Spread: improving network security by multipath routing

This paper considers the delivery of secret information across insecure networks. A novel end-to-end multipath secure data delivery scheme, secure protocol for reliable data delivery (SPREAD), is proposed as a complementary mechanism for the data confidentiality service in the public networks. The idea behind SPREAD is to improve the confidentiality by enforcing the secret sharing principle in the network via multipath routing. With a (T,N) secret sharing scheme, the message to be protected can be divided into N shares such that from any T or more shares, it can easily recover the message, while from any T-1 or less shares, it should be impossible to recover the message. Then using multipath routing, the shares are delivered across the network via multiple independent paths. The destination node reconstructs the original message upon receiving T or more shares. This paper presents the system architecture of the SPREAD scheme, including how to divide the secret message into multiple shares using the secret sharing scheme, how to find the desired multiple secure paths, as well as how to allocate the message shares onto each selected path such that maximum security can be achieved. The discussion on the optimal share allocations reveals that redundant SPREAD scheme is not only more secure but also more error-tolerant and fault-tolerant. The simulation results show that significantly reduced message interception ratio can be achieved by SPREAD.