The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.07 - July (2010 vol.59)
pp: 943-954
Songqing Chen , George Mason University, Fairfax
Shiping Chen , Sybase, Inc.
Xinyuan Wang , George Mason University, Fairfax
Zhao Zhang , Iowa State University, Ames
Sushil Jajodia , George Mason University, Fairfax
ABSTRACT
With abundant aggregate network bandwidth, continuous data streams are commonly used in scientific and commercial applications. Correspondingly, there is an increasing demand of authenticating these data streams. Existing strategies explore data stream authentication by using message authentication codes (MACs) on a certain number of data packets (a data block) to generate a message digest, then either embedding the digest into the original data, or sending the digest out-of-band to the receiver. Embedding approaches inevitably change the original data, which is not acceptable under some circumstances (e.g., when sensitive information is included in the data). Sending the digest out-of-band incurs additional communication overhead, which consumes more critical resources (e.g., power in wireless devices for receiving information) besides network bandwidth. In this paper, we propose a novel strategy, DaTA, which effectively authenticates data streams by selectively adjusting some interpacket delay. This authentication scheme requires no change to the original data and no additional communication overhead. Modeling-based analysis and experiments conducted on an implemented prototype system in an LAN and over the Internet show that our proposed scheme is efficient and practical.
INDEX TERMS
DaTA, authentication, timing correlation, covert channel, data transparent.
CITATION
Songqing Chen, Shiping Chen, Xinyuan Wang, Zhao Zhang, Sushil Jajodia, "An Application-Level Data Transparent Authentication Scheme without Communication Overhead", IEEE Transactions on Computers, vol.59, no. 7, pp. 943-954, July 2010, doi:10.1109/TC.2010.80
REFERENCES
[1] "National Hurricane Center," http:/www.nhc.noaa.gov/, 2010.
[2] "National Oceanic and Atmospheric Adminstration," http:/www.nesdis.noaa.gov/, 2010.
[3] CiberStock Quote & Chart/Share Price, http:/www.advfn.com/, 2010.
[4] M. Chesire, A. Wolman, G. Voelker, and H. Levy, "Measurement and Analysis of a Streaming Media Workload," Proc. Third USENIX Symp. Internet Technologies and Systems, Mar. 2001.
[5] M. Chen, Y. He, and R. Lagendijk, "A Fragile Watermark Error Detection Scheme for Wireless Video Communications," IEEE Trans. Multimedia, vol. 7, no. 2, pp. 201-211, Apr. 2005.
[6] P. Golle and N. Modadugu, "Authenticating Streamed Data in the Presence of Random Packet Loss," Proc. SPIE Security and Watermarking of Multimedia Contents, Jan. 2001.
[7] C. Lu, H.M. Liao, and L. Chen, "Multipurpose Audio Watermarking," Proc. Int'l Conf. Pattern Recognition (ICPR '00), Sept. 2000.
[8] S. Miner and J. Staddon, "Graph-Based Authentication of Digital Streams," Proc. IEEE Symp. Security and Privacy, 2001.
[9] A. Pannetrat and R. Molva, "Real Time Multicast Authentication," Proc. Network and Distributed System Security Symp. (NDSS '03), Feb. 2003.
[10] J. Parlk, E. Chong, and H. Siegel, "Efficient Multicast Packet Authentication Using Signature Amortization," Proc. 2000 IEEE Symp. Security and Privacy, 2000.
[11] A. Perrig, J.D. Tygar, D. Song, and R. Canetti, "Efficient Authentication and Signing of Multicast Streams over Lossy Channels," Proc. IEEE Symp. Security and Privacy, 2000.
[12] L. Qiao and K. Nahrstedt, "Watermarking Method for mpeg Encoded Video: Towards Resolving Rightful Ownership," Proc. IEEE Int'l Conf. Multimedia Computing and Systems (ICMCS '98), June 1998.
[13] S. Ben-David, J. Gehrke, and D. Kifer, "Detecting Change in Data Streams," Proc. 30th Very Large Data Bases (VLDB) Conf., Aug. 2004.
[14] R. Gennaro and P. Rohatgi, "How to Sign Digital Streams," Proc. Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '97), 1997.
[15] S. Cabuk, C.E. Brodley, and C. Shields, "Ip Covert Timing Channels: Design and Detection," Proc. ACM Conf. Computer and Comm. Security (CCS), Oct. 2004.
[16] J. Brassil, S. Low, N. Maxemchuk, and L. O'Gorman, "Electronic Marking and Identification Techniques to Discourage Document Copying," Proc. IEEE INFOCOM, June 1994.
[17] J. Fridrich and M. Du, "Images with Self-Correcting Capabilities," Proc. IEEE Int'l Conf. Image Processing, 1999.
[18] F.H. Hartung and B. Girod, "Watermarking of mpeg-2 Encoded Video without Decoding and Reencoding," Proc. SPIE/ACM Conf. Multimedia Computing and Networking, Feb. 1997.
[19] Z. Liu, X. Li, and Z. Dong, "Multimedia Authentication with Sensor-Based Watermarking," Proc. ACM Multimedia Workshop Security, Sept. 2002.
[20] L.C. Yung and C.S. Fu, "A Robust Image Authentication Method Distinguishing jpeg Compression from Malicious Manipulation," IEEE Trans. Circuits and Systems for Video Technology, vol. 11, no. 2, pp. 153-168, Feb. 2001.
[21] C.L. Wong and S.S. Lam, "Digital Signatures for Flows and Multicasts," Proc. Int'l Conf. Network Protocols (ICNP), 1998.
[22] P. Rohatgi, "A Compact and Fast Hybrid Signature Scheme for Multicast Packet Authentication," Proc. Sixth ACM Conf. Computer and Comm. Security (CCS), Nov. 1999.
[23] C. Karlof, N. Sastry, Y. Li, A. Perrig, and J. Tygar, "Distillation Codes and Applications to dos Resistant Multicast Authentication," Proc. Network and Distributed System Security Symp. (NDSS '04), Feb. 2004.
[24] "Rfc 1321—The md5 Message-Digest Algorithm," http://www.faqs.org/rfcsrfc1321.html, 2010.
[25] National Institute of Standards and NIST FIPS PUB 180 Technology, "Secure Hash Standard," US Department of Commerce, May 1993.
[26] L. Ciavattone, A. Morton, and G. Ramachandran, "Standardized Active Measurements on a Tier 1 ip Backbone," IEEE Comm. Magazine, no. 41, no. 6, pp. 90-97, June 2003.
[27] "Global ip Network Home," http://ipnetwork.bgtmo.ip.att.netpws/, 2010.
[28] C. Shannon, D. Moore, and K. Claffy, "Characteristics of Fragmented ip Traffic on Internet Links," Proc. ACM Internet Measurement Workshop, Nov. 2001.
[29] Y. Zhang, V. Paxson, and S. Shenker, "The Stationarity of Internet Path Properties: Routing, Loss, and Throughput," ACIRI, technical report, 2000.
[30] "Tcpreplay: Pcap Editing and Replay Tools for ∗nix," http:/tcpreplay.sourceforge.net/, 2010.
[31] "Apple Darwin Streaming Server," http://developer.apple.com/darwinprojects /, 2010.
[32] S. Chen, S.P. Chen, X. Wang, and S. Jajodia, "Data-Data Transparent Authentication without Communication Overhead," Proc. Second Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '06), Aug. 2006.
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool