The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.07 - July (2010 vol.9)
pp: 982-993
Xiaoyan Zhu , Xidian University, Xi'an
Yun Zhou , Microsoft Corporation, Redmond
ABSTRACT
Conventional block-based multicast authentication schemes overlook the heterogeneity of receivers by letting the sender choose the block size, divide a multicast stream into blocks, associate each block with a signature, and spread the effect of the signature across all the packets in the block through hash graphs or coding algorithms. The correlation among packets makes them vulnerable to packet loss, which is inherent in the Internet and wireless networks. Moreover, the lack of Denial of Service (DoS) resilience renders most of them vulnerable to packet injection in hostile environments. In this paper, we propose a novel multicast authentication protocol, namely MABS, including two schemes. The basic scheme (MABS-B) eliminates the correlation among packets and thus provides the perfect resilience to packet loss, and it is also efficient in terms of latency, computation, and communication overhead due to an efficient cryptographic primitive called batch signature, which supports the authentication of any number of packets simultaneously. We also present an enhanced scheme MABS-E, which combines the basic scheme with a packet filtering mechanism to alleviate the DoS impact while preserving the perfect resilience to packet loss.
INDEX TERMS
Multimedia, multicast, authentication, signature.
CITATION
Xiaoyan Zhu, Yun Zhou, "MABS: Multicast Authentication Based on Batch Signature", IEEE Transactions on Mobile Computing, vol.9, no. 7, pp. 982-993, July 2010, doi:10.1109/TMC.2010.37
REFERENCES
[1] S.E. Deering, "Multicast Routing in Internetworks and Extended LANs," Proc. ACM SIGCOMM Symp. Comm. Architectures and Protocols, pp. 55-64, Aug. 1988.
[2] T. Ballardie and J. Crowcroft, "Multicast-Specific Security Threats and Counter-Measures," Proc. Second Ann. Network and Distributed System Security Symp. (NDSS '95), pp. 2-16, Feb. 1995.
[3] P. Judge and M. Ammar, "Security Issues and Solutions in Mulicast Content Distribution: A Survey," IEEE Network Magazine, vol. 17, no. 1, pp. 30-36, Jan./Feb. 2003.
[4] Y. Challal, H. Bettahar, and A. Bouabdallah, "A Taxonomy of Multicast Data Origin Authentication: Issues and Solutions," IEEE Comm. Surveys & Tutorials, vol. 6, no. 3, pp. 34-57, Oct. 2004.
[5] Y. Zhou and Y. Fang, "BABRA: Batch-Based Broadcast Authentication in Wireless Sensor Networks," Proc. IEEE GLOBECOM, Nov. 2006.
[6] Y. Zhou and Y. Fang, "Multimedia Broadcast Authentication Based on Batch Signature," IEEE Comm. Magazine, vol. 45, no. 8, pp. 72-77, Aug. 2007.
[7] K. Ren, K. Zeng, W. Lou, and P.J. Moran, "On Broadcast Authentication in Wireless Sensor Networks," Proc. First Ann. Int'l Conf. Wireless Algorithms, Systems, and Applications (WASA '06), Aug. 2006.
[8] S. Even, O. Goldreich, and S. Micali, "On-Line/Offline Digital Signatures," J. Cryptology, vol. 9, pp. 35-67, 1996.
[9] P. Rohatgi, "A Compact and Fast Hybrid Signature Scheme for Multicast Packet," Proc. Sixth ACM Conf. Computer and Comm. Security (CCS '99), Nov. 1999.
[10] C.K. Wong and S.S. Lam, "Digital Signatures for Flows and Multicasts," Proc. Sixth Int'l Conf. Network Protocols (ICNP '98), pp. 198-209, Oct. 1998.
[11] C.K. Wong and S.S. Lam, "Digital Signatures for Flows and Multicasts," IEEE/ACM Trans. Networking, vol. 7, no. 4, pp. 502-513, Aug. 1999.
[12] R. Gennaro and P. Rohatgi, "How to Sign Digital Streams," Information and Computation, vol. 165, no. 1, pp. 100-116, Feb. 2001.
[13] R. Gennaro and P. Rohatgi, "How to Sign Digital Streams," Proc. 17th Ann. Cryptology Conf. Advances in Cryptology (CRYPTO '97), Aug. 1997.
[14] A. Perrig, R. Canetti, J.D. Tygar, and D. Song, "Efficient Authentication and Signing of Multicast Streams over Lossy Channels," Proc. IEEE Symp. Security and Privacy (SP '00), pp. 56-75, May 2000.
[15] Y. Challal, H. Bettahar, and A. Bouabdallah, "A$^2$ Cast: An Adaptive Source Authentication Protocol for Multicast Streams," Proc. Ninth Int'l Symp. Computers and Comm. (ISCC '04), vol. 1, pp. 363-368, June 2004.
[16] S. Miner and J. Staddon, "Graph-Based Authentication of Digital Streams," Proc. IEEE Symp. Security and Privacy (SP '01), pp. 232-246, May 2001.
[17] Z. Zhang, Q. Sun, W-C Wong, J. Apostolopoulos, and S. Wee, "A Content-Aware Stream Authentication Scheme Optimized for Distortion and Overhead," Proc. IEEE Int'l Conf. Multimedia and Expo (ICME '06), pp. 541-544, July 2006.
[18] P. Golle and N. Modadugu, "Authenticating Streamed Data in the Presence of Random Packet Loss," Proc. Eighth Ann. Network and Distributed System Security Symp. (NDSS '01), Feb. 2001.
[19] Z. Zhang, Q. Sun, and W-C Wong, "A Proposal of Butterfly-Graphy Based Stream Authentication over Lossy Networks," Proc. IEEE Int'l Conf. Multimedia and Expo (ICME '05), July 2005.
[20] S. Ueda, N. Kawaguchi, H. Shigeno, and K. Okada, "Stream Authentication Scheme for the Use over the IP Telephony," Proc. 18th Int'l Conf. Advanced Information Networking and Application (AINA '04), vol. 2, pp. 164-169, Mar. 2004.
[21] D. Song, D. Zuckerman, and J.D. Tygar, "Expander Graphs for Digital Stream Authentication and Robust Overlay Networks," Proc. 2002 IEEE Symp. Security and Privacy (S&P '02), May 2002.
[22] J.M. Park, E.K.P. Chong, and H.J. Siegel, "Efficient Multicast Packet Authentication Using Signature Amortization," Proc. IEEE Symp. Security and Privacy (SP '02), pp. 227-240, May 2002.
[23] J.M. Park, E.K.P. Chong, and H.J. Siegel, "Efficient Multicast Stream Authentication Using Erasure Codes," ACM Trans. Information and System Security, vol. 6, no. 2, pp. 258-285, May 2003.
[24] A. Pannetrat and R. Molva, "Authenticating Real Time Packet Streams and Multicasts," Proc. Seventh IEEE Int'l Symp. Computers and Comm. (ISCC '02), pp. 490-495, July 2002.
[25] A. Pannetrat and R. Molva, "Efficient Multicast Packet Authentication," Proc. 10th Ann. Network and Distributed System Security Symp. (NDSS '03), Feb. 2003.
[26] Y. Wu and T. Li, "Video Stream Authentication in Lossy Networks," Proc. IEEE Wireless Comm. and Networking Conf. (WCNC '06), vol. 4, pp. 2150-2155, Apr. 2006.
[27] Y. Lin, S. Shieh, and W. Lin, "Lightweight, Pollution-Attack Resistant Multicast Authentication Scheme," Proc. ACM Symp. Information, Computer, and Comm. Security (ASIACCS '06), Mar. 2006.
[28] J. Jeong, Y. Park, and Y. Cho, "Efficient DoS Resistant Multicast Authentication Schemes," Proc. Int'l Conf. Computational Science and Its Applications (ICCSA '05), May 2005.
[29] S. Choi, "Denial-of-Service Resistant Multicast Authentication Protocol with Prediction Hashing and One-Way Key Chain," Proc. Seventh IEEE Int'l Symp. Multimedia (ISM '05), Dec. 2005.
[30] C. Karlof, N. Sastry, Y. Li, A. Perrig, and J.D. Tygar, "Distillation Codes and Applications to DoS Resistant Multicast Authentication," Proc. 11th Ann. Network and Distributed System Security Symp. (NDSS '04), Feb. 2004.
[31] C.A. Gunter, S. Khanna, K. Tan, and S. Venkatesh, "DoS Protection for Reliably Authenticated Broadcast," Proc. 11th Ann. Network and Distributed System Security Symp. (NDSS '04), Feb. 2004.
[32] A. Lysyanskaya, R. Tamassia, and N. Triandopoulos, "Multicast Authentication in Fully Adversarial Networks," Proc. IEEE Symp. Security and Privacy (SP '04), May 2004.
[33] R.L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
[34] L. Harn, "Batch Verifying Multiple RSA Digital Signatures," IEE Electronic Letters, vol. 34, no. 12, pp. 1219-1220, June 1998.
[35] M. Bellare, J.A. Garay, and T. Rabin, "Fast Batch Verification for Modular Exponentiation and Digital Signatures," Proc. Advances in Cryptology (EUROCRYPT '98), pp. 236-250, May 1998.
[36] D. Boneh, B. Lynn, and H. Shacham, "Short Signatures from the Weil Pairing," Proc. Seventh Int'l Conf. Theory and Application of Cryptology and Information Security Advances in Cryptology (ASIACRYPT '01), pp. 514-532, Dec. 2001.
[37] S. Cui, P. Duan, and C.W. Chan, "An Efficient Identity-Based Signature Scheme with Batch Verifications," Proc. First Int'l Conf. Scalable Information Systems, 2006.
[38] FIPS PUB 186, Digital Signature Standard (DSS), May 1994.
[39] T. ElGamal, "A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Trans. Information Theory, vol. IT-31, no. 4, pp. 469-472, July 1985.
[40] D. Naccache, D. M'Raihi, S. Vaudenay, and D. Raphaeli, "Can D.S.A. be Improved? Complexity Trade Offs with the Digital Signature Standard," Proc. Workshop Theory and Application of Cryptographic Techniques Advances in Cryptology (EUROCRYPT '94), pp. 77-85, May 1995.
[41] C.H. Lim and P.J. Lee, "Security of Interactive DSA Batch Verification," IEE Electronic Letters, vol. 30, no. 19, pp. 1592-1593, Sept. 1994.
[42] L. Harn, "DSA-Type Secure Interactive Batch Verification Protocols," IEE Electronic Letters, vol. 31, no. 4, pp. 257-258, Feb. 1995.
[43] L. Harn, "Batch Verifying Multiple DSA-Type Digital Signatures," IEE Electronic Letters, vol. 34, no. 9, pp. 870-871, Apr. 1998.
[44] C. Boyd and C. Pavlovski, "Attacking and Repairing Batch Verification Schemes," Proc. Sixth Int'l Conf. Theory and Application of Cryptology and Information Security Advances in Cryptology (ASIANCRYPT '00), pp. 58-71, Dec. 2000.
[45] Y. Desmedt, Y. Frankel, and M. Yung, "Multi-Receiver/Multi-Sender Network Security: Efficient Authenticated Multicast/Feedback," Proc. IEEE INFOCOM, vol. 3, pp. 2045-2054, May 1992.
[46] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, "Multicast Security: A Taxonomy and Some Efficient Constructions," Proc. IEEE INFOCOM, vol. 2, pp. 708-716, Mar. 1999.
[47] L. Lamport, "Password Authentication with Insecure Communication," Comm. ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981.
[48] N.M. Haller, "The S/Key One-Time Password System," Proc. ISOC Symp. Network and Distributed Security, Feb. 1994.
[49] F. Bergadano, D. Cavagnino, and B. Crispo, "Individual Single-Source Authentication on The Mbone," Proc. IEEE Int'l Conf. Multimedia and Expo (ICME '00), vol. 1, pp. 541-544, July 2000.
[50] A. Perrig, R. Canetti, D. Song, and J. Tygar, "Efficient and Secure Source Authentication for Multicast," Proc. Network and Distributed System Security Symp. (NDSS '01), 2001.
[51] A. Perrig, "The BiBa One-Time Signature and Broadcast Authentication Protocol," Proc. Eighth ACM Conf. Computer and Comm. Security (CCS '01), pp. 28-37, Nov. 2001.
[52] Q. Li and W. Trappe, "Reducing Delay and Enhancing DoS Resistance in Multicast Authentication through Multigrade Security," IEEE Trans. Info. Forensics and Security, vol. 1, no. 2, pp. 190-204, June 2006.
[53] S. Xu and R. Sandhu, "Authenticated Multicast Immune to Denial-of-Service Attack," Proc. ACM Symp. Applied Computing (SAC '02), 2002.
[54] S. Rafaeli and D. Hutchison, "A Survey of Key Management for Secure Group Communication," ACM Computing Surveys, vol. 35, no. 3, pp. 309-329, Sept. 2003.
[55] N. Koblitz, "Elliptic Curve Cryptosystems," Math. Computation, vol. 48, pp. 203-209, 1987.
[56] V. Miller, "Uses of Elliptic Curves in Cryptography," Proc. Int'l Cryptology Conf. (CRYPTO '85), pp. 417-426, 1986.
[57] R. Merkle, "Protocols for Public Key Cryptosystems," Proc. IEEE Symp. Security and Privacy, Apr. 1980.
[58] R. Rivest, "The MD5 Message-Digest Algorithm," RFC 1319, Apr. 1992.
[59] D. Eastlake and P. Jones, "US Secure Hash Algorithm 1 (SHA1)," RFC 3174, Sept. 2001.
[60] P. Barreto, H. Kim, B. Lynn, and M. Scott, "Efficient Algorithms for Pairing-Based Cryptosystems," Proc. Int'l Cryptology Conf. (CRYPTO '02), 2002.
49 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool