Authenticating Multicast Streams in Lossy Channels Using Threshold Techniques

Pieprzyk

2007

Int. J. Inf. Secur.

Self Cite

We study the multicast stream authentication problem when an opponent can drop, reorder and introduce data packets into the communication channel. In such a model, packet overhead and computing efficiency are two parameters to be taken into account when designing a multicast stream protocol. In this paper, we propose to use two families of erasure codes to deal with this problem, namely, rateless codes and maximum distance separable codes. Our constructions will have the following advantages. First, our packet overhead will be small. Second, the number of signature verifications to be performed at the receiver is O(1). Third, every receiver will be able to recover all the original data packets emitted by the sender despite losses and injection occurred during the transmission of information.

“…Denote q the left hand side of Inequality (2). Write τ as the concatenation a 0 · · · a ρ N of (ρ N + 1) elements of F 2 q after suitable padding.…”

Section: Algorithm 6 Authenticator2mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A coding approach to the multicast stream authentication problem

Pieprzyk

2007

Int. J. Inf. Secur.

Self Cite

“…Golle and Modadugu (2001) and Miner and Staddon (2001) proved other bounds based on augmented chains. Al-ibrahim and Pieprzyk (2001) used linear equations and polynomial interpolation whereas Pannetrat and Molva (2002) proposed some erasure codes to achieve signature dispersion. Gao and Yao (2005) proposed to use an online/off-line signature (Even et al, 1989) to sign the first stream packet.…”

Section: Introductionmentioning

confidence: 99%

Efficient multicast stream authentication for the fully adversarial network model

2007

IJSN

We consider the stream authentication problem when an adversary has the ability to drop, reorder or inject data in the network. We propose a coding approach for multicast stream authentication using the list-decoding property of Reed-Solomon codes. We divide the data to be authenticated into a stream of packets and associate a single trapdoor hash collision for every λn packets where λ and n are predesignated parameters. Our scheme, which is also joinable at the boundary of any n-packet block, can be viewed as an extension of Lysyanskaya, Tamassia and Triandopoulos's technique in which λ = 1. We show that by choosing λ and n appropriately, our scheme outperforms theirs in time spent for processing data at the sender and receiver. Our approach relies on the dispersion process as SAIDA and eSAIDA. Assuming that we use RSA for signing and SHA-256 for hashing, we give an approximation of the proportion of extra packets per block which could be processed via our technique with respect to the previous scheme. As example when we process λ = 1000 blocks of 2650 64-byte-packets, the gain of our scheme with respect to Lysyanskaya et al.'s is about 30%.

“…Nevertheless large-scale broadcasts prevent lost content from being redistributed since the lost of any piece of data could generate a prohibitive number of redistribution requests at the sender. Furthermore, the channel can be under the control of adversaries performing malicious actions on the data stream 1 . Thus the security of multicast protocols relies on two aspects: the opponents' computational powers and the network properties.…”

Section: Introductionmentioning

confidence: 99%

Combining Prediction Hashing and MDS Codes for Efficient Multicast Stream Authentication

Information Security and Privacy

We study the multicast stream authentication problem when the communication channel is under control of an opponent who can drop, reorder and inject data packets. In this work, we consider that the stream to be authenticated is divided into block of n packets and we assume that the sender can memorize λ such blocks. Two important parameters for stream authentication protocols are packet overhead and computing efficiency. Our construction will exhibit the following advantages. First, our packet overhead will be a few hashes long. Second, the number of signature verifications per family of λ blocks will be O(1) as a function of both λ and n. Third, hash chains will enable the receiver to check the validity of received elements upon reception. As a consequence he will only buffer those consistent with the original data packets. Fourth, the receiver will be able to recover all the data packets emitted by the sender despite erasures and injections by running the decoding algorithm of the maximal distance separable code onto the elements which have passed the previous filtering process.