A pollution attack resistant multicast authentication scheme tolerant to packet loss

Warren W. Lin; Shiuhpyng Shieh; Jia Chun Lin

doi:10.1109/SSIRI.2008.29

A pollution attack resistant multicast authentication scheme tolerant to packet loss

Warren W. Lin, Shiuhpyng Shieh, Jia Chun Lin

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Assuring authenticity of packets is a critical security measure in multicast applications. Due to the high overhead of signing every multicast packet with a digital signature, schemes employing signature amortization abate this cost by endorsing a block of packets at once. By utilizing a fault-tolerant coding algorithm, signature amortization schemes can tolerate packet loss. However, enhancing these schemes with a fault-tolerant coding algorithm introduces pollution attacks, a form of denial of service attack in which the adversary injects invalid symbols into the decoding process. Unfortunately, previous solutions that combat pollution attack required time synchronization or were computationally inefficient. To address these problems, we propose a multicast authentication scheme that is both lightweight and resistant to pollution attack. By using one-way hash functions, our scheme can quickly generate and verify packets. Since our proposed scheme can immediately and independently authenticate a received packet, it does not risk exceeding buffer space with unverified packets during a pollution attack. Schemes that rely on fault-tolerant coding to provide packet loss tolerance can employ our approach to defend against pollution attacks.

Original language	English
Title of host publication	Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008
Pages	8-15
Number of pages	8
DOIs	https://doi.org/10.1109/SSIRI.2008.29
State	Published - 19 Sep 2008
Event	2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008 - Yokohama, Japan Duration: 14 Jul 2008 → 17 Jul 2008

Publication series

Name	Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008

Conference

Conference	2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008
Country	Japan
City	Yokohama
Period	14/07/08 → 17/07/08

Keywords

Authentication
Multicast
One-way hash chain
Pollution attack
Signature amortization

Access to Document

10.1109/SSIRI.2008.29

Fingerprint Dive into the research topics of 'A pollution attack resistant multicast authentication scheme tolerant to packet loss'. Together they form a unique fingerprint.

Cite this

Lin, W. W., Shieh, S., & Lin, J. C. (2008). A pollution attack resistant multicast authentication scheme tolerant to packet loss. In Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008 (pp. 8-15). [4579788] (Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008). https://doi.org/10.1109/SSIRI.2008.29

Lin, Warren W. ; Shieh, Shiuhpyng ; Lin, Jia Chun. / A pollution attack resistant multicast authentication scheme tolerant to packet loss. Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008. 2008. pp. 8-15 (Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008).

@inproceedings{106eddfcb6b14b1abfcaffc3d1e68085,

title = "A pollution attack resistant multicast authentication scheme tolerant to packet loss",

abstract = "Assuring authenticity of packets is a critical security measure in multicast applications. Due to the high overhead of signing every multicast packet with a digital signature, schemes employing signature amortization abate this cost by endorsing a block of packets at once. By utilizing a fault-tolerant coding algorithm, signature amortization schemes can tolerate packet loss. However, enhancing these schemes with a fault-tolerant coding algorithm introduces pollution attacks, a form of denial of service attack in which the adversary injects invalid symbols into the decoding process. Unfortunately, previous solutions that combat pollution attack required time synchronization or were computationally inefficient. To address these problems, we propose a multicast authentication scheme that is both lightweight and resistant to pollution attack. By using one-way hash functions, our scheme can quickly generate and verify packets. Since our proposed scheme can immediately and independently authenticate a received packet, it does not risk exceeding buffer space with unverified packets during a pollution attack. Schemes that rely on fault-tolerant coding to provide packet loss tolerance can employ our approach to defend against pollution attacks.",

keywords = "Authentication, Multicast, One-way hash chain, Pollution attack, Signature amortization",

author = "Lin, {Warren W.} and Shiuhpyng Shieh and Lin, {Jia Chun}",

year = "2008",

month = sep,

day = "19",

doi = "10.1109/SSIRI.2008.29",

language = "English",

isbn = "9780769532660",

series = "Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008",

pages = "8--15",

booktitle = "Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008",

note = "null ; Conference date: 14-07-2008 Through 17-07-2008",

}

Lin, WW, Shieh, S & Lin, JC 2008, A pollution attack resistant multicast authentication scheme tolerant to packet loss. in Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008., 4579788, Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008, pp. 8-15, 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008, Yokohama, Japan, 14/07/08. https://doi.org/10.1109/SSIRI.2008.29

A pollution attack resistant multicast authentication scheme tolerant to packet loss. / Lin, Warren W.; Shieh, Shiuhpyng; Lin, Jia Chun.

Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008. 2008. p. 8-15 4579788 (Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A pollution attack resistant multicast authentication scheme tolerant to packet loss

AU - Lin, Warren W.

AU - Shieh, Shiuhpyng

AU - Lin, Jia Chun

PY - 2008/9/19

Y1 - 2008/9/19

N2 - Assuring authenticity of packets is a critical security measure in multicast applications. Due to the high overhead of signing every multicast packet with a digital signature, schemes employing signature amortization abate this cost by endorsing a block of packets at once. By utilizing a fault-tolerant coding algorithm, signature amortization schemes can tolerate packet loss. However, enhancing these schemes with a fault-tolerant coding algorithm introduces pollution attacks, a form of denial of service attack in which the adversary injects invalid symbols into the decoding process. Unfortunately, previous solutions that combat pollution attack required time synchronization or were computationally inefficient. To address these problems, we propose a multicast authentication scheme that is both lightweight and resistant to pollution attack. By using one-way hash functions, our scheme can quickly generate and verify packets. Since our proposed scheme can immediately and independently authenticate a received packet, it does not risk exceeding buffer space with unverified packets during a pollution attack. Schemes that rely on fault-tolerant coding to provide packet loss tolerance can employ our approach to defend against pollution attacks.

AB - Assuring authenticity of packets is a critical security measure in multicast applications. Due to the high overhead of signing every multicast packet with a digital signature, schemes employing signature amortization abate this cost by endorsing a block of packets at once. By utilizing a fault-tolerant coding algorithm, signature amortization schemes can tolerate packet loss. However, enhancing these schemes with a fault-tolerant coding algorithm introduces pollution attacks, a form of denial of service attack in which the adversary injects invalid symbols into the decoding process. Unfortunately, previous solutions that combat pollution attack required time synchronization or were computationally inefficient. To address these problems, we propose a multicast authentication scheme that is both lightweight and resistant to pollution attack. By using one-way hash functions, our scheme can quickly generate and verify packets. Since our proposed scheme can immediately and independently authenticate a received packet, it does not risk exceeding buffer space with unverified packets during a pollution attack. Schemes that rely on fault-tolerant coding to provide packet loss tolerance can employ our approach to defend against pollution attacks.

KW - Authentication

KW - Multicast

KW - One-way hash chain

KW - Pollution attack

KW - Signature amortization

UR - http://www.scopus.com/inward/record.url?scp=51749095671&partnerID=8YFLogxK

U2 - 10.1109/SSIRI.2008.29

DO - 10.1109/SSIRI.2008.29

M3 - Conference contribution

AN - SCOPUS:51749095671

SN - 9780769532660

T3 - Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008

SP - 8

EP - 15

BT - Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008

Y2 - 14 July 2008 through 17 July 2008

ER -

Lin WW, Shieh S, Lin JC. A pollution attack resistant multicast authentication scheme tolerant to packet loss. In Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008. 2008. p. 8-15. 4579788. (Proceedings - The 2nd IEEE International Conference on Secure System Integration and Reliability Improvement, SSIRI 2008). https://doi.org/10.1109/SSIRI.2008.29