Numerous practical systems based on network coding have been proposed in recent years demonstrating the wide range of benefits of network coding, such as increased throughput, reliability, and energy efficiency. However, network coding systems are inherently vulnerable to a severe attack, known as packet pollution, which presents a key obstacle to the deployment of such systems. Several cryptographic schemes have been proposed to defend against pollution attacks. We conduct a detailed analysis and an experimental evaluation in a realistic wireless network coding setting of a set of representative cryptographic defenses against pollution attacks. Our analysis identifies severe limitations of asymmetric-based schemes, which impose high communication overhead by placing constraints on the basic network coding parameters and high computation overhead by relying on numerous operations over large fields. Our analysis also shows that symmetric cryptographic schemes, while having better performance than asymmetric cryptographic-based schemes, impose prohibitive overhead in the presence of multiple byzantine adversaries. We further evaluate these schemes by using a set of typical network coding system parameters on a realistic topology. Our experimental evaluation shows that all the schemes we compare induce a throughput degradation that negates the performance benefits of network coding in the presence of multiple colluding adversaries.
