Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

Published byByron Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium."— Presentation transcript:

1 Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium (NDSS 2001), February 2001, pp. 35-46 Adrian Perrig, Ran Canetti, Dawn Song and J. D. Tygar

2 Outline Problem other receivers of the data are not trusted lost packets are not retransmitted Solve scheme authentication packet the received data originated with the claimed source and was not modified enroute

3 An Overview of TESLA Low space overhead based on symmetric-key cryptography (about 20bytes per packet) Tolerate arbitrary packet loss Each packet that is received in time can be authenticated

4 Sender Setup In each interval, the sender may send zero or multiple packets K i = F(K i+1 ) T int : each time intervals T i : starting time of interval I i T i =T 0 +i*T int

5 Sending Authenticated Packets Many messages are sent in each interval This allows the sender to send packets at any rate and to adapt the sending rate dynamically MjMj MAC(K ’ i, M j )K i-d Disclosure delay = 2 intervals

6 TESLA Extensions Immediate authentication Optimizations concerning key chains Time synchronization issues

7 Immediate Authentication replace receiver buffering with sender buffering (avoid DoS attack) To achieve flexibility for dynamic sending rate and robustness to packet loss, the sender can add the hash values of multiple future packets to a packet H(M j+vd )MjMj DjDj

8 Concurrent TESLA instances - 1 receivers with a long network delay could not operate with a short disclosure delay because most of the packets will violate the security condition and hence cannot be authenticated Using extra TESLA instance also causes extra space overhead in each packet (each instance requires 20 bytes per packet)

9 Concurrent TESLA instances - 2 use the same key chain but a different key schedule for all instances K u i+du = HMAC (K i+du, u)

10 Direct Time Synchronization the receiver knows an upper bound of the difference between the sender’s local time and the receiver’s local time △ t S - t 3 = δ △ = t S - t R

11 Indirect Time Synchronization The sender just needs to periodically broadcast digitally signed packets that contain its time synchronization with the time reference

12 Determining the Key Disclosure Delay Loosely bound d = ceil (RTT/T int ) + 1 Time Synchronization (tightly bound) d = ceil (D SR + ε) + 1

13 DoS Attack on the Sender/Receiver Indirect Time Synchronization sender does not keep per-receiver state or perform per-receiver operations DoS attacks on the receiver A duplicated packet is only accepted by the receiver within a short time period prevent the replay attack by adding a sequence number to each packet and by including the sequence number in the MAC

14 DoS Attack on the packet buffer Dropping all packets of a particular interval once the buffer is full is a poor policy the receiver uses a random replacement policy once the buffer is full

15 Conclusion The extensions TESLA protocol provide immediate authentication reduce the communication overhead when multiple TESLA instances derive a tight lower bound on the disclosure delay Harden the sender and the receiver against denial-ofservice attacks

Download ppt "Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University.

RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
2015-6-1 1 Secure Vehicular Communications Speaker: Xiaodong Lin University of Waterloo

Secure Vehicular Communications Speaker: Xiaodong Lin University of Waterloo
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Analysis of a SuperSEAD Aaron Staple Mukund Sundararajan.

Analysis of a SuperSEAD Aaron Staple Mukund Sundararajan.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.

Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
1 Ad Hoc Networks Security Instructor: Carlos Pomalaza-Ráez Fall 2003 University of Oulu, Finland.

1 Ad Hoc Networks Security Instructor: Carlos Pomalaza-Ráez Fall 2003 University of Oulu, Finland.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.

KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.

Similar presentations

Ads by Google