A loss-tolerant stream authentication scheme based on one-time signature and hash graph

Loading...
Thumbnail Image
Date
2001-11
Authors
Poh, Geong Sen
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Authenticating online network-delivered data stream such as audio and video broadcast depends on three intrinsic characteristics which render it very different from file-oriented data transfer: (1) The stream is possibly indefinite in length (2) The stream is generated and consumed online (3) There is needs for packet loss-tolerance during transactions of the stream These cause file-oriented authentication methods unsuitable for data stream. We categorise the existing solutions to the above data stream authentication issues as either proactive-based or reactive-based. Most of them are well designed to cope with the issue of indefinite length. The proactive-based solutions are effective in catering the issue of online generation and consumption while the reactive-based solutions are effective in catering packet loss. However, both categories failed to leverage the benefits of one another. In this thesis, we propose a data stream authentication scheme that hybridises the above proactive and reactive categories. This hybridisation enables trade-offs between online generation/consumption and packet loss-tolerance via configurable data stream authentication. We modelled the configurable setting using layered hash-graphs from these existing solutions and digital signature schemes. We also introduce the following formal and analytical methods: (1) Formal Gennaro-Rohatgi style proof of security (2) Hash-graph prioritisation (3) Authenticative immediacy (security level) with which to demonstrate the efficiency of our solutions. We integrate number-theoretic signature and one-time signature to visualise an authentication framework. Following from this, layered hash-graphs are incorporated to amortise these sib'11atures to many stream packets. The incorporation of these hash-graphs formed the configurable setting desired. Data stream authentication can then be done based on the efficiency and security requirements of a particular data streaming scenario. Technically, our proposed hybrid scheme features optimised Rabin number-theoretic signature, Even-Goldreich-Micali (EGM) one-time signature, Wong-Lam (WL) star hash-graph and Golle augmented hash chain. We show that this layered structure allows flexible grouping and s.igning of data stream. In particular, due to the relatively fast authentication rate of EGM one-time signature scheme, we are capable of reducing the size of packet groups to achieve random packet loss-resistance and higher verification frequency compared to the existing solutions.ยท
Description
Keywords
A data stream authentication scheme that hybridises , proactive and reactive categories.
Citation