DaTA -- Data-Transparent Authentication Without Communication Overhead

With the development of Internet computing techniques, continuous data streams from remote sites are commonly used in scientific and commercial applications. Correspondingly, there is increasing demand of assuring the integrity and authenticity of received data streams. Existing strategies of assuring data integrity and authenticity mainly use message authentication codes (MAC) generated on data blocks and transfer the MAC to the receiver for authentication through either out of band communication or in band communication. Transferring the MAC via out of band communication inevitably introduces communication overhead and additional complexity to synchronize the out of band communication with the data communication. Transferring the MAC via in band channel can be achieved by either appending the MAC to the original data or embedding the MAC into the original data, which would either incur communication overhead or change the original data. It would be desirable to be able to authenticate the stream data without any communication overhead and changing the original data at the same time. To deal with data packet or block loss, many of existing stream data authentication schemes rely on hash chaining, the current usage of which results in uncertainty in authenticating the subsequent data blocks once the first data packet or block loss is detected. In this paper, we propose a novel application layer authentication strategy called DaTA. This authentication scheme requires no change to the original data and causes no additional communication overhead. In addition, it can continue authenticating the rest of data stream even if some data loss has been detected. Our analysis shows that our authentication scheme is robust against packet loss and network jitter. We have implemented a prototype system to evaluate its performance. Our empirical results show that our proposed scheme is efficient and practical under various network conditions

[1]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[2]  Alain Pannetrat,et al.  Real time multicast authentication , 2003 .

[3]  David Moore,et al.  Characteristics of fragmented IP traffic on internet links , 2001, IMW '01.

[4]  H. Hawkins,et al.  The National Hurricane Center , 1961 .

[5]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[6]  Yin Zhang,et al.  The Stationarity of Internet Path Properties: Routing, Loss, and Throughput , 2000 .

[7]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[8]  Shai Ben-David,et al.  Detecting Change in Data Streams , 2004, VLDB.

[9]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[10]  Alec Wolman,et al.  Measurement and Analysis of a Streaming Media Workload , 2001, USITS.

[11]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[12]  Philippe Golle,et al.  Authenticating Streamed Data in the Presence of Random Packet Loss , 2001, NDSS.

[13]  Robert M. White,et al.  National Oceanic and Atmospheric Administration , 2020, Federal Regulatory Guide.

[14]  Jessica Staddon,et al.  Graph-based authentication of digital streams , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[15]  Chun-Shien Lu,et al.  Multipurpose audio watermarking , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[16]  Jiri Fridrich,et al.  Images with self-correcting capabilities , 1999, Proceedings 1999 International Conference on Image Processing (Cat. 99CH36348).

[17]  Heng Yin,et al.  Building an Application-Aware IPsec Policy System , 2005, IEEE/ACM Transactions on Networking.

[18]  Matt Blaze,et al.  The Architecture and Implementation of Network Layer Security in UNIX , 1993, USENIX Security Symposium.

[19]  Al Morton,et al.  Standardized active measurements on a tier 1 IP backbone , 2003, IEEE Commun. Mag..

[20]  Shih-Fu Chang,et al.  A robust image authentication method distinguishing JPEG compression from malicious manipulation , 2001, IEEE Trans. Circuits Syst. Video Technol..

[21]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[22]  Adrian Perrig,et al.  Distillation Codes and Applications to DoS Resistant Multicast Authentication , 2004, NDSS.

[23]  Lawrence O'Gorman,et al.  Electronic marking and identification techniques to discourage document copying , 1994, Proceedings of INFOCOM '94 Conference on Computer Communications.

[24]  Edwin K. P. Chong,et al.  Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[25]  Bernd Girod,et al.  Watermarking of MPEG-2 encoded video without decoding and reencoding , 1997, Electronic Imaging.

[26]  Zheng Liu,et al.  Multimedia authentication with sensor-based watermarking , 2004, MM&Sec '04.

[27]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[28]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[29]  Minghua Chen,et al.  A fragile watermark error detection scheme for wireless video communications , 2005, IEEE Transactions on Multimedia.