On a method to authenticate and verify digital streams, Journal of Telecommunications and Information Technology, 2002, nr 2

Recently, digital streams have become widely used to make audio, video, and other media available in real-time over the Internet. As with other transmission methods, the recipient needs to have a possibility to verify the source and authenticity of the received information. Several techniques have been proposed to deal with this issue. Most of them are vulnerable to packet losses or they introduce unacceptable computational and/or communication overheads. Some of the graph-based techniques provide immunity to burst losses of certain length. However, these techniques are not immune to the loss of packets containing signatures or occasional burst of lengths greater than the assumed one. In the paper, we propose a modification to one of the graph-based techniques that introduces immunity to the loss of packets containing signatures, without introducing any additional overheads

Compositional verification of integrity for digital stream signature protocols

We investigate the application of concurrency theory notions as simulation relations and compositional proof rules for verifying digital stream signature protocols. In particular, we formally prove the integrity of the Gennaro-Rohatgi protocols in [7]. As a peculiarity, our technique is able to check a protocol with an unbounded number of parallel processes. We argue also that our approach may be applied to a wider class of stream signature protocols

Time valid one-time signature for time-critical multicast data authentication

Abstract-It is challenging to provide authentication to timecritical multicast data, where low end-to-end delay is of crucial importance. Consequently, it requires not only efficient authentication algorithms to minimize computational cost, but also avoidance of buffering packets so that the data can be immediately processed once being presented. Desirable properties for a multicast authentication scheme also include small communication overhead, tolerance to packet loss, and resistance against malicious attacks. In this paper, we propose a novel signature model -Time Valid One-Time Signature (TV-OTS) -to boost the efficiency of regular one-time signature schemes. Based on the TV-OTS model, we design an efficient multicast authentication scheme "TV-HORS" to meet the above needs. TV-HORS combines one-way hash chains with TV-OTS to avoid frequent public key distribution. It provides fast signing/verification and buffering-free data processing, which make it one of the fastest multicast authentication schemes to date in terms of end-to-end computational latency (on the order of microseconds). In addition, TV-HORS has perfect tolerance to packet loss and strong robustness against malicious attacks. The communication overhead of TV-HORS is much smaller than regular OTS schemes, and even smaller than RSA signature. The only drawback of TV-HORS is a relatively large public key of size 8KB to 10KB, depending on parameters

A study of content authentication in proxy-enabled multimedia delivery systems: Model, techniques, and applications

Singapore Management Universit

Formal models and analysis of secure multicast in wired and wireless networks

The spreading of multicast technology enables the development of group communication and so dealing with digital streams becomes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity, and confidentiality of the digital contents. This paper shows a formal capability of capturing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through proto- cols dealing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security properties and compositional principles for evaluating if a property is satisfied over a system with more than two components

A Hash-Chain Based Method for Full or Partial Authentication of Communication in a Real-Time Wireless Environment

Real-time media streams are a common application on the Internet today. For many such streams, it is necessary to provide authentication, data integrity, and non-repudiation. Some applications where this type of security may be necessary include voice-over-IP (VoIP) calls, transmission of sensitive data such as medical records or personal information, or financial data that needs to be updated in real-time. It is important to be able to balance the need for security with the constraints of the environment, where data must be delivered in a limited amount of time. This thesis examines and classifies the different types of authentication based on a number of factors, mainly the type of authentication (user or data), the way in which authentication information is transmitted (embedded or appendix), and the secrecy of the authentication information (covert or overt). This thesis then presents a specific real-time communication system, and develops a novel method of achieving data authentication for the system, based on previous work done in the area of hash-chaining authentication schemes. Theoretical and simulated results are presented, showing that the new method, the modified butterfly scheme, outperforms the original method, the butterfly scheme, using the same amount of overhead

Formal models and analysis of secure multicast in wired and wireless networks

The spreading of multicast technology enables the develop- ment of group communication and so, dealing with digital streams be- comes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed in the last few years, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity and confidentiality of the digital contents. This paper shows a formal capability of captur- ing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through protocols deal- ing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security proper- ties and compositional principles for evaluating if a property is satisfied over a system with more than two components

Secure server-aided top-k monitoring

National Research Foundation (NRF) Singapor