04-12-2012, 05:32 PM
MABS: Multicast Authentication Based on Batch Signature
MABS Multicast Authentication Based on Batch Signature.pdf (Size: 2.03 MB / Downloads: 42)
Abstract—
Conventional block-based multicast authentication schemes overlook the heterogeneity of receivers by letting the sender
choose the block size, divide a multicast stream into blocks, associate each block with a signature, and spread the effect of the
signature across all the packets in the block through hash graphs or coding algorithms. The correlation among packets makes them
vulnerable to packet loss, which is inherent in the Internet and wireless networks. Moreover, the lack of Denial of Service (DoS)
resilience renders most of them vulnerable to packet injection in hostile environments. In this paper, we propose a novel multicast
authentication protocol, namely MABS, including two schemes. The basic scheme (MABS-B) eliminates the correlation among packets
and thus provides the perfect resilience to packet loss, and it is also efficient in terms of latency, computation, and communication
overhead due to an efficient cryptographic primitive called batch signature, which supports the authentication of any number of packets
simultaneously. We also present an enhanced scheme MABS-E, which combines the basic scheme with a packet filtering mechanism
to alleviate the DoS impact while preserving the perfect resilience to packet loss.
INTRODUCTION
MULTICAST [1] is an efficient method to deliver multimedia
content from a sender to a group of receivers
and is gaining popular applications such as realtime stock
quotes, interactive games, video conference, live video
broadcast, or video on demand. Authentication is one of
the critical topics in securing multicast [2], [3], [4], [5], [6],
[7] in an environment attractive to malicious attacks.
Basically, multicast authentication may provide the following
security services:
1. Data integrity: Each receiver should be able to
assure that received packets have not been modified
during transmissions.
2. Data origin authentication: Each receiver should be
able to assure that each received packet comes from
the real sender as it claims.
3. Nonrepudiation: The sender of a packet should not be
able to deny sending the packet to receivers in case
there is a dispute between the sender and receivers.
RELATED WORK
Schemes in [8], [9] follow the ideal approach of signing and
verifying each packet individually, but reduce the computation
overhead at the sender by using one-time signatures
[8] or k-time signatures [9]. They are suitable for RSA [33],
which is expensive on signing while cheap on verifying. For
each packet, however, each receiver needs to perform one
more verification on its one-time or k-time signature plus
one ordinary signature verification. Moreover, the length of
one-time signature is too long (on the order of 1,000 bytes).
Tree chaining was proposed in [10], [11] by constructing
a tree for a block of packets. The root of the tree is signed by
the sender. Each packet carries the signed root and multiple
hashes. When each receiver receives one packet in the block,
it uses the authentication information in the packet to
authenticate it. The buffered authentication information is
further used to authenticate other packets in the same block.
Without the buffered authentication information, each
packet is independently verifiable at a cost of per-packet
signature verification.
BASIC SCHEME
Our target is to authenticate multicast streams from a sender
to multiple receivers. Generally, the sender is a powerful
multicast server managed by a central authority and can be
trustful. The sender signs each packet with a signature and
transmits it to multiple receivers through a multicast routing
protocol. Each receiver is a less powerful device with resource
constraints and may be managed by a nontrustworthy
person. Each receiver needs to assure that the received
packets are really from the sender (authenticity) and the
sender cannot deny the signing operation (nonrepudiation)
by verifying the corresponding signatures.