Int.
J.
Electron.
Commun.
(AEÜ)
69
(2015)
467–472
Contents
lists
available
at
ScienceDirect
International
Journal
of
Electronics
and
Communications
(AEÜ)
j
ourna
l
h
om
epage:
www.elsevier.com/locate/aeue
SHORT
COMMUNICATION
Secure
random
linear
network
coding
on
a
wiretap
network
Zhanghua
Cao
a
,∗
,
Shibing
Zhang
a
,
Xiaodong
Ji
a
,
Lai
Zhang
b
a
School
of
Electronics
and
Information,
Nantong
University
at
Nantong,
Jiangsu
Province
226019,
PR
China
b
Department
of
Mathematics
and
Mathematical
Statistics,
Umeå
University,
Umeå
SE-90187,
Sweden
a
r
t
i
c
l
e
i
n
f
o
Article
history:
Received
30
April
2014
Accepted
20
October
2014
Keywords:
Wiretap
networks
Information
theoretic
security
Random
linear
network
coding
Secret
sharing
One-time
pad
a
b
s
t
r
a
c
t
We
develop
a
secure
random
linear
network
coding
scheme
on
wiretap
networks
where
a
wiretapper
can
only
eavesdrop
on
a
limited
number
of
channels.
On
one
hand,
by
refining
Lima’s
“locked
coefficients”
method
and
applying
the
approach
of
one-time
pad,
our
scheme
can
well
protect
message
packets
with-
out
decreasing
network
throughput.
On
the
other
hand,
by
treating
ciphertext
as
noisy
symbols,
inspired
by
the
physical
layer
technique,
and
applying
Shamir’s
secret
sharing
scheme,
our
scheme
can
success-
fully
protect
secret
random
seed
without
any
forms
of
key
exchange
or
secret
channels.
Compared
to
existing
schemes,
our
scheme
has
minimum
information
overhead,
independency
of
hash
functions,
and
no
restriction
on
global
encoding
kernel.
Finally,
we
analyze
the
computational
complexity
of
our
proposed
scheme
and
rigorously
prove
that
our
scheme
can
achieve
secure
network
communication.
©
2014
Elsevier
GmbH.
All
rights
reserved.
1.
Introduction
Network
coding
is
a
generalization
of
traditional
store
and
for-
ward
routing
scheme
[1].
While
network
coding
greatly
advances
data
transmission
and
network
reliability
[2,3],
it
brings
forward
new
security
challenges
to
the
emergent
network
coded
systems
[4].
There
are
basically
four
groups
of
secure
network
coding
schemes
against
external
wiretappers.
The
first
group
is
the
schemes
of
information
theoretic
secu-
rity.
Cai
and
Yeung
[5]
developed
a
secure
linear
network
code
based
on
the
assumption
that
an
external
wiretapper
can
access
only
a
limited
number
of
channels.
Wang
and
Guo
[6]
considered
the
perfect
security
in
linear
network
coding
using
well-designed
precoding
matrix.
The
construction
of
precoding
matrix
is
equiva-
lent
to
finding
proper
encoding
vectors
that
realize
perfectly
secure
transmission
of
secret
message.
Rouayheb
[8]
proposed
a
secure
protocol
by
combining
the
Ozarow–Wyner
approach
[7]
of
coset
coding
at
the
source
with
inherent
security.
A
secure
network
cod-
ing
with
nonuniform
or
restricted
wiretap
sets
was
studied
in
[9].
A
common
drawback
of
these
schemes
is
the
linear
reduction
in
communication
rate
with
increasing
number
of
channels
obtained
by
wiretappers.
The
second
group
is
the
weakly
securing
network
coding.
This
type
of
coding
schemes
can
maximize
network
throughput
while
ensuring
that
eavesdropper
gets
no
information
about
each
packet
∗
Corresponding
author.
Tel.:
+86
13815211319.
E-mail
address:
cryptocaozhanghua@126.com
(Z.
Cao).
[10–13].
Wei
et
al.
[11]
developed
a
weakly
secure
network
cod-
ing
scheme
by
using
a
random
permutation
function
which
enables
them
to
map
every
element
in
the
code
field
to
another
element
in
the
same
field.
By
assuming
that
all
intermediate
nodes
are
poten-
tial
wiretappers,
Du
et
al.
[12]
proposed
a
secure
scheme
that
relies
only
on
network
topology
and
showed
that
eavesdroppers
cannot
acquire
any
information
from
secure
message
packets.
A
proba-
bilistic
weak
security
for
linear
network
coding
was
investigated
in
[13].
Although
network
throughput
can
be
maximized,
the
weak
security
of
network
code
is
realized
at
the
expense
of
restricting
the
selection
of
global
encoding
kernel.
The
third
group
is
the
secure
network
coding
schemes
that
built
on
cryptographic
hash
functions.
Adeli
and
Liu
[14]
devel-
oped
a
secure
linear
network
coding
scheme
with
hash
functions
by
imposing
a
restriction
on
the
global
encoding
kernel,
and
their
scheme
can
successfully
minimize
information
overhead.
This
scheme
was
improved
by
removing
the
restriction
on
the
coding
kernel
[15].
However,
this
type
of
schemes
requires
computation
of
the
hash
values
of
each
packet,
thereby
burdening
network
com-
munication.
The
last
group
is
the
schemes
that
employ
secret
key
exchanges
or
secret
channels
[16,17].
This
type
of
schemes
first
generates
locked
coefficients
randomly,
then
encrypts
them
with
the
keys
shared
with
the
destinations,
and
finally
adds
locked
coefficients
to
packet
header.
A
nonlinear
secret
key
agreement
was
considered
in
[17].
This
type
of
schemes
increases
not
only
communication
delay
but
also
algorithm
complexity.
To
overcome
the
limitations
of
above
schemes,
we
propose
here
a
secure
random
linear
network
coding
scheme
by
improving
http://dx.doi.org/10.1016/j.aeue.2014.10.018
1434-8411/©
2014
Elsevier
GmbH.
All
rights
reserved.