next up previous
Next: Initial Synchronization - Further Up: TESLA: Timed Efficient Stream Previous: Scheme IV: Dealing with

Scheme V: Accommodate a Broad Spectrum of Receivers

 

For the previous schemes, we showed that there was a tradeoff in the choice of the key disclosure period. If the time difference is short, the packet can be authenticated quickly, but if the packet travel time is long the security condition will not hold for remote receivers, which forces them to drop the packet. Conversely, a long time period will suit remote receivers, but the authentication time delay may be unacceptable for receivers with fast network access. Since the scheme needs to scale to a large number of receivers and we expect the receivers to have a wide variety of network access, we need to solve this tradeoff. Our approach is to use multiple authentication chains (where each chain is as in scheme IV) with different disclosure periods simultaneously. Each receiver can then use the chain with the minimal disclosure delay, sufficient to prevent spurious drops which are caused if the security condition does not hold.

The receiver verifies one security condition for each authentication chain Ci, and drops the packet if none of the conditions are satisfied. Assume that the sender uses n authentication chains, where the first chain has the smallest delay until the disclosure packet is sent, and the nth chain has the longest delay. Furthermore, assume that for the incoming packet Pj, the security conditions for chains Cv (v < m) are not satisfied, and the condition for chain Cm is satisfied. In this case, as long as the key disclosure packets for the chains Cv (v < m ) arrive, the receiver's confidence in the authenticity of packet Pj is increasing. As soon as the key disclosure packet for a chain Cv (v ≥m) arrives, the receiver is assured of the authenticity of the packet Pj.


next up previous
Next: Initial Synchronization - Further Up: TESLA: Timed Efficient Stream Previous: Scheme IV: Dealing with

Adrian Perrig
Sat Sep 2 17:01:14 PDT 2000