Signing the First Packet in Amortization Scheme for Multicast Stream Authentication

Signature amortization schemes have been introduced for authenticating multicast streams, in which, a single signature is amortized over several packets. The hash value of each packet is computed, some hash values are appended to other packets, forming what is known as hash chain. These schemes divide the stream into blocks, each block is a number of packets, the signature packet in these schemes is either the first or the last packet of the block. Amortization schemes are efficient solutions in terms of computation and communication overhead, specially in real-time environment. The main effictive factor of amortization schemes is it’s hash chain construction. Some studies show that signing the first packet of each block reduces the receiver’s delay and prevents DoS attacks, other studies show that signing the last packet reduces the sender’s delay. To our knowledge, there is no studies that show which is better, to sign the first or the last packet in terms of authentication probability and resistance to packet loss. In th is paper we will introduce another scheme for authenticating multicast streams that is robust against packet loss, reduces the overhead, and prevents the DoS attacks experienced by the receiver in the same time. Our scheme-The Multiple Connected Chain signing the First packet (MCF) is to append the hash values of specific packets to other packets,then append some hashes to the signature packet which is sent as the first packet in the block. This scheme is aspecially efficient in terms of receiver’s delay. We discuss and evaluate the performance of our proposed scheme against those that sign the last packet of the block. Keywords—multicast stream authentication, hash chain construction, signature amortization, authentication probability.

[1]  Wenyu Jiang,et al.  Modeling of Packet Loss and Delay and Their Effect on Real-Time Multimedia Service Quality , 2000 .

[2]  Susumu Shibusawa,et al.  Signature Amortization Using Multiple Connected Chains , 2005, Communications and Multimedia Security.

[3]  Refik Molva,et al.  Authenticating real time packet streams and multicasts , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[4]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, Inf. Comput..

[5]  Qusai Abuein,et al.  A Graph-based New Amortization Scheme for Multicast Streams Authentication , 2005 .

[6]  Edwin K. P. Chong,et al.  Efficient multicast stream authentication using erasure codes , 2003, TSEC.

[7]  Jessica Staddon,et al.  Graph-based authentication of digital streams , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[9]  Philippe Golle,et al.  Authenticating Streamed Data in the Presence of Random Packet Loss , 2001, NDSS.

[10]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[11]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[12]  Georg Carle,et al.  Framework model for packet loss metrics based on loss runlengths , 1999, Electronic Imaging.

[13]  Aldar C.-F. Chan,et al.  A graph-theoretical analysis of multicast authentication , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..