SinPack: A Security Protocol for Preventing Pollution Attacks in Network-Coded Content Distribution Networks

We present SinPack, a security protocol for preventing packet pollution attacks in network-coded content distribution networks. SinPack employs a homomorphically-addressable Bloom filter data structure to enforce the integrity of network-coded packets all the way from source to destination. Using a Bloom filter "amortizes" the functionality of traditional cryptographic integrity verification constructs (Message Authentication Codes, hash trees, digital signatures, etc) in a relatively small-sized data structure. This aids in reducing network traffic and, more significantly, allows the incremental integrity verification of out of order network packets. The novel homomorphic Bloom filter construction permits intermediate routers and destination end systems to verify the integrity of source packets even after being network-coded by routers. This methodology avoids the need to establish expensive and intricate trust relationships among the different network routers and ensures the authenticity of the integrity structures using a single source public-key operation. Moreover, SinPack not only allows the content downloader to immediately verify the integrity of coded packets, but also provides this capability to any intermediate router on the path to the destination. This helps in eliminating polluted packets in the network upstream closest to the source of attack and as a result contributes to a great reduction in bogus network traffic and hence sizeable energy savings.