A New Direction for Research on Data Origin Authentication in Group Communication

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11261)


Group communication facilitates efficient data transmission to numerous receivers by reducing data replication efforts both at the sender and in the network. Group communication is used in today’s communication networks in many ways, such as broadcasting in cellular networks, IP multicast on the network layer, or as application layer multicast. Despite many efforts in providing data origin authentication for specific application areas in group communication, no efficient and secure all-purpose solution has been proposed so far.

In this paper, we analyze data origin authentication schemes from 25 years of research. We distinguish three general approaches to address the challenge and assign six conceptually different classes to these three approaches. We show that each class comprises trade-offs from a specific point of view that prevent the class from being generally applicable to group communication. We then propose to add a new class of schemes based on recent high-performance digital signatures. We argue that the high-speed signing approach is secure, resource efficient, and can be applied with acceptable communication overhead. This new class therefore provides a solution that is generally applicable and should be the foundation of future research on data origin authentication for group communication.


  1. 1.
    Shirey, R.: Internet Security Glossary, Version 2. RFC 4949 (Informational). Internet Engineering Task Force, August 2007.
  2. 2.
    Sibold, D., Roettger, S., Teichel, K.: Network Time Security. Internet-Draft draft-IETF-NTP-network-time-security-15. IETF Secretariat, September 2016. Accessed 08 Mar 2017
  3. 3.
    Law, Y.W., et al.: Comparative study of multicast authentication schemes with application to wide-area measurement system. In: ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIACCS 2013, pp. 287–298. ACM, NY (2013)., ISBN 978-1-4503-1767-2
  4. 4.
    Tesfay, T., Le Boudec, J.-Y.: Experimental comparison of multicast authentication for wide area monitoring systems. IEEE Trans. Smart Grid 9, 4394–4404 (2017). ISSN 1949–3053, 1949–3061CrossRefGoogle Scholar
  5. 5.
    Hardjono, T., Tsudik, G.: IP multicast security: issues and directions. Annales des télécommunications 55(7–8), 324–340 (2000)Google Scholar
  6. 6.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  7. 7.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). Scholar
  8. 8.
    Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)CrossRefGoogle Scholar
  9. 9.
    Katz, J.: Digital Signatures. Springer, Boston (2010). ISBN 978-0-387-27711-0, 978-0-387-27712-7CrossRefzbMATHGoogle Scholar
  10. 10.
    Steinwandt, R., Villányi, V.I.: A one-time signature using run-length encoding. Inf. Process. Lett. 108(4), 179–185 (2008). ISSN 0020–0190MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Challal, Y., Bettahar, H., Bouabdallah, A.: A taxonomy of multicast data origin authentication: issues and solutions. IEEE Commun. Surv. Tutor. 6(3), 34–57 (2004). ISSN 1553–877XCrossRefGoogle Scholar
  12. 12.
    Canetti, R., et al.: Multicast security: a taxonomy and some efficient constructions. In: Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 1999, Vol. 2, pp. 708–716, March 1999.
  13. 13.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. J. Cryptol. 9(1), 35–67 (1996)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Challal, Y., Bouabdallah, A., Hinard, Y.: RLH: receiver driven layered hash-chaining for multicast data origin authentication. Comput. Commun. 28(7), 726–740 (2005)CrossRefGoogle Scholar
  15. 15.
    Tartary, C., Wang, H., Ling, S.: Authentication of digital streams. IEEE Trans. Inf. Theory 57(9), 6285–6303 (2011). ISSN 0018–9448MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Perrig, A., et al.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy (S&P), pp. 56–73 (2000)Google Scholar
  17. 17.
    Perrig, A., et al.: Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction. RFC 4082 (Informational). Internet Engineering Task Force, June 2005.
  18. 18.
    Wang, Q., et al.: Time valid one-time signature for time-critical multicast data authentication. In: IEEE INFOCOM 2009, pp. 1233–1241, April 2009.
  19. 19.
    Bernstein, D.J., et al.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012)CrossRefGoogle Scholar
  20. 20.
    Gligoroski, D., et al.: MQQ-SIG. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 184–203. Springer, Heidelberg (2012). Scholar
  21. 21.
    Faugère, J.-C., Gligoroski, D., Perret, L., Samardjiska, S., Thomae, E.: A polynomial-time key-recovery attack on MQQ cryptosystems. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 150–174. Springer, Heidelberg (2015). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Institute of TelecommunicationsTU WienViennaAustria

Personalised recommendations