论文信息 - Forward-Secure Authenticated-Encryption in Multi-Receiver Setting

Forward-Secure Authenticated-Encryption in Multi-Receiver Setting

In this paper we study a generic construction of forward-secure authenticated-encryption in unidirectional, multi-receiver setting. By “multi-receiver setting” we mean the situation in which a single center transmits large data to a dynamically changing group of receivers. In such scenario a direct application of bidirectional, unicast methods would lead to multiple problems. In particular, we focus on the problem of vulnerability against a type of denial-of-service (DoS) attack. We show that this problem can be effectively resolved by a mechanism we call “MAC-then-MAC” structure. As the name suggests, this structure uses two independent MACs, but we illustrate how it can be realized without losing efficiency in transmission rate, storage size and computational overhead. Despite the fact that one of the MACs uses a constant key, our construction guarantees integrity in the sense of forward security. We provide a concrete security model showing that our construction achieves confidentiality and strong integrity (replay avoidance, in-order packet delivery, etc.) both in the sense of forward security.

Atsushi Fujioka | Kan Yasuda | Kazumaro Aoki | Eiichiro Fujisaki

[1] Philippe Golle,et al. Authenticating Streamed Data in the Presence of Random Packet Loss , 2001, NDSS.

[2] Hugo Krawczyk,et al. Strengthening Digital Signatures Via Randomized Hashing , 2006, CRYPTO.

[3] Mohamed G. Gouda,et al. Secure group communications using key graphs , 2000, TNET.

[4] Chanathip Namprempre,et al. Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[5] Tadayoshi Kohno,et al. Building Secure Cryptographic Transforms, or How to Encrypt and MAC , 2003, IACR Cryptol. ePrint Arch..

[6] Edwin K. P. Chong,et al. Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7] Mihir Bellare,et al. A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[8] Moni Naor,et al. Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[9] Daniel Massey,et al. Reliably, Securely and Efficiently Distributing Electronic Content Using Multicasting , 2005, EC-Web.

[10] Mihir Bellare,et al. Forward-Security in Private-Key Cryptography , 2003, CT-RSA.