A New Direction for Research on Data Origin Authentication in Group Communication
Group communication facilitates efficient data transmission to numerous receivers by reducing data replication efforts both at the sender and in the network. Group communication is used in today’s communication networks in many ways, such as broadcasting in cellular networks, IP multicast on the network layer, or as application layer multicast. Despite many efforts in providing data origin authentication for specific application areas in group communication, no efficient and secure all-purpose solution has been proposed so far.
In this paper, we analyze data origin authentication schemes from 25 years of research. We distinguish three general approaches to address the challenge and assign six conceptually different classes to these three approaches. We show that each class comprises trade-offs from a specific point of view that prevent the class from being generally applicable to group communication. We then propose to add a new class of schemes based on recent high-performance digital signatures. We argue that the high-speed signing approach is secure, resource efficient, and can be applied with acceptable communication overhead. This new class therefore provides a solution that is generally applicable and should be the foundation of future research on data origin authentication for group communication.
- 1.Shirey, R.: Internet Security Glossary, Version 2. RFC 4949 (Informational). Internet Engineering Task Force, August 2007. http://www.ietf.org/rfc/rfc4949.txt
- 2.Sibold, D., Roettger, S., Teichel, K.: Network Time Security. Internet-Draft draft-IETF-NTP-network-time-security-15. IETF Secretariat, September 2016. https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-15. Accessed 08 Mar 2017
- 3.Law, Y.W., et al.: Comparative study of multicast authentication schemes with application to wide-area measurement system. In: ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIACCS 2013, pp. 287–298. ACM, NY (2013). https://doi.org/10.1145/2484313.2484349, ISBN 978-1-4503-1767-2
- 5.Hardjono, T., Tsudik, G.: IP multicast security: issues and directions. Annales des télécommunications 55(7–8), 324–340 (2000)Google Scholar
- 12.Canetti, R., et al.: Multicast security: a taxonomy and some efficient constructions. In: Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 1999, Vol. 2, pp. 708–716, March 1999. https://doi.org/10.1109/INFCOM.1999.751457
- 16.Perrig, A., et al.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy (S&P), pp. 56–73 (2000)Google Scholar
- 17.Perrig, A., et al.: Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction. RFC 4082 (Informational). Internet Engineering Task Force, June 2005. http://www.ietf.org/rfc/rfc4082.txt
- 18.Wang, Q., et al.: Time valid one-time signature for time-critical multicast data authentication. In: IEEE INFOCOM 2009, pp. 1233–1241, April 2009. https://doi.org/10.1109/INFCOM.2009.5062037