Efficient multicast stream authentication using erasure codes

We describe a novel method for authenticating multicast packets that is robust against packet loss. Our focus is to minimize the size of the communication overhead required to authenticate the packets. Our approach is to encode the hash values and the signatures with Rabin's Information Dispersal Algorithm (IDA) to construct an authentication scheme that amortizes a single signature operation over multiple packets. This strategy is especially efficient in terms of space overhead, because just the essential elements needed for authentication (i.e., one hash per packet and one signature per group of packets) are used in conjunction with an erasure code that is space optimal. Using asymptotic techniques, we derive the authentication probability of our scheme using two different bursty loss models. A lower bound of the authentication probability is also derived for one of the loss models. To evaluate the performance of our scheme, we compare our technique with four other previously proposed schemes using empirical results.

[1]  Edwin K. P. Chong,et al.  Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[2]  Gustavus J. Simmons,et al.  Authentication Theory/Coding Theory , 1985, CRYPTO.

[3]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[4]  Michael Luby,et al.  A digital fountain approach to reliable distribution of bulk data , 1998, SIGCOMM '98.

[5]  Philippe Golle,et al.  Authenticating Streamed Data in the Presence of Random Packet Loss , 2001, NDSS.

[6]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[7]  Moti Yung,et al.  Multi-receiver/multi-sender network security: efficient authenticated multicast/feedback , 1992, [Proceedings] IEEE INFOCOM '92: The Conference on Computer Communications.

[8]  Mark Handley,et al.  The Use of Forward Error Correction (FEC) in Reliable Multicast , 2002, RFC.

[9]  Don Towsley,et al.  Packet loss correlation in the MBone multicast network , 1996, Proceedings of GLOBECOM'96. 1996 IEEE Global Telecommunications Conference.

[10]  R. Blahut Theory and practice of error control codes , 1983 .

[11]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[12]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Sheldon M. Ross,et al.  Stochastic Processes , 2018, Gauge Integral Structures for Stochastic Calculus and Quantum Electrodynamics.

[14]  Ben Y. Zhao,et al.  Silverback: A Global-Scale Archival System , 2001 .

[15]  Hugo Krawczyk Distributed fingerprints and secure information dispersal , 1993, PODC '93.

[16]  Donald F. Towsley,et al.  Measurement and modelling of the temporal dependence in packet loss , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[17]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1999, TNET.

[18]  Matthew K. Franklin,et al.  Lower Bounds for Multicast Message Authentication , 2001, EUROCRYPT.

[19]  Daniel A. Spielman,et al.  Practical loss-resilient codes , 1997, STOC '97.

[20]  Douglas Comer Internetworking with Tcp/ip, Vol 1 , 2005 .

[21]  Refik Molva,et al.  Authenticating real time packet streams and multicasts , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[22]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[23]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[24]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[25]  Douglas Comer,et al.  Internetworking with TCP/IP , 1988 .

[26]  ZHANGLi-xia,et al.  A reliable multicast framework for light-weight sessions and application level framing , 1995 .

[27]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[28]  Alex Koifman,et al.  RAMP: a reliable adaptive multicast protocol , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[29]  Jessica Staddon,et al.  Graph-based authentication of digital streams , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.