DOI QR코드

DOI QR Code

Authentication Mechanism for Efficient Multicast Service

효율적인 멀티캐스트 서비스를 위한 인증 기법

  • 정유미 (이화여자대학교 과학기술대학원 컴퓨터학과) ;
  • 박정민 (이화여자대학교 과학기술대학원 컴퓨터학과) ;
  • 채기준 (이화여자대학교 컴퓨터학과) ;
  • 이상호 (이화여자대학교 컴퓨터학과) ;
  • 나재훈 (한국전자통신연구원)
  • Published : 2004.12.01

Abstract

Multicast communication is simultaneous transmission of data to multiple receivers and saves considerably sender resources and network bandwidth. It has high risk to attack using group address and inherent complexity of routing packets to a large group of receivers. It is therefore critical to provide source authentication, allowing a receiver to ensure that received data is authentic. In this paper, we propose the multiple chain authentication scheme for secure and efficient multicast stream. To evaluate the performance of our scheme, we compare our technique with two other previously proposed schemes using simulation results. Our scheme provides non-repudiation of origin, low overhead by amortizing the signature operation over multiple packets, and high packet loss resistance.

멀티캐스트는 송신자가 많은 수신자들에게 동시에 데이터를 전송하므로 송신자의 자원을 절약하고 네트워크의 점유율을 낮춤으로 효율성을 제공하는 통신 기술이나 여러 수신자들이 같은 그룹 주소를 사용하므로 공격을 받을 위험이 크다. 따라서 멀티캐스트 스트림에 대한 인증 및 서명은 중요한 문제이다. 본 논문에서는 패킷을 전송한 송신자의 신원을 확인하고 데이터가 변조되지 않았음을 확인하는 소스 인증 방법으로 다중 체인 인증기범을 제안하였다. 제안한 기법은 부인 방지를 제공하고 여러 패킷에 대한 전자서명으로 인증함으로써 오버헤드론 줄이며 지연없이 이루어지므로 실시간 멀티미디어 서비스에 사용할 수 있다.

Keywords

References

  1. B. Quinn, K. Almeroth, 'IP Multicast Application: Challenges and Solutions,' RFC3170, Sep., 2001
  2. C. Diot, B. N. Levine, B. Lyles, H. Kassem, D. Balensiefen, 'Deployment Issues for the IP Multicast Service and Architecture,' IEEE Network, Vol.14, pp.88-98, Jan., 2000 https://doi.org/10.1109/65.819174
  3. A. Perrig, R. Canetti, D. Song and J. D. Tygar, 'Efficient and Secure Source Authentication for Multicast,' Proceedings of Network and Distributed System Security Symposium(NDSS) 2001, Feb., 2001
  4. R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas, 'Multicast Security: A Taxonomy and Some Efficient Constructions,' INFOCOM'99, Vol.2, pp.708-716, Mar., 1999 https://doi.org/10.1109/INFCOM.1999.751457
  5. A. Perrig, R. Canetti, D. Song, D. Tygar and B. Briscoe, 'TESLA : Multicast Source Authentication Transform Introduction,' Internet draft, IETF, 2002
  6. A. Perrig, R. Canetti and B. Whillock, 'TESLA: Multicast Source Authentication Transform Specification,' Internet draft, IETF, 2002
  7. C. K. Wong and S. S. Lam, 'Digital Signatures for Flows and Multicasts,' IEEE Trans. on Networking, Vol.7, No.4, pp.502-513, Aug., 1999 https://doi.org/10.1109/90.793005
  8. R. Merkel, 'A Certified Digital Signature,' Advanced in Cryptology(CRYPTO '89), pp.218-238, Aug., 1989
  9. A. Perrig, R. Canetti, J. D. Tygar and D. Song, 'Efficient Authentication and Signing of Multicast Streams over Lossy Channels,' Proc. of IEEE Symposium on Security and Privacy, pp.56-73, May, 2000
  10. R. L. Rivest, A. Shamir and L. Adleman, 'A Method for Obtaining Digital Signatures and Public Key Cryptosystems,' Communications of the ACM, Vol.21, No.2, pp.120-126, 1978 https://doi.org/10.1145/359340.359342
  11. P. Rohatgi, 'A Compact and Fast Hybrid Signature Scheme for Multicast Packet Authentication,' Proc. of ACM Conference on Computer and Communications Security, Nov., 1999 https://doi.org/10.1145/319709.319722
  12. M. Borella, D. Swider, S. Uludag and G. Brewster, 'Internet Packet Loss: Measurement and Implications for End-to-End QoS,' In Proc. of the International Conference on Parallel Processing, pp.3-15, 1998 https://doi.org/10.1109/ICPPW.1998.721868
  13. V. Paxson, 'End-to-End Internet Packet Dynamics,' IEEE/ACM Trans. on Networking, Vol.12, No.5, pp.277-292, 1999 https://doi.org/10.1109/90.779192
  14. 'The Network Simulator : ns-2,' http://www.isi.edu/nsnam/ns/
  15. 'Crypto++,' http://www.eskimo.com./~weidai/cryptlib.html
  16. R. L. Rivest, 'The MD5 Message Digest Algorithm,' RFC 1321, 1992
  17. W. Stalling, Network Security Essentials: Application and Standards, Prentice Hall, 2001
  18. A. Perrig, 'The BiBa One-Time Signature and Broadcast Authentication Protocol,' ACM Conference on Computer and Communications Security, pp.28-37, 2001