Efficient and Secure Source Authentication for Multicast

$Adrian\; Perrig$ $Ran\; Canetti$ $Dawn\; Song$ $J.\; D.\; Tygar$
$UC\; Berkeley$, $Digital\; Fountain$, $IBM\; T.J.\; Watson$
{perrig,dawnsong,tygar@cs.berkeley.edu, canetti@watson.ibm.com}

Abstract:

One of the main challenges of securing multicast communication is source authentication, or enabling receivers of multicast data to verify that the received data originated with the claimed source and was not modified en-route. The problem becomes more complex in common settings where other receivers of the data are not trusted, and where lost packets are not retransmitted.

Several source authentication schemes for multicast have been suggested in the past, but none of these schemes is satisfactorily efficient in all prominent parameters. We recently proposed a very efficient scheme, TESLA, that is based on initial loose time synchronization between the sender and the receivers, followed by delayed release of keys by the sender.

This paper proposes several substantial modifications and improvements to TESLA. One modification allows receivers to authenticate most packets as soon as they arrive (whereas TESLA requires buffering packets at the receiver side, and provides delayed authentication only). Other modifications improve the scalability of the scheme, reduce the space overhead for multiple instances, increase its resistance to denial-of-service attacks, and more.

 
• Introduction
  • Organization
• An Overview of TESLA
  • Sender Setup
  • Bootstrapping a new Receiver
  • Sending Authenticated Packets
  • Receiver Tasks
• Our Extensions
  • Immediate Authentication
  • Concurrent TESLA instances
  • Time Synchronization Issues
  • Determining the Key Disclosure Delay
• Security Discussion and Robustness to DoS
  • DoS Attack on the Sender
  • DoS Attack on the Receiver
• Related Work
• Conclusions
• Acknowledgments
• References