Junaid Ahmed,
Muhammad Irshad Nazeer and Muhammad Ismail, “TSAN: Backbone
Network Architecture for Smart Grid of P.R China” International Journal of
Advanced Computer Science and Applications (IJACSA), 9(1),
2018. http://dx.doi.org/10.14569/IJACSA.2018.090171
4. Faryal Shamsi, Muhammad Irshad Nazeer, Raheel Ahmed Memon, and
Muhammad Ismail Mangrio. "Reflections of Practical Implementation of the
academic course Analysis and Design of Algorithms taught in the Universities
of Pakistan." Sukkur IBA Journal of Computing and Mathematical Sciences 1,
no. 2 (2017): 31-38.
5. Zulfiqar Ali Memon, Jawaid Ahmed Siddiqui, Javed Ahmed Shahani, Sana
Fatima,Irshad Nazeer , Ghulam Murtaza, "Gap Identification in Computer
Science Curriculum and IT Industry Skill Requirement in Pakistan" Sukkur
IBA Journal of Computing and Mathematical Sciences
6. Raheel Ahmed Memon, Muhammad Irshad Nazeer and Irfan Latif Memon,
“Extended Superblock Flash Translation Layer for NAND Flash Memory”,
Asian journal of engineering, sciences & technology, Special Issue pp 123-
126, August 2016. ISSN 2077-1142
7. Muhammad Irshad Nazeer and Mohammad Shahid Shaikh, " Secure Network
Coding Schemes: Comparisons and Broader Perspective" Sind Univ. Res.
121
Jour. (Sci. Ser.) Vol.43 (1-A) 85-90 (2011). (HEC recognized "Y" category
journal, ISI indexed ISSN 1813-1743)
a) Conference Publication(s):
8. R. A. Memon, Jianping Li, J. Ahmed, F. Shah, I Nazeer, M. Ismail, K. Ali,
“Simulation and analysis of RSAFE and RSAFE Rerouting Protocol in
Network Simulator 2”, 14th International Conference on Wavelet Active
Media Technology and Information Processing (ICCWAMTIP), Chengdu,
China, Dec 2017
9. Muhammad Irshad Nazeer, Muhammad Ismail Mangrio, Irum Sindhu , Raheel
Ahmed Memon, "Amortized Analysis of Ant Colony Optimization"Modern
Trends in Science, Engineering & Technology (MTSET-2017)
10. Faryal Shamsi, Muhammad Irshad Nazeer, Raheel Ahmed Memon,
Muhammad Ismail Mangrio, "Practical implementation of academic course
Analysis and Design of Algorithms taught in the Universities of Pakistan"
International Conference on Computing and Mathematical Sciences –
ICCMS’2017, February 25-26, 2017
11. Zulfiqar Ali Memon, Jawaid Ahmed Siddiqui, Javed Ahmed Shahani, Sana
Fatima, Irshad Nazeer , Ghulam Murtaza, "Gap Identification in Computer
Science Curriculum and IT Industry Skill Requirement in Pakistan"
International Conference on Computing and Mathematical Sciences –
ICCMS’2017, February 25-26, 2017
12. Raheel Ahmed Memon, Muhammad Irshad Nazeer and Irfan Latif Memon,
“Extended Superblock Flash Translation Layer for NAND Flash Memory”,
International Conference on Emerging Trends in Engineering, Sciences and
Technology ICEEST-2016, 3rd June 2016.
13. Lashari, Ghulam Abbas, and Muhammad Irshad Nazeer. "Quantum
Cryptography and Its Implications. MCCT'14. First International Conference
on Modern Communication & Computing Technologies, Nawabshah,
Pakistan.
14. Ubaidullah Alias Kashif, Muhammad Irshad Nazeer and Zafar Rehman Awan,
"Selecting Cryptographic Techniques in Peer to Peer Systems." International
Conference on Computer and Emerging Technologies, 2014.ICCET'14. 14th
122
International Conference on Computer and Emerging Technologies, Khairpur
Pakistan.
15. Muhammad Irshad Nazeer and Mohammad Shahid Shaikh, "Efficient Secure
Network Coding Schemes" in the 2011 IEEE 14th International Multi-topic
Conference (INMIC), Karachi, Pakistan, 22-23 December 2011.
16. Muhammad Irshad Nazeer and Mohammad Shahid Shaikh, "A Comparison of
Secure Network Coding Schemes" in proceeding of the 2011 International
Conference on Computer and Emerging Technologies (ICCET), Khairpur,
Pakistan, 22-23 April 2011 (pp 239-244).