This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
An Application-Level Data Transparent Authentication Scheme without Communication Overhead
July 2010 (vol. 59 no. 7)
pp. 943-954
ASCII Text
x 
 
Songqing Chen, Shiping Chen, Xinyuan Wang, Zhao Zhang, Sushil Jajodia, "An Application-Level Data Transparent Authentication Scheme without Communication Overhead," IEEE Transactions on Computers, vol. 59, no. 7, pp. 943-954, July, 2010.
 
 
BibTex
x
 
@article{ 10.1109/TC.2010.80,
author = {Songqing Chen and Shiping Chen and Xinyuan Wang and Zhao Zhang and Sushil Jajodia},
title = {An Application-Level Data Transparent Authentication Scheme without Communication Overhead},
journal ={IEEE Transactions on Computers},
volume = {59},
number = {7},
issn = {0018-9340},
year = {2010},
pages = {943-954},
doi = {http://doi.ieeecomputersociety.org/10.1109/TC.2010.80},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - JOUR
JO - IEEE Transactions on Computers
TI - An Application-Level Data Transparent Authentication Scheme without Communication Overhead
IS - 7
SN - 0018-9340
SP943
EP954
EPD - 943-954
A1 - Songqing Chen,
A1 - Shiping Chen,
A1 - Xinyuan Wang,
A1 - Zhao Zhang,
A1 - Sushil Jajodia,
PY - 2010
KW - DaTA
KW - authentication
KW - timing correlation
KW - covert channel
KW - data transparent.
VL - 59
JA - IEEE Transactions on Computers
ER -
 
Songqing Chen, George Mason University, Fairfax
Shiping Chen, Sybase, Inc.
Xinyuan Wang, George Mason University, Fairfax
Zhao Zhang, Iowa State University, Ames
Sushil Jajodia, George Mason University, Fairfax
With abundant aggregate network bandwidth, continuous data streams are commonly used in scientific and commercial applications. Correspondingly, there is an increasing demand of authenticating these data streams. Existing strategies explore data stream authentication by using message authentication codes (MACs) on a certain number of data packets (a data block) to generate a message digest, then either embedding the digest into the original data, or sending the digest out-of-band to the receiver. Embedding approaches inevitably change the original data, which is not acceptable under some circumstances (e.g., when sensitive information is included in the data). Sending the digest out-of-band incurs additional communication overhead, which consumes more critical resources (e.g., power in wireless devices for receiving information) besides network bandwidth. In this paper, we propose a novel strategy, DaTA, which effectively authenticates data streams by selectively adjusting some interpacket delay. This authentication scheme requires no change to the original data and no additional communication overhead. Modeling-based analysis and experiments conducted on an implemented prototype system in an LAN and over the Internet show that our proposed scheme is efficient and practical.

[1] "National Hurricane Center," http:/www.nhc.noaa.gov/, 2010.
[2] "National Oceanic and Atmospheric Adminstration," http:/www.nesdis.noaa.gov/, 2010.
[3] CiberStock Quote & Chart/Share Price, http:/www.advfn.com/, 2010.
[4] M. Chesire, A. Wolman, G. Voelker, and H. Levy, "Measurement and Analysis of a Streaming Media Workload," Proc. Third USENIX Symp. Internet Technologies and Systems, Mar. 2001.
[5] M. Chen, Y. He, and R. Lagendijk, "A Fragile Watermark Error Detection Scheme for Wireless Video Communications," IEEE Trans. Multimedia, vol. 7, no. 2, pp. 201-211, Apr. 2005.
[6] P. Golle and N. Modadugu, "Authenticating Streamed Data in the Presence of Random Packet Loss," Proc. SPIE Security and Watermarking of Multimedia Contents, Jan. 2001.
[7] C. Lu, H.M. Liao, and L. Chen, "Multipurpose Audio Watermarking," Proc. Int'l Conf. Pattern Recognition (ICPR '00), Sept. 2000.
[8] S. Miner and J. Staddon, "Graph-Based Authentication of Digital Streams," Proc. IEEE Symp. Security and Privacy, 2001.
[9] A. Pannetrat and R. Molva, "Real Time Multicast Authentication," Proc. Network and Distributed System Security Symp. (NDSS '03), Feb. 2003.
[10] J. Parlk, E. Chong, and H. Siegel, "Efficient Multicast Packet Authentication Using Signature Amortization," Proc. 2000 IEEE Symp. Security and Privacy, 2000.
[11] A. Perrig, J.D. Tygar, D. Song, and R. Canetti, "Efficient Authentication and Signing of Multicast Streams over Lossy Channels," Proc. IEEE Symp. Security and Privacy, 2000.
[12] L. Qiao and K. Nahrstedt, "Watermarking Method for mpeg Encoded Video: Towards Resolving Rightful Ownership," Proc. IEEE Int'l Conf. Multimedia Computing and Systems (ICMCS '98), June 1998.
[13] S. Ben-David, J. Gehrke, and D. Kifer, "Detecting Change in Data Streams," Proc. 30th Very Large Data Bases (VLDB) Conf., Aug. 2004.
[14] R. Gennaro and P. Rohatgi, "How to Sign Digital Streams," Proc. Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '97), 1997.
[15] S. Cabuk, C.E. Brodley, and C. Shields, "Ip Covert Timing Channels: Design and Detection," Proc. ACM Conf. Computer and Comm. Security (CCS), Oct. 2004.
[16] J. Brassil, S. Low, N. Maxemchuk, and L. O'Gorman, "Electronic Marking and Identification Techniques to Discourage Document Copying," Proc. IEEE INFOCOM, June 1994.
[17] J. Fridrich and M. Du, "Images with Self-Correcting Capabilities," Proc. IEEE Int'l Conf. Image Processing, 1999.
[18] F.H. Hartung and B. Girod, "Watermarking of mpeg-2 Encoded Video without Decoding and Reencoding," Proc. SPIE/ACM Conf. Multimedia Computing and Networking, Feb. 1997.
[19] Z. Liu, X. Li, and Z. Dong, "Multimedia Authentication with Sensor-Based Watermarking," Proc. ACM Multimedia Workshop Security, Sept. 2002.
[20] L.C. Yung and C.S. Fu, "A Robust Image Authentication Method Distinguishing jpeg Compression from Malicious Manipulation," IEEE Trans. Circuits and Systems for Video Technology, vol. 11, no. 2, pp. 153-168, Feb. 2001.
[21] C.L. Wong and S.S. Lam, "Digital Signatures for Flows and Multicasts," Proc. Int'l Conf. Network Protocols (ICNP), 1998.
[22] P. Rohatgi, "A Compact and Fast Hybrid Signature Scheme for Multicast Packet Authentication," Proc. Sixth ACM Conf. Computer and Comm. Security (CCS), Nov. 1999.
[23] C. Karlof, N. Sastry, Y. Li, A. Perrig, and J. Tygar, "Distillation Codes and Applications to dos Resistant Multicast Authentication," Proc. Network and Distributed System Security Symp. (NDSS '04), Feb. 2004.
[24] "Rfc 1321—The md5 Message-Digest Algorithm," http://www.faqs.org/rfcsrfc1321.html, 2010.
[25] National Institute of Standards and NIST FIPS PUB 180 Technology, "Secure Hash Standard," US Department of Commerce, May 1993.
[26] L. Ciavattone, A. Morton, and G. Ramachandran, "Standardized Active Measurements on a Tier 1 ip Backbone," IEEE Comm. Magazine, no. 41, no. 6, pp. 90-97, June 2003.
[27] "Global ip Network Home," http://ipnetwork.bgtmo.ip.att.netpws/, 2010.
[28] C. Shannon, D. Moore, and K. Claffy, "Characteristics of Fragmented ip Traffic on Internet Links," Proc. ACM Internet Measurement Workshop, Nov. 2001.
[29] Y. Zhang, V. Paxson, and S. Shenker, "The Stationarity of Internet Path Properties: Routing, Loss, and Throughput," ACIRI, technical report, 2000.
[30] "Tcpreplay: Pcap Editing and Replay Tools for ∗nix," http:/tcpreplay.sourceforge.net/, 2010.
[31] "Apple Darwin Streaming Server," http://developer.apple.com/darwinprojects /, 2010.
[32] S. Chen, S.P. Chen, X. Wang, and S. Jajodia, "Data-Data Transparent Authentication without Communication Overhead," Proc. Second Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '06), Aug. 2006.

Index Terms:
DaTA, authentication, timing correlation, covert channel, data transparent.
Citation:
Songqing Chen, Shiping Chen, Xinyuan Wang, Zhao Zhang, Sushil Jajodia, "An Application-Level Data Transparent Authentication Scheme without Communication Overhead," IEEE Transactions on Computers, vol. 59, no. 7, pp. 943-954, July 2010, doi:10.1109/TC.2010.80
Usage of this product signifies your acceptance of the Terms of Use.