Security for network coding file distribution
First Claim
1. A method for defeating a malicious node in a content distribution network of interconnected cooperative nodes, the method comprising:
- creating a new encoded block from a linear combination of multiple encoded blocks corresponding to a file, the creating comprising;
choosing a coefficient vector;
multiplying individual values of the coefficient vector by individual byte values of individual bytes of the file; and
summing results produced by the multiplying to provide the new encoded block;
calculating, at a first cooperative node of the content distribution network, an expected hash of the new encoded block by applying a hash function to individual security parameters;
applying the hash function to the new encoded block to determine an actual hash;
validating the new encoded block based on a comparison of the actual hash and the expected hash, wherein the validating comprises verifying the new encoded block as invalid when the comparison indicates the actual hash and the expected hash are not equal or identifying the new encoded block as valid when the comparison indicates the actual hash and the expected hash are equal; and
when the new encoded block is verified as invalid;
performing a search to discover at least one invalid encoded block of the new encoded block, wherein performing the search comprises;
dividing individual encoded blocks of the new encoded block into sets of encoded blocks, creating newer blocks for each of the sets of encoded blocks, and verifying each of the newer blocks; and
sending, by the first cooperative node, an alert regarding the invalidity of the at least one invalid encoded block to at least one other cooperative node of the content distribution network with which the first cooperative node has been exchanging blocks.
2 Assignments
0 Petitions
Accused Products
Abstract
A content distribution mechanism that relies on cooperative desktop PCs to distribute content is disclosed. The mechanism distributes content in a robust manner by allowing at least one intermediate network node (i.e., between a source and client) to generate and send packets that contain a linear combination of the portions of content available at the node. Such linear combinations may be created by the source and client using at least a portion of the original content file in either encoded or unencoded form. After the client has received enough linearly independent combinations of packets, the original content may be reconstructed. Further, security for network coding file distribution may be employed to maintain the efficiency and security of the content distribution mechanism. A security server may generate security information using a hashing algorithm including the property of producing security information for each block which survives the process of creating encoded blocks. The security server may generate a unique set of security information for each node participating in the content distribution which each node may then use to verify that the blocks being examined are valid and were created from a linear combination of the original blocks of the file.
33 Citations
18 Claims
-
1. A method for defeating a malicious node in a content distribution network of interconnected cooperative nodes, the method comprising:
-
creating a new encoded block from a linear combination of multiple encoded blocks corresponding to a file, the creating comprising; choosing a coefficient vector; multiplying individual values of the coefficient vector by individual byte values of individual bytes of the file; and summing results produced by the multiplying to provide the new encoded block; calculating, at a first cooperative node of the content distribution network, an expected hash of the new encoded block by applying a hash function to individual security parameters; applying the hash function to the new encoded block to determine an actual hash; validating the new encoded block based on a comparison of the actual hash and the expected hash, wherein the validating comprises verifying the new encoded block as invalid when the comparison indicates the actual hash and the expected hash are not equal or identifying the new encoded block as valid when the comparison indicates the actual hash and the expected hash are equal; and when the new encoded block is verified as invalid; performing a search to discover at least one invalid encoded block of the new encoded block, wherein performing the search comprises;
dividing individual encoded blocks of the new encoded block into sets of encoded blocks, creating newer blocks for each of the sets of encoded blocks, and verifying each of the newer blocks; andsending, by the first cooperative node, an alert regarding the invalidity of the at least one invalid encoded block to at least one other cooperative node of the content distribution network with which the first cooperative node has been exchanging blocks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 17, 18)
-
-
8. A method comprising:
-
creating an encoded block from a file, the creating comprising; choosing a coefficient vector; multiplying individual values of the coefficient vector by individual byte values of individual bytes of the file; and summing results produced by the multiplying to provide the encoded block; storing, by a first cooperative node, the encoded block in a boundary denoted as insecure; calculating an actual hash of the encoded block; calculating an expected hash of the encoded block using a security parameter uniquely generated for the first cooperative node; comparing the actual hash and the expected hash; moving the encoded block to a boundary denoted as secure when the actual hash and the expected hash are equal; and when the actual hash and the expected hash are unequal, sending, by the first cooperative node, an alert that the encoded block is invalid to at least one other cooperative node with which the first cooperative node has been exchanging blocks. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a plurality of nodes, at least one of the plurality of nodes being a device comprising at least one processor; means for storing, by a first cooperative node of the plurality of nodes, security parameters related to original blocks of a file; means for storing encoded blocks corresponding to the file; means for creating a newly encoded block corresponding to the file from a linear combination of the encoded blocks, the means for creating the newly encoded block comprising; randomly choosing a set of coefficient vector values; multiplying individual coefficient vector values by individual byte values of individual bytes of the file; and summing results produced by the multiplying to provide the newly encoded block; means for calculating an actual hash of the newly encoded block; means for calculating an expected hash of the newly encoded block using the security parameters and the set of coefficient vector values; means for validating the encoded blocks based on a comparison of the actual hash of the newly encoded block and the expected hash of the newly encoded block; means for performing a binary search to identify at least one invalid encoded block from the encoded blocks, wherein performing the binary search comprises dividing the encoded blocks into two sets of encoded blocks and verifying each of the two sets of encoded blocks, wherein the dividing and the verifying are repeatable until the at least one invalid encoded block is identified; and means for sending an alert regarding invalidity of the newly encoded block to at least one other cooperative node of the plurality of nodes with which the first cooperative node is configured to exchange blocks. - View Dependent Claims (16)
-
Specification