Scalable authentication of MPEG-4 streams

schemes for authenticating MPEG-4 streams: the Flat Authenticatio

SECURING TESLA BROADCAST PROTOCOL WITH DIFFIE- HELLMAN KEY EXCHANGE

ABSTRACT Broadcast communication is highly prone to attacks from unauthenticated users in the wireless medium. Techniques have been proposed to make the communication more secure. In this paper, TESLA broadcast protocol is used to ensure source authentication. Diffie-Hellman Key Exchange is used to share the cryptographic keys in a secured manner. A PKI is developed based on TESLA and Diffie-Hellman Key Exchange, assuming that all network nodes in the network are loosely synchronized in time

CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption

Saving Nine Without Stitching in Time: Integrity Check After-the-fact

Electrical substations transform voltage from high to low, or low to high for distribution and transmission, respectively, and are a critical part of our electricity infrastructure. The state of a substation is continuously measured for monitoring, controlling and protection purposes, using synchrophasor measurements. The IEC 61850 standard defines communication protocols for electrical substations, including transmission of synchrophasor measurements. However, IEC 61850 does not properly address cyber security, leaving this critical infrastructure highly vulnerable to cyber attacks. This paper describes the development and testing of a novel mechanism for delayed integrity check for synchrophasor measurements. The results show that the solution manages to detect when integrity of the synchrophasor transmission is compromised, without adding any delay to the time-critical synchrophasor transmission itself.acceptedVersio

Saving Nine Without Stitching in Time: Integrity Check After-the-fact

Electrical substations transform voltage from high to low, or low to high for distribution and transmission, respectively, and are a critical part of our electricity infrastructure. The state of a substation is continuously measured for monitoring, controlling and protection purposes, using synchrophasor measurements. The IEC 61850 standard defines communication protocols for electrical substations, including transmission of synchrophasor measurements. However, IEC 61850 does not properly address cyber security, leaving this critical infrastructure highly vulnerable to cyber attacks. This paper describes the development and testing of a novel mechanism for delayed integrity check for synchrophasor measurements. The results show that the solution manages to detect when integrity of the synchrophasor transmission is compromised, without adding any delay to the time-critical synchrophasor transmission itself.acceptedVersio