Keywords

1 Introduction

Cybercrime is a recurring theme in today’s networks with recent events, such as the ransomware strain called WannaCry (May 2017) spread worldwide, attacking a multitude of targets, including public utilities and large corporations. On March 7, 2017, WikiLeaks published a data treasure trove of 8761 documents allegedly stolen from the CIA that contained information of purported spying operations and hacking tools. WikiLeaks called the dump – followed by smaller disclosures – “Vault 7 ” [1]. The past has taught us that networks will always be prone to new security attacks and the best we can do is to detect security threats and adopt a proactive stance. So how do we deal with security in UDNs, where clients are likely to upload/download confidential information over the small cell wireless network?

In this chapter, the considered UDN consists of virtual MSCs. The virtual MSC networking architecture was first proposed by the EU-funded H2020-MSCA project “SECRET” [2] and is illustrated in Fig. 5.1.

Fig. 5.1
figure 1

The network architecture with NC-MSCs [3]

Full size image

These virtual MSCs combine the small cell, the network function virtualization (NFV ), and the software-defined network (SDN ) networking technologies to realize a virtual network of heterogeneous mobile devices. The software-defined controller controls and maintains each virtual MSC through interaction with a so-called cluster-head , or hotspot. This hotspot is a heterogeneous mobile device that is selected as the local radio manager, controlling and maintaining the cluster. Through cooperation, the selected hotspots form a wireless network that has several gateways to the mobile network using intelligent high-speed connections. These virtual MSCs can be set up on the fly, based on demand, at any place and at any time. Mobile data traffic between the mobile devices is enabled through device-to-device (D2D) communications. This allows mobile devices within relative close proximity to communicate (over multiple hops if necessary) without having to rely on the network infrastructure. Moreover, data traffic flow between mobile devices is optimized with the incorporation of the NC networking paradigm. These virtual NC-enabled MSCs (from here on abbreviated to NC-MSC s ) can function alongside the next-generation mobile network, effectively offloading the mobile network infrastructure while providing a high level of quality of service (QoS) to network subscribers.

This chapter tackles the security aspects of UDNs based on developing a secure architecture for NC-MSCs, capable of preventing and defending against common attacks including pollution and denial-of-service (DoS)-type attacks . It is worthy to note that the considered security approaches can be applied to general UDN networks, although we consider NC-MSCs here as a case study. As such, the chapter aims to identify the key technologies and proposes preliminary reference architectures that potentially could be used as stepping stones toward a secure architecture. Section 5.2 covers the potential of decentralized key management schemes through a fully distributed trusted third party (TTP) to provide security for highly dynamic UDNs, also compatible with NC-enabled networks such as NC-MSCs. In Sect. 5.3, a recently proposed intrusion detection and prevention scheme (IDPS) is examined. The examined IDPS had specifically been designed to support and secure NC-MSCs. A recently proposed blockchain-based integrity scheme for UDNs is examined in Sect. 5.4. This blockchain-based integrity scheme enables the possibility of verifying the authenticity of transmitted data at every link in a multi-hop network. This potential can counter data pollution and tag pollution attacks that are both considered severe network performance-damaging attacks in NC-enabled networks.

2 Decentralized Key Management for NC-MSCs

The virtual NC-MSCs are able to provide major benefits to the mobile networking environment. As was mentioned in the introduction, one benefit of NC-MSCs is its ability to offload the network infrastructure by allowing network users to communicate through multi-hop D2D communications. This will become increasingly more important in dense urban areas due to the constant increase in mobile device connections and mobile data demands. Moreover, the incorporation of NC-MSCs provides additional robustness of the mobile network in case of failure or during a power outage. However, the intermediate mobile devices forward private data between communicating parties and thus must be secured.

To secure multi-hop D2D communications, cryptographic security solutions (e.g., encryption schemes, signature schemes) are available. These solutions, however, assume that any pair of network users have a means to securely exchange cryptographic keys. In other words, they rely on a key management scheme that manages the establishment, exchange, verification, update, and revocation of cryptographic keys. In this section, we investigate how secure multi-hop D2D communications can be established in a self-organizing and decentralized manner.

2.1 State-of-the-Art Decentralized Key Management

We consider the network of NC-MSCs as a wireless mobile ad hoc network (MANET), designed to be deployed alongside future mobile networks. Due to the resemblance between NC-MSCs and MANETs, a recent survey [4] evaluated whether any of the six decentralized key management solutions proposed for MANETs can be adopted to secure NC-MSCs, and its results are shown in Table 5.1. The evaluation was based on various requirements, including:

  • Security : Its ability to provide a high level of security for all network users

  • Connectivity (Connect.): Its ability to establish a secure channel between any arbitrary pair of network users such that security solutions against NC-related attacks (e.g., pollution attacks) are supported

  • Scalability (Scal.): Its ability to support a large number of network users

  • Sustainability (Sustain.): Its ability to sustain its level of security, connectivity, and overhead during the long mobile network lifetime

  • Fairness : Its ability to fairly distribute the workload of key management services

Table 5.1 Evaluation and comparison of explored decentralized key management solutions [4]
Full size table

The survey found that five of the six key management solutions suffered from severe drawbacks and were found unsuitable for adoption to NC-MSCs. The certificate chaining -based [5] and mobility-based key management solutions [6] suffer from similar drawbacks. Both solutions are unable to guarantee connectivity between any arbitrary pair of network users, and the bootstrapping of trust requires real-life interactions. The self-certification-based solution [7] suffers from tremendous amounts of communication overhead in dense and highly dynamic networks. The combinatorics-based solution [8] is outright insecure against man-in-the-middle (MITM) attacks during the exchange of public keys. The partially distributed TTP (PD-TTP)-based solution [9] relies on a proper subset of network users to provide key management services and therefore does not satisfy the fairness requirement, especially in a large, dense, and highly dynamic network. The fully distributed TTP (FD-TTP)-based solution [10] does not have any of the previously mentioned or any other severe inherent drawbacks. Therefore, the FD-TTP-based key management solution was proposed as the most suitable candidate to secure multi-hop D2D communications in NC-MSCs.

2.2 Distributed Trusted Third Party -Based Key Management

Any public key cryptographic infrastructure relies on a TTP as a trust anchor, in possession of a master private key, to perform some kind of key management service. This key management service can be the creation and distribution of a signed certificate or (partial) private key. Thus, the master private key can be used for different purposes, but in all cases, they enable network users to establish secure communication channels with other network users. Through careful analysis, we argued that the network architecture of NC-MSCs is unable to support a single, secure, and trustworthy entity that is capable of acting as the TTP. Both the network infrastructure and individual mobile devices are susceptible to DoS-type attacks and physical compromise. Therefore, we are required to decentralize trust.

2.2.1 Fully Distributed Trusted Third Party -Based Key Management

There are two major forms of the distributed TTP. In the PD-TTP, the master private key is divided into shares, and these shares are then distributed to a proper subset of all the network users, also called servers . However, partial distribution of trust leads to an asymmetric workload distribution. The assigned servers that provide key management services suffer from an increase in energy consumption, effectively reducing their battery lifetime. This may lead to servers acting selfishly, denying to provide key management services to preserve their battery, even when the server roles are rotated periodically. The drawback of the asymmetric workload is significantly worsened when a limited number of servers are responsible for key management services of a large and dense network. Finally, another significant issue is related to the sustainability of the key management service. The dynamic network topology may cause certain network areas to be server-less, leading to a temporary unavailable key management service. Furthermore, servers may leave the network entirely over time, potentially leading to a permanently unavailable key management service.

The FD-TTP is similar to the PD-TTP, except that the shares are distributed to all the network users. This also means that when a new user joins the network, it is also provided with a share of the master private key. This distribution solves all the issues present in the PD-TTP. The distribution of shares in the FD-TTP yields an evenly distributed workload and maximizes the key management service availability at any place and at any time. Therefore, a key management scheme utilizing the FD-TTP is preferred to secure NC-MSCs.

2.2.2 Secret Sharing Techniques

The distribution of trust is equivalent to the distribution of shares of the master private key. The shares of the master private key are generated through a technique called secret sharing. In ordinary secret sharing, a piece of secret data (e.g., the master private key) is divided into a multitude of shares and distributed among a group of users. The secret data can be reconstructed by combining a certain number of shares. For the creation of a distributed TTP, we utilize threshold secret sharing . This means that any threshold number of shares are capable of reconstructing the secret data.

The threshold secret sharing technique proposed by Shamir [11] is generally used to create the distributed TTP. The master private key (represented as MSK in Eq. (5.1)), usually in possession of a secure, trustworthy, and centralized TTP, is encoded into a polynomial of degree t − 1, as shown below:

$$ {s}_{ID}=f(ID)= MSK+{a}_1 ID+{a}_2{ID}^2+\dots +{a}_{t-1}{ID}^{t-1}\in {\mathbb{Z}}_q $$
(5.1)

The value t represents the threshold, the number of shares necessary to recover the value of the master private key. For a network user with identity ID, its share s ID is computed through polynomial evaluation. This polynomial allows us to distribute shares to a group of network users, becoming servers. These servers form the newly created distributed TTP. A threshold amount of these servers can collaboratively provide key management services since they collectively have enough pieces to reconstruct the master private key. Furthermore, they can provide such a service without having to disclose their individual share, thus preserving the secrecy of the master private key.

To ensure that the provided key management service is trustworthy, we can incorporate a verifiable secret sharing extension [12, 13]. Verifiable secret sharing (VSS) enables users, receiving the key management service, to verify that the servers used their share and not any other arbitrary value. If a server still provides a false key management service, the server can be accused of being malicious and be removed as a member of the distributed TTP.

2.2.3 Security Considerations

In a decentralized key management scheme that relies on the distribution of trust through secret sharing techniques, the most important aspect of security is the continued secrecy of the master private key. We discuss, underneath, two types of attacks that attempt to reconstruct the master private key and an important and inherent characteristic of cryptographic infrastructures and their impact on providing security for a decentralized key management scheme.

Mobile Adversary Attack

In the mobile adversary attack [14], a malicious user dynamically moves through the network and compromises user’s mobile devices, one at a time, with the goal to extract and collect a threshold number of shares of the master private key. If the mobile adversary is successful in collecting a threshold number of shares, it is capable of reconstructing the master private key.

Proactive secret sharing (PSS) [15] [16], another extension of secret sharing, is generally used to prevent a successful mobile adversary attack. With the incorporation of PSS, servers periodically update their share of the master private key. Shares that are collected by a mobile adversary in between different updating phases are incompatible in the reconstruction of the master private key. Therefore, PSS limits the amount of time a mobile adversary has to launch a successful attack.

Sybil Attack

In the Sybil attack [17], a malicious user obtains a multitude of (fake) identities (e.g., mobile devices) and wishes to join the network with each one of them. If each identity is given a share of the master private key upon joining the network, a Sybil attacker with a threshold number of identities can collect enough shares to reconstruct the master private key.

Unfortunately, the Sybil attack is generally dismissed in adversarial models of FD-TTP-based key management solutions. This is mainly because different use-case scenarios require different solutions. Use-case scenarios such as rescue operations in remote areas or international military operations can utilize an offline authority (base or headquarters) where users are authenticated prior to joining the network [10]. However, with NC-MSCs, we wish to accept new network users to the network without any physical interaction. If authentication through physical interaction would be required, then mobile network users will continue to communicate through the network infrastructure and refrain from using NC-MSCs. A recent work [18] proposed an FD-TTP-based key management scheme that is suitable for NC-MSCs and would be resilient against a Sybil attack based on a cloaking technique. Unfortunately, their proposal merely formulated an outline of the scheme and therefore still lacks a proof of concept. Otherwise, network operators may have to play a role in the prevention of successful Sybil attacks since network operators have identifying information of their network subscribers. These network operators, for example, could decide to send (or not to send) some kind of access token to mobile devices for network joining purposes.

Trust Level of the Distributed Trusted Third Party

Girault [19] found that public key cryptographic infrastructures have a variety of trust levels. After careful analysis, he defined these levels as follows:

  1. 1.

    At level 1: the TTP knows (or can easily compute) a user’ private key and, therefore, launches identity impersonation attacks without being detected.

  2. 2.

    At level 2: the TTP does not know (and cannot easily compute) a user’s private key but is still able to launch identity impersonation attacks without being detected.

  3. 3.

    At level 3: the TTP does not know (and cannot easily compute) a user’s private key nor is it able to launch identity impersonation attacks without being detected.

The trust level of the distributed TTP essentially defines the capabilities of a malicious user after a successful mobile adversary or Sybil attack. At the third trust level, network users are capable of detecting malicious behavior and thus detect whether the entire network is compromised. The detection of network compromise provides network operators with the ability to reboot and re-initialize the network, potentially with enhanced security parameters such as an increased threshold value or a reduced time interval in between share updating phases. This additional layer of security reduces the payoff of malicious users and should discourage them from launching such attacks. This kind of detection is vital for the B5G mobile network due to its extended lifetime.

2.2.4 General Key Management Structure

The general key management structure of a FD-TTP-based key management scheme exists of two main network phases, the network initialization phase and the network operational phase. Furthermore, the network operational phase can be divided into two subphases, namely, the operational subphase and the share updating subphase. The general key management structure is summarized in Table 5.2.

Table 5.2 The general key management structure of FD-TTP-based key management schemes
Full size table

In the network initialization phase, either a centralized TTP is present to initialize a set of at least a threshold number of network users, or these network users initialize the network in a distributed manner [20]. A centralized or decentralized network initialization depends on the assumption whether the networking scenario could support a centralized TTP during this phase. This phase consists of three protocols, the master key creation protocol, the secret share establishment protocol (i.e., the distributed TTP establishment protocol), and the “key” establishment protocol. The exact nature of the “key” depends on the used cryptographic infrastructure. For example, in a traditional public key infrastructure (PKI)-based system, the key represents a signed certificate, and in a traditional identity-based public key cryptographic (ID-PKC) system, the key represents a user’s private key.

In the network operation phase, a centralized TTP is not online accessible which requires the network to be self-organized by the individual network users. During the operational subphase, network users can establish a secure communications channel, request the distributed TTP to have their “key” updated, accuse and convict malicious users to have their key revoked, and accept new users to the network through the distributed secret share and key establishment protocols. Periodically, the network enters the share updating subphase to execute the network-wide share updating protocol. This protocol updates every user’s secret share that reduces the chances of a successful mobile adversary attack . It is important to mention that this protocol generally should not change the master private key and the associated master public key as described in Eq. (5.1).

2.3 Security Analysis of Fully Distributed Trusted Third Party-Based Key Management Schemes per Cryptographic Infrastructure

In this section, we discuss the security perspectives of previously proposed FD-TTP-based key management solutions per cryptographic infrastructure. Table 5.3 summarizes these findings.

Table 5.3 The security evaluations of proposed FD-TTP-based key management schemes
Full size table

2.3.1 Traditional Public Key Infrastructure

Luo et al. [10, 21] proposed a FD-TTP-based key management solution that is based on the traditional PKI cryptographic infrastructure. In this cryptographic infrastructure, every network user generates their own public-private key pair. The network user would then request the FD-TTP to certify its public key. Upon receiving a threshold amount of partially signed certificates, the network user can combine these into its complete certificate. This certificate can then be exchanged to other network users, which can verify its authenticity. The authenticated public key can then be used to establish a secure communications channel.

Clearly, the FD-TTP achieves trust level 3 in schemes that are based on traditional PKI. The FD-TTP is unable to compute a user’s private key, and the existence of two (or more) different certificates for the same user would prove that the FD-TTP has cheated [19, 29]. Unfortunately, it was demonstrated in [30] that network users are unable to verify whether partial certificates and partial secret shares are correct.

2.3.2 Traditional Identity-Based Public Key Cryptography

Deng et al. [22] and da Silva et al. [23] proposed a FD-TTP-based key management solution that is based on traditional ID-PKC. In this cryptographic infrastructure, the user’s network identity (e.g., e-mail address, phone number) is used as the user’s public key. This public key is considered public knowledge and thus eliminates the need to exchange public keys. However, a user is unable to compute its private key from the public key. A user’s private key can be computed using the master private key; thus, any user must request the FD-TTP to collect pieces of its private key.

It is clear that the FD-TTP following the traditional ID-PKC-based cryptographic infrastructure only achieves trust level 1 [19, 29]. Therefore, a compromised FD-TTP gains tremendous power. It has been suggested that schemes based on traditional ID-PKC are more suitable in small and closed networks with limited security requirements due to this drawback [24, 25].

2.3.3 Threshold-Tolerant Identity-Based Public Key Cryptography

Recently, de Ree et al. [18] proposed two versions of a FD-TTP-based key management solution that is based on threshold-tolerant ID-PKC (TT-ID-PKC) [31]. This TT-ID-PKC cryptographic infrastructure is essentially a translation of Feldman’s VSS scheme [12] where the secret shares are directly used as private keys. Like ID-PKC, the public key of a network user can be computed from publicly available information, and the private key must be obtained through interaction with the FD-TTP. Therefore, the FD-TTP again reaches only a trust level of 1.

However, directly using the secret shares as private keys has significant consequences to the key management structure. As mentioned in [18], (i) the key management design can be significantly simplified since secret share-related and key-related protocols are merged; and (ii) the master private key is no longer necessary to provide a key management service; thus, it does not need to be preserved in the share updating protocol. In that case, a malicious FD-TTP will only be capable of launching malicious attacks prior to the next share updating phase. Unfortunately, the authors of [18] only provided a general outline of their key management solutions and require a proof of concept to prove that such benefits can be achieved.

2.3.4 Certificateless Public Key Cryptography

Zhang et al. [24], Li et al. [25], Gharib et al. [26], Lai et al. [27], and de Ree et al. [28] proposed FD-TTP-based key management solutions based on certificateless public key cryptography (CL-PKC) [32]. This cryptographic infrastructure is a hybrid between traditional PKI and ID-PKC. A network user essentially combines the self-generated public-private key pair with an identity-based public-private key pair. The self-generated public key and the user’s identity are combined into the user’s public key, and the self-generated private key and the identity-based partial private key (obtained from the FD-TTP) are combined into the user’s private key.

Al-Riyami [32] mentioned that the TTP could reach either trust level 2 or trust level 3, depending on the key generation technique. We found that the key generation technique used by Zhang et al. [24], Li et al. [25], and Gharib et al. [26] leads to a FD-TTP trust level of 2, whereas Lai et al. [27] and de Ree et al. [28]’s key generation technique increases the FD-TTP trust level to 3.

2.4 Concluding Remarks

The development and design of a secure and decentralized key management solution for self-organizing networks has been a challenging task for over two decades. This also applies in the design of a decentralized key management solution that efficiently supports NC-MSCs, especially since NC-MSCs pose unique requirements. Based on these requirements, we found that the FD-TTP-based key management solution has the greatest potential, but neither of the proposed solutions have proven themselves yet to be robust against both mobile adversary and Sybil attacks.

There seem to be two main approaches remaining in developing a security system for NC-MSCs. The first approach relies on the development of an intricate access mechanism that relies on network operators deciding whether a mobile device can participate in NC-MSC-type communication and does not pose a threat relative to the Sybil attack . In such a case, this access mechanism can be combined with a key management solution that either follows the traditional PKI or CL-PKC cryptographic infrastructure. This could potentially be a redesigned scheme based on Luo et al. [10, 21]’s work or the work by de Ree et al. [28]. The second approach requires the mitigation of the Sybil attack through alternative methods. The only scheme that seemed to be capable of preventing such a Sybil attack was recently proposed by de Ree et al. [18], combining the TT-ID-PKC cryptographic infrastructure with a so-called private key cloaking technique.

3 Intrusion Detection and Prevention for NC-MSCs

The NC-enabled environment faces pollution attack s where malicious intermediate nodes manipulate packets in transition. These adjusted packets (i.e., polluted packets) will lead to incorrect decoding at the receivers. Therefore, identifying the polluted packets as well as the exact location of malicious users are similarly important tasks. However, many integrity scheme s have been developed against pollution attack s [33,34,35,36,37,38,39,40,41,42,43], and only a few concentrate on identifying the exact location of malicious users [43,44,45,46].

In this section, an efficient intrusion detection and location-aware prevention (IDLP) mechanism is offered to detect pollution attacks and find the exact location of the adversary and prevent pollution attacks in NC-MSCs. The proposed IDLP mechanism is supplementary to our location-aware intrusion detection and prevention scheme (IDPS) scheme for NC-MSCs presented in [46]. For both the detection and locating schemes, the null space-based homomorphic message authentication code (MAC) scheme is applied [33], which is adjusted to the mobile small cell environment. The detection scheme enables the opportunity to detect pollution attacks effectively at the earliest possible node and drop the detected polluted packet s. Still, this course of action is mostly inadequate since the adversaries can continue to pollute packets in the next transmission of coded packets of the same generation from the source to the destination node , leading to inefficient usage of network bandwidth. As a result, we focus on the identification of the adversaries’ exact location and blocking them to protect the network from future pollution attacks.

3.1 State-of-the-Art of Intrusion IDPS for NC-Enabled Wireless Networks

Protecting against pollution attacks in NC-enabled networks chiefly depends on safeguarding the integrity of the packets in transition. Still, basic integrity schemes could not work with NC owing to the recoding of packets at intermediate nodes. Schemes that have a homomorphic property are necessary to guarantee the integrity of packets in NC-enabled networks. In this section, three topics are discussed: (i) secure NC, (ii) locating schemes, and (iii) IDPS schemes.

3.1.1 Secure Network Coding

Many different detection schemes have been developed against pollution attacks in NC-enabled networks, including information-theoretic schemes and cryptographic schemes such as homomorphic signature schemes or homomorphic MAC-based schemes. We concentrate on the homomorphic MAC -based schemes whose scope is to guarantee integrity in network coded packets, as introduced by Agrawal et al. [35]. Still, the schemes based on homomorphic MACs are susceptible to tag pollution attack s .

In [47], Zhang et al. studied the application of orthogonality property creating tags. Additionally, they solved the issue of tag pollution attack by combining a homomorphic signature to the MAC scheme leading to the proposed MacSig approach . Esfahani et al. enhanced the performance of these schemes over a sequence of works [33, 48, 49]. The work in [33] is focused on null space-based scheme where tags are mixed with the original packets according to a randomly produced swapping vector; this also reduces the probability of a successful tag pollution attack without additional overheads.

3.1.2 Locating Schemes

Recognizing the location of a malicious user is as important as the detection of the security attack, so that other participating nodes can be informed about the presence of an adversary. Therefore, an additional location scheme or verification of adversaries is necessary for maintaining a fair network environment. Siavoshani et al. [44] proposed an integrity scheme that also locates the adversary using a central controller. Another integrity scheme which discusses locating the adversary is SpaceMac [43]. In SpaceMac, a cooperative environment between parent and child nodes is considered. Lastly, a location-aware IDPS being able to not only detect and drop pollution attacks but also spot the attacker’s exact location was suggested by Parsamehr et al. [46, 50]. The proposed IDPS is made up of detection and locating schemes according to null space homomorphic MAC.

3.1.3 IDPS Schemes

What mostly concerns IDPSs is the detection of potential security incidents, followed by blocking or preventing malicious activity. As far as detection is concerned, IDPSs apply a signature-based detection to recognize known adversaries in the networks that are not linked to legitimate users [51,52,53,54]. In our previous IDPS scheme [55], we offered for the first time innovative IDPS for network mobile small cells that are coding-enabled.

3.2 Energy-Efficient Intrusion Detection and Prevention for NC-MSCs

3.2.1 System Model

The IDLP mechanism consists of a detection scheme and a locating scheme which are both based on the null space homomorphic MAC scheme [33], and they are described in the following sections. This mechanism is divided into two phases for improving its efficiency in terms of resource consumption.

  • Phase 1: Identification of the MSC where pollution attack occurred. In the first step, the detection scheme of the proposed IDLP mechanism is applied to all relay node s (RNs) and destination node s (DNs). When a pollution attack is detected by an RN or DN, it drops the polluted packet and sends a report to the hotspots of the MSCs that is associated to the reporter. The hotspot will forward the report to the SDN controller , which is responsible for identifying the MSC where a pollution attack occurred based on the received reports.

  • Phase 2: Identification of the adversary node’s location within the polluted MSC. The detection and locating schemes are applied to all mobile devices in the identified polluted MSC in phase 1. When a mobile device within the polluted MSC detects any pollution, they will drop the polluted packet and will send a report based on the locating scheme to the hotspot. The hotspot will forward it to the SDN controller to decide the most appropriate preventive action (e.g., block adversary mobile device(s) from accessing the network). Otherwise, the mobile device will create an expanded coded packet that is based on the received coded packet and the key shared between each mobile device and the SDN controller. Then, the mobile device sends the expanded coded packet to the next node and the local hotspot. The hotspot then forwards this packet to the SDN controller.

3.2.2 Detection Scheme

According to [55] and [33], in the detection scheme of the proposed IDLP mechanism, the message is divided into a generation of native packets denoted as \( {\underset{\_}{\boldsymbol{b}}}_1,{\underset{\_}{\boldsymbol{b}}}_2,\dots, {\underset{\_}{\boldsymbol{b}}}_m \) by the source node (SN), where m is the generation size and each packet \( {\underset{\_}{\boldsymbol{b}}}_i \) consists of n symbols (i.e., \( {\underset{\_}{b}}_{i,1},{\underset{\_}{b}}_{i,2},\dots, {\underset{\_}{b}}_{i,n} \)) in the finite field \( {F}_p^n \). Therefore, the SN will generate a coded packet \( {\underset{\_}{\boldsymbol{b}}}_i \) according to Eq. 5.2 and send it to the next intermediate nodes.

$$ {\boldsymbol{b}}_i=\left(\overset{m}{\overbrace{\underset{i-1}{\underbrace{0,\dots, 0}},1,0,\dots, 0},}{\underset{\_}{b}}_{i,1},{\underset{\_}{b}}_{i,2},\dots, {\underset{\_}{b}}_{i,n}\right)\in {F}_p^{m+n} $$
(5.2)

For simplicity, (5.2) can also be written as follows:

$$ {\mathbf{b}}_{\mathrm{i}}=\left({\underset{\_}{\mathrm{b}}}_{\mathrm{i},1},{\underset{\_}{\mathrm{b}}}_{\mathrm{i},2},\dots, {\underset{\_}{\mathrm{b}}}_{\mathrm{i},\mathrm{m}+\mathrm{n}}\right)\in {\mathrm{F}}_{\mathrm{p}}^{\mathrm{m}+\mathrm{n}} $$
(5.3)

As shown in (5.4), each intermediate node creates a new coded packet x which is a linear combination of h received coded packets (b 1, b 2, …, b h) and sends it to its neighbors. β i is the coding coefficient which is chosen randomly from F p, and all arithmetic operations are performed over the finite field F p.

$$ x=\sum_{i-1}^h{\beta}_i{\boldsymbol{b}}_1 $$
(5.4)

The L tags are generated based on null space properties [47] by the SN, for detecting pollution attacks. The following five steps are used to create the tags as well as to verify the orthogonality of the received coded packets:

  1. 1.

    Key distribution to the SN: A set of keys (C 1, C 2, …, C L) are created by the key distribution center (KDC) in the finite field \( {F}_p^{m+n+L} \), and they are distributed in the SN .

  2. 2.

    The L tags (i.e., t 1, t 2, …, t L) are created using L keys for each coded packet by the SN, according to (5.5). Each coded packet is composed of m + n symbols and L generated tags (i.e., t SN).

$$ {\left[\!\begin{array}{ccc}{C}_{1,1}& \cdots & {C}_{1,m+n}\\ {}\vdots & \ddots & \vdots \\ {}{C}_{L,1}& \cdots & {C}_{L,m+n}\end{array}\!\right]}_{L\times \left(m+n\right)}\!\!\cdot \!\!{\left[\!\begin{array}{c}{\boldsymbol{b}}_{i,1}\\ {}\vdots \\ {}{\boldsymbol{b}}_{i,m+n}\end{array}\!\right]}_{\left(m+n\right)\times 1}\!\!{+}\!{\left[\!\begin{array}{ccc}{C}_{1,m+n+1}& \cdots & {C}_{1,m+n+L}\\ {}\vdots & \ddots & \vdots \\ {}{C}_{L,m+n+1}& \cdots & {C}_{L,m+n+L}\end{array}\right]}_{L\times L}\\ \cdot {\left[\begin{array}{c}{t}_1\\ {}\vdots \\ {}{t}_L\end{array}\right]}_{L\times 1} $$
(5.5)
  1. 3.

    To avoid tag pollution attacks , the L tags are swapped based on the shared secret key (SV) between the SN and DNs according to (5.6).

$$ \overline{{\boldsymbol{b}}_i}= Swap{\left({\boldsymbol{b}}_i\right)}_{SV} $$
(5.6)
  1. 4.

    A set of new keys are created by the KDC using the swapping vector SV and based on the set of keys that were distributed to the SN in step 1 according to (5.7). Then, these keys are distributed to the intermediate nodes and DNs to verify the received coded packets.

$$ C{\prime}_1= Swap{\left({C}_i\right)}_{SV} $$
(5.7)
  1. 5.

    Finally, the received coded packet is verified by each intermediate node and DN based on (5.8).

$$ \delta = Swap{\left({C}_i\right)}_{SV}\cdot Swap{\left({\boldsymbol{b}}_i\right)}_{SV}=\sum_{j=1}^{m+n+L}{C}_{i,j}^{\prime}\cdot {\overline{\boldsymbol{b}}}_{i,j} $$
(5.8)

If δ = 0, then the received coded packet is verified and acceptable to transmit the next nodes. Otherwise, it is dropped.

3.2.3 Locating Scheme

The locating scheme identifies the exact location of the adversary mobile node within the polluted MSC. In this step, each mobile node is responsible for a) generating an expanded coded packet, based on the received coded packet, and transmitting it to the next node and hotspot as well and b) sending a report to the hotspot when a polluted packet is detected through the detection scheme within the polluted MSC. Both the expanded coded packet and the report are forwarded to the SDN controller which is responsible for identifying the exact location of the adversary.

Expanded Coded Packet

An extra tag is added to each coded packet by each intermediate node for verifying itself to the SDN controller. This tag is created based on the pre-distributed shared key between each node and the SDN controller. This tag is calculated based on the following equation:

$$ {{\left[\begin{array}{c}\begin{array}{c}C\prime {\prime}_{1,1}\\ {}\vdots \end{array}\\ {}C\prime {\prime}_{1,m+n}\\ {}\begin{array}{c}\vdots \\ {}C\prime {\prime}_{1,m+n+L}\end{array}\end{array}\right]}^T}_{1\times \left(m+n+L\right)}\cdot {\left[\begin{array}{c}\begin{array}{c}{\boldsymbol{b}}_{i,1}\\ {}\vdots \\ {}{\boldsymbol{b}}_{i,m+n}\end{array}\\ {}\begin{array}{c}{t}_1\\ {}\vdots \\ {}{t}_L\end{array}\end{array}\right]}_{\left(m+n\right)\times 1}+{C^{\prime \prime}}_{1,m+n+L+1}\cdot {s}_i=0 $$
(5.9)

The vector \( {\left[\begin{array}{cc}C\prime {\prime}_{1,1}& \cdots \end{array}\kern0.5em \begin{array}{ccc}C\prime {\prime}_{1,m+n}& \cdots & C\prime {\prime}_{1,m+n+L}\end{array}\right]}_{1\times \left(m+n+L\right)} \) is the pre-shared key distributed by the KDC, and s i is the properly calculated tag.

The SDN controller verifies the received expanded coded packet {b i||t SN||s i} based on the following formula, where b i is the coded packet, t SN represents the set of appended tags by SN, and s i is the appended tag by the given intermediate node. If δ = 0, then the received expanded coded packet is verified.

$$ \delta =\sum_{j=1}^{m+n+L+1}C^{\prime }{\prime}_{i,j}\cdot \overline{\left\{{\boldsymbol{b}}_{i,j}\left|\left|{t}_{SN}\right|\right|{s}_i\right\}} $$
(5.10)

Report

When a polluted packet e signed by the previous mobile device’s key ({es i − 1}) is detected, a report is generated by the intermediate node or a DN, who detects pollution. The generated report is the received polluted packet ({es i − 1}) signed by the given node and is represented as {e||s i − 1||s i}.

In the following equation, if δ = 0, then the sender is verified by the SDN controller.

$$ \delta =\sum_{j=1}^{m+n+L+1}C^{\prime }{\prime}_{i,j}\cdot \overline{\left\{e\left|\left|{s}_{i-1}\right|\right|{s}_i\right\}} $$
(5.11)

Then the signature of the adversary node is verified if δ = 0.

$$ \delta =\sum_{j=1}^{m+n+L+1}C^{\prime }{\prime}_{i,j}\cdot \overline{\left\{e\Big\Vert {s}_{i-1}\right\}} $$
(5.12)

3.3 Implementation

Throughout this section, we discuss the process of implementation related to the proposed IDLP mechanism, and we compare it with our previous IDPS scheme [55], being the first time that a new scheme for detection and prevention of intrusions was proposed for NC-enabled mobile small cells. Firstly, 3 butterfly topologies were implemented, consisting of 18 normal nodes and 1 opponent node (see Fig. 5.2), and then the random linear network coding (RLNC) approach was applied. Furthermore, in our implementation, the adversary node was programmed to adjust its received packets in order that it could demonstrate a pollution attack.

Fig. 5.2
figure 2

Implemented three butterfly topologies

Full size image

The implementation is based on the recoding library of Kodo , which made it possible to encode at the SN, recode at the intermediate nodes, and decode at the destination nodes [56]. Kodo has some restrictions with creating a customized generation of packets and keys and also with tag generation. Thus, MATLAB was used in our implementation to generate the packets, their proper tags, and the required keys at the source node and intermediate nodes (these were included manually in Kodo in order to achieve the desired functionality of the implemented scenario).

The size of packet generation has been designated to be 64 symbols, and the symbol size is fixed between 1,000 and 10,000 bytes. Additionally, the quantity of tags attached to the end of each packet is L, which can only be 27, 42, or 54 [47], where the Galois field is GF28. Lastly, it should be considered that the machine being used for running the entire implementation comes with the following characteristics: a 2.7 GHz Core i7 CPU with 8GB of physical memory.

3.4 Performance Evaluation

Throughout this section, we provide the performance evaluation of the proposed IDLP mechanism based on computational and communication overheads, along with the successful decoding probability. It is worthy to reiterate that the proposed IDLP mechanism along with detection of pollution attacks also detects the exact site of the attacker(s) and selects the most suitable preventive approach (e.g., blocking the mobile device being at risk from gaining access to the network) to stop and protect network resources. This will be compared with our baseline IDPS [55] that only detects and drops the polluted packets, where intruders continue to create pollution attacks that result in wastage of network resources.

3.4.1 Computational Overhead

It must be noted that the overall timeline from when the packet is generated until the packet is confirmed and decoded at the destination node s is shown in the following equation:

$$ {T}_{\mathrm{total}}={T}_{\mathrm{enc}}+{T}_{\mathrm{rec}}+{T}_{\mathrm{dec}}+{T}_{\mathrm{ver}} $$
(5.13)

In this equation, the encoding time at the source node is called T enc , the recoding time at each intermediate node is called T rec, the decoding time at the destination node is called T dec, and the verification time at the intermediate and destination nodes is called T ver.

The T total for the baseline IDPS [55] and the proposed IDLP mechanism are demonstrated in Fig. 5.3.

Fig. 5.3
figure 3

T total for different number of tags in [55] and the IDLP

Full size image

This figure contains three curves based on the quantity of tags (i.e., L ∈ {27,42,54}) for each method. As can be observed, through increasing the quantity of tags, the T total increases almost linearly. Nevertheless, the T total for a different number of tags in the proposed IDLP mechanism (e.g., T total = 0.20 for L = 54 when the length of the packet is 10,000 bytes) is below the T total of the baseline IDPS scheme (e.g., T total = 0.22 for L = 54 when the length of the packet is 10,000 bytes) [55].

It is worth to note that the reason why the IDLP T total drops below that of [55] is that in addition to the novel IDLP mechanism delivering not only detection and location capability, there are fewer operational costs since it is not applied at every intermediate node.

Furthermore, the verification and detection time for any corrupted packet in the network for both IDLP schemes is given by Fig. 5.4.

Fig. 5.4
figure 4

The T ver for different number of tags in [55] and the IDLP

Full size image

As it can be seen, the proposed location-based scheme is more competitive than the baseline. On the other hand, it should be mentioned that the IDLP mechanism inherently detects and drops the polluted packet as well as detects the exact site of the attacker(s) and blocks them from the network.

3.4.2 Communicational Overhead

The communication time, T comm, is defined as the communication overhead of the proposed IDLP mechanism. Figure 5.5 displays the T comm according to the various numbers of tags being used for both IDPS schemes.

Fig. 5.5
figure 5

The T comm for different number of tags in [55] and the IDLP

Full size image

The results again substantiate that T comm for the proposed IDLP is below the baseline IDPS value [55]. The difference is due to the fact that the proposed IDLP mechanism blocks the opponents, and therefore they are no longer capable of adjusting the packets in transit. Thus, the SN is not required to resend packets.

3.4.3 Decoding Probability

The probability that a corrupted packet is not detected in the verification phase is called P r. The P r for the proposed and baseline IDPS based on three different number of tags (L ∈ {27,42,54}) is shown in Fig. 5.6 As can be seen, the proposed IDLP mechanism exhibits a P r value of almost 0. Nevertheless, the IDPS proposed in [55] is very close to 0.

Fig. 5.6
figure 6

The P r for different number of tags in [55] and the IDLP

Full size image

In other words, the proposed IDPS approach does not allow the adversary the opportunity to distribute the corrupted packet in the network. While the baseline scheme can still inject pollution in the next transmission of the coded packet from the SN to DNs in the network, in the most novel approach, the detected adversaries are blocked altogether from gaining access to the network.

3.5 Concluding Remarks

This study offered an effective IDLP mechanism for NC-MSCs. The proposed IDLP mechanism builds on our previous effort [46] that now is not only able to detect the pollution attack but is also context aware and able to remove the enemy from the network. The null space-based homomorphic MAC scheme [33] for both the detection and locating schemes is used, which is adjusted for UDNs, that is pivotal for next-generation networks. The proposed IDLP mechanism is able to detect the attacker’s precise site and selects the best preventive approaches (e.g., blocking compromised mobile device from gaining access to the network) to defend the network resources. It is worth mentioning that the proposed IDLP mechanism is more effective compared to the baseline IDPS scheme proposed in [55], since it omits the need to operate on all mobile devices to protect the NC-MSCs from depleting their resources. In particular, simulation results have shown that the proposed IDPS approach is more effective than the baseline counterpart in terms of lower computational complexity, communicational overhead, and unsuccessful decoding probability.

4 Blockchain-Based Integrity Scheme for NC-MSCs

4.1 Introduction

Pollution attacks are considered as one of the major security challenges in NC-enabled networks and raise concerns regarding the adaptation of NC to practical use in beyond 5G networks. Cryptographic-based integrity schemes are proposed to detect and prevent pollution attack s in NC-enabled networks. In this section, we describe a blockchain-based integrity scheme against pollution attacks.

4.1.1 Pollution Attacks

Allowing intermediate nodes to code or recode the packets is the key feature of NC. However, this ability of intermediate nodes to change the packets in transition introduces the security challenge regarding pollution attacks. An adversary node can inject a corrupted packet instead of a genuine packet, and this will pollute the entire information flow to which the corrupted packet is introduced or mixed with [57]. Thus, a single polluted packet can significantly reduce the throughput of the network. Further, if the polluted packet is not detected, it will be used while recoding at a genuine node which will pollute more packets in transition. Thus, identifying pollution attacks at the earliest possible node is an important requirement. On the other hand, challenges in detecting pollution attacks are manifold. Since the polluted packets can be identical to the original packet in packet size and characteristics, pollution attacks can only be identified by verifying the integrity of packets. However, as per the principles of NC, the packets are coded at the intermediate nodes, and these coded packets are sent over the network. This rules out the possibility of using generic integrity schemes in NC-enabled scenarios. However, integrity schemes with homomorphic property over NC-related operations are developed to detect pollution attacks.

4.1.2 Integrity Schemes

Integrity schemes with the homomorphic property over NC-related operations are widely used to detect and prevent pollution attacks in NC-enabled environments [58]. Such integrity schemes using homomorphic MAC s are first proposed in [35]. The homomorphic MAC -based integrity schemes are computationally less complex compared to the homomorphic signatures and hash functions [35]. However, MAC -based integrity schemes require a set of shared secret keys to be available for all the participating nodes. The source node will create the MACs using the keys accessible to it and attach them as tags to the packets. A receiving node with at least one of those keys is used to create the tags and can verify the integrity of the packets. If a node could not verify the received tag, then it will discard the packet as a polluted packet since the integrity cannot be verified. This also leads to another version of pollution attack called tag pollution . In tag pollution attack, the adversary node intentionally attaches a non-verifiable tag to a genuine packet so that it will be discarded at the next genuine node and thus reduces the throughput. An efficient integrity scheme should be able to prevent both data pollution and tag pollution attacks. However, this MAC-based integrity scheme introduces some computational complexity and bandwidth overhead to the system. Furthermore, proper key distribution is mandatory to ensure the security of these schemes. However, emerging technologies, such as blockchain, conceptually engineered as a type of distributed and immutable ledger [59] can be an approach to offer integrity services using MACs.

4.1.3 Blockchain Applications

The concept of blockchain evolved as a research area after it was used in the Bitcoin cryptocurrency . However, this immutable distributed ledger is being studied and used in a variety of other applications in the current digital era [60]. In our proposed scheme, we use blockchain as an immutable, distributed, and decentralized ledger for tag sharing. There are multiple blockchains with different characteristics and requirements. One of the major categorizations of blockchain is based on the method of verifying the block and achieving consensus among the blockchain nodes. Initial blockchains were employing a block verification scheme called proof of work (PoW) where all nodes will compete to verify a block by achieving a very hard cryptographic hash. However, this approach is highly resource-consuming. Proof of stake (PoS)-based block verification schemes are introduced by different blockchains [61, 62] to reduce the energy and computational requirements associated with the blockchain.

4.2 Blockchain-Based Integrity Scheme

As we progress toward the 5G and beyond networks, small cells will be an integral part of the network architecture to provide quality broadband services for remote and isolated devices. Furthermore, D2D communication using side-link channels are already being discussed as the part of 5G in [63]. These future networks are expected to serve a very dense network of heterogeneous devices with high data rates and low energy. Considering these requirements, integrity schemes for NC-enabled small cells need to be scalable and maintain a low computational and bandwidth requirement. Toward this extent, a blockchain-based integrity scheme was proposed in [64].

4.2.1 Enabling Technologies for Integrity Schemes

Most of the integrity schemes in the pre-5G era were having some level of dependency on the network size for the number of tags and the security that can be achieved with a specific number of tags [47, 48]. The number of SNs and the number of neighboring or intermediate nodes in the network are important parameters in defining the security level and key distribution of these approaches and discourage scaling up of these integrity schemes to the small cell environments. [65] presented an integrity scheme that addressed these challenges by presenting one of the initial integrity schemes for NC-enabled small cell environments. However, this work considers a secure central controller connected to all participating nodes. This proposed approach creates tags at the SN and shares it with the centralized entity. Moreover, these tags are also attached to the packets before transmission, and a DN can verify the integrity of the packets by verifying the tag against the packet payload data, as well as verifying the authenticity of the tags by comparing the tags stored at the central entity. In other words, the tags are shared through a secure secondary channel with the receiving nodes.

This approach addresses the challenges of scalability by ensuring that, even if all keys are available to an adversary, the adversary still cannot modify the tags registered at the central authority by the SN. Furthermore, the number of tags required to achieve sufficient and equivalent security compared to the existing integrity schemes was smaller, providing a lower bandwidth and computational overhead. However, this integrity scheme still suffered from other challenges like a single point of failure and requirement of a secure channel from the controller to all participating nodes. The integrity scheme was highly dependent on the security and trustworthiness of the central controller and on the control channel between this central controller and the participating nodes. Moreover, assigning the central controller a major role in the security framework will attract more attacks (honeypot syndrome), and if the adversary can compromise this single entity, the whole system will collapse. To address this challenge, a distributed and decentralized tag sharing scheme was proposed by the authors [64]. This integrity scheme uses a blockchain as the immutable distributed data ledger to share the tags. The blockchain is inherently secure against modifications and distributed in nature and allows all nodes to fetch the required information from the verified blocks.

4.2.2 System Model

The blockchain-based integrity scheme uses MACs to ensure the integrity of the packets. It shares MACs through the blockchain such that the receiving nodes can verify the authenticity of the MACs received with the packets by comparing them with the MACs retrieved from the blockchain. However, creating a blockchain network involving all the participating nodes may not be feasible in a dense heterogeneous network [66]. Thus, the proposed system model considers a blockchain overlay of small cells, where only the small cell heads will be part of the blockchain as full nodes. Other end-devices can fetch the verified blocks from its corresponding small cell head and send candidate transactions (in our case, the tags from the SN). Only these full nodes will participate in the block verification process and store the blockchain entirely. The proposed system architecture is presented in Fig. 5.7.

Fig. 5.7
figure 7

Blockchain-based small cell architecture

Full size image

This blockchain-based integrity scheme uses a MAC which is homomorphic to the RLNC operations. We consider a small cell scenario where devices are capable of D2D multi-hop communication using RLNC principles. Thus, the SN will consider a generation of m packets where each packet P i can be considered as a vector of n elements. In our scheme, the MACs are created over the native packet differing from the previous integrity schemes where the MACs are created over the augmented (coded) packets. Thus, the key size for our integrity scheme depends only on the packet size and is independent of the generation size. If K i is one of the keys from the key set, it shall have n + 1 elements in it. The tag T ij on packet P i using the key K j is created as follows:

$$ {T}_{ij}=\frac{\sum_{l=1}^n{P}_{il}\times {K}_{jl}}{K_{jl+1}} $$
(5.14)

These tags are sent to the blockchain as a candidate transaction and also attached to the packets before encoding. These augmented packets will be considered as a normal packet for encoding. At a receiver node, the authenticity of the tags can be verified by comparing the tags received through the communication channel along with the packets and the tags retrieved from the blockchain. Furthermore, the integrity of the packets is verified by recreating the tags using the key set available with the nodes on the received packet. It is to be noted that our scheme enables the intermediate nodes to simply recode the packet as a normal RLNC packet with no specific algorithm required for tag combining. This is because of the homomorphic property of the proposed tag creation scheme over RLNC operations, which also reduces the computations required at the intermediate node.

4.2.3 Security Approach

The level of security against pollution attacks using MACs will depend upon the field size used for the operations. In most of the practical applications of RLNC, a Galois field of size 28 is used. If q is the field size, then a single tag attached to the packet will ensure that the probability of an adversary successfully introducing a polluted packet to the network and passing through the tag verifications is 1/q. Practically, this security may not be sufficient for all the applications, and we generally use multiple tags to increase the security of the integrity scheme. If l number of tags are attached to the packets, then we can achieve a security level of 1/q l. Thus, in a Galois field of size 28, a single tag attached to the packet provides a security level of 1/28 against pollution attack.

Another main factor that affects the security of the integrity scheme and the number of tags is the probability of colluding adversaries. Multiple adversaries may cooperate to successfully bypass the integrity check. Most of the previously existed integrity schemes addressed this challenge by employing specific key distribution schemes so that the participating nodes may not have all the keys used by the SN to create tags. For example, a c-cover free set system-based key distribution is presented in [48, 67] where the SN should have at least c times the number of keys than any other participating node to achieve security against c colluding attackers. However, such methods have multiple drawbacks and scalability issues. In such cases, the number of tags attached to each packet will also depend on the probability of colluding attackers.

In a dense environment, the probability of colluding attackers is very high, and it will also increase the number of tags required to achieve a high level of security. Furthermore, the overhead due to this increased number of tags will not provide equivalent security to the number of tags attached, but only equal to the number of tags that can be verified at a particular node. In other words, even if L number of tags are attached to the packets by the source node and transmitted across the network, a receiving node that holds only l keys can verify only that many tags and thus provide a security level of 1/q l only. This results in a mismatch between the bandwidth overhead of the system and the security level. Our proposed approach addresses these problems by sharing the tags not only through the communication channel but also at the blockchain such that an adversary cannot modify the packets and create valid tags even if they have all the secret keys. In our scheme, we consider a strong adversary that can possess all the secret keys that are used for tag creation. However, since the original tags are shared directly by the SN to the blockchain, an adversary cannot modify the tags that are stored in the blockchain. Thus, even if it creates valid tags for a polluted packet, the next genuine receiver will discard the packet since it will not match with the corresponding tags stored in the blockchain. This situation does not differ even if multiple adversaries are colluding to bypass the integrity check. Since our integrity scheme does not require any specific key distribution protocol that depends on the number of adversaries in the network, we can allow all the users to have the complete key set and verify all the tags that are attached to the packets. Thus, in our integrity scheme, the bandwidth overhead due to the tags for integrity check is proportional to the security level of the scheme. This will also allow the system to achieve a high security level solely depending on the number of tags attached to it. An analysis of the number of tags and security level is presented in the performance evaluation section.

4.2.4 Lightweight Scheme

As we discussed in the previous section, the security of our integrity scheme depends completely and solely on the number of tags attached to it. Increasing the number of tags will also increase the computational and bandwidth overhead of the system. A trade-off between the level of security and the overheads should be considered before any practical implementations. Furthermore, the security requirements of the system will vary depending on the applications and strictness of authentication schemes in the network. For example, in a restricted company network where all users are authenticated with strict verifications, the probability of an adversary node is lower, and we can reduce the number of tags (thereby reducing the security level and overheads). However, in a public Wi-Fi network, we may have to use a higher number of tags to provide strict integrity checks at every node involved in the transmission. Considering these aspects, we propose a lightweight version of our proposed integrity scheme for the applications where the security requirements are lower.

This lightweight scheme is proposed in two parts. In the first part, we reduce the bandwidth overhead over the communication channel by sharing the tags only through the blockchain. In this way, the SN creates tags over the packet and sends it only to the blockchain. When a node receives this packet, it can fetch the corresponding tags from the blockchain and verify the integrity of the packet. This approach removes any extra overhead due to the security scheme from the communication channel without compromising the security of the scheme. It also eliminates the probability of tag pollution attacks since the intermediate nodes do not send the tags with the packet. In the second part, we compromise on the security level that can be achieved at an intermediate node, but with the advantage of reduced computational complexity by reducing the number of tags verified at that node. Here, we choose an adaptive scheme considering the security requirements of the network and then decide on the number of tags to be verified at each node. Even though every node will have access to all the keys and tags, it will only verify a random number of tags to reduce the computational requirements.

4.2.5 Performance Evaluation

In this section, we evaluate the performance of both the proposed blockchain-based integrity scheme and its lightweight version by comparing its computational complexity and security level. The schemes are simulated in a hybrid environment using the KODO RLNC library [56] for NC-related operations and BigchainDB [62] as the blockchain environment. The integration of these environments is enabled by Postman, a cross-platform integration environment [68]. We consider the field size q = 28, packet size of 1000 bytes, and generation size of 32 for simulations unless specified otherwise in the overhead analysis.

The computational complexity of the proposed approach depends on the tag creation process. As defined by Eq. 5.14, the creation of a single tag requires n + 1 multiplications where n is the number of vector elements in a packet. Since the receiving nodes also perform the same operation to verify the integrity, the complexity of verifying a tag is also similar. Thus, if L tags are created at the source, then the total complexity of tag verification is L × (n + 1) for the basic integrity scheme. In the lightweight version, if we verify only l tags, the complexity is reduced to l × (n + 1). On the other hand, increasing the number of tags will also result in increased security levels. Figure 5.8 shows the trade-off between security level and computational complexity in the specified simulation scenario. This evaluation shows that using eight tags can be considered as an optimal situation for the specified simulation environments. Figure 5.9 shows the comparison of computational complexity against packet size with eight tags per packet for the full version and a lightweight version where only one tag is verified at every node.

Fig. 5.8
figure 8

Trade-off between complexity and security

Full size image
Fig. 5.9
figure 9

Computational complexity of proposed schemes

Full size image

4.3 Concluding Remarks

Detecting and preventing pollution attacks in the NC environment is one of the main obstacles in practical NC implementations. NC-MSC proposed for the 5G and beyond era expects to serve UDNs as well. Efficient integrity schemes with scalability and minimum overhead requirements are required to address this scenario. In this section, we discussed a blockchain-based integrity scheme using homomorphic MACs tailor-made to address the challenges in NC-enabled small cells for highly dense network environments. The proposed approach is independent of the size of the network and the probability of attackers in the network, as well as achieves a high level of security using a small number of tags. Moreover, a lightweight version of the integrity scheme, adaptable to the network security requirements, is also presented. The performance analysis shows the computational efficiency of the proposed schemes. Furthermore, it also presents a trade-off comparison between the computational complexity and security levels to identify the optimal number of tags that can be used in practical applications. This integrity scheme can be considered as a baseline for secure NC against pollution attacks in the 5G and beyond networks.

5 Conclusion

The next-generation mobile network is adopting small cell technology to provide network subscribers with a high QoS, including high data transmission speeds and low latency. However, increasing demands of mobile data in a dense urban environment may still face issues in the future. A cost-effective solution to this problem is provided by the EU-funded H2020-MSCA project “SECRET” in the form of a networking architecture that utilizes NC-MSCs. However, a vast array of security challenges must be addressed prior to its adoption. This chapter addressed the security challenges from the perspective of key management, intrusion detection and prevention, and data integrity.

Various cryptographic security solutions (i.e., encryption schemes, integrity schemes) rely on a key distribution mechanism. However, it was pointed out that UDNs may be incapable of relying on a centralized TTP to organize the secure distribution of cryptographic keys. The recent survey [4] pointed out that a decentralized key management based on the FD-TTP approach is the most suitable solution. Additionally, the FD-TTP-based approach is agnostic to NC-enabled networks. The exploration of existing FD-TTP-based key management schemes shows that the majority of schemes follow the same key management structure, except for two recently proposed solutions [18]. These recently proposed solutions seem capable of having a significant impact on key management performance and security. However, these benefits are still to be validated in practical systems. An important piece missing from many key management solutions is the ability to counter a Sybil attack and has to be addressed to provide a robust security system. If the Sybil attack can be mitigated through the network operator involvement, then the solution by de Ree et al. [28] is also a suitable candidate.

Recently, Parsamehr et al. [50, 55] designed novel intrusion detection and prevention schemes. These schemes are designed for UDNs, in particular NC-MSCs, that aim to remove malicious users that launch potential data pollution attacks. These works have a twofold objective, (i) the rapid detection of polluted data packets and (ii) the identification of the malicious user. Furthermore, they are capable of selecting the best approach to prevent that user from future malicious behavior. Both of the schemes have been implemented in Kodo, where the latest IDLP scheme [50] demonstrated the best performance in terms of computational complexity, communicational overhead, and successful decoding. Therefore, the IDLP scheme is recommended as the most suitable intrusion detection and prevention scheme to secure NC-MSCs.

An alternative approach to preventing pollution attacks is through data integrity schemes. This chapter discussed a blockchain-based integrity scheme that is capable of effectively preventing pollution attacks in UDNs. Furthermore, the blockchain-based integrity scheme is scalable, meaning that the number of attackers or the size of the network has no effect on its performance. It was demonstrated that the security requirement is directly related to the computational complexity. Therefore, a lightweight version of the blockchain-based integrity scheme can be adopted for UDNs with a reduced security requirement. It was evident from the results that their integrity performance can lend this solution to be an effective approach to secure next-generation UDNs, utilizing the NC paradigm against pollution attacks.