SANC: Source authentication using network coding

In this paper, we explore the security merits of network coding and potential trade-offs with the widely accepted throughput benefits, especially in multicast scenarios. In particular, we propose a novel Source Authentication using Network Coding (SANC) scheme that can either complement state-of-the-art application-layer authentication schemes proposed in the literature or be used as a stand-alone scheme in network coding-based networks. Towards this objective, we propose a general framework for embedding the authentication information within the network coding Global Encoding Vector. This is attained using a mapping function that enforces a structure on the Global Encoding Vector to facilitate authentication at the destination. First, we illustrate the proposed concept using a simple mapping function, namely a parity bit within each network coding coefficient. Second, we present a detailed security analysis that reveals the security merits of the proposed scheme, contrasted against two baseline schemes that solely adopt application-layer authentication. Finally, we present simulation results pertaining to the network coding performance. Simulation results show that, for plausible scenarios, SANC achieves the same throughput as regular network coding. Furthermore, the results reveal that, for the same packet header, stronger security can be attained. This is confirmed for small as well as scalable networks encountered in practice. © 2011 IEEE.