Flexible Verification of MPEG-4 Stream in Peer-to-Peer CDN

Abstract. The current packet based stream authentication schemes provide effective and efficient authentication over a group of packets transmitted on erasure channels. However, by fixing the packets in transmission, any packet manipulation will cause authentication failure. In p2p content delivery network where a proxy-in-the-middle is able to store, forward, transcode and transform the stream, previous schemes are simply unapplicable. To address the problem, we propose a flexible verification scheme that relies on special stream formats (i.e. Unequal Loss Protection ULP scheme [7]). We apply the so called Unequal Loss Verification ULV scheme into MPEG-4 framework. The encoding, packing, amortizing and verifying methods are elaborated in this paper. Our analysis shows that the scheme is secure and cost effective. The scheme is indeed content aware and ensures the verification rate intuitively reflecting a meaningful stream. Further on, we describe the general method of publishing and retrieving a stream in p2p CDN.

Trust Establishment in Large Scale Grid Settings

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)3251317-32

Constructing Optimistic Fair Exchange Protocols from Committed Signatures

In PODC 2003, Park et al. [32] first introduce a connection between fair exchange and sequential two-party multi-signature scheme and provide a novel method of constructing fair exchange protocol by distributing the computation of RSA signature. This approach avoids the design of verifiable encryption scheme at the expense of having cosigner store a piece of prime signer's secret key. Dodis and Reyzin [20] showed that the protocol in [32] is totally breakable in the registration phase, then presented a remedy scheme which is provably secure in the random oracle model, by utilizing Boldyreva non-interactive two-party multi-signature scheme [8]. Security in the random oracle model does not imply security in the real world. In this paper, we provide the first two e#cient committed signatures which are provably secure in the standard complexity model from strong RSA assumption. Then we construct e#cient optimistic fair exchange protocols from those new primitives

Verifiably Committed Signatures Provably Secure in the Standard Complexity Model

In this paper, we study the security notions of verifiably committed signatures by introducing privacy and cut-o# time, and then we propose the first scheme which is provably secure in the standard complexity model based on the strong RSA assumption. The idea behind the construction is that given any valid partial signature of messages, if a co-signer with its auxiliary input is able to generate variables called the resolution of messages such that the distribution of the variables is indistinguishable from that generated by the primary signer alone from the views of the verifier/arbitrator, a verifiably committed signature can be constructed

A Formal Proof of Zhu\u27s Signature Scheme

Following from the remarkable works of Cramer and Shoup \cite{CS}, three trapdoor hash signature variations have been presented in the literature: the first variation was presented in CJE\u2701 by Zhu \cite{Zhu}, the second variation was presented in SCN\u2702 by Camenisch and Lysyanskaya \cite{CL} and the third variation was presented in PKC\u2703 by Fischlin \cite{Fis}. All three mentioned trapdoor hash signature schemes have similar structure and the security of the last two modifications is rigorously proved. We point out that the distribution of variables derived from Zhu\u27s signing oracle is different from that generated by Zhu\u27s signing algorithm since the signing oracle in Zhu\u27s simulator is defined over $Z$, instead of $Z_n$. Consequently the proof of security of Zhu\u27s signature scheme should be studied more precisely. We also aware that the proof of Zhu\u27s signature scheme is not a trivial work which is stated below: \begin{itemize} \item the technique presented by Cramer and Shoup \cite{CS} cannot be applied directly to prove the security of Zhu\u27s signature scheme since the structure of Cramer-Shoup\u27s trap-door hash scheme is double deck that is easy to simulate a signing query as the order of subgroup $G$ is a public parameter; \item the technique presented by Camenisch and Lysyanskaya \cite{CL} cannot be applied directly since there are extra security parameters $l$ and $l_s$ guide the statistical closeness of the simulated distributions to the actual distribution; \item the technique presented by Fischlin cannot be applied directly to Zhu\u27s signature scheme as the security proof of Fischlin\u27s signature relies on a set of pairs $(\alpha_i, \alpha_i \oplus H(m_i))$ while the security proof of Zhu\u27s signature should rely on a set of pairs $(\alpha_i, H(m_i))$. \end{itemize} In this report, we provide an interesting random argument technique to show that Zhu\u27s signature scheme immune to adaptive chosen-message attack under the assumptions of the strong RSA problem as well as the existence of collision free hash functions