TY - GEN
T1 - A pollution attack resistant multicast authentication scheme tolerant to packet loss
AU - Lin, Warren W.
AU - Shieh, Shiuhpyng
AU - Lin, Jia Chun
PY - 2008
Y1 - 2008
N2 - Assuring authenticity of packets is a critical security measure in multicast applications. Due to the high overhead of signing every multicast packet with a digital signature, schemes employing signature amortization abate this cost by endorsing a block of packets at once. By utilizing a fault-tolerant coding algorithm, signature amortization schemes can tolerate packet loss. However, enhancing these schemes with a fault-tolerant coding algorithm introduces pollution attacks, a form of denial of service attack in which the adversary injects invalid symbols into the decoding process. Unfortunately, previous solutions that combat pollution attack required time synchronization or were computationally inefficient. To address these problems, we propose a multicast authentication scheme that is both lightweight and resistant to pollution attack. By using one-way hash functions, our scheme can quickly generate and verify packets. Since our proposed scheme can immediately and independently authenticate a received packet, it does not risk exceeding buffer space with unverified packets during a pollution attack. Schemes that rely on fault-tolerant coding to provide packet loss tolerance can employ our approach to defend against pollution attacks.
AB - Assuring authenticity of packets is a critical security measure in multicast applications. Due to the high overhead of signing every multicast packet with a digital signature, schemes employing signature amortization abate this cost by endorsing a block of packets at once. By utilizing a fault-tolerant coding algorithm, signature amortization schemes can tolerate packet loss. However, enhancing these schemes with a fault-tolerant coding algorithm introduces pollution attacks, a form of denial of service attack in which the adversary injects invalid symbols into the decoding process. Unfortunately, previous solutions that combat pollution attack required time synchronization or were computationally inefficient. To address these problems, we propose a multicast authentication scheme that is both lightweight and resistant to pollution attack. By using one-way hash functions, our scheme can quickly generate and verify packets. Since our proposed scheme can immediately and independently authenticate a received packet, it does not risk exceeding buffer space with unverified packets during a pollution attack. Schemes that rely on fault-tolerant coding to provide packet loss tolerance can employ our approach to defend against pollution attacks.
KW - Authentication
KW - Multicast
KW - One-way hash chain
KW - Pollution attack
KW - Signature amortization
UR - http://www.scopus.com/inward/record.url?scp=51749095671&partnerID=8YFLogxK
U2 - 10.1109/SSIRI.2008.29
DO - 10.1109/SSIRI.2008.29
M3 - Conference contribution
AN - SCOPUS:51749095671
SN - 9780769532660
T3 - Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008
SP - 8
EP - 15
BT - Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008
T2 - 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008
Y2 - 14 July 2008 through 17 July 2008
ER -