H2A: Hybrid Hash-chaining scheme for Adaptive multicast source authentication of media-streaming
Introduction
The increase of bandwidth in today's networks encourages the deployment of multi-party applications, such as video-conferencing, TV over Internet, e-learning and video-on-demand. Broadcasting information to a group of participants can be achieved using multiple point-to-point transmissions (unicast). This solution is not efficient because of information duplication which induces a high bandwidth consumption. The alternative approach is multicasting (Deering, 1988) which is an efficient communication mechanism for group-oriented applications. IP multicast saves bandwidth by sending the source traffic on a multicast tree that spans all the members of the group. The lack of security obstructs the large scale deployment of multicast communication applications (Judge and Ammar, 2003): data integrity, secrecy, authentication and access control. Therefore, securing the multicast communication model is a strategic requirement for effective deployment of large scale business multi-party applications (TV over Internet, Video-on-Demand (VoD), video-conferencing, interactive group games,…). One of the main issues in securing multicast communication is the authentication service; a keystone of every secure architecture. Even though several authentication mechanisms have existed so far, data source authentication in multi-party communications remains a challenging problem in terms of scalability, efficiency and performance. Indeed, hashes (Kaliski, 1992, Rivest, 1992, Eastlake and Jones, 2001), MACs (Krawczyk et al., 1997), and digital signatures (Rivest et al., 1978, Federal Information Processing Standards Publication, 1994) are the cryptographic answers to integrity, authentication, and non-repudiation in data transmission. However, these mechanisms have been designed typically for point-to-point transmissions, and using them in multicasting yields inefficient and non-adequate solutions. This non-suitability of existing authentication mechanisms is mainly due to the number of group members which may be high in multi-party applications, and to the type of transmitted data which consist generally in continuous streaming of multicast messages with real-time transmission requirement. We distinguish between two types of authentication in group communication (Hardjono and Tsudik, 2000):
- •
Group authentication: aims to assure that the received multicast messages by group members originate from a valid group member (no matter its identity).
- •
Data source authentication: aims to assure that the received multicast messages by group members originate from a source having a specific identity.
In order to assure group authentication, generally group members use a shared key. This key is commonly called group key. Applying a MAC to a message with the group key assures that the message originates from a valid group member, since only valid group members are supposed to know the group key. Hence, the group authentication problem is reduced to the group key management and essentially to its scalability to large groups (Rafaeli and Hutchison, 2003, Hardjono and Tsudik, 2000, Judge and Ammar, 2003, Challal et al., 2004). In contrast, multicast data source authentication is more complicated because the group key which is known by all group members cannot be used to identify a specific sender.
Many protocols have been proposed to assure data source authentication of a multicast flow with non-repudiation of the origin relying on signature amortization scheme, which uses hash-chaining techniques. The signature and its amortization induce some extra-information called the authentication information. Besides, most of multicast media-streaming applications do not use reliable transport layer. Hence, some packets may be lost in course of transmission. Therefore, the proposed solutions introduce redundancy in the authentication information, in a way that even if some packets are lost, the required authentication information can be recovered in order to verify received packets' authenticity. In this case, the bandwidth overhead, induced by the redundant authentication information, increases. Proposed solutions deal with how to trade bandwidth for tolerance to packet loss.
In this paper, we propose a new adaptive and efficient protocol called H2A which authenticates the source of a multicast flow, assures non-repudiation and tolerates packet loss. In contrast to other protocols (Gennaro and Rohatgi, 2001, Golle and Modadugu, 2001, Perrig et al., 2000, Miner and Staddon, 2001) based on static hash-chaining, with our protocol we propose a new hybrid and adaptive hash-chaining technique which adapts the redundancy chaining degree (the amount of authentication information) depending on the actual packet loss ratio in the network. Besides, this new hash-chaining technique combines deterministic hash-chaining with random hash-chaining, in contrast to existing protocols that use either deterministic (Golle and Modadugu, 2001, Miner and Staddon, 2001) or random hash-chaining (Perrig et al., 2000). The carried out simulations using NS-2 show that the adaptation of the redundancy degree allows to save bandwidth, and the combination of the random with deterministic hash-chaining allows to increase the robustness to packet loss.
In the following section, we present an overview of multicast data source authentication approaches, then we focus on related works that use hash-chaining techniques to amortize signatures over a sequence of packets of the stream. In the subsequent section, we describe our protocol H2A, then we evaluate and compare it with other protocols using NS-2 simulations.
Section snippets
Multicast data source authentication
Definition 1 Data origin authentication service is a security service that verifies the identity of a system entity that is claimed to be the original source of received data (Shirey, 2000).
A first level guarantees only data source authentication of the multicast data origin. In this case,
Terminology
We define some terminology to simplify the following discussion: if a packet Pj contains the hash of a packet Pi, we say that a hash-link connects Pi to Pj, and we call Pj a target packet of Pi. A signature packet is a sequence of packet hashes which are signed using a conventional digital signature scheme. A hash-link relates a packet Pk to a signature packet Sl, if Sl contains the hash of Pk. We designate by redundancy degree the number of times that a packet hash is embedded in subsequent
Simulations and performance evaluation
We carried out simulations using NS-2 to evaluate the performance of H2A and compare it with EMSS (Perrig et al., 2000), as well as with an H2A version which uses only random hash-chaining. Hereafter, we call this version Only Adaptive Protocol (OAP), and use it to illustrate the added value of the proposed hybrid hash-chaining.
H2A security and performance comparison
H2A guarantees data source authentication and non-repudiation by relying on the existence of hash-chains between data packets and signature packets. Hence, the security of our protocol (H2A) relies on the security of this basic technique (hash-chains), which has been proved to be secure by Gennaro and Rohatgi (2001). We have shown in previous sections that H2A reduces the amount of authentication information while maintaining good performance in term of robustness against packet loss. However,
Conclusion
Data source authentication is a required component in the whole multicast security architecture. Besides, many applications need non-repudiation of data-streams. To achieve non-repudiation, we proposed a new adaptive and efficient protocol called H2A. Our protocol uses a hybrid and adaptive hash-chaining technique to amortize a single digital signature over many packets. This H2A's hash-chaining technique allows to save bandwidth and improves the probability that a packet be verifiable even if
Yacine Challal is a Ph.D. student at the Department of Computer Engineering at the Compiegne University of Technology (UTC-France). He is member of the Networking Group at Heudiasyc Laboratory. He received his Master's degree in computer science (2002) at the Compiegne University of Technology, and the Engineering degree (2001) from the National Computer Science Institute (INI-Algiers-Algeria). He works with Professor A. Bouabdallah (UTC) on multicast security. His current research interests
References (36)
- et al.
Individual authentication in multiparty communications
Computers and Security
(2002) - et al.
How to sign digital streams
Information and Computation
(February 2001) - et al.
Multireceiver authentication codes: models, bounds, constructions, and extensions
Information and Computation
(1999) - et al.
Lower bounds for multicast message authentication
Eurocrypt'01
(2001) - Borella M, Swider D, Uludag S, Brewster G. Internet packet loss: measurement and implications for end-to-end qos....
- et al.
Multicast security: a taxonomy and efficient constructions
INFOCOM
(1999) - et al.
A taxonomy of multicast data origin authentication: issues and solutions
IEEE Communications Surveys and Tutorials. To appear in volume
(2004) - et al.
SAKM: a scalable and adaptive key management approach for multicast communications
ACM SIGCOMM Computer Communications Review
(April 2004) Comparison of popular cryptographic algorithms
Multicast routing in internetworks and extended LANs
ACM SIGCOMM
(August 1988)
US secure hash algorithm 1 (SHA1)
Digital signature standard (DSS)
Combinatorial bounds and design of broadcast authentication
IEICE Transactions
How to sign digital streams
Advances in cryptology, CRYPTO'97
IP multicast security: issues and directions
Annales de Telecom
Security issues and solutions in multicast content distribution: a survey
IEEE Network
Cited by (18)
Flex-CC: A flexible connected chains scheme for multicast source authentication in dynamic SDN environment
2022, Computer NetworksCitation Excerpt :This solution suffers from the high computation and communication overheads since signature algorithms require large computation [12–16]. The second category of approaches consists of the amortization of the signature over several packets as proposed in [13,21–23]. Instead of signing each packet individually, a signature from a conventional signature scheme is appended to one packet only, the signature packet.
A survey on hybrid routing mechanisms in mobile ad hoc networks
2017, Journal of Network and Computer ApplicationsCitation Excerpt :In this section, we discuss some of the bandwidth based multicast routing mechanisms where the objective is to deliver the packets to network destinations by estimating required bandwidth. Some of the bandwidth based hybrid routing mechanisms are given in Yacine et al. (2005) and Park et al. (1998). Hybrid hash-chaining scheme for adaptive multicast source authentication of media-streaming (H2A) in Yacine et al. (2005) is an adaptive and efficient protocol which authenticates the source of a multicast flow, assures non-repudiation and tolerates packet loss.
Selective Hash-based Approach for Multicast Source Authentication in SDMN
2023, Research SquareCertificate Service for Unboxing Video Images
2023, Lecture Notes on Data Engineering and Communications TechnologiesARMLCC: Adaptive and recovery-based multi-layer connected chain mechanism for multicast source authentication
2014, 2013 9th International Conference on Information Assurance and Security, IAS 2013A source authentication scheme based on message recovery digital signature for multicast
2014, International Journal of Communication Systems
Yacine Challal is a Ph.D. student at the Department of Computer Engineering at the Compiegne University of Technology (UTC-France). He is member of the Networking Group at Heudiasyc Laboratory. He received his Master's degree in computer science (2002) at the Compiegne University of Technology, and the Engineering degree (2001) from the National Computer Science Institute (INI-Algiers-Algeria). He works with Professor A. Bouabdallah (UTC) on multicast security. His current research interests are group communication security, multicast routing, multimedia and QoS.
Abdelmadjid Bouabdallah received the Engineer Diploma in computer science from University Of Technology Of Algiers (USTHB) in 1986, and received the Master's (DEA) degree and Ph.D. from University of Paris-sud Orsay (France), respectively, in 1988 and 1991. From 1992 to 1996, he was Assistant Professor at University of Evry-Val-d'Essonne, France. Since 1996, he is Professor in the Department of Computer Engineering at University of Technology of Compiegne (UTC) where he is leader of Networking and Optimization Research Group. His research interest includes Internet Qos and security, unicast/multicast communication, and fault tolerance in wired/wireless networks and distributed systems.
Hatem Bettahar received the M.S. degree and Ph.D. degree in computer science for work on Multicast routing and Quality of Service in IP networks from the University of Technology of Compiegne (UTC), France in 1998 and 2001, respectively. Since 2001 he is Assistant Professor in the Department of Computer Engineering at the UTC. He is member of the networking and optimization research group within the Heudiasyc UMR-CNRS-6599 Laboratory. His research Interest includes Internet QoS routing, multicast communication, multicast security and mobile IP.