Signing the First Packet in Amortization Scheme for Multicast Stream Authentication

Signature amortization schemes have been introduced for authenticating multicast streams, in which, a single signature is amortized over several packets. The hash value of each packet is computed, some hash values are appended to other packets, forming what is known as hash chain. These schemes divide the stream into blocks, each block is a number of packets, the signature packet in these schemes is either the first or the last packet of the block. Amortization schemes are efficient solutions in terms of computation and communication overhead, specially in real-time environment. The main effictive factor of amortization schemes is it-s hash chain construction. Some studies show that signing the first packet of each block reduces the receiver-s delay and prevents DoS attacks, other studies show that signing the last packet reduces the sender-s delay. To our knowledge, there is no studies that show which is better, to sign the first or the last packet in terms of authentication probability and resistance to packet loss. In th is paper we will introduce another scheme for authenticating multicast streams that is robust against packet loss, reduces the overhead, and prevents the DoS attacks experienced by the receiver in the same time. Our scheme-The Multiple Connected Chain signing the First packet (MCF) is to append the hash values of specific packets to other packets,then append some hashes to the signature packet which is sent as the first packet in the block. This scheme is aspecially efficient in terms of receiver-s delay. We discuss and evaluate the performance of our proposed scheme against those that sign the last packet of the block.

Authors:

• Mohammed Shatnawi
• Qusai Abuein
• Susumu Shibusawa

Keywords:

• multicast stream authentication
• hash chain construction
• signature amortization
• authentication probability.

References:

[1] S. Miner and J. Staddon, "Graph-based authentication of digital
streams," Proc. of the IEEE Symposium on Research in Security and
Privacy, pp.232-246, May 2001.
[2] J. Park, E. Chong and H. Siegel, "Efficient multicast stream authentication
using erasure codes," ACM Trans. on Information and System
Security, vol.6, no.2, pp.258-258, May 2003.
[3] Q. Abuein and S. Shibusawa, "The performance of amortization scheme
for secure multicast streaming," Proc. of the 6th Int. Workshop on
Information Security Application, Jeju Island, Korea, Aug. 2005
[4] Q. Abuein and S. Shibusawa, "Signature amortization using multiple
connected chains," Proc. of Springer LNCS 9th IFIP TC-6 TC-11 Int.
Conf. on CMS, Sep. 2005.
[5] Q. Abuein and S. Shibusawa, A Graph-based new amortization scheme
for multicast streams authentication, Journal of Advanced Modeling and
Optimization, Vol. 7, No. 2, pp.238-261, 2005.
[6] H. Sanneck, G. Carle, and R. Koodli, "A framework model for packet
loss metrics based on loss runlengths," SPIE/ACM SIGMM Multimedia
Computing and Networking Conf., Jan. 2000.
[7] W. Jiang and H. Schulzrinne, "Modeling of packet loss and delay and
their effect on real-time multimedia service quality," Proc. of 10th Int.
Workshop on Network and Operations System Support for Digital Audio
and Video, June 2000.
[8] A. Perrig, R. Canetti, J. D. Tygar, and D. Song, "Efficient authentication
and signing of multicast streams over lossy channels," IEEE Symposium
on Security and Privacy, pp.56-73, May 2000.
[9] P. Rohatgi, "A compact and fast hybrid signature scheme for multicast
packet authentication," Proc. of the 6th ACM Conf. on Computer and
Communications Security, 1999.
[10] P. Golle and N. Modadugu. "Authenticating streamed data in the
presence of random packet loss," Proc. of ISOC Network and Distributed
System Security Symposium, pp.13-22, 2001.
[11] R. Gennaro, and P. Rohatgi, "How to sign digital streams," Advances
in Cryptology - CRYPTO-97, pp.180-197, 1997.
[12] A. Chan, "A graph-theoretical analysis of multicast authentication," Proc.
of the 23rd Int. Conf. on Distributed Computing Systems, 2003.
[13] P. Alain and M. Refik, "Authenticating real time packet stream and
multicast," Proc. of 7th IEEE Symposium on Computers and Communications,
July 2002.