Spread: Improving Network Security by Multipath Routing

This paper considers the delivery of secret information across insecure networks. A novel end-to-end multipath secure data delivery scheme, Secure Protocol for REIiable dAta Delivery (SPREAD), is proposed as a complementary mechanism for the data confidentiality service in the public networks. The idea behind SPREAD is io improve the confidentiality by enforcing the secret sharing principle in the network via multipath routing. With a (r,N) secret sharing scheme, the message io be protected can be divided into N shares such that from any T o r more shares, it can easily recover the message, while from any T-1 or less shares, it should be impossible to recover the message. Then using multipath routing, the shares are delivered across the network via multiple independent paths. The destination node reconstructs the original message upon receiving T or more shares. This paper presents the system architecture of the SPREAD scheme, including how to divide the secret message into multiple shares using the secret sharing scheme, how to find the desired multiple secure paths, as well as how to allocate the message shares onto each selected path such that maximum security can be achieved. The discussion on the optimal share allocations reveals ihat redundant SPREAD scheme is not only more secure but also more errortolerant and fault-tolerani. The simulation results show that significantly reduced message interception ratio can be achieved by SPREAD.