CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption

Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems

Attacks against industrial control systems (ICSs) often exploit the insufficiency of authentication mechanisms. Verifying whether the received messages are intact and issued by legitimate sources can prevent malicious data/command injection by illegitimate or compromised devices. However, the key challenge is to introduce message authentication for various ICS communication models, including multicast or broadcast, with a messaging rate that can be as high as thousands of messages per second, within very stringent latency constraints. For example, certain commands for protection in smart grids must be delivered within 2 milliseconds, ruling out public-key cryptography. This paper proposes two lightweight message authentication schemes, named CMA and its multicast variant CMMA, that perform precomputation and caching to authenticate future messages. With minimal precomputation and communication overhead, C(M)MA eliminates all cryptographic operations for the source after the message is given, and all expensive cryptographic operations for the destinations after the message is received. C(M)MA considers the urgency profile (or likelihood) of a set of future messages for even faster verification of the most time-critical (or likely) messages. We demonstrate the feasibility of C(M)MA in an ICS setting based on a substation automation system in smart grids.Comment: For viewing INFOCOM proceedings in IEEE Xplore see https://ieeexplore.ieee.org/abstract/document/979676

Time valid one-time signature for time-critical multicast data authentication

Abstract-It is challenging to provide authentication to timecritical multicast data, where low end-to-end delay is of crucial importance. Consequently, it requires not only efficient authentication algorithms to minimize computational cost, but also avoidance of buffering packets so that the data can be immediately processed once being presented. Desirable properties for a multicast authentication scheme also include small communication overhead, tolerance to packet loss, and resistance against malicious attacks. In this paper, we propose a novel signature model -Time Valid One-Time Signature (TV-OTS) -to boost the efficiency of regular one-time signature schemes. Based on the TV-OTS model, we design an efficient multicast authentication scheme "TV-HORS" to meet the above needs. TV-HORS combines one-way hash chains with TV-OTS to avoid frequent public key distribution. It provides fast signing/verification and buffering-free data processing, which make it one of the fastest multicast authentication schemes to date in terms of end-to-end computational latency (on the order of microseconds). In addition, TV-HORS has perfect tolerance to packet loss and strong robustness against malicious attacks. The communication overhead of TV-HORS is much smaller than regular OTS schemes, and even smaller than RSA signature. The only drawback of TV-HORS is a relatively large public key of size 8KB to 10KB, depending on parameters

Flexible Verification of MPEG-4 Stream in Peer-to-Peer CDN

Abstract. The current packet based stream authentication schemes provide effective and efficient authentication over a group of packets transmitted on erasure channels. However, by fixing the packets in transmission, any packet manipulation will cause authentication failure. In p2p content delivery network where a proxy-in-the-middle is able to store, forward, transcode and transform the stream, previous schemes are simply unapplicable. To address the problem, we propose a flexible verification scheme that relies on special stream formats (i.e. Unequal Loss Protection ULP scheme [7]). We apply the so called Unequal Loss Verification ULV scheme into MPEG-4 framework. The encoding, packing, amortizing and verifying methods are elaborated in this paper. Our analysis shows that the scheme is secure and cost effective. The scheme is indeed content aware and ensures the verification rate intuitively reflecting a meaningful stream. Further on, we describe the general method of publishing and retrieving a stream in p2p CDN.

Authenticated file broadcast protocol

The File Broadcast Protocol (FBP) was developed as a part of the DETIboot system. DETIboot allows a host to broadcast an operating system image through an 802.11 wireless network to an arbitrary number of receivers. Receivers can load the image and immediately boot a Linux live session. The initial version of FBP had no security mechanisms. In this paper we present an authentication protocol developed for FBP that ensures a correct file distribution from the intended source to the receivers. The performance valuations have shown that, with the best operational configuration tested, the file download time is increased by less than 5%

Compositional verification of integrity for digital stream signature protocols

We investigate the application of concurrency theory notions as simulation relations and compositional proof rules for verifying digital stream signature protocols. In particular, we formally prove the integrity of the Gennaro-Rohatgi protocols in [7]. As a peculiarity, our technique is able to check a protocol with an unbounded number of parallel processes. We argue also that our approach may be applied to a wider class of stream signature protocols