An Hybrid Approach for Efficient Multicast Stream Authentication over Unsecured Channels

  • Christophe Tartary
  • Huaxiong Wang
  • Josef Pieprzyk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4784)

Abstract

We study the multicast stream authentication problem when an opponent can drop, reorder and inject data packets into the communication channel. In this context, bandwidth limitation and fast authentication are the core concerns. Therefore any authentication scheme is to reduce as much as possible the packet overhead and the time spent at the receiver to check the authenticity of collected elements. Recently, Tartary and Wang developed a provably secure protocol with small packet overhead and a reduced number of signature verifications to be performed at the receiver.

In this paper, we propose an hybrid scheme based on Tartary and Wang’s approach and Merkle hash trees. Our construction will exhibit a smaller overhead and a much faster processing at the receiver making it even more suitable for multicast than the earlier approach. As Tartary and Wang’s protocol, our construction is provably secure and allows the total recovery of the data stream despite erasures and injections occurred during transmission.

Keywords

Stream Authentication Polynomial Reconstruction Unsecured Channel Merkle Hash Tree Erasure Code 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Al-Ibrahim, M., Pieprzyk, J.: Authenticating multicast streams in lossy channels using threshold techniques. In: Lorenz, P. (ed.) ICN 2001. LNCS, vol. 2094, pp. 239–249. Springer, Heidelberg (2001)Google Scholar
  2. 2.
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Barreto, P.S., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002)Google Scholar
  4. 4.
    Benaloh, J., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Blundo, C., De Santis, A., Herzberg, A., Kutten, S., Vaccaro, U., Yung, M.: Perfectly-secure key distribution for dynamic conferences. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 471–486. Springer, Heidelberg (1993)Google Scholar
  6. 6.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Contini, S., Lenstra, A.K., Steinfeld, R.: VSH: an efficient and provable collision resistant hash function. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 165–182. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Dai, W.: Crypto++ 5.2.1 benchmarks (July 2004)Google Scholar
  9. 9.
    Desmedt, Y., Frankel, Y., Yung, M.: Multi-receiver/multi-sender network security: Efficient authenticated multicast/feedback. In: IEEE INFOCOM 1992, vol. 3, pp. 2045–2054. IEEE Computer Society Press, Los Alamitos (1992)Google Scholar
  10. 10.
    Fu, J.C., Lou, W.Y.W.: Distribution Theory of Runs and Patterns and its Applications. World Scientific Publishing, Singapore (2003)MATHGoogle Scholar
  11. 11.
    Gennaro, R., Rohatgi, P.: How to sign digital streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)Google Scholar
  12. 12.
    Golle, P., Modadugu, N.: Authenticating streamed data in the presence of random packet loss. In: Symposium on Network and Distributed Systems Security, pp. 13–22. Internet Society (2001)Google Scholar
  13. 13.
    Guruswami, V.: List Decoding of Error-Correcting Codes. Springer, Heidelberg (2004)MATHGoogle Scholar
  14. 14.
    Guruswami, V., Sudan, M.: Improved decoding of Reed-Solomon and algebraic-geometric codes. IEEE Transactions on Information Theory 45(6), 1757–1767 (1999)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Karlof, C., Sastry, N., Li, Y., Perrig, A., Tygar, J.D.: Distillation codes and applications to DoS resistant multicast authentication. In: 11th Network and Distributed Systems Security Symposium (NDSS) (2004)Google Scholar
  16. 16.
    Lidl, R., Niederreiter, H.: Introduction to Finite Fields and their Applications - Revised Edition. Cambridge University Press, Cambridge (2000)Google Scholar
  17. 17.
    Lysyanskaya, A., Tamassia, R., Triandopoulos, N.: Multicast authentication in fully adversarial networks. In: IEEE Symposium on Security and Privacy, pp. 241–253. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  18. 18.
    MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes. North-Holland, Amsterdam (1977)MATHGoogle Scholar
  19. 19.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA (1996)Google Scholar
  20. 20.
    Merkle, R.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  21. 21.
    Miner, S., Staddon, J.: Graph-based authentication of digital streams. In: IEEE Symposium on Security and Privacy, pp. 232–246. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  22. 22.
    Moon, T.K.: Error Correction Coding: Mathematical Methods and Algorithms. Wiley, Chichester (2005)Google Scholar
  23. 23.
    National Institute of Standards and Technology. FIPS 180-2: Secure Hash Standard (SHS) (August 2002. Amended 25 (February 2004)), available online at: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
  24. 24.
    Nguyen, L.: Accumulators from bilinear pairings and applications. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 275–292. Springer, Heidelberg (2005)Google Scholar
  25. 25.
    Nyberg, K.: Fast accumulated hashing. In: Gollmann, D. (ed.) Fast Software Encryption. LNCS, vol. 1039, pp. 83–87. Springer, Heidelberg (1996)Google Scholar
  26. 26.
    Pannetrat, A., Molva, R.: Authenticating real time packet streams and multicasts. In: 7th International Symposium on Computers and Communications, IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  27. 27.
    Park, J.M., Chong, E.K.P., Siegel, H.J.: Efficient multicast packet authentication using signature amortization. In: IEEE Symposium on Security and Privacy, pp. 227–240. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  28. 28.
    Park, J.M., Chong, E.K.P., Siegel, H.J.: Efficient multicast stream authentication using erasure codes. ACM Transactions on Information and System Security 6(2), 258–285 (2003)CrossRefGoogle Scholar
  29. 29.
    Park, Y., Cho, Y.: The eSAIDA stream authentication scheme. In: Laganà, A., Gavrilova, M., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 799–807. Springer, Heidelberg (2004)Google Scholar
  30. 30.
    Paxson, V.: End-to-end Internet packet dynamics. IEEE/ACM Transactions on Networking 7(3), 277–292 (1999)CrossRefGoogle Scholar
  31. 31.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  32. 32.
    Perrig, A., Tygar, J.D.: Secure Broadcast Communication in Wired and Wireless Networks. Kluwer Academic Publishers, Dordrecht (2003)Google Scholar
  33. 33.
    Pieprzyk, J., Hardjono, T., Seberry, J.: Fundamentals of Computer Security. Springer, Heidelberg (2003)MATHGoogle Scholar
  34. 34.
    Rivest, R.L., Shamir, A., Adelman, L.: A method for obtaining digital signatures and public key cryptosystems. Communication of the ACM 21(2), 120–126 (1978)MATHCrossRefGoogle Scholar
  35. 35.
    Rohatgi, P.: A compact and fast hybrid signature scheme for multicast packet authentication. In: 6th ACM Conference on Computer and Communications Security, pp. 93–100. ACM Press, New York (1999)CrossRefGoogle Scholar
  36. 36.
    Safavi-Naini, R., Wang, H.: New results on multi-receiver authentication code. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 527–541. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  37. 37.
    Scott, M., Costigan, N., Abdulwahab, W.: Implementing cryptographic pairings on smartcards. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 134–147. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  38. 38.
    Stinson, D.R.: Cryptography: Theory and Practice, 3rd edn. Chapman & Hall/CRC (2006)Google Scholar
  39. 39.
    Tartary, C., Wang, H.: Achieving multicast stream authentication using MDS codes. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 108–125. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  40. 40.
    Tartary, C., Wang, H.: Efficient multicast stream authentication for the fully adversarial network. International Journal of Security and Network (Special Issue on Cryptography in Networks) 2(3/4), 175–191 (2007)Google Scholar
  41. 41.
    Wong, C.K., Lam, S.S.: Digital signatures for flows and multicasts. IEEE/ACM Transactions on Networking 7(4), 502–513 (1999)CrossRefGoogle Scholar
  42. 42.
    Yajnik, M., Moon, S., Kurose, J., Towsley, D.: Measurement and modeling of the temporal dependence in packet loss. In: IEEE INFOCOM 1999, vol. 1, pp. 345–352. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Christophe Tartary
    • 1
    • 2
  • Huaxiong Wang
    • 1
    • 3
  • Josef Pieprzyk
    • 3
  1. 1.Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological UniversitySingapore
  2. 2.Institute for Theoretical Computer Science, Tsinghua University, Beijing, 100084P.R. China
  3. 3.Centre for Advanced Computing - Algorithms and Cryptography, Department of Computing, Macquarie University, NSW 2109Australia

Personalised recommendations