A loss-tolerant stream authentication scheme based on one-time signature and hash graph
Loading...
Date
2001-11
Authors
Poh, Geong Sen
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Authenticating online network-delivered data stream such as audio and video broadcast depends
on three intrinsic characteristics which render it very different from file-oriented data transfer:
(1) The stream is possibly indefinite in length
(2) The stream is generated and consumed online
(3) There is needs for packet loss-tolerance during transactions of the stream
These cause file-oriented authentication methods unsuitable for data stream.
We categorise the existing solutions to the above data stream authentication issues as either
proactive-based or reactive-based. Most of them are well designed to cope with the issue of
indefinite length. The proactive-based solutions are effective in catering the issue of online
generation and consumption while the reactive-based solutions are effective in catering packet
loss. However, both categories failed to leverage the benefits of one another.
In this thesis, we propose a data stream authentication scheme that hybridises the above
proactive and reactive categories. This hybridisation enables trade-offs between online
generation/consumption and packet loss-tolerance via configurable data stream authentication.
We modelled the configurable setting using layered hash-graphs from these existing solutions
and digital signature schemes. We also introduce the following formal and analytical methods:
(1) Formal Gennaro-Rohatgi style proof of security
(2) Hash-graph prioritisation
(3) Authenticative immediacy (security level)
with which to demonstrate the efficiency of our solutions.
We integrate number-theoretic signature and one-time signature to visualise an authentication
framework. Following from this, layered hash-graphs are incorporated to amortise these
sib'11atures to many stream packets. The incorporation of these hash-graphs formed the
configurable setting desired. Data stream authentication can then be done based on the
efficiency and security requirements of a particular data streaming scenario.
Technically, our proposed hybrid scheme features optimised Rabin number-theoretic signature,
Even-Goldreich-Micali (EGM) one-time signature, Wong-Lam (WL) star hash-graph and Golle
augmented hash chain. We show that this layered structure allows flexible grouping and s.igning
of data stream. In particular, due to the relatively fast authentication rate of EGM one-time
signature scheme, we are capable of reducing the size of packet groups to achieve random
packet loss-resistance and higher verification frequency compared to the existing solutions.ยท
Description
Keywords
A data stream authentication scheme that hybridises , proactive and reactive categories.