The Community for Technology Leaders
RSS Icon
Issue No.05 - Sept.-Oct. (2012 vol.9)
pp: 699-713
Santosh Chandrasekhar , University of Kentucky, Lexington
Saikat Chakrabarti , Intel Corporation, Portland
Mukesh Singhal , University of Kentucky, Lexington
Digital streaming Internet applications such as online gaming, multimedia playback, presentations, news feeds, and stock quotes involve end-users with very low tolerance for high latency, low data rates, and playback interruption. To protect such delay-sensitive streams against malicious attacks, security mechanisms need to be designed to efficiently process long sequence of bits. We study the problem of efficient authentication for real-time and delay-sensitive streams commonly seen in content distribution, multicast, and peer-to-peer networks. We propose a novel signature amortization technique based on trapdoor hash functions for authenticating individual data blocks in a stream. Our technique provides: 1) Resilience against transmission losses of intermediate blocks in the stream; 2) Small and constant memory/compute requirements at the sender and receiver; 3) Minimal constant communication overhead needed for transmission of authenticating information. Our proposed technique renders authentication of digital streams practical and efficient. We substantiate this claim by constructing {\tt DL}-{\tt SA}, a discrete-log-based instantiation of the proposed technique. {\tt DL}-{\tt SA} provides adaptive stream verification, where the receiver has control over modulating computation cost versus buffer size. Our performance analysis demonstrates that {\tt DL}-{\tt SA} incurs the least per-block communication and signature generation overheads compared to existing schemes with comparable features.
Authentication, Servers, Media, Receivers, Delay, Real time systems, trapdoor hash functions., Stream authentication, cryptography, content distribution, digital signatures, signature amortization
Santosh Chandrasekhar, Saikat Chakrabarti, Mukesh Singhal, "A Trapdoor Hash-Based Mechanism for Stream Authentication", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 5, pp. 699-713, Sept.-Oct. 2012, doi:10.1109/TDSC.2012.48
[1] B.M. Luettmann and A.C. Bender, "Man-in-the-Middle Attacks on Auto-Updating Software," Bell Labs Technical J., vol. 12, no. 3, pp. 131-138, 2007.
[2] Akamai, "Akamai Information Security Management System Overview: Securing the Cloud," White Paper, Akamai_ ISMS.pdf?campaig n_id=AANA-65TPAC , 2012.
[3] P. Bright, "Google, Microsoft Distribute Malware After Domain Name Trickery," Ars Technica, http://arstechnica. com/security/news/2010/ 12google-microsoft-distribute-malware-after-domain-name-trickery.ars , 2010.
[4] A. Gonsalves, "YouTube Confirms Justin Bieber Hack Attack," InformationWeek, security/ attacksshowArticle.jhtml?articleID= 225702490 , 2010.
[5] K. Skaugen, "Cloud 2015," Proc. Interop, free136-kirk-skaugen.pdf, 2012.
[6] Cisco, "Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2011-2016," White Paper, http://www. ns341/ns525/ns537/ns705/ns827white_paper_c11-520862.pdf , 2012.
[7] D. Grabham, "Intel: New Server Needed for Every 120 Tablets Sold," Techradar, processorsintel-new-server-needed-for-every-120-tablets-sold-1069021 , 2012.
[8] A. Shamir and Y. Tauman, "Improved Online/Offline Signature Schemes," CRYPTO '01: Proc. 21st Ann. Int'l Cryptology Conf., pp. 355-367, 2001.
[9] G. Brassard, D. Chaum, and C. Crépeau, "Minimum Disclosure Proofs of Knowledge," J. Computer and System Sciences, vol. 37, no. 2, pp. 156-189, 1988.
[10] H. Krawczyk and T. Rabin, "Chameleon Signatures," Proc. Network and Distributed System Security Symp. (NDSS), 2000.
[11] S. Even, O. Goldreich, and S. Micali, "Online/Offline Digital Schemes," CRYPTO: Proc. Ninth Ann. Int'l Cryptology Conf., pp. 263-275, 1989.
[12] G. Ateniese and B. de Medeiros, "Identity-Based Chameleon Hash and Applications," Proc. Eighth Int'l Conf, Financial Cryptography (FC), pp. 164-180, 2004.
[13] X. Chen, F. Zhang, and K. Kim, "Chameleon Hashing without Key Exposure," Proc. Seventh Int'l Conf. Information Security (ISC), K. Zhang and Y. Zheng, eds., pp. 87-98, 2004.
[14] G. Ateniese and B. de Medeiros, "On the Key Exposure Problem in Chameleon Hashes," Proc. Fourth Int'l Conf. Security in Comm. Networks (SCN), pp. 165-179, 2004.
[15] M. Mehta and L. Harn, "Efficient One-Time Proxy Signatures," IEEE Proc. Comm., vol. 152, no. 2, pp. 129-133, Apr. 2005.
[16] M. Mambo, K. Usuda, and E. Okamoto, "Proxy Signatures for Delegating Signing Operation," Proc. Third ACM Conf. Computer and Comm. Security (CCS), pp. 48-57, 1996.
[17] S. Chandrasekhar, S. Chakrabarti, M. Singhal, and K.L. Calvert, "Efficient Proxy Signatures Based on Trapdoor Hash Functions," to Appear in IET Information Security, Speacial Issue on Multi-Agent and Distributed Information Security, vol. 4, no. 4, pp. 322-332, 2010.
[18] A. Perrig, R. Canetti, J.D. Tygar, and D.X. Song, "Efficient Authentication and Signing of Multicast Streams over Lossy Channels," Proc. IEEE Symp. Security and Privacy, pp. 56-73, 2000.
[19] P. Golle and N. Modadugu, "Authenticating Streamed Data in the Presence of Random Packet Loss," Proc. Network and Distributed System Security Symp. (NDSS), 2001.
[20] J.M. Park, E.K.P. Chong, and H.J. Siegel, "Efficient Multicast Stream Authentication Using Erasure Codes," ACM Trans. Information and System Security, vol. 6, no. 2, pp. 258-285, 2003.
[21] C.K. Wong and S.S. Lam, "Digital Signatures for Flows and Multicasts," IEEE/ACM Trans. Networking, vol. 7, no. 4, pp. 502-513, Aug. 1999.
[22] P. Rohatgi, "A Compact and Fast Hybrid Signature Scheme for Multicast Packet Authentication," Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 93-100, 1999.
[23] A. Perrig, "The BiBa One-Time Signature and Broadcast Authentication Protocol," Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 28-37, 2001.
[24] L. Reyzin and N. Reyzin, "Better Than Biba: Short One-Time Signatures with Fast Signing and Verifying," Proc. Seventh Australian Conf. Information Security and Privacy (ACISP), L.M. Batten and J. Seberry, eds., pp. 144-153, 2002.
[25] Q. Wang, H. Khurana, Y. Huang, and K. Nahrstedt, "Time Valid One-Time Signature for Time-Critical Multicast Data Authentication," Proc. IEEE INFOCOM, pp. 1233-1241, 2009.
[26] A. Lysyanskaya, R. Tamassia, and N. Triandopoulos, "Authenticated Error-Correcting Codes with Applications to Multicast Authentication," ACM Trans. Information and System Security, vol. 13, no. 2, pp. 17:1-17:34, 2010.
[27] S. Malladi, J. Alves-Foss, and R.B. Heckendorn, "On Preventing Replay Attacks on Security Protocols," Proc. Int'l Conf. Security and Management, pp. 77-83, 2002.
[28] X. Chen, F. Zhang, W. Susilo, and Y. Mu, "Efficient Generic Online/Offline Signatures without Key Exposure," Proc. Fifth Int'l Conf. Applied Cryptography and Network Security (ACNS), J. Katz and M. Yung, eds., pp. 18-30, 2007.
[29] X. Chen, F. Zhang, H. Tian, B. Wei, W. Susilo, Y. Mu, H. Lee, and K. Kim, "Efficient Generic Online/Offline (Threshold) Signatures without Key Exposure," Information Sciences, vol. 178, no. 21, pp. 4192-4203, 2008.
[30] L. Harn, W.-J. Hsin, and C. Lin, "Efficient Online/Offline Signature Schemes Based on Multiple-Collision Trapdoor Hash Families," The Computer J., vol. 53, no. 9, pp. 1478-1484, 2010.
[31] K. Kurosawa and K. Schmidt-Samoa, "New Online/Offline Signature Schemes without Random Oracles," Proc. Ninth Int'l Conf. Theory and Practice of Public-Key Cryptography (PKC), M. Yung, Y. Dodis, A. Kiayias, and T. Malkin, eds., pp. 330-346, 2006.
[32] X. Chen, F. Zhang, W. Susilo, H. Tian, J. Li, and K. Kim, "Identity-Based Chameleon Hash Scheme without Key Exposure," Proc. 15th Australasian Conf. Information Security and Privacy (ACISP), R. Steinfeld and P. Hawkes, eds., pp. 200-215, July 2010.
[33] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, Discrete Mathematics and Its Applications, first ed. CRC Press, Dec. 1996.
[34] C.-P. Schnorr, "Efficient Signature Generation by Smart Cards," J. Cryptology, vol. 4, no. 3, pp. 161-174, 1991.
[35] C.H. Lim and P.J. Lee, "More Flexible Exponentiation with Precomputation," CRYPTO '94: Proc. 14th Ann. Int'l Cryptology Conf. Advances in Cryptology, Y. Desmedt, ed., pp. 95-107, 1994.
31 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool