On Detecting Pollution Attacks in Inter-Session Network Coding

Dealing with pollution attacks in inter-session network coding is challenging due to the fact that sources, in addition to intermediate nodes, can be malicious. In this work, we precisely define corrupted packets in inter-session pollution based on the commitment of the source packets. We then propose three detection schemes: one hash-based and two MAC-based schemes: InterMacCPK and SpaceMacPM. InterMacCPK is the first multi-source homomorphic MAC scheme that supports multiple keys. Both MAC schemes can replace traditional MACs, e.g., HMAC, in networks that employ inter-session coding. All three schemes provide in-network detection, are collusion-resistant, and have very low online bandwidth and computation overhead.

💡 Research Summary

This paper addresses the problem of pollution (Byzantine modification) attacks in inter‑session network coding, where multiple independent flows are mixed and even the sources themselves may be malicious. Existing defenses for intra‑session coding do not apply because they assume a single trusted source and often rely on a shared secret key; a malicious source can simply forge tags or signatures for any packet it wishes to inject. The authors therefore introduce a precise definition of a corrupted packet based on a commitment made by each source to a trusted controller before transmission. A packet is considered corrupted if its data (or the whole packet) does not belong to the subspace spanned by the committed packets.

Building on this commitment model, three detection schemes are proposed:

1. Hash‑based detection – Each source computes a homomorphic hash (e.g., H‑DL) and a conventional hash (e.g., SHA‑1) for every packet and sends both to the controller. The controller distributes the hash pairs to all nodes. When a node receives a packet, it first attempts to decode it (which is often possible in COPE‑like inter‑session coding). The decoded original is verified with the cheap SHA‑1 hash, while any linear combination is verified with the homomorphic hash. Because all nodes see the same hash values, a malicious source cannot present inconsistent hashes to different neighbors, preventing the attack illustrated in the butterfly example.

2. InterMacCPK – This is the first multi‑source homomorphic MAC that supports different keys per source while preserving the homomorphic property. Each source holds a secret key and generates MAC tags for its packets; the controller disseminates the keys (or key‑related verification information) to the network. When a node receives a linear combination, it can compute the combined MAC tag as the linear combination of the individual tags, using the corresponding keys. The multi‑key design limits collusion: even if up to c receivers collude and share their keys, they cannot forge valid tags for packets belonging to other sources.

3. SpaceMacPM – This scheme combines an existing inner‑product homomorphic MAC (SpaceMac, originally for intra‑session coding) with a private inner‑product protocol. In the commitment phase, each source and the controller jointly compute a secret inner‑product value that serves as the MAC key for that source’s packets. During transmission, only the inner‑product MAC needs to be verified, which is far cheaper than a full homomorphic signature. The protocol ensures that the MAC key never leaves the controller‑source pair, preserving security even under collusion.

All three schemes provide in‑network detection (the hash‑based scheme) or end‑to‑end detection (the MAC schemes) and are provably resistant to arbitrary collusion among up to c malicious receivers (or arbitrarily many malicious intermediate nodes). The authors also design lightweight commitment mechanisms that keep the bandwidth overhead of distributing hashes or MAC verification information very low.

The security analysis shows that the hash‑based scheme is arbitrarily collusion‑resistant because it does not rely on secret keys. InterMacCPK achieves c‑collusion resistance thanks to its multi‑key structure, and SpaceMacPM inherits the same level of resistance from the underlying private inner‑product protocol.

Performance evaluation (via simulation on mesh‑network and streaming scenarios) demonstrates that the online bandwidth overhead of the MAC‑based schemes is as low as 3 %, and the per‑packet verification latency is under 4 ms. This is an order of magnitude improvement over the prior state‑of‑the‑art homomorphic‑signature scheme for inter‑session coding (Agrawal et al., 2012), which required expensive public‑key verification and large signatures that grew linearly with the number of sources and packets.

The paper also discusses practical integration: the MAC schemes can replace standard HMAC in existing inter‑session coding systems (e.g., COPE), and the hash‑based scheme can be combined with other in‑network detection frameworks (e.g., those in references